Privacy Notice
Volvo Penta Technical Manual Research Assistant · version 2026-06-17 · last updated 18 June 2026.
This notice explains what personal data this tool collects about you, why, for how long, and the rights you have. It is written to meet the EU GDPR, the UK GDPR and the Brazilian LGPD.
1. Who is responsible (controller)
The data controller is engnata.eu, the operator of this tool. For any privacy request or question, contact alexandre.rosa@volvo.com.
2. What we collect
| Data | Why |
|---|---|
| Name, e-mail, company | Identify you and manage access approval. |
| Password | Authenticate you. Stored only as a salted PBKDF2-SHA256 hash — never in plain text and never visible to anyone. |
| Login timestamps; account status | Operate and secure your account. |
| Session records: truncated IP (network only, e.g. 203.0.113.0) and browser type | Keep you signed in and detect abuse. The IP is anonymised, not stored in full. |
| Search history (terms, result count, time, truncated IP) | Operate the service and basic auditing. |
| Consent record (date + notice version) | Evidence that you accepted this notice. |
We do not use advertising, profiling, tracking cookies, or third-party analytics. The only cookie is one strictly-necessary session cookie that keeps you logged in.
3. Legal basis
We process your data on the basis of (a) your consent, which you give when you register and accept this notice, and (b) our legitimate interest in operating a small technical-documentation search tool that the controller uses — and shares with a limited number of authorised colleagues — to locate Volvo Penta technical documentation in support of customer needs. Where we rely on consent, you may withdraw it at any time (see your rights below).
4. Where it is stored
Data is stored on a private virtual server provided by Hostinger, located in Germany (Frankfurt), in the European Union, over an encrypted (HTTPS) connection. Access is restricted to approved accounts; administrative access is limited to the tool's administrators.
5. How long we keep it
| Data | Retention |
|---|---|
| Account profile (name, e-mail, company) | Until you delete your account (or an administrator removes it). |
| Search history | 90 days, then automatically deleted. |
| Account/security events | 12 months, then automatically deleted. |
| Expired login sessions | 30 days, then automatically deleted. |
| Inactive accounts | Flagged for review after 24 months without login. |
A background job runs daily to enforce these limits.
6. Your rights
Under the GDPR/UK GDPR/LGPD you can: access your data, correct it, delete it, receive a portable copy, object to or restrict processing, and withdraw consent. You can exercise the main ones yourself on the My data page (export a copy, change your password, delete your account), or contact alexandre.rosa@volvo.com for anything else.
You also have the right to lodge a complaint with your national data-protection authority, for example:
- Brazil — ANPD (Autoridade Nacional de Proteção de Dados)
- Italy — Garante per la protezione dei dati personali
- United Kingdom — ICO (Information Commissioner's Office)
- Sweden — IMY (Integritetsskyddsmyndigheten)
- Norway — Datatilsynet
7. Security
Passwords are salted and hashed (PBKDF2-SHA256, 260,000 iterations); session and approval tokens are stored hashed; connections use HTTPS; IP addresses are anonymised; and access requires an approved account.
8. Changes
If this notice changes materially, the version above is updated and you may be asked to accept the new version.