Skip to main content

Privacy Policy

Last updated: 24/12/2025

1. Introduction

The purpose of this document is to inform the natural person (hereinafter the "Data Subject") about the processing of their personal data ("Personal Data") collected by the data controller, Nesso Labs srl, with registered office at Via Carlo Cattaneo 3, 25121 Brescia, VAT no. 04754860981, e-mail: [email protected] (hereinafter the "Controller"), through the Nesso Digitale website and application (hereinafter the "Application").

Amendments and updates to this policy are binding as soon as they are published on the Application. Should the Data Subject not accept the changes, they must stop using the Application and may request the deletion of their Personal Data.

2. Categories of Personal Data processed

2.1. Data provided voluntarily by the Data Subject

  • Contact data: first name, last name, address, e-mail, telephone, images, authentication credentials and other information provided voluntarily.
  • Tax and payment data: tax code, VAT number, credit card details, bank account details.

2.2. Data collected automatically

  • Technical data: information about devices, IP addresses, browser type and Internet provider.
  • Browsing data: pages visited, clicks, actions taken, session duration.

Failure to provide mandatory Personal Data will make it impossible to establish or continue the contractual relationship.

3. Cookies and similar technologies

The Application uses cookies, web beacons and similar technologies to collect information about the actions taken by the Data Subject during use. The full Cookie Policy is available on the Cookie Policy page

4. Legal basis and purposes of processing

4.1. Performance of the contract

  1. Fulfilment of pre-contractual or contractual obligations.
  2. Registration and authentication of the Data Subject.
  3. Support and contact with the Data Subject.
  4. Payment management.

4.2. Legal obligation

Fulfilment of fiscal, tax or other legal obligations.

4.3. Legitimate interest of the Controller

  1. E-mail marketing for similar products or services.
  2. Management and monitoring of the technical infrastructure.
  3. Security and fraud prevention.
  4. Statistical analysis on aggregated and anonymous data.

4.4. Consent of the Data Subject

  1. Retargeting and remarketing.
  2. Marketing activities and promotional communications.

Personal Data may also be used for the legal defence of the Controller.

5. Methods of processing and recipients

Processing is carried out using paper and electronic tools, according to logic linked to the stated purposes and with adequate security measures.

Personal Data is processed by:

  • persons authorised by the Controller and bound by confidentiality obligations;
  • external parties appointed as data processors (e.g. consultants, service providers, hosting providers);
  • public bodies or competent authorities in the cases provided for by law.

No indiscriminate dissemination of Personal Data takes place.

6. Place of processing

Personal Data may be transferred outside the European Economic Area (EEA). In such cases, the Controller guarantees adequate levels of protection through standard contractual clauses approved by the European Commission.

Requests for information can be sent to: [email protected].

7. Retention period

  • Data for contractual purposes: up to 10 years from the end of the relationship.
  • Data for legitimate interest: until the interest has been fulfilled.
  • Data for legal obligations: in accordance with the applicable statutory time limits.
  • Data processed on consent: until consent is withdrawn.

At the end of the retention periods, Personal Data will be deleted or made anonymous.

8. Rights of the Data Subject

The Data Subject may exercise the following rights:

  • access, rectification and erasure of Personal Data;
  • restriction of and objection to processing;
  • data portability;
  • withdrawal of consent;
  • complaint to the supervisory authority or legal action before the courts.

Requests should be sent to [email protected] and will be handled within 30 days.