Privacy Policy

The following privacy policy (“Policy”) is provided in compliance with Article 13 of Regulation (EU) no. 2016/679 (General Data Protection Regulation or “GDPR”), from Now4real S.r.l. (“N4R”, “we”, “us”, “Company” or “Controller”), as data controller, to the user (“User” or “you”) of the now4real.com website (“Website”) and of the Now4real services (“Services” or “Service”). 

By Services we mean the functionalities offered through the N4R Widgets that are hosted by third-party websites owned by our clients (“Publishers”), which allow Users – who undertook the signing-in process – to take part in chats and/or see counters, maps, and rankings of other Users’ presence on the relevant websites. For the detailed description of the Services, you could make reference to the User’s Terms of Service (https://now4real.com/terms), governing the relationship between the Controller and the User.

Please note that the Publisher’s website hosting N4R Widgets acquires, during the normal course of its operation, certain data regarding the User whose transmission is implicit in the use of internet communication protocols of the Publisher’s website. The Company is not involved in said processing operations. N4R is not involved, additionally, in all the data processing activities carried out by the Publisher, as data controller, in connection with its own website (e.g. e-commerce activities, profiling activities). Therefore, the User should also refer to the privacy policies made available by the Publishers.

If you require any further information or have any questions about our Policy, please feel free to contact us by email at info@now4real.com.

1. What Personal Data We Collect and Why. Legal Basis of the Processing and Legitimate Interests

1.1. When You Navigate Our Website or Use Our Services

Through the Website and our Services we collect some data, which are stored in server log files, including the IP address of the User, the browser type and version, the operating system, the referrer and any data that the User’s browser sends as part of the navigation activity on the Website or as part of the requests it makes to our web servers. These data are needed to deliver the content of the Website or the Services correctly, to provide law enforcement authorities with the necessary information in case of a cyber-attack, and to perform anonymous statistical analyses.

The User’s consent to the processing of data for such purposes is not required, processing being necessary to pursue the legitimate interests of the Controller, pursuant to Article 6, first paragraph, letter f) of the GDPR, and to comply with the legal obligations imposed on the Controller pursuant to Article 6, first paragraph, letter c) of the GDPR.

1.2. When You Contact Us

If a User contacts N4R via email or via a contact form, the personal data transmitted by the User on a voluntary basis are automatically stored and used for providing answers to the User and for any subsequent communication.

The User’s consent to the processing of data for such purpose is not required, processing being necessary for the performance of the agreement to which the User is a party or in order to take steps at the request of the same prior to entering into the agreement, pursuant to Article 6, first paragraph, letter b) of the GDPR.

1.3. When You Subscribe to Our Newsletter

On the Website, Users may be given the opportunity to subscribe to our newsletter to stay informed about news and updates regarding N4R. As part of the subscription process, an email will be sent to the registered email address to confirm the subscription, following a double opt-in procedure. The personal data collected when subscribing to the newsletter includes the User’s email address, first name (optional), last name (optional), and IP address.

The newsletter contains tracking pixels, which are small graphics embedded in the emails. These tracking pixels allow us to conduct statistical analysis on the success of our marketing campaigns by enabling us to see when an email was opened by a User and which links were clicked. This data is processed to help us improve our communication and tailor future newsletters to User preferences.

Users can unsubscribe from our newsletter at any time by following the link provided in each newsletter. It is also possible to withdraw consent or raise objections to receiving further communications by contacting N4R via email or registered mail.

The processing of your personal data for this purpose is based on your consent, in accordance with Article 6, paragraph 1, letter (a) of the GDPR. You may withdraw your consent at any time, and this will not affect the lawfulness of processing based on consent before its withdrawal.

1.4. When You Register for Our Forum

The Website offers a discussion forum where registered Users can participate and post public messages. To complete the registration process, an email will be sent to the User’s email address as part of a double opt-in procedure to confirm the registration. The personal data collected during registration includes the User’s email address, chosen username, and password, and IP address. Users may provide additional personal data voluntarily by filling out their public user profile on the forum, but such data is not mandatory to use the forum.

Please note that any information you choose to disclose in the forum becomes public information. We strongly advise caution when sharing personal details, as we are not responsible for how others may use the information you choose to post.

The processing of your data for participation in the forum is based on your consent, in accordance with Article 6, paragraph 1, letter (a) of the GDPR. You may withdraw your consent at any time; however, this will not affect the lawfulness of processing based on consent before its withdrawal.

1.5. When You Use the Services

When you use the Now4real Service on any website, you may use it either anonymously (without signing in) or after signing in.

In both cases, your presence on the website will have the effect of incrementing some global counters, which are absolutely anonymous, for the purpose of providing real-time analytics to Users and Publishers. We might display a world map, where we color each country based on the percentage of Users whose IP addresses seem to be assigned to that country. We do not attempt any geolocation below the country level.

In both cases, we never track your navigation within websites and across websites, and we never store information about the websites and the pages you visit.

1.6. If You Use the Services Anonymously

If you don’t sign in, you are using the Services anonymously. Depending on the Publisher’s configuration, this might prevent use of some parts of the Services. In any case, no personal data are processed if you are using the Services anonymously, apart from the data outlined above (IP address and browser information).

1.7. If You Sign into the Services via Social Login or Email Login

We use social login to allow you to sign in without having to create an account with us, and use our Services. You choose an authentication provider among Google, Facebook, X, and LinkedIn and authorize N4R to get some basic information from your social profile:

• Name
• Picture
• Email address

You can find more details of the data fields we get from each social network at https://now4real.com/privacy-details/#fields.

These data are stored on our systems to make sure we can associate your identity to the messages you publish in a chat. We do not store or log any other fields from the social networks.

As an alternative to social login, you can sign in to our Services via email login. We will verify you are the owner of the provided email address by sending you a unique code to that address. Then, you will be requested to enter a display name. On the email login page, we use Google reCAPTCHA V2 to prevent automated spamming and service abuse. Google reCAPTCHA is confined to a page served from our own domain and Google does not know what site you are actually visiting.

When you sign in via social login or email login, you may stay signed into the N4R Services on some of the websites that integrate the N4R Services. For example, you might sign into N4R on site www.site1.com. Then, you navigate to www.site2.com and you may find yourself already signed into N4R. You can sign out at any time by using the proper menu or button in the N4R Widget. You can also remove the authorization you gave N4R on your social network, by visiting the privacy section of your social network, looking for Now4real, and deauthorizing it.

The User’s consent to the processing of data for said authentication process is not required, processing being necessary for the performance of the agreement to which the User is a party or in order to take steps at the request of the same prior to entering into the agreement, pursuant to Article 6, first paragraph, letter b) of the GDPR.

1.8. If You Sign into the Services via Publisher’s Website Login

The Publisher might choose to disable social login and email login, and use the login available on its website instead. In this case, by signing into the Publisher’s website, you are automatically signed into the Services too, but only on that website. The authentication provider is the Publisher and you authorize N4R to get some basic information from your profile on the Publisher’s website:

• Name
• Picture

You can find more details of these data fields at https://now4real.com/privacy-details/#fields-custom-auth.

These data are stored on our systems to make sure we can associate your identity to the messages you publish in a chat. We do not store or log any other fields from your profile.

You can sign out of Now4real at any time by signing out of the Publisher’s website.

The User’s consent to the processing of data for said authentication process is not required, processing being necessary for the performance of the agreement to which the User is a party or in order to take steps at the request of the same prior to entering into the agreement, pursuant to Article 6, first paragraph, letter b) of the GDPR.

1.9. If You Sign into the Services with No Registration

The Publisher might choose to disable all the login forms and allow users to post chat messages with no registration, by simply choosing a nickname.

You can find more details of these data fields at https://now4real.com/privacy-details/#fields-custom-auth.

The chosen nickname will be valid only on the current website and will not be used for other websites. You can sign out at any time by using the proper menu or button in the N4R Widget.

The User’s consent to the processing of data for said process is not required, processing being necessary for the performance of the agreement to which the User is a party or in order to take steps at the request of the same prior to entering into the agreement, pursuant to Article 6, first paragraph, letter b) of the GDPR.

1.10. Publication of Chat Messages

Even if you signed in, nobody can know you are viewing a certain page of a website until you voluntarily publish a chat message on that page. Please be aware that the N4R chats may be public, depending on the Publisher’s configuration, so that anybody who is viewing a page may see all the chat messages that are published on that page or on that site.

When you publish a chat message, such message may be publicly displayed together with your name and picture. Your name and picture are the ones linked with the social network account used for signing into the Services in case of social login, with the profile you submitted in case of email login, or with the profile on the Publisher’s website in case of Publisher’s website login. Your email address is never displayed nor shared with the Publisher and is always kept confidential.

Please note that chat messages, your name and picture – which are published on a given website and hence are public by their nature – may remain publicly visible: i) to anybody visiting a page or a site, up to 1 month after the message is published, ii) to the owner of that specific website (the Publisher), up to 12 months after the message is published.

In this context, the Publisher could use such information only for the same purposes and with the same means applicable with respect to information generally made available publicly on the Internet by anybody. As such, it will operate as autonomous data controller and comply with the relevant obligations vested upon it, including the ones related to the provision of its specific data protection notice and the related requests of consent, in all applicable cases. 

As a consequence, the Publisher, for example, is not allowed to send you marketing or promotional communication pursuant to the present information notice, but can provide you with a separate and specific information notice and request you a specific consent to that purpose. 

Please also note that chat messages may include personal data, including special categories of data that may be inferred by the relevant contents of the messages and comments manifestly made public by the User, such as data revealing political opinions, religious or philosophical beliefs, data concerning health, sex life or sexual orientation.

We store all the chat messages in our databases.

You can find a detailed list of the data fields we store for each chat message, as well as their visibility level at https://now4real.com/privacy-details/#visibility.

The User’s consent to the processing of data for the publication of chat messages is not required, processing being necessary for the performance of the agreement to which the User is a party or in order to take steps at the request of the same prior to entering into the agreement, pursuant to Article 6, first paragraph, letter b) of the GDPR. To the extent that special categories of data could be inferred from the contents of messages and comments, the User’s consent is not required as processing relates to personal data which are manifestly made public by the data subject, under Article 9, second paragraph, letter e) of the GDPR.

1.11. Use of Your Email Address

N4R uses your email address, obtained from the social network in case of social login, or directly from you in case of email login, only for contacting you if we have any important notification regarding the Service. Your email address is not shared with third parties and we will not use it to send you unsolicited advertising.

The User’s consent to the processing of data for such purposes is not required, processing being necessary to pursue the legitimate interests of the Controller, pursuant to Article 6, first paragraph, letter f) of the GDPR, and to comply with its contractual obligations pursuant to Article 6, first paragraph, letter b) of the GDPR.

2. Nature of the Provision of Data

The provision of your personal data for the purposes under points 1.1, 1.2, 1.7, 1.8, 1.9, 1.10, 1.11 is optional, but necessary to comply with legal and contractual obligations, or necessary to pursue the legitimate interest of the Controller set out above. In all these cases, failure to provide the data will prevent the Controller from establishing a contractual relationship with the User and offer the relevant Services.

The provision of data for the purposes under points 1.3 and 1.4 is optional, and failure to provide the personal data at issue and/or refusal of consent to their processing will prevent the Company from carrying out the activities indicated under the information notice.

3. Data Retention

With reference to the purposes under points 1.1, 1.7, 1.8, 1.9, 1.11, data will be stored as far as the agreement between the Controller and the User is in force, and subsequently for a maximum period of time equal to the limitation period of the rights enforceable by the Company as established by law, applicable from time to time.

With reference to the purpose under 1.3 and 1.4, processing activities will be carried out – and the relevant data stored – for a period of time equal to 24 months after termination of the agreement, or upon the User’s objection, if earlier.

With reference to the purpose under 1.10, the chat messages, the name and picture of the user will be made visible – and the relevant data stored by N4R – to: i) anybody visiting the webpage or website for a limited period of time (maximum 1 month), ii) to the Publisher of the specific website where the message is published with a maximum time span of 12 months on a rolling basis.

Chat messages, chat logs and IP addresses, in any case, will be stored for a maximum of 12 months from their collection for purposes of detecting and prosecuting criminal offenses and will be made available to public authorities pursuant to applicable rules.

4. How We Process Personal Data

The Controller will process the personal data provided by Users with the strictest confidentiality and protection, also ensuring that appropriate security measures, of both technical and organizational nature, will be taken aimed at preventing access, disclosure, accidental or improper alteration, unauthorized loss or destruction of personal data. Personal data may be processed by the Controller in manual, paper or electronic form. 

Our IT infrastructure is based on cloud services provided by third-party companies, which act as data processors on behalf of N4R. Such data processors are all GDPR compliant and the data centers we use are all located in the European Union

The Website and the Service are protected via encrypted TLS connections.

5. Categories of Recipients

User’s personal data may be made accessible, disclosed or communicated to the following subjects that will be appointed by the Controller, depending on the cases, as processors or persons authorized to process, or will act as autonomous data controllers:

• public or private entities, natural persons or legal entities, to whom or which the Controller may resort to carry out the activities instrumental to achieving the above-mentioned purposes or to whom or which the Controller is statutorily or contractually required to disclose the data;

• the Publishers.

In this context, N4R may disclose personal data of the Users to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend its legal rights.

Please be aware that, in addition to the above, all the information you disclose through our public online chats may be collected and used by other Users.

6. Transfer of Data to Third Countries

No data is communicated to data processors in countries outside the European Union.

7. Data Controller. Data Processors

The data controller is Now4real S.r.l., with a registered office in Viale Andrea Doria No. 7, 20124 Milan (Italy). The updated list of data processors can be requested by writing to the email address info@now4real.com.

8. Rights of the Data Subject

As a data subject, the User is entitled to request from the Controller, also through the email addresses info@now4real.com or now4real@legalmail.it (certified email – PEC): access to his/her personal data, and their rectification or erasure or restriction of processing or to object to their processing, as well as to the right of data portability. Should the User’s consent be required for the personal data processing, the User has as well the right to withdraw at any time the consent already given, without affecting the lawfulness of processing based on consent before its withdrawal. Furthermore, the User is entitled to lodge a complaint with the Data Protection Authority according to the modalities specified in the website of the latter, accessible at the address www.garanteprivacy.it, if he/she considers that his/her rights under the legislation in force on personal data protection have been infringed.

You can find more details on your rights at https://now4real.com/privacy-details/#rights.

Please remember that Publishers act as autonomous data controllers, so you should contact them too to exercise your rights.

Cookie Policy

Cookies and other storage techniques (such as LocalStorage, IndexedDB, etc.) enable the website you visit to store information on your browsing device (e.g., computer, smartphone, tablet) to support various website features.

Cookies are small text files sent from the website to your device during your visit. These files are stored and then sent back to the website on subsequent visits. LocalStorage, on the other hand, is a storage mechanism built into web browsers that retains data on your device. Unlike cookies, data stored in LocalStorage is not automatically sent to the website’s server and only transfers when done manually.

Cookies and other storage techniques serve different purposes, including:

• Technical: Necessary for managing your navigation through the website or application, or for keeping you logged in. Blocking these may cause some parts of the website or application to malfunction.
• Profiling: Used to track user activity online, often for marketing and advertising purposes. We do not use profiling cookies at all.

Cookies and LocalStorage may be set by this Website or Service (“first-party cookies”) or by other websites whose content appears on the page you are viewing (“third-party cookies”).

Use of Cookies by the Website

We use cookies to provide you with the best browsing experience on our Website. In particular, we use technical cookies to ensure the proper operation of the Website, including anonymized analytics cookies (by third-party vendors) to record statistics on the site navigation. No profiling cookies are set by the Website.

First-Party Cookies

flarum_session, flarum_remember

These cookies are used by the discussion forum to manage user sessions and maintain login status, ensuring that users stay logged in and can interact seamlessly with the forum.

Cognito Identity Service Provider

Our clients (Publishers) need to log into the Dashboard section of the Website to manage their account. Technical data is stored in the LocalStorage to manage users’ authentication through a service called Cognito Identity Service Provider.

Third-Party Cookies

Chargebee

Chargebee is the billing platform we use to manage subscriptions to our services by our clients (Publishers) within the Dashboard section of the Website. Chargebee is delivered as SaaS (Software-as-a-Service) and is operated by CHARGEBEE INC. Chargebee uses cookies and LocalStorage to implement the users’ workflows.

More information about Chargebee’s cookie policy can be read at https://www.chargebee.com/privacy.

Google Analytics 4

We use this tool to collect information about the use of this Website. Google Analytics 4 collects information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site. We use the information we get from Google Analytics 4 only to maintain and improve the site’s performance. Google Analytics 4 collects the anonymized IP address assigned to you on the date you visit this site, rather than your full IP address, your name or other identifying information. We do not combine the information collected through the use of Google Analytics 4 with personally identifiable information.

More information about Google’s cookie policy can be read at https://policies.google.com/privacy.

Google reCAPTCHA

To prevent automated spam and service abuse, we use Google reCAPTCHA v3 on our contact forms and Google reCAPTCHA v2 when signing up, logging in, and posting on the discussion forum. Please note that Google reCAPTCHA may place cookies on your device, which we do not control. However, reCAPTCHA is only active on pages that include a contact form or the forum.

Google reCAPTCHA displays links to its own Terms of Service and Privacy Policy directly on the page where it is used. You can find more information about Google’s privacy and cookie policy at https://policies.google.com/privacy.

YouTube

We embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode.

More information about YouTube’s cookie policy can be read at https://policies.google.com/privacy.

Other Cookies / Unexpected Cookies

Given how the Internet and websites work, we are not in the conditions to control how third-party vendors manage their cookies through our website (especially when our pages contain embedded elements such as texts, documents, images, or videos that are displayed on or through our website, but archived elsewhere).

If you notice a cookie not attributable to any service listed above, don’t hesitate to inform us at info@now4real.com and/or directly contact the responsible third party asking for clarifications.

Use of Cookies by the Service

We use cookies and other storage techniques (such as LocalStorage, IndexedDB, etc.) to ensure the proper operation of the Service. All these techniques fall under the category of technical cookies. No profiling cookies are set by the Service.

First-Party Cookies

n4r, n4rAuth, n4rAuthMain, and n4rAuth@abc

If you sign in to the Service via social login (Google login, Facebook login, etc.) or email login, we use a cookie (n4r) and two LocalStorage keys (n4rAuth and n4rAuthMain) to remember that you have already signed into the Service and to keep you logged in.

If the Publisher’s website allows you to chat with no registration, we use a cookie (n4r) and a LocalStorage key for each Publisher’s website to remember your nickname (n4rAuth@abc, where abc is a different string for each website).

n4rFels

To optimize connection setup, we use a LocalStorage key (n4rFels) to remember the address of the latest Now4real server instance in the pool to which the client was able to connect.

n4rSitePreferences

We use a LocalStorage key (n4rSitePreferences) to remember your N4R preferences.

n4rVisible

The N4R Widget can be made invisible during testing phases. To enable it for test Users only, we use a LocalStorage key (n4rVisible).

n4rLogger

Users can override the N4R log level set in the page. To store their setting, we use a LocalStorage key (n4rLogger).

PicMo-en and emojibase

The emoji picker provided by the N4R Widget includes a search feature, which requires a small database. This data is downloaded the first time and then persisted via an IndexedDB database (e.g. PicMo-en for the English language; similar databases may be persisted for other languages). Furthermore, some emoji metadata are stored in two SessionStorage keys (e.g. emojibase/latest/en/data.json and emojibase/latest/en/messages.json for the English language; similar keys may be created for other languages).

Third-Party Cookies

Social Login

If you sign in to the Service via social login, you use your existing Google, Facebook, X, or LinkedIn profile to pass us your basic information. When you choose a social network upon sign in, you will be redirected to the social network website, which might use cookies, LocalStorage, web beacons, or other technologies. N4R has no access to or control over it. These third-party vendors’ use of cookies and similar technologies is governed by their own cookie policies.

• Google: https://policies.google.com/technologies/cookies 
• Facebook: https://www.facebook.com/help/cookies/ 
• X: https://help.x.com/en/rules-and-policies/x-cookies 
• LinkedIn: https://www.linkedin.com/legal/cookie-policy 

Tenor

We use Tenor to provide users with animated GIF images that can be embedded in the chats. Tenormay set cookies on your computer when it delivers the images, over which we have no control, but we perform all the requests to the Tenor servers from within an iframe served from our own domain and Tenor can’t know what site you are actually visiting.

More information about Tenor’s privacy and cookie policy can be read at https://tenor.com/legal-privacy.

Gravatar

We use Gravatar, in case of email login, to get profile images associated with the users and displayed in the chats. Gravatar may set cookies on your computer when it delivers the images, over which we have no control, but we perform all the requests to the Gravatar servers from within an iframe served from our own domain and Gravatar can’t know what site you are actually visiting.

More information about Gravatar’s privacy and cookie policy can be read at https://automattic.com/privacy/.

Google reCAPTCHA

We use Google reCAPTCHA V2 on the email login page to prevent automated spamming and service abuse. Google reCAPTCHA may set cookies on your computer, over which we have no control, but reCAPTCHA is confined to a page served from our own domain and Google can’t know what site you are actually visiting.

Google reCAPTCHA shows the links to its own Terms of Service and Privacy Policy directly on the hosting page. More information about Google’s privacy and cookie policy can be read at  https://policies.google.com/privacy.

Managing Cookies

If you wish to enable, disable or delete one or all cookies, you may do so through our third-party vendor opt-out pages or through your individual browser options. More detailed information about cookie management is also covered in web browser’s online support pages:

• Chrome: https://support.google.com/chrome/answer/95647 
• Firefox: http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences 
• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
• Safari for iOS: https://support.apple.com/en-us/HT201265 
• Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy 

Some information may be stored in your browser’s LocalStorage. To delete it, please delete the browser’s history.

Changes to This Policy

Any changes to our Privacy and Cookie Policy will be placed here and will supersede this version of our Policy. We will take reasonable steps to draw your attention to any changes in our Policy. However, to be on the safe side, we suggest that you read this document each time you use the Website or the Service to ensure that it still meets with your approval.