PRIVACY POLICY

Version: 1.0

Valid from: 1 July 2021

This Privacy Policy provides information on how, where and why we process which personal data, in particular in relation to our NoZero.io website and our other services. It also provides information on the rights of the individuals whose data we process.

Special, supplementary or additional privacy policies may apply to individual or additional products and services, as well as other legal documents such as general terms and conditions, terms of use or conditions of participation.

Our services are subject to Italian data protection law and any applicable foreign data protection law, such as, in particular, European Union (EU) laws, including the General Data Protection Regulation (GDPR). The European Commission recognizes that Italian data protection law guarantees an adequate level of data protection.

1. CONTACT ADDRESSES

Owner of the processing of personal data:

NoZero s.r.l.

info@nozero.io

We will clarify whether other entities are responsible for the processing of personal data in individual cases.

1.1 RESPONSIBLE FOR DATA PROTECTION

We have the following data protection officer as a contact point for data subjects and supervisory authorities making inquiries in relation to data protection:

Francesca Romana Brussani

c/o NoZero srl

francesca@nozero.io

+39 3516666613

1.2 REPRESENTATIVE FOR DATA PROTECTION IN THE EUROPEAN ECONOMIC AREA (EEA)

Pursuant to Article 27 GDPR, we have the following data protection representative in the European Economic Area (EEA), which includes the EU and the Principality of Liechtenstein, Iceland and Norway, as an additional contact point for supervisory authorities and interested parties making requests in relation to the GDPR:

The Data Protection Officer (DPO) can be reached at the following address: Guarantor for the protection of personal data – Responsible for the protection of personal data, Piazza Venezia 11, 00187, Rome, IT

email: rpd@gpdp.it.

2. TREATMENT OF PERSONAL DATA

2.1 DEFINITIONS

Personal data means all information relating to an identified or identifiable person. A data subject is a person whose data is being processed. By treatment we mean any operation concerning personal data, regardless of the means and procedures applied, and in particular the conservation, communication, acquisition, collection, cancellation, conservation, alteration, destruction and use of personal data.

The European Economic Area (EEA) comprises the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) defines personal data processing as the processing of personal data relating to a particular natural person.

2.2 LEGAL BASES

We process personal data in compliance with the Italian data protection law, including in particular the consolidated privacy code and GDPR

If and to the extent that the GDPR is applicable, we process personal data on at least one of the following legal bases:

Article 6 (1) (b) GDPR in which the processing of personal data is necessary to execute a contract with the data subject and to take action before entering into a contract.

Article 6 (1) (f) GDPR where the processing of personal data is necessary to safeguard our legitimate interests or those of third parties, insofar as these interests are not overridden by the fundamental rights and freedoms and interests of the data subject. Legitimate interests are, in particular, our interest in providing our services in a long-term and user-friendly, safe and reliable manner, as well as in advertising such services if necessary; information security and protection against misuse and unauthorized use; exercise of their legal rights; and compliance with Swiss law.

Article 6 (1) (c) GDPR where the processing of personal data is necessary to comply with a legal obligation to which we are subject under any applicable law of the member states of the EEA.

Article 6 (1) (e) GDPR when the processing of personal data is necessary to perform an activity carried out in the public interest.

Article 6 (1) (a) GDPR for the processing of personal data provided with the consent of the interested party.

Article 6 (1) (d) GDPR when the processing of personal data is necessary to protect the vital interests of the data subject or another natural person.

2.3 NATURE, PURPOSE AND PURPOSE

We process the personal data necessary to provide our services in the long term and in an intuitive, secure and reliable way. Such personal data may fall into the following categories: personal and contact data, browser and device data, content data, license data, metadata or peripheral data and usage data, location or sales data, contractual data and payment.

We process personal data for the period necessary for the relevant purpose or purposes or required by law. Personal data that no longer needs to be processed are anonymised or deleted. Data subjects whose data we process in general have the right to erasure.

In principle, we process personal data only after obtaining the consent of the data subject, unless the processing is permitted for other legal reasons, such as the execution of a contract with the data subject and the taking of measures before to enter into a contract, to safeguard our overriding legitimate interests; because the treatment is evident from the circumstances; or based on previous information.

In this framework we process in particular the information that data subjects voluntarily transmit to us and themselves when establishing contact with us, for example by letter, e-mail, contact form, social media or telephone, or when registering for a user account. We may store this information, for example, in an address book or using similar means. If you transmit personal data to us via third parties, you are obliged to ensure data protection vis-à-vis such third parties and to ensure the correctness of such personal data.

2.4 TREATMENT OF PERSONAL DATA BY THIRD PARTIES, IN ITALY OR ABROAD

We may have personal data processed by commissioned third parties or processed together with third parties or with the help of third parties, as well as pass this data on to third parties. These third parties are, in particular, the suppliers whose services we use. Should we use such third parties, we will ensure an adequate level of data protection.

These third parties are, in principle, located in Italy and the EEA. However, these third parties may also be located in other states and territories of the world or elsewhere in the universe, provided that, based on the adequacy decision of the Data Protection Officer (DPO) and information and – if and to the extent that the GDPR is applicable – according to the adequacy decision of the European Commission, their data protection law ensures adequate data protection or if, for other reasons, as a corresponding contractual agreement, in particular based on standard contractual clauses, or a corresponding certification, adequate data protection is ensured. In exceptional cases, such a third party may be in a country without adequate data protection, provided that the prerequisites of the data protection law, such as the explicit consent of the data subject, are met.

3. RIGHTS OF THE INTERESTED PARTIES

Italian data protection law grants specific rights to data subjects whose personal data is being processed. These include the right to information and the right to rectify, delete or block the personal data processed.

Data subjects whose personal data we process may – if and to the extent that the GDPR is applicable – request, free of charge, confirmation that we are processing their personal data and, if so, information on the processing of their personal data; limit the processing of their personal data; exercise the right to data portability; and exercise their right of rectification, cancellation (“right to be forgotten”), blocking or completion of their personal data.

Data subjects whose personal data we process may, if and to the extent that the GDPR is applicable, withdraw any consent with effect for the future and object to the processing of their personal data at any time.

Data subjects whose personal data we process have the right to lodge a complaint with a responsible supervisory authority. The supervisory authority for data protection in Italy is the Data Controller is the Guarantor and the person responsible for the protection of personal data (RPD)

4. DATA SECURITY

We take adequate and appropriate technical and organizational measures to ensure data protection and, in particular, data security. However, despite these measures, security gaps can still exist when personal data is processed on the Internet. We cannot therefore guarantee the absolute security of the data.

Access to our online services is done via transport encryption (SSL / TLS, in particular using Hypertext Transfer Protocol Secure or HTTPS for short). Most browsers identify transport encryption with a padlock in the address bar.

Access to our online services is, as essentially happens with all uses of the Internet, subject to mass surveillance, even in the absence of specific reasons or suspicions, and to other surveillance by security agencies in Italy, EU, United States), and other states. We have no direct influence on the related processing of personal data by secret services, police authorities and other security agencies.

5. USE OF THE WEBSITE

5.1 COOKIES

We may use cookies for our website. Cookies – our cookies (first-party cookies) and also the third-party cookies whose services we use (third-party cookies) – are data stored in your browser. Such stored data should not be limited to traditional cookies in the form of text. Cookies cannot run programs or transmit malware such as Trojans and viruses.

When you visit our website, cookies may be stored temporarily in your browser as “session cookies” or for a predefined period of time as “persistent cookies”. Session cookies are automatically deleted when you close your browser. Persistent cookies are stored for a certain duration. Persistent cookies make it possible in particular to recognize your browser on the next visit to our website and thus, for example, to measure the reach of the website. However, persistent cookies can also be used for purposes such as online marketing.

You can disable or delete cookies in whole or in part at any time by changing your browser settings. However, without cookies it may no longer be possible to use our website to its full extent. If and to the extent necessary, we will actively ask you to provide your express consent to the use of cookies.

Where cookies are used to measure success and reach or for advertising, it is possible to make a general objection (“opt-out”) for many services through the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

5.2 SERVER LOG FILES

Whenever you visit our website, we are able to record the following information to the extent that your browser transmits it to our server infrastructure or our web server is able to identify it: date and time including time zone; IP address (Internet protocol); access status (HTTP status code); operating system including user interface and version; browser including language and version; the sub-pages of our website that you accessed, including the volume of data transmitted; and the last web page visited in the same browser window (referrer).

We store this information, which may also be personal data, in the server log files. The information is necessary to provide our online services long-term and in an easy-to-use and reliable form, as well as to ensure data security and thus in particular the protection of personal data, also by third parties or with the help of third parties.

6. NOTIFICATIONS AND ANNOUNCEMENTS

We send notifications and announcements as e-mail newsletters and via other communication channels such as instant messaging.

6.1 MEASUREMENT OF SUCCESS AND REACH

Notifications and advertisements may contain web links or tracking pixels that record whether the specific notification has been opened and which web links have been clicked. Such web links and tracking pixels may also record the use of notifications and advertisements by specific data subjects. We need this statistical record of use for the purpose of measuring success and reach, which in turn is intended to ensure that notifications and announcements are based on recipients’ needs and reading habits and therefore effective and effective. easy to use, as well as to be able to offer notifications and announcements long-term and securely and reliably.

6.2 CONSENT AND OBJECTION

In principle, you must expressly consent to the use of your e-mail address and other contact addresses, unless such use is permitted for other reasons legal. Where possible, we use the “double opt-in” procedure to obtain consent to receive e-mails. In other words, you receive an email with a web link that you must click as confirmation and to make sure that no unauthorized third party can abuse your personal data. Such consents, including the IP address and the date and time, may be recorded as evidence and for security reasons.

In principle, you can unsubscribe from notifications and announcements such as newsletters at any time. This may exclude notifications and announcements that are absolutely essential for our services. When you unsubscribe you can, in particular, object to the statistical recording of usage for the purpose of measuring success and reach.

6.3 USE OF SERVICE PROVIDERS FOR SENDING NOTIFICATIONS AND ANNOUNCEMENTS

We use third party services or rely on the support of service providers to deliver notifications and announcements. This may also involve the use of cookies. We ensure an adequate level of data protection when using these services.

We use in particular:

Mailchimp: communication platform; Vendor: Mailchimp, Inc .; data protection information: Privacy Policy; GDPR compliance and EU data protection.

7. SOCIAL MEDIA

We are present on social media platforms and other online platforms so that we can communicate with interested parties and provide information about our services. The personal data generated in this context can also be processed outside Italy and the EEA.

In any case, the general terms and conditions, the terms of use and the privacy policies and other terms and conditions of the relevant operators of these online platforms will also apply. These terms provide specific information on the rights of data subjects, including in particular the right to information.

8. MEASUREMENT OF SUCCESS AND FLOW GOOGLE STATISTICS

We use Google Analytics to analyze how our website is used, which also allows us, for example, to measure its reach and the success of third-party links to our website. This is a service of Google LLC in the United States. Google Ireland Limited, based in Ireland, is responsible for users in the EEA and Italy.

Google also attempts to log individual visitors to our website who use multiple browsers or devices (cross-device tracking). This also involves the use of cookies. Google Analytics requires your IP address; however this information is kept separate from other Google data.

In all cases we have your anonymized IP address before it is analyzed by Google. This means that your full IP address is in principle not transmitted to Google in the USA.

For more information on the nature, scope and purpose of data processing, see Google’s privacy and security principles and its Privacy Policy, its Google Product Privacy Guide (including Google Analytics), information on how Google uses information from sites or apps that use its services and information on how Google uses cookies. Furthermore, you have the possibility to use the browser add-on for the deactivation of Google Analytics and to object to personalized advertising.

9. THIRD PARTY SERVICES

We use third party services so that we can provide our services in a long-term and intuitive, secure and reliable way. These services also allow us to embed content on our website. These services, such as hosting and storage services, video services and payment services, require your IP address as otherwise they would not be able to transmit the related content. These services may be located outside of Italy and the EEA, provided that adequate data protection is guaranteed.

The third parties whose services we use may also process data relating to our services and from other sources, including cookies, log files and tracking pixels, in an aggregate, anonymous or pseudonymised manner for their own security, statistical and technical purposes.

9.1 DIGITAL INFRASTRUCTURE

We use third party services to access the digital infrastructure necessary for our services. These include in particular hosting and storage services from specialized providers.

We use in particular:

DigitalOcean: hosting; supplier: digitalocean.com, Inc. (USA); data protection information: Privacy Policy, Cookie Policy.

Cloudflare: content distribution network (CDN); provider: Cloudflare, Inc. (USA); data protection information: Privacy Policy, Cookie Policy.

9.2 FONT

We use Google Fonts to embed selected fonts on our website. No cookies are used in this regard. This is a service of Google LLC in the United States, provided independently of other Google services. Google Ireland Limited, based in Ireland, is responsible for users in the EEA and Italy. For more information on the nature, scope and purpose of data processing, see Google’s privacy and security principles and its Privacy Policy.

10. EXTENSIONS FOR THE SITE

We may use Google re CAPTCHA to protect input forms from bots and spam, reliably facilitating people’s inputs. This also involves the use of cookies. This is a service of Google LLC in the United States. Google Ireland Limited, based in Ireland, is responsible for users in the EEA and Italy. For more information on the nature, scope and purpose of data processing, see Google’s privacy and security principles and its Privacy Policy, as well as information on how Google uses cookies.

10. FINAL PROVISIONS

We may amend and add to this Privacy Policy at any time. We will provide notification of such changes and additions in an appropriate form, in particular by posting the latest version of the Privacy Policy on our website.