By Services we mean the functionalities offered through the N4R Widgets that are hosted by third-party websites owned by our clients (“Publishers”), which allow Users – who undertook the signing-in process – to take part in group chats and/or see counters, maps, and rankings of other Users’ presence on the relevant websites. For the detailed description of the Services, you could make reference to the User’s Terms of Service (https://now4real.com/terms), governing the relationship between the Controller and the User.
Please note that the Publisher’s website hosting N4R Widgets acquires, during the normal course of its operation, certain data regarding the User whose transmission is implicit in the use of internet communication protocols of the Publisher’s website. The Company is not involved in said processing operations. N4R is not involved, additionally, in all the data processing activities carried out by the Publisher, as data controller, in connection with its own website (e.g. e-commerce activities, profiling activities). Therefore, the User should also refer to the privacy policies made available by the Publishers.
If you require any further information or have any questions about our Policy, please feel free to contact us by email at email@example.com.
1. What Personal Data We Collect and Why. Legal Basis of the Processing and Legitimate Interests
1.1. When You Navigate Our Website or Use Our Services
Through the Website and our Services we collect some data, which are stored in server log files, including the IP address of the User, the browser type and version, the operating system, the referrer and any data that the User’s browser sends as part of the navigation activity on the Website or as part of the requests it makes to our web servers. These data are needed to deliver the content of the Website or the Services correctly, to provide law enforcement authorities with the necessary information in case of a cyber-attack, and to perform anonymous statistical analyses.
The User’s consent to the processing of data for such purposes is not required, processing being necessary to pursue the legitimate interests of the Controller, pursuant to Article 6, first paragraph, letter f) of the GDPR, and to comply with the legal obligations imposed on the Controller pursuant to Article 6, first paragraph, letter c) of the GDPR.
1.2. When You Contact Us
If a User contacts N4R via email or via a contact form, the personal data transmitted by the User on a voluntary basis are automatically stored and used for providing answers to the User and for any subsequent communication.
The User’s consent to the processing of data for such purpose is not required, processing being necessary for the performance of the agreement to which the User is a party or in order to take steps at the request of the same prior to entering into the agreement, pursuant to Article 6, first paragraph, letter b) of the GDPR.
1.3. When You Subscribe to Our Newsletter
On the Website, users may be given the opportunity to subscribe to our newsletter, to stay informed on news regarding N4R. An email will be sent to the email address registered by the User to confirm the email address, as part of a double opt-in procedure. The personal data collected when subscribing to the newsletter are: email address, first name (optional), last name (optional), and IP address.
The newsletter contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such emails, which allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the Controller and data processor may see if and when an email was opened by a User and which links in the email were called up by the User.
The subscription to our newsletter may be terminated by the User at any time, by following a link provided in each newsletter. It is also possible to communicate the objection to N4R via email or registered mail.
The User’s consent to the processing of data for such purpose is required, pursuant to Article 6, first paragraph, letter a) of the GDPR.
1.4. When You Use the Services
When you use the Now4real Service on any website, you can use it either anonymously (without signing in) or after signing in (necessary if you want to publish messages to a chat).
In both cases, your presence on the website will have the effect to increment some global counters, which are absolutely anonymous, for the purpose of providing real-time analytics to Users and Publishers. We might display a world map, where we color each country based on the percentage of Users whose IP addresses seem to be assigned to that country. We do not attempt any geolocation below the country level.
In both cases, we never track your navigation within websites and across websites, and we never store the websites and the pages you visit.
1.5. If You Use the Services Anonymously
If you don’t sign in, you are using the Service anonymously. This means you can see and read all the information provided by the Service (including counters, maps, rankings, and chats) but you cannot publish messages to chats. No personal data are processed in this case, apart from the data outlined above (IP address and browser information).
1.6. If You Sign into the Services
We use social login to allow you to sign in without having to create an account with us, and use our Services. You choose an authentication provider among Google, Facebook, Twitter, and LinkedIn and authorize N4R to get some basic information from your social profile:
- Email address
You can find the details of the data fields we get from each social network at https://now4real.com/privacy-details/#fields.
These data are stored on our systems to make sure we can associate your identity to the messages you publish in a chat. We do not store or log any other fields from the social networks.
When you sign in, you stay signed into the N4R Services on that browser instance on all the websites that integrate the N4R Services. For example, you might sign into N4R on site www.site1.com. Then, you navigate to www.site2.com and find yourself already signed into N4R. You can sign out at any time by using the proper menu or button in the N4R Widget. You can also remove the authorization you gave N4R on your social network, by visiting the privacy section of your social network, looking for Now4real, and deauthorizing it.
The User’s consent to the processing of data for said authentication process is not required, processing being necessary for the performance of the agreement to which the User is a party or in order to take steps at the request of the same prior to entering into the agreement, pursuant to Article 6, first paragraph, letter b) of the GDPR.
1.7. Publication of Chat Messages
Even if you signed in, nobody can know you are viewing a certain page of a website until you voluntarily publish a chat message on that page. Please be aware that all N4R chats are public, so that anybody who is viewing a page can see all the chat messages that are published on that page or on that site.
When you publish a chat message, such message is publicly displayed together with your name and picture. Your name and picture are the ones linked with the social network account used for signing in into the Services. Your email address is never displayed nor shared with the Publisher and is always kept confidential.
Please note that chat messages, your name and picture – which are published on a given website and hence are public by their nature – may remain publicly visible: i) to anybody visiting a page or a site, up to 1 month after the message is published, ii) to the owner of that specific website (the Publisher), up to 12 months after the message is published.
In this context, the Publisher could use such information only for the same purposes and with the same means applicable with respect to information generally made available publicly on the Internet by anybody. As such, it will operate as autonomous data controller and comply with the relevant obligations vested upon it, including the ones related to the provision of its specific data protection notice and the related requests of consent, in all applicable cases.
As a consequence, the Publisher, for example, is not allowed to send you marketing or promotional communication pursuant to the present information notice, but can provide you with a separate and specific information notice and request you a specific consent to that purpose.
Please also note that chat messages may include personal data, including special categories of data that may be inferred by the relevant contents of the messages and comments manifestly made public by the User, such as data revealing political opinions, religious or philosophical beliefs, data concerning health, sex life or sexual orientation.
We store all the chat messages in our databases.
You can find a detailed list of the data fields we store for each chat message, as well as their visibility level (if they are public, if they are visible to the website owner, or if they are kept private) at https://now4real.com/privacy-details/#visibility.
The User’s consent to the processing of data for the publication of chat messages is not required, processing being necessary for the performance of the agreement to which the User is a party or in order to take steps at the request of the same prior to entering into the agreement, pursuant to Article 6, first paragraph, letter b) of the GDPR. To the extent that special categories of data could be inferred from the contents of messages and comments, the User’s consent is not required as processing relates to personal data which are manifestly made public by the data subject, under Article 9, second paragraph, letter e) of the GDPR.
1.8. Use of Your Email Address
N4R uses your email address, obtained from the social network, only for contacting you in case we have any important notification regarding the Service. Your email address is not shared with third parties and we will not use it to send you unsolicited advertising.
The User’s consent to the processing of data for such purposes is not required, processing being necessary to pursue the legitimate interests of the Controller, pursuant to Article 6, first paragraph, letter f) of the GDPR, and to comply with its contractual obligations pursuant to Article 6, first paragraph, letter b) of the GDPR.
2. Nature of the Provision of Data
The provision of your personal data for the purposes under points 1.1, 1.2, 1.6, 1.7, 1.8 is optional, but necessary to comply with legal and contractual obligations, or necessary to pursue the legitimate interest of the Controller set out above. In all these cases, failure to provide the data will prevent the Controller from establishing a contractual relationship with the User and offer the relevant Services.
The provision of data for the purposes under point 1.3 is optional, and failure to provide the personal data at issue and/or refusal of consent to their processing will prevent the Company from carrying out the activities indicated under the information notice.
3. Data Retention
With reference to the purposes under points 1.1, 1.6, 1.8, data will be stored as far as the agreement between the Controller and the User is in force, and subsequently for a maximum period of time equal to the limitation period of the rights enforceable by the Company as established by law, applicable from time to time.
With reference to the purpose under 1.3, processing activities will be carried out – and the relevant data stored – for a period of time equal to 24 months after termination of the agreement, or upon the User’s objection, if earlier.
With reference to the purpose under 1.7, the chat messages, the name and picture of the user will be made visible – and the relevant data stored by N4R – to: i) anybody visiting the webpage or website for a limited period of time (maximum 1 month), ii) to the Publisher of the specific website where the message is published with a maximum time span of 12 months on a rolling basis.
Chat messages, chat logs and IP addresses, in any case, will be stored for a maximum of 12 months from their collection for purposes of detecting and prosecuting criminal offences and will be made available to public authorities pursuant to applicable rules.
4. How We Process Personal Data
The Controller will process the personal data provided by Users with the strictest confidentiality and protection, also ensuring that appropriate security measures, of both technical and organizational nature, will be taken aimed at preventing access, disclosure, accidental or improper alteration, unauthorized loss or destruction of personal data. Personal data may be processed by the Controller in manual, paper or electronic form.
Our IT infrastructure is based on cloud services provided by third-party companies, which act as data processors on behalf of N4R. Such data processors are all GDPR compliant and are based either in EU or in US (certified under the EU-US Privacy Shield framework).
The Website and the Service are protected via encrypted TLS connections.
5. Categories of Recipients
User’s personal data may be made accessible, disclosed or communicated to the following subjects that will be appointed by the Controller, depending on the cases, as processors or persons authorized to process, or will act as autonomous data controllers:
- public or private entities, natural persons or legal entities, to whom or which the Controller may resort to carry out the activities instrumental to achieving the above-mentioned purposes or to whom or which the Controller is statutorily or contractually required to disclose the data;
- the Publishers.
In this context, N4R may disclose personal data of the Users to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend its legal rights.
Please be aware that, in addition to the above, all the information you disclose through our public online chats may be collected and used by other Users.
6. Transfer of Data to Third Countries
Data could be communicated outside the European Union to data processors that provide cloud services on behalf of the Company and that are established in the United States. As they are certified under the EU-US Privacy Shield framework, they comply with the requirements under Article 45 of the GDPR.
7. Data Controller. Data Processors
The data controller is Now4real S.r.l., with registered office in Viale Andrea Doria No. 7, 20124 Milan (Italy). The updated list of data processors can be requested by writing to the email address firstname.lastname@example.org.
8. Rights of the Data Subject
As a data subject, the User is entitled to request from the Controller, also through the email addresses email@example.com or firstname.lastname@example.org (certified email – PEC): access to his/her personal data, and their rectification or erasure or restriction of processing or to object to their processing, as well as to the right of data portability. Should the User’s consent be required for the personal data processing, the User has as well the right to withdraw at any time the consent already given, without affecting the lawfulness of processing based on consent before its withdrawal. Furthermore, the User is entitled to lodge a complaint with the Data Protection Authority according to the modalities specified in the website of the latter, accessible at the address www.garanteprivacy.it, if he/she considers that his/her rights under the legislation in force on personal data protection have been infringed.
You can find more details on your rights at https://now4real.com/privacy-details/#rights.
Please remember that Publishers act as autonomous data controllers, so you should contact them too to exercise your rights.
Cookies and LocalStorage enable the website you visit to store information in your browsing device (computer, smartphone, tablet, etc.) for certain website features to work.
Specifically, cookies are small text files sent from the website the user visits to his/her device, where they are stored and then resent to the website on the next visit. LocalStorage is a storage natively integrated into web browsers, but unlike cookies, the data it stores is not carried to the remote web server unless it is sent manually.
Cookies and LocalStorage can have different uses, including the following:
- Technical. Necessary to manage your flow within the website or to keep you logged in. If you block them, certain parts of the website might not work properly.
- Analytics. These cookies help us and third parties to record where visits are originated and how users interact with the website, in order to create analytics that help us to enhance the website structure and contents.
Cookies and LocaleStorage may be set by this Website or Service (“first-party cookies”) or they may be set by other websites who run content on the page you are viewing (“third-party cookies”).
Cognito Identity Service Provider
Our clients (Publishers) need to log into the Dashboard section of the Website to manage their account. Technical data is stored in the LocalStorage to manage users’ authentication through a service called Cognito Identity Service Provider.
We use this tool to collect information about the use of this Website. Google Analytics collects information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site. We use the information we get from Google Analytics only to maintain and improve the site’s performance. Google Analytics collects the anonymized IP address assigned to you on the date you visit this site, rather than your full IP address, your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information.
We use fonts delivered by Google to enrich this Website, which might set cookies.
Cloudflare is a content delivery network (CDN) that delivers some files needed by this Website. Cloudflare uses technical cookies to manage the user’s flow.
Other Cookies / Unexpected Cookies
Given how the Internet and websites work, we are not in the conditions to control how third-party vendors manage their cookies through our website (especially when our pages contain embedded elements such as texts, documents, images, or videos that are displayed on or through our website, but archived elsewhere).
If you notice a cookie not attributable to any service listed above, don’t hesitate to inform us at email@example.com and/or directly contact the responsible third party asking for clarifications.
n4r and n4rAuth
You can sign into the Service through social login (Google login, Facebook login, etc.). We use a cookie and a LocalStorage entry to remember if you have already signed into the Service and to keep you logged in.
The N4R Widget can be made invisible during testing phases. To enable it for test Users only, we use a LocalStorage entry.
Users can override the N4R log level set in the page. To store their setting, we use a LocalStorage entry.
- Google: https://policies.google.com/technologies/cookies
- Facebook: https://www.facebook.com/help/cookies/
- Twitter: https://help.twitter.com/it/rules-and-policies/twitter-cookies
- LinkedIn: https://www.linkedin.com/legal/cookie-policy
If you wish to enable, disable or delete one or all cookies, you may do so through our third-party vendor opt-out pages or through your individual browser options. More detailed information about cookie management is also covered in web browser’s online support pages:
- Chrome: https://support.google.com/chrome/answer/95647
- Firefox: http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
- Safari for iOS: https://support.apple.com/en-us/HT201265
- Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
Some information may be stored in your browser’s LocalStorage. To delete it, please delete the browser’s history.
Changes to This Policy