GIORIZZ
Sign InBook Now

Privacy Policy

Version 2.2026

Last updated: March 2026

1. Data Controller

The data controller responsible for the processing of your personal data is:

Pursuant to Article 37 of the GDPR, given our current scale of operations, GIORIZZ has not appointed a Data Protection Officer (DPO). This assessment is reviewed annually. For all data protection enquiries, please contact us at info@giorizz.com.

2. Information We Collect

We collect personal data that you provide directly and data generated through your use of our Services. The categories below reflect the data we actually collect and process.

2.1 Information You Provide

  • Account data: name, email address, phone number, title (Mr/Ms/Mx), and password (stored as a cryptographic hash, never in plaintext) when you create an account.
  • Booking data: pickup and drop-off addresses, dates, times, passenger count, luggage count, flight number, vehicle class preference, and special requests (including meet-and-greet preferences and pickup sign instructions).
  • Accessibility data: wheelchair accessibility requirements. This constitutes special category data (health-related) under Article 9 GDPR and is processed only with your explicit consent or where strictly necessary to fulfil our contractual obligation to provide an accessible service.
  • Payment data: credit/debit card details are processed securely by our PCI DSS-compliant payment processor, Stripe Inc. GIORIZZ does not store full card numbers. We retain transaction identifiers, payment status, and invoice amounts.
  • Communication data: messages, feedback, support requests, and correspondence you send to us via email or SMS.

2.2 Agency & B2B Partner Data

  • Company data: company name, VAT/registration number, partner type, company description, registered address, and website.
  • Legal representative data: name, email, and phone number of the authorised signatory.
  • Banking data: IBAN and SWIFT/BIC code for wire transfer settlements.
  • KYB documents: company registration certificates and other verification documents submitted during onboarding.
  • Credit facility data: credit limit, credit status, invoice history, and payment records.
  • VIP passenger profiles: where agencies maintain profiles for frequent travellers, this may include passenger name, contact details, travel preferences, preferred vehicle class, and — where provided — nationality and passport details (encrypted at application level). VIP profiles are scoped exclusively to the creating agency.

2.3 Chauffeur Partner Data

  • Profile data: full name, phone number, company name, years of experience, and licence details.
  • Vehicle data: make, model, year, colour, VIN, licence plate, and vehicle authorisation number.
  • Rate data: per-kilometre and per-hour rates, flat rates, minimum fare, and zone coverage areas.
  • GPS location data: during active rides, we collect real-time latitude, longitude, accuracy, heading, and speed at approximately 30-second intervals. This data is retained for the duration of the shift plus 30 days for dispute resolution and quality assurance. See Section 17 for additional information on chauffeur data processing and Italian labour law compliance.
  • Performance data: customer ratings, feedback, and service completion records.
  • Earnings data: ride-level and aggregate earnings records.
  • Availability data: schedule exceptions, working hours, and availability preferences.

2.4 Concierge & Hotel Portal Data

  • Concierge account data: hotel name, contact name, email, phone, city, and country.
  • Guest request data: guest name, phone, email, room number, pickup/drop-off addresses, and booking details.

2.5 Information Collected Automatically

  • Usage data: pages visited, features used, interaction patterns, and referral sources.
  • Device data: browser type, operating system, device identifiers, and screen resolution.
  • IP address: used for approximate geographic location, security, and fraud prevention.
  • Cookies and similar technologies: see Section 9 and our Cookie Policy for full details.

3. How We Use Your Information

We process your personal data for the following purposes:

  • Service delivery: to process bookings, assign chauffeurs, send confirmations, provide real-time ride updates, and coordinate meet-and-greet services.
  • Account management: to create and manage your account, authenticate logins, process password resets, and provide customer support.
  • Payment processing: to process card transactions via Stripe, generate invoices for B2B partners, manage credit facilities, process refunds, and maintain fiscal records.
  • Communication: to send booking confirmations, service updates, ride reminders, driver assignment notifications, and to respond to enquiries via email and SMS.
  • Safety and security: to detect fraud, verify identities, enforce our Terms, protect our users and platform, and administer CAPTCHA verification (Cloudflare Turnstile).
  • Quality assurance: to monitor service quality through customer ratings, resolve disputes using GPS records, and improve the passenger experience.
  • Analytics and improvement: to analyse anonymised usage patterns, improve our Services, and develop new features. Analytics data is aggregated and does not identify individual users.
  • Legal compliance: to comply with applicable tax, accounting, transport, and data protection laws and regulations.
  • Pricing: to calculate service quotes based on distance, duration, vehicle class, and applicable surcharges. See Section 10 for information about automated decision-making.

4. Legal Basis for Processing

Under the General Data Protection Regulation (EU 2016/679) and applicable national laws, we process your data on the following legal bases:

Processing ActivityLawful BasisGDPR Article
Booking fulfilment, account creationPerformance of contractArt. 6(1)(b)
Payment processing, invoicingPerformance of contract + legal obligationArt. 6(1)(b), 6(1)(c)
Wheelchair/accessibility requestsExplicit consent (special category)Art. 9(2)(a)
Tax record retention (7–10 years)Legal obligation (Italian fiscal law)Art. 6(1)(c)
Fraud prevention, platform securityLegitimate interestArt. 6(1)(f)
Anonymised analyticsLegitimate interestArt. 6(1)(f)
GPS tracking (chauffeur partners)Performance of contract + legitimate interestArt. 6(1)(b), 6(1)(f)
Marketing communicationsConsentArt. 6(1)(a)
Transactional notifications (SMS/email)Performance of contractArt. 6(1)(b)
VIP passenger profiles (agencies)Performance of contract (B2B)Art. 6(1)(b)

Where we rely on legitimate interest, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms. You may request details of these assessments by contacting info@giorizz.com.

You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5. Sub-Processors & Data Sharing

We share your personal data only as necessary to provide our Services. We do not sell, rent, or trade your personal data to third parties for marketing purposes.

5.1 Service Providers (Sub-Processors)

The following third-party service providers process personal data on our behalf under data processing agreements:

ProviderServiceData ProcessedLocation
Stripe Inc.Payment processingPayment card tokens, transaction amountsUnited States
Supabase Inc. (AWS)Database & authenticationAll account, booking, and operational dataUnited States (AWS)
Resend Inc.Email deliveryEmail addresses, notification contentUnited States
Twilio Inc.SMS messagingPhone numbers, message contentUnited States
Vercel Inc.Website hosting & CDNRequest logs, anonymised analyticsUnited States (global edge)
Cloudflare Inc.Security (CAPTCHA, DDoS protection)IP address, browser fingerprintUnited States (global edge)

We maintain data processing agreements (DPAs) with all sub-processors in compliance with Article 28 GDPR. We will notify affected users of any material changes to our sub-processor list.

5.2 Operational Sharing

  • Chauffeur partners: we share passenger name, pickup/drop-off locations, flight details, and special requests — limited to what is strictly necessary to perform the service. Chauffeur partners do not receive payment details or net pricing information.
  • Agency partners: when you book through a B2B agency, relevant booking details are shared with that agency in accordance with their data processing agreement. Each agency can access only its own bookings.
  • Concierge partners: hotel concierge portals receive only the booking details submitted on behalf of their guests.
  • Legal authorities: we may disclose personal data when required by law, regulation, court order, or where necessary to protect the rights, safety, or property of GIORIZZ, our users, or the public.

6. International Data Transfers

As several of our sub-processors are based in the United States, your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place pursuant to Chapter V of the GDPR (Articles 44–49):

Transfer DestinationMechanism
United States (Stripe, Supabase, Resend, Twilio, Vercel, Cloudflare)EU Standard Contractual Clauses (SCCs) pursuant to Commission Implementing Decision (EU) 2021/914
United KingdomUK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs, per ICO guidance
SwitzerlandEU SCCs with Swiss-specific modifications recognised by the FDPIC
BrazilANPD Standard Contractual Clauses (in force since August 2025)
Countries with EU adequacy decisionsEuropean Commission adequacy decision (e.g., UK renewed December 2025, Japan, South Korea, Canada)

You may request a copy of the relevant transfer safeguards by contacting info@giorizz.com.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and resolve disputes. The following schedule reflects our retention practices:

Data CategoryRetention PeriodLegal Basis
Account dataDuration of account + 3 years after deletionLegitimate interest (fraud prevention)
Booking records7 years from completionItalian tax law (DPR 600/73)
Payment/invoice records10 yearsItalian fiscal retention (Art. 2220 Civil Code)
Communication logs2 years from last interactionLegitimate interest
Analytics eventsIndefinite (anonymised only)Legitimate interest
OTP verification codes15 minutes (auto-expire)Contract
Chauffeur GPS dataDuration of shift + 30 daysLegitimate interest (dispute resolution)
CAPTCHA tokensSession onlySecurity
Consent recordsDuration of processing + 5 yearsLegal obligation (proof of consent)
Data subject request logs3 yearsLegal obligation
Agency KYB documentsDuration of relationship + 5 yearsAML/KYC obligations
Data breach records5 yearsLegal obligation
Verified review content (text, display name)Until withdrawn by author or 5 years after publicationConsent (Art. 6(1)(a)) + legitimate interest
Review submission IP / user agent90 days from submissionLegitimate interest (fraud prevention)

After the applicable retention period, data is either securely deleted or irreversibly anonymised.

7b. Verified Reviews Programme

Customers who complete a booking and have rated the journey privately may receive an email invitation to publish a public review on our website. Participation is strictly optional and consent-based.

What we collect when you submit a public review: the review text, an optional title, your chosen display name (we suggest a “First L.” format to keep your identity discreet), the language of the review, and a timestamp of your consent. We also record your IP address and browser user-agent at submission time, which we use only to detect fraudulent or duplicate submissions.

What we publish: only reviews that have been manually approved by our team. We never edit your wording. We never publish your full name, email, phone number, booking ID, or any other personal data.

Withdrawal: you may withdraw your review at any time from your account at /account/reviews. Withdrawal removes your review from our website and erases the review text and display name from our records. The link to the underlying booking is retained for audit and aggregate-count integrity, but no personal data remains.

Fraud forensics rotation: the IP address and user-agent we collect at submission time are automatically nullified 90 days after submission. After that point we keep no technical fingerprint of who submitted the review.

Lawful basis: publication relies on your explicit consent (GDPR Art. 6(1)(a)). Fraud-prevention storage of IP/user-agent for 90 days relies on legitimate interest (Art. 6(1)(f)).

8. Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

  • Right of access (Art. 15): obtain confirmation of whether we process your data and request a copy of it.
  • Right to rectification (Art. 16): correct inaccurate or incomplete personal data. You may update your profile directly through your account settings.
  • Right to erasure (Art. 17): request deletion of your data (“right to be forgotten”), subject to legal retention requirements. You may delete your account through your account settings; residual data subject to mandatory retention (e.g., fiscal records) will be retained for the legally required period and then deleted.
  • Right to restrict processing (Art. 18): limit how we use your data while a dispute or objection is being resolved.
  • Right to data portability (Art. 20): receive your personal data in a structured, commonly used, machine-readable format (e.g., JSON or CSV).
  • Right to object (Art. 21): object to processing based on legitimate interest or for direct marketing purposes. Where you object to direct marketing, we will cease processing without exception.
  • Right not to be subject to automated decision-making (Art. 22): see Section 10 for details about our pricing engine and your right to request human review.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

How to exercise your rights: contact us at info@giorizz.com. We will verify your identity and respond within 30 days (extendable to 90 days for complex requests, with notification). There is no charge for exercising your rights unless requests are manifestly unfounded or excessive.

Supervisory authorities: you have the right to lodge a complaint with your local data protection authority. For users in Italy, this is the Garante per la protezione dei dati personali (garanteprivacy.it). See Sections 12–16 for jurisdiction-specific authority references.

9. Cookies & Tracking Technologies

We use cookies and similar technologies on our platform. A summary is provided below; for full details, please see our Cookie Policy.

  • Essential cookies: required for core functionality including authentication, session management, and language preferences. These cookies are strictly necessary and do not require consent.
  • Analytics: Vercel Analytics collects anonymised, aggregated usage data (first-party only). No individual user tracking occurs. Under Garante per la protezione dei dati personali guidelines (2021), anonymised first-party analytics may be exempt from prior consent where they do not enable individual identification.
  • Security: Cloudflare Turnstile CAPTCHA is used to prevent automated abuse. This is classified as a security measure and is exempt from consent requirements under the ePrivacy Directive.

We do not use third-party advertising cookies, retargeting pixels, or social media tracking technologies.

10. Automated Decision-Making

Pursuant to Article 22 GDPR, we inform you of the following automated processing:

Pricing engine: our platform uses an automated pricing engine to calculate service quotes based on distance, estimated duration, vehicle class, time of day, and applicable surcharges (tolls, waiting time). This system does not produce legal effects or similarly significant effects on individuals — it generates standardised price quotes that are subject to the same fare calculation logic for all users.

However, in the interest of transparency:

  • You may request an explanation of how a specific quote was calculated by contacting info@giorizz.com.
  • You may contest a pricing decision and request human review.
  • No profiling is used to vary prices based on individual characteristics, browsing history, or personal attributes.

11. Children’s Privacy

Our Services are designed for adults and are not directed to children. GIORIZZ is a luxury chauffeur booking platform intended for individuals who are of legal age to enter into binding contracts in their jurisdiction of residence.

11.1 Minimum Age Requirements. We do not knowingly collect personal data from individuals below the following age thresholds:

JurisdictionMinimum AgeLegal Basis
EU / EEA (including Italy)16 yearsGDPR Article 8(1) — Italy applies the default 16-year threshold
United Kingdom13 yearsUK GDPR, as incorporated by the Data Protection Act 2018, Section 9
United States13 yearsChildren’s Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506
Brazil12–18 years (tiered)LGPD Article 14 — processing of data of children (under 12) requires specific parental consent; adolescents (12–17) require consent consistent with their best interests
UAE18 yearsFederal Decree-Law No. 45/2021 (UAE PDPL)
India18 yearsDigital Personal Data Protection Act 2023, Section 9
All other jurisdictions16 years (default)We apply the GDPR standard as a minimum baseline

11.2 No Intentional Collection. We do not knowingly solicit, collect, or process personal data from individuals below the applicable age threshold in their jurisdiction. Our booking flow does not include age verification, as the nature of the service (luxury chauffeur transport with payment) inherently targets adult users.

11.3 Discovery and Deletion. If we become aware that we have inadvertently collected personal data from a child below the applicable age threshold, we will:

  • Promptly delete all personal data associated with that individual from our systems
  • Cancel any associated bookings and issue a full refund where applicable
  • Notify the relevant supervisory authority if required by applicable law
  • Notify the parent or guardian where we have sufficient contact information to do so

11.4 Reporting. If you believe a child has provided us with personal data, please contact us immediately at info@giorizz.com so that we can take appropriate action.

12. Additional Information for United Kingdom Residents

If you are located in the United Kingdom, the following provisions apply in addition to the general terms of this policy:

  • Applicable law: your personal data is processed in accordance with the UK General Data Protection Regulation (UK GDPR) as incorporated by the Data Protection Act 2018.
  • Transfer mechanism: where your data is transferred outside the UK, we rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, as approved by the Information Commissioner’s Office (ICO).
  • Age of consent: the age of digital consent in the UK is 13 (not 16 as under EU GDPR).
  • Electronic marketing: we comply with the Privacy and Electronic Communications Regulations 2003 (PECR). Marketing communications require your prior consent. Existing customers may receive marketing about similar services under the “soft opt-in” exception, with an easy opt-out mechanism in every communication.
  • Supervisory authority: you may lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

13. Additional Information for United States Residents

If you are located in the United States, the following provisions apply. We apply the highest common standard across all US state privacy laws (currently benchmarked to California and Maryland).

13.1 California (CCPA/CPRA)

Under the California Consumer Privacy Act (Cal. Civ. Code 1798.100 et seq.) as amended by the California Privacy Rights Act, California residents have the right to:

  • Know what personal information we collect, use, disclose, and sell or share.
  • Delete personal information we hold about them, subject to legal exceptions.
  • Correct inaccurate personal information.
  • Opt out of the sale or sharing of personal information. GIORIZZ does not sell or share your personal information as defined under the CCPA/CPRA.
  • Limit the use of sensitive personal information. Precise geolocation data (pickup/drop-off addresses) constitutes Sensitive Personal Information under the CPRA. We process this data solely to fulfil bookings (a permitted business purpose). You may request that we limit its use to what is strictly necessary.
  • Non-discrimination for exercising privacy rights.

To exercise these rights, contact info@giorizz.com. We will verify your identity and respond within 45 days.

Global Privacy Control (GPC): we honour the Global Privacy Control browser signal as a valid opt-out of sale/sharing request pursuant to the CPRA.

13.2 Other US States

Residents of other US states with comprehensive privacy laws (including but not limited to Texas, Virginia, Colorado, Connecticut, Oregon, Maryland, and Minnesota) may exercise rights similar to those described above. We apply the California/Maryland standard — the most protective — to all US residents regardless of state.

13.3 SMS/Text Messages (TCPA)

Booking confirmations and service updates sent via SMS are transactional messages and are exempt from marketing consent requirements under the Telephone Consumer Protection Act (47 U.S.C. 227). We do not send marketing text messages without your express written consent. You may opt out of transactional SMS at any time by replying STOP.

13.4 Email (CAN-SPAM)

All marketing emails include a clear unsubscribe mechanism and our physical postal address, in compliance with the CAN-SPAM Act. Transactional emails (booking confirmations, receipts, service alerts) are exempt.

14. Additional Information for Swiss Residents

If you are located in Switzerland, the following provisions apply under the Federal Act on Data Protection (nFADP/DSG), in force since 1 September 2023:

  • Destination countries: your personal data may be transferred to the United States (Stripe, Supabase, Resend, Twilio, Vercel, Cloudflare). These transfers are protected by EU Standard Contractual Clauses with Swiss-specific modifications as recognised by the Federal Data Protection and Information Commissioner (FDPIC).
  • Individual liability: under the nFADP, fines of up to CHF 250,000 may be imposed on the individual responsible for a violation (not the company).
  • Supervisory authority: the Federal Data Protection and Information Commissioner (FDPIC) — edoeb.admin.ch.

15. Additional Information for Brazilian Residents

If you are located in Brazil, the following provisions apply under the Lei Geral de Proteção de Dados (LGPD, Lei 13.709/2018):

  • Rights: in addition to the rights listed in Section 8, Brazilian residents have the right to: receive information about public and private entities with which we share data; be informed about the possibility of denying consent and its consequences; and request anonymisation, blocking, or deletion of unnecessary or excessive data.
  • Transfer mechanism: where your data is transferred outside Brazil, we rely on ANPD Standard Contractual Clauses (in effect since August 2025).
  • Encarregado (DPO): for LGPD purposes, data protection enquiries may be directed to info@giorizz.com.
  • Supervisory authority: the Autoridade Nacional de Proteção de Dados (ANPD) — gov.br/anpd.

16. Additional Information for Gulf State Residents (UAE & Saudi Arabia)

16.1 United Arab Emirates

If you are located in the UAE, your data is processed in accordance with Federal Decree-Law No. 45/2021 (UAE Personal Data Protection Law):

  • Consent: consent is the primary lawful basis for processing under UAE PDPL. By using our Services and providing your personal data, you consent to its processing as described in this policy.
  • Children: processing of data of individuals under 18 requires explicit parental consent.
  • Data breach: we will notify the UAE Data Office within 72 hours of becoming aware of a personal data breach.
  • Free zones: where services are provided in connection with DIFC or ADGM entities, the respective free zone data protection regulations may apply in addition to federal law.

16.2 Saudi Arabia

If you are located in Saudi Arabia, your data is processed in accordance with the Personal Data Protection Law (Royal Decree M/19), in force since September 2024:

  • Sensitive personal information: under Saudi PDPL, location data (pickup/drop-off addresses) and financial data are classified as sensitive personal information requiring explicit consent for processing.
  • Data breach: we will notify the Saudi Data and Artificial Intelligence Authority (SDAIA) within 72 hours of becoming aware of a personal data breach.
  • Supervisory authority: the Saudi Data and Artificial Intelligence Authority (SDAIA).

17. Additional Information for Chauffeur Partners

If you are a chauffeur partner operating through the GIORIZZ platform, this section provides additional information about how we process your personal data. A dedicated Chauffeur Privacy Notice with further detail is available in the chauffeur portal.

17.1 GPS Location Tracking

During active rides, the GIORIZZ platform collects real-time GPS data (latitude, longitude, accuracy, heading, and speed) at approximately 30-second intervals. This data is used for:

  • Providing passengers with real-time ride tracking
  • Quality assurance and service verification
  • Dispute resolution (e.g., route deviation claims)
  • Safety monitoring

GPS data is retained for the duration of the active shift plus 30 days, after which it is deleted. GPS data is not collected when you are not on an active ride.

17.2 Italian Labour Law Compliance

For chauffeur partners operating in Italy, GPS tracking and performance monitoring are conducted in compliance with:

  • Article 4 of Law 300/1970 (Statuto dei Lavoratori), as amended by D.Lgs. 151/2015 (Italian Jobs Act), which regulates remote monitoring of workers and worker-related tools
  • Garante per la protezione dei dati personali guidelines on employee monitoring

The GPS system is classified as a “work tool” (strumento di lavoro) necessary for service delivery. Performance data (ratings, feedback) is used for quality assurance purposes and is accessible to the chauffeur partner through the chauffeur portal.

17.3 Chauffeur Data Rights

In addition to the general rights in Section 8, chauffeur partners may:

  • Access their GPS history, ratings, and earnings data through the chauffeur portal
  • Request correction of inaccurate profile or vehicle information
  • Request deletion of their account (subject to fiscal retention requirements for earnings records)

18. Additional Information for Agency Partners

If you are a B2B agency partner, this section provides additional information about data processing in the context of our commercial relationship.

  • Controller vs. Processor: GIORIZZ acts as the data controller for booking data and service delivery. For passenger personal data shared by the agency for the purpose of arranging services, the respective roles (joint controller or controller-to-controller transfer) are defined in the Data Processing Agreement (DPA) executed during onboarding.
  • KYB documents: company registration certificates and verification documents are stored securely in encrypted storage and retained for the duration of the partnership plus 5 years for AML/KYC compliance.
  • Banking data: IBAN and SWIFT/BIC details are used solely for invoice settlement and are stored with encryption at rest.
  • Credit facility data: credit limits, utilisation, and payment history are processed for the purpose of managing the credit relationship and are retained for the duration of the relationship plus the applicable fiscal retention period.
  • VIP passenger profiles: agencies may create VIP profiles for frequent travellers. These profiles are scoped exclusively to the creating agency (no cross-tenant access) and are the agency’s responsibility under the applicable DPA.
  • Data Processing Agreement: a separate DPA governs the handling of passenger personal data shared between GIORIZZ and the agency. The DPA is incorporated by reference into the Agency Terms & Conditions and must be accepted during onboarding.

19. Data Security

We implement appropriate technical and organisational measures to protect your personal data in accordance with Article 32 GDPR, including:

  • Encryption in transit: all data is transmitted over TLS 1.3.
  • Encryption at rest: database encryption managed by Supabase (AWS). Sensitive fields (e.g., passport numbers in VIP profiles) are additionally encrypted at the application level.
  • Row-level security (RLS): database tables enforce tenant isolation, ensuring that agencies, chauffeurs, and customers can access only their own data.
  • Cryptographically secure tokens: all OTP codes, session tokens, and authentication secrets are generated using cryptographically secure random number generators. OTP codes are stored as SHA-256 hashes, never in plaintext.
  • Access controls: principle of least privilege enforced across all system components. Administrative functions require multi-step authentication.
  • Input validation: all data-accepting endpoints validate input against strict schemas to prevent injection attacks.
  • Security headers: X-Frame-Options (DENY), HSTS, X-Content-Type-Options (nosniff), and restrictive Permissions-Policy headers are enforced.
  • Bot protection: Cloudflare Turnstile CAPTCHA protects authentication endpoints from automated attacks.
  • Regular review: security practices are reviewed regularly, and vulnerabilities reported to info@giorizz.com are triaged promptly.

No system is 100% secure. If you become aware of a security vulnerability affecting our platform, please report it responsibly to info@giorizz.com.

20. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

  • Material changes: we will notify you at least 30 days in advance via email or a prominent notice on our platform before material changes take effect.
  • Non-material changes: minor clarifications or formatting updates will be reflected in the “Last updated” date without prior notification.

We encourage you to review this policy periodically. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.

21. Contact

For questions or requests related to this Privacy Policy or the processing of your personal data:

Supervisory authorities:

  • Italy: Garante per la protezione dei dati personali — garanteprivacy.it
  • UK: Information Commissioner’s Office (ICO) — ico.org.uk
  • Switzerland: FDPIC — edoeb.admin.ch
  • Brazil: ANPD — gov.br/anpd
  • Other jurisdictions: contact your local data protection authority.