nousumine.com

Privacy Policy

1. Data Controller

This website is managed by Le Dune S.r.l. (hereinafter, the “Controller”), based in Arbus – Via Bau 1, Loc. Piscinas, VAT No.: 01847540927. Contacts: info@ledunepiscinas.com - +39 0707058030

2. Types of data collected

2.1. Browsing data
The IT systems and software procedures used to operate this website acquire, during normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols (e.g., IP addresses, date and time of the request, information about the browser and operating system used).
Purpose: to enable website usage and verify the proper functioning of its pages.
Legal basis: legitimate interest of the Controller to ensure the proper technical functioning of the website.

2.2. Data voluntarily provided by the user

• Account and login credentials: the user may create an account to manage multilingual cards and content (email, password or other credentials). Passwords are securely stored using hashing algorithms, and for security reasons, the system requires mandatory updates at regular intervals.
• Purpose: to provide requested services (e.g., creation of cards, multilingual content, account management).
• Legal basis: execution of contractual measures or user consent, where necessary, for using the backend system.

2.3. Geolocation and location data

• If the user consents to sharing their location, the website processes this information to display the nearest points of interest on the map. In such cases, the IP address or location data are temporarily processed to provide the search and display functionality.
• Purpose: to display nearby points of interest on the map, enhancing user experience.
• Legal basis: user consent (activated by enabling location sharing) or legitimate interest if explicitly requested by the user.

3. Methods of data processing
Data processing is carried out through IT and/or telematic tools, using organizational logic and methods strictly related to the indicated purposes. Appropriate security measures are adopted to prevent unauthorized access, disclosure, or modification of personal data. Specifically:

1. Passwords are stored in hashed form (one-way encryption), and the security policy requires mandatory periodic credential updates.
2. Data access is granted only to authorized personnel, in compliance with internal security policies and GDPR requirements.

4. Location of data processing and authorized personnel

• Data processing related to this website's web services takes place at the Controller’s premises and/or hosting service providers and is managed exclusively by authorized personnel.
• No data deriving from the web service is communicated or disclosed to third parties, except to fulfill legal obligations or for purposes strictly related to service provision (e.g., hosting providers, necessary technical service providers, etc.).

5. Data retention period

• Browsing data: retained only for the time strictly necessary to achieve the purposes for which they are collected (security, diagnosis of malfunctions).
• Account data: for backend functionalities, retained until deletion request by the user or as long as the content management service remains active. Passwords are subject to periodic renewal.
• Geolocation: used "in real-time" during the use of the functionality; data are not retained beyond such use, except for security logs or legal obligations.

6. Third-party services

• OpenStreetMap: the website uses OpenStreetMap (OSM) maps through the Leaflet library. Although Leaflet states that it does not collect tracking data, please refer to Leaflet's official documentation for further information. Using OSM maps may involve transmitting the user’s IP address to OSM servers. According to certain regulatory interpretations, this may require prior consent. Further information on data processing is available in the official OpenStreetMap documentation (Privacy Policy OSM Foundation).
• YouTube (embedded videos): if YouTube videos are embedded, this service may collect data related to visits (e.g., IP address, cookie tracking). For more details, refer to the Google/YouTube Privacy Policy. Note: these services act as independent data controllers (or potential joint controllers). If users wish to exercise their GDPR rights concerning data processed by these third-party providers, they must refer directly to the respective privacy notices and contact these entities directly.

7. User rights
The user may at any time exercise the rights provided by GDPR (EU Regulation 2016/679):

• Obtain confirmation of the existence of personal data concerning them and their communication in an intelligible form.
• Know the origin of the data, the purposes and methods of processing, and the logic applied.
• Request updating, rectification, integration, or erasure of data, restriction of processing, transformation into anonymous form, or blocking of data processed unlawfully.
• Object in whole or in part, on legitimate grounds, to the processing of their personal data.
• Request data portability.

Requests must be addressed to the Data Controller using the contact details provided in point 1. If data is processed by third-party services (e.g., YouTube, OpenStreetMap), users must contact the respective providers directly using the contact information and privacy notices provided by them.

8. Changes to the Privacy Policy
This privacy policy may change over time, including due to possible regulatory amendments. Users are therefore advised to periodically review this page.