Personal data processing notice
Last updated: 24 June 2026
This notice is provided under arts. 13 and 14 of Regulation (EU) 2016/679 ("GDPR") and Italian Legislative Decree 196/2003 ("Privacy Code") as amended by Legislative Decree 101/2018, to describe how Nativer processes the personal data of users of the site nativer.it (the "Site").
1. Data controller
The data controller is Nativer – Milan (MI), Italy. Email: rocks76@gmail.com.
A Data Protection Officer (DPO) has not been appointed as the conditions of art. 37 GDPR do not apply.
2. Types of data processed
2.1 Data provided by the user
Depending on the role (family or user offering childcare or domestic help services) we collect: first and last name, email, city, phone number, WhatsApp (optional), profile photo, description, experience, skills, availability, indicative rate, languages spoken, working areas.
Information entered in profiles is published directly by users and remains under their responsibility.
2.1-bis Special categories of data
Users are asked not to include in their profiles data belonging to special categories under art. 9 GDPR (e.g. health, religious or judicial data), except where strictly necessary and under their own responsibility.
2.2 Payment data
Payments for the Contact Pass are handled by Stripe Payments Europe Ltd. (Dublin, IRL). Nativer does not store card data: it only receives transaction ID, amount, currency, outcome and timestamp.
2.3 Data collected automatically
Technical access logs (IP address, user-agent, timestamp) kept for security and diagnostics. Technical cookies (see Cookie Policy).
2.4 Marketing data (Google Ads) — subject to consent
If you consent to marketing cookies, Google LLC collects advertising identifiers (_gcl_* cookies, device ID, navigation URL, referrer) to measure the conversions of our Google Ads campaigns and for remarketing. We implement Google Consent Mode v2: without consent no advertising cookies are set and no user identifiers are collected.
3. Purposes and legal bases
| Purpose | Legal basis (art. 6 GDPR) | Retention |
|---|---|---|
| Service delivery (registration, profile, contact) | Contract performance — art. 6.1.b | Account duration + 12 months |
| Payment and invoicing management | Legal obligations — art. 6.1.c (art. 2220 Italian Civil Code: 10 years) | 10 years |
| Security, fraud prevention, technical logs | Legitimate interest — art. 6.1.f | 12 months |
| Service communications (transactional emails) | Contract performance — art. 6.1.b | Account duration |
| Compliance with authority requests | Legal obligation — art. 6.1.c | Legal terms |
| Marketing, remarketing, campaign measurement (Google Ads) | Consent — art. 6.1.a (revocable at any time) | Up to 24 months |
Providing the data marked as mandatory during registration is necessary to use the service; refusal makes it impossible to use Nativer.
4. Processing methods
Data is processed with electronic tools. We adopt appropriate technical and organisational measures to protect personal data, in accordance with art. 32 GDPR.
5. Data recipients and external processors
To deliver the service Nativer relies on the following providers, appointed as processors under art. 28 GDPR:
- Supabase Inc. — database, authentication, storage. Servers in the EU (Frankfurt).
- Cloudflare Inc. — frontend hosting, CDN, DDoS protection. Under SCCs and DPF.
- Stripe Payments Europe Ltd. (Ireland) — payment processing.
- Lovable AB — development platform and runtime environment.
- Resend / email provider — sending transactional emails.
- Google Ireland Ltd. / Google LLC — Google Ads, Google Tag, remarketing and conversion measurement (only with consent).
The Owner's internal collaborators, duly instructed, may also access the data as authorised persons. The contact details of users offering services via the platform are available to family users who have purchased a valid Contact Pass.
We do not sell your data. Any marketing use takes place exclusively through Google Ads and only after your explicit consent, which you can revoke at any time via the "Cookie preferences" button in the footer.
6. Transfers outside the EU
Data is processed mainly within the EEA. Any transfers to third countries (e.g. USA for cloud services) take place on the basis of adequate safeguards: Standard Contractual Clauses approved by the EU Commission (Decision 2021/914) and/or adherence to the EU–U.S. Data Privacy Framework.
7. Rights of the data subject (arts. 15-22 GDPR)
You may exercise the following rights at any time:
- Access to your data (art. 15);
- Rectification of inaccurate data (art. 16);
- Erasure ("right to be forgotten", art. 17) — available directly in your account area;
- Restriction of processing (art. 18);
- Portability of data in a structured format (art. 20);
- Objection to processing based on legitimate interest (art. 21);
- Withdrawal of consent at any time, where applicable (art. 7.3).
To exercise your rights write to rocks76@gmail.com. We will reply within 30 days (art. 12.3 GDPR).
You also have the right to lodge a complaint with the Italian Data Protection Authority (Piazza Venezia 11, 00187 Rome — garanteprivacy.it) under art. 77 GDPR.
8. Automated decision-making
We do not carry out profiling or automated decision-making under art. 22 GDPR.
9. Minors
The service is reserved to adults (≥ 18 years). We do not knowingly collect data from minors. If you are a parent and believe a minor has provided us with data, contact us to have it removed.
10. Changes to this notice
Any changes will be published on this page with the update date at the top. Please check it periodically.