Personal data processing notice

Last updated: 24 June 2026

This notice is provided under arts. 13 and 14 of Regulation (EU) 2016/679 ("GDPR") and Italian Legislative Decree 196/2003 ("Privacy Code") as amended by Legislative Decree 101/2018, to describe how Nativer processes the personal data of users of the site nativer.it (the "Site").

1. Data controller

The data controller is Nativer – Milan (MI), Italy. Email: rocks76@gmail.com.

A Data Protection Officer (DPO) has not been appointed as the conditions of art. 37 GDPR do not apply.

2. Types of data processed

2.1 Data provided by the user

Depending on the role (family or user offering childcare or domestic help services) we collect: first and last name, email, city, phone number, WhatsApp (optional), profile photo, description, experience, skills, availability, indicative rate, languages spoken, working areas.

Information entered in profiles is published directly by users and remains under their responsibility.

2.1-bis Special categories of data

Users are asked not to include in their profiles data belonging to special categories under art. 9 GDPR (e.g. health, religious or judicial data), except where strictly necessary and under their own responsibility.

2.2 Payment data

Payments for the Contact Pass are handled by Stripe Payments Europe Ltd. (Dublin, IRL). Nativer does not store card data: it only receives transaction ID, amount, currency, outcome and timestamp.

2.3 Data collected automatically

Technical access logs (IP address, user-agent, timestamp) kept for security and diagnostics. Technical cookies (see Cookie Policy).

2.4 Marketing data (Google Ads) — subject to consent

If you consent to marketing cookies, Google LLC collects advertising identifiers (_gcl_* cookies, device ID, navigation URL, referrer) to measure the conversions of our Google Ads campaigns and for remarketing. We implement Google Consent Mode v2: without consent no advertising cookies are set and no user identifiers are collected.

3. Purposes and legal bases

PurposeLegal basis (art. 6 GDPR)Retention
Service delivery (registration, profile, contact)Contract performance — art. 6.1.bAccount duration + 12 months
Payment and invoicing managementLegal obligations — art. 6.1.c (art. 2220 Italian Civil Code: 10 years)10 years
Security, fraud prevention, technical logsLegitimate interest — art. 6.1.f12 months
Service communications (transactional emails)Contract performance — art. 6.1.bAccount duration
Compliance with authority requestsLegal obligation — art. 6.1.cLegal terms
Marketing, remarketing, campaign measurement (Google Ads)Consent — art. 6.1.a (revocable at any time)Up to 24 months

Providing the data marked as mandatory during registration is necessary to use the service; refusal makes it impossible to use Nativer.

4. Processing methods

Data is processed with electronic tools. We adopt appropriate technical and organisational measures to protect personal data, in accordance with art. 32 GDPR.

5. Data recipients and external processors

To deliver the service Nativer relies on the following providers, appointed as processors under art. 28 GDPR:

  • Supabase Inc. — database, authentication, storage. Servers in the EU (Frankfurt).
  • Cloudflare Inc. — frontend hosting, CDN, DDoS protection. Under SCCs and DPF.
  • Stripe Payments Europe Ltd. (Ireland) — payment processing.
  • Lovable AB — development platform and runtime environment.
  • Resend / email provider — sending transactional emails.
  • Google Ireland Ltd. / Google LLC — Google Ads, Google Tag, remarketing and conversion measurement (only with consent).

The Owner's internal collaborators, duly instructed, may also access the data as authorised persons. The contact details of users offering services via the platform are available to family users who have purchased a valid Contact Pass.

We do not sell your data. Any marketing use takes place exclusively through Google Ads and only after your explicit consent, which you can revoke at any time via the "Cookie preferences" button in the footer.

6. Transfers outside the EU

Data is processed mainly within the EEA. Any transfers to third countries (e.g. USA for cloud services) take place on the basis of adequate safeguards: Standard Contractual Clauses approved by the EU Commission (Decision 2021/914) and/or adherence to the EU–U.S. Data Privacy Framework.

7. Rights of the data subject (arts. 15-22 GDPR)

You may exercise the following rights at any time:

  • Access to your data (art. 15);
  • Rectification of inaccurate data (art. 16);
  • Erasure ("right to be forgotten", art. 17) — available directly in your account area;
  • Restriction of processing (art. 18);
  • Portability of data in a structured format (art. 20);
  • Objection to processing based on legitimate interest (art. 21);
  • Withdrawal of consent at any time, where applicable (art. 7.3).

To exercise your rights write to rocks76@gmail.com. We will reply within 30 days (art. 12.3 GDPR).

You also have the right to lodge a complaint with the Italian Data Protection Authority (Piazza Venezia 11, 00187 Rome — garanteprivacy.it) under art. 77 GDPR.

8. Automated decision-making

We do not carry out profiling or automated decision-making under art. 22 GDPR.

9. Minors

The service is reserved to adults (≥ 18 years). We do not knowingly collect data from minors. If you are a parent and believe a minor has provided us with data, contact us to have it removed.

10. Changes to this notice

Any changes will be published on this page with the update date at the top. Please check it periodically.