Privacy Policy

Privacy Policy of the NaviFlow Website

Last updated: April 8, 2026

This privacy notice describes how personal data of users who visit and use the NaviFlow website (the “Website”), available at https://www.naviflow.it, is processed.

1. Data Controller

The Data Controller is NF di Porri Laura, with registered office at Via della Stazione Aurelia, 91 00165 Rome, Italy, e-mail: privacy@naviflow.it, general contact: info@naviflow.it.

2. Categories of personal data processed

The Website may process the following categories of personal data.

2.1 Browsing data

The IT systems and software procedures used to operate the Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category includes, for example:

  • IP addresses or domain names of the devices used by the user;

  • technical identifiers of the browser and device;

  • information relating to requests sent to the server;

  • technical logs, system events and diagnostic data;

  • data relating to the use of the Website.

2.2 Data voluntarily provided by the user

The Website may collect data directly provided by the user, for example through:

  • the contact form;

  • requests for information or support;

  • newsletter subscription;

  • creation and management of a customer account;

  • entry of shipping and billing addresses;

  • order and return management;

  • publication of reviews and public comments, where available.

Depending on the case, the processed data may include, by way of example:

  • first name and last name;

  • email address;

  • phone number;

  • shipping and/or billing address;

  • order-related data and purchased products;

  • the content of messages sent through the contact form;

  • data necessary to manage reviews, public comments and post-sales requests.

2.3 Payment-related data

The Website allows payments through PayPal, bank transfer and cash on delivery.

The Data Controller does not directly process the full payment card details when payment is made through PayPal or other payment systems managed by third-party providers. Data relating to the transaction and payment status may be processed to the extent necessary to manage the order, confirm payment, handle refunds, prevent fraud and comply with administrative or tax obligations.

2.4 Data relating to customer accounts, orders and reviews

When the user creates an account or places an order, the Website processes the data necessary for:

  • account registration and authentication;

  • management of orders, shipments, invoicing and customer support;

  • order history, returns, credit notes and user preferences;

  • collection and publication of reviews, where the service is enabled.

2.5 Data processed through third-party services integrated into the Website

The Website may integrate third-party services that, depending on the configuration, may process users’ personal data. These include:

  • Google Analytics;

  • Google Tag Manager;

  • YouTube and, where applicable, YouTube Data API;

  • Google Maps;

  • Meta Pixel;

  • Cloudflare;

  • hosting and infrastructure services on Amazon Lightsail;

  • Amazon Simple Email Service (SES), where used for sending emails or newsletters;

  • Google Fonts, where integrated into the Website;

  • social widgets or plugins, where present on the Website;

  • systems for comments or reviews managed directly by the Website, where enabled.

The use of such services may involve the processing of technical data, usage data, online identifiers, IP addresses and other data necessary for the delivery of content or traffic analysis.

3. Purposes of processing

Personal data is processed for the following purposes:

  1. to enable browsing and the technical functioning of the Website;

  2. to manage contact requests, information requests and customer support;

  3. to allow customer account registration and access to restricted areas;

  4. to manage orders, payments, shipments, returns, refunds and after-sales support;

  5. to comply with legal, administrative, tax and accounting obligations;

  6. to prevent unlawful use, fraudulent activities and abuse of the Website;

  7. to analyse the use of the Website and improve its performance, content and security;

  8. to display maps, videos or other embedded third-party content;

  9. to send newsletters, commercial updates, offers or promotional communications, subject to the user’s consent where required by applicable law;

  10. to manage the collection and publication of reviews and public comments, where available;

  11. to measure conversions, Website performance and promotional activities through analytics and marketing tools, within the limits allowed by law and subject to consent where required.

4. Legal basis for processing

Personal data is processed, depending on the relevant purpose, on one or more of the following legal bases:

  • performance of pre-contractual measures requested by the user;

  • performance of a contract to which the user is a party, for example for account management, purchases, payments, shipments and support;

  • compliance with legal, regulatory, tax and accounting obligations;

  • the legitimate interest of the Data Controller in ensuring the proper functioning, security, maintenance and improvement of the Website, as well as in preventing fraud and abuse;

  • the user’s consent, where required, for example for newsletters, non-essential cookies, tracking tools, profiling or marketing.

5. Nature of the provision of data

Providing data marked as necessary is required in order for the Data Controller to provide the requested services, respond to the user’s messages, register the account, manage orders and comply with the related obligations. Failure to provide such data may make it impossible to use all or part of the Website’s services.

Providing data for marketing or newsletter purposes is optional; failure to provide such data does not affect the possibility of using the Website or purchasing products.

6. Processing methods

Processing is carried out using IT and telematic tools, according to procedures strictly related to the purposes indicated above, and with appropriate security measures aimed at preventing unauthorised access, disclosure, alteration, loss or destruction of data.

7. Data recipients

Personal data may be processed, within the limits of the purposes described above, by:

  • authorised internal personnel;

  • providers of technical services, hosting, cloud, Website maintenance and development;

  • providers of analytics, tracking, map, video, CDN and security services;

  • payment service providers and transaction management providers, including PayPal and institutions involved in payment processing;

  • couriers and logistics operators, including BRT and UPS, for shipment management;

  • administrative, tax and legal consultants, and accountants;

  • subjects entrusted with newsletter management, reviews, public comments or customer support.

Such subjects may act, depending on the circumstances, as independent data controllers, data processors or authorised persons.

8. Transfer of data to third countries

The use of third-party services and suppliers, including international providers, may involve the transfer of personal data to countries outside the European Economic Area. Such transfers take place in accordance with the conditions established by the relevant providers and in compliance with applicable law.

9. Data retention period

Personal data is retained for no longer than necessary to pursue the purposes for which it was collected and, where required, for the period established by applicable law.

In particular:

  • data collected through the contact form or support requests is retained for the time necessary to manage the request and for any additional period necessary to protect the Data Controller’s rights;

  • data relating to customer accounts is retained for as long as the account remains active and, afterwards, for the period necessary to comply with legal obligations, manage disputes or protect the Data Controller’s interests;

  • data relating to orders, payments, invoices and administrative/accounting documentation is retained for the period required by law;

  • data processed for newsletter or marketing purposes is retained until the user withdraws consent or objects to processing, unless a longer retention period is required by law;

  • data relating to technical logs, security and fraud prevention is retained for the time necessary to ensure the proper functioning and security of the Website.

10. Cookies and other tracking tools

The Website uses cookies and other technical tracking tools and, where applicable, also statistical, functional or marketing cookies/tools.

Non-essential tools are used only after the user’s consent has been obtained, where required by applicable law. Further information is available in the Website’s Cookie Policy and in the preferences management panel.

11. Newsletter and promotional communications

Users may subscribe to the Website’s newsletter to receive updates, commercial offers, product news or other promotional communications. Such communications will only be sent where permitted by applicable law and, where required, on the basis of the user’s freely given consent.

Users may withdraw consent or object at any time by using the unsubscribe link included in the communications received or by contacting the Data Controller.

12. Data subject rights

Within the limits provided by applicable law, users may exercise the following rights:

  • access to personal data;

  • rectification of inaccurate or incomplete data;

  • erasure of data;

  • restriction of processing;

  • objection to processing;

  • data portability, where applicable;

  • withdrawal of consent, without affecting the lawfulness of processing based on consent before its withdrawal;

  • lodging a complaint with the competent Data Protection Authority.

Requests may be sent to: privacy@naviflow.it.

13. Note on services actually used

Some third-party services may only be active in certain sections of the Website, in specific language versions, or depending on the technical configuration in place at a given time. The Data Controller periodically updates this privacy notice to reflect the services actually in use.

14. Changes to this privacy notice

The Data Controller reserves the right to amend or update this privacy notice at any time. Any changes will be published on this page together with the relevant last updated date.

15. Policy languages

This privacy notice may be made available in multiple languages. In the event of interpretative discrepancies, unless otherwise stated, the Italian version shall prevail.