Privacy Policy
This information describes the methods and purposes of collecting and processing certain Personal Data by this Website. The contact details will also be indicated to request access, modification or deletion of personal data at any time.
The Privacy Policy is applied every time an User navigates through the pages of the Website https://www.paynowsolution.com and all online activities through it.
The processing of Personal Data of users of this Site will be carried out in Italy in compliance with:
- General Data Protection Regulation EU/2016/679 (GDPR)
- The Italian Legislative Decree n. 196 of 30 June 2003, regarding the Protection of Personal Data
- The recommendation n. 2/2001 of the European Data Protection Authorities, to identify the minimum requirements for the collection of personal data online.
The Italian supervisory authority is the "Garante per la protezione dei dati personali", with headquarters in Piazza di Monte Citorio n. 121, 00186 – Roma (https://www.garanteprivacy.it/).
Owner and Data Controller
Following consultation of this Site, data relating to identified or identifiable persons may be processed. The Data Owner of the processing of such data is:
PayNow srl
Piazza Cota, 8
80063 Piano di Sorrento - Italy
Email: info@paynowsolution.com
Vat id: IT10115781212
Policy
Each person has the right to the protection of their personal data and in compliance with this right this Privacy Policy provides any useful information to understand how to collect and use the information that identifies users of the Site.
The Owner undertakes to comply with a principle of strict necessity in the processing of data that may
identify the User, even indirectly.
The Owner does not collect and treat in any way "sensitive data" according the definition of Reg.UE
679/2016.
Users' Personal Data will be processed by the Data Controller by taking appropriate security measures to
prevent unauthorized access, disclosure, modification or destruction of Personal Data.
The Site has been configured so that the use of personal data is reduced to the minimum necessary and makes use of anonymous data whenever it is possible to pursue the same purposes.
Purposes
The Data Controller and the third party service providers used by it, unless otherwise specified, collect the User Data for purposes strictly related to the provision of its Services.
The purposes are:
to contact and respond to requests sent by the User, to collect statistical data on the use of the
Website, to satisfy contracts stipulated with the User concerning the purchase or reservation of products
and services, to display contents concerning their activity from and through other platforms.
For e-commerce purposes, we process data to:
Process and fulfill orders, manage payments, issue invoices, arrange shipping and delivery, handle returns and refunds, provide customer support, prevent fraud, comply with legal and tax obligations, and maintain accounting records.
To these are added purposes whose purpose is to provide a better experience to the User:
comment on contents, interaction with social networks and integration with external platforms.
With the explicit consent of the User, the purposes of:
sending commercial information via email, surveys on customer satisfaction, market research, promotional
activities in general, profiling and analysis of the browsing experience for marketing and promotional
purposes.
Collected data form this Website
The types of Personal Data collected and used for each purpose are indicated in the specific sections of this document.
Personal Data collected from this Site may be freely provided by the User or, in the case of Navigation Data, collected automatically during the consultation of the pages of this Site.
Other Personal Data that may be collected are indicated in other sections of this privacy policy or through informative texts indicated together with the collection of the Data.
Navigation Data
While browsing this Website, some personal data are acquired whose transmission is implicit in the use of Internet communication protocols and for which the User can not give consent.
Some examples of information on the devices we collect:
- Attributes such as operating system, hardware version, device settings.
- Connection information such as the name of mobile operator or ISP, browser type, language and time zone, IP address.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning.
Such data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site.
Personal Data explicitly provided by the User
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this Site or through pages / areas used for this function, involves the subsequent acquisition of the address / delivery of the sender, necessary to respond to requests, as well as any other data personal or not, included in the message.
The User assumes responsibility for the Personal Data of third parties published or shared via this Website and warrants that he or she has the right to communicate or disseminate them, freeing the Data Controller from any liability towards third parties.
An example of such data are: Navigation data, Name, Surname, Email, Telephone number, Address, ZIP code, Province, Country, State, Requests and additional data.
E-commerce and Order Processing
This website operates as an e-commerce platform allowing users to purchase products/services online.
The processing of personal data for e-commerce purposes is based on the execution of the purchase contract between the User and the Owner.
Legal Basis for Processing
The processing of personal data for order fulfillment is necessary for:
- Contract execution: Processing your order, delivering products, and providing customer support
- Legal obligations: Issuing invoices, maintaining accounting records, complying with tax and consumer protection laws
- Legitimate interests: Fraud prevention, security, and improving our services
Order and Payment Processing
When you place an order, your personal data is processed as follows:
- Order details are stored in our secure database
- Payment information is processed by our payment service providers (Stripe, PayPal) according to PCI-DSS security standards
- Order confirmation and shipping updates are sent via email
- Your data may be shared with shipping carriers to deliver your order
- Invoices are generated and stored according to legal requirements
Data Retention for E-commerce
Personal data related to purchases is retained for the following periods:
- Order data: 10 years (legal requirement for accounting and tax purposes)
- Invoices: 10 years (legal requirement in Italy)
- Customer accounts: Until account deletion is requested or after 3 years of inactivity
- Marketing communications: Until consent is withdrawn
Third Parties Involved in Order Processing
To fulfill your orders, we may share your personal data with the following categories of third parties:
- Payment processors: Stripe, PayPal (for secure payment processing)
- Shipping carriers: Courier services and logistics companies (for product delivery)
- Cloud service providers: Hosting and database services (for secure data storage)
- Email service providers: For sending order confirmations and shipping notifications
- Accounting and tax services: As required by law
All third parties are carefully selected and contractually bound to protect your data according to GDPR requirements.
Your Rights as a Customer
In addition to the general rights listed in this Privacy Policy, as a customer you have the right to:
- Access your order history and personal data at any time through your account
- Request a copy of your invoices and purchase records
- Update your shipping and billing information
- Delete your account (note: order history and invoices will be retained for legal obligations)
- Withdraw consent for marketing communications while maintaining your customer account
Please note that certain data cannot be deleted while legal retention obligations apply (e.g., invoices, tax records).
Data collected from third-party services
This Website uses third-party services for the purposes indicated in the respective section of this site. The information acquired is in any case subject to the User's privacy settings.
It is possible that, even if the users do not use the service, the same collect traffic data relating to the pages in which it is installed.
Google Analytics (Google LLC)
Google Analytics is a web analytics service provided by Google LLC ("Google"). Google uses Personal Data
collected for the purpose of evaluating the use of this website, compiling reports and sharing
them with other services developed by Google.
Google may use Personal Data to contextualize and personalize the ads of its own
advertising network.
This website has enabled the following advanced Google Analytics features:
- Google Signals: Allows cross-device tracking and remarketing using data from users who are signed in to their Google accounts. This enables demographic and interest reporting, and remarketing with Google Analytics audiences.
- User-ID: Enables the analysis of groups of sessions, across devices, using a unique, persistent, and non-personally identifiable ID string representing a user.
- Enhanced Location Data: Provides more granular geographic location data about website visitors, including city-level and more precise location information.
- Enhanced Device Data: Collects detailed information about user devices, including device category, operating system, screen resolution, and other device attributes.
- Advertising Personalization: Data collected through Google Analytics is used to enable personalized advertising through Google's advertising network, including remarketing and audience targeting features.
Google Analytics provides coarse geo-location data by deriving metadata from IP addresses: City (and the derived latitude, and longitude of the city), Continent, Country, Region,
Subcontinent (and ID-based counterparts). For EU-based traffic, IP-address data is used solely for
geo-location data derivation before being immediately discarded. It is not logged, accessible, or used
for any additional use cases. When Analytics collects measurement data, all IP lookups are performed on
EU-based servers before forwarding traffic to Analytics servers for processing.
Personal data collected: Cookies, Usage Data, User ID, and unique identifiers.
Processing location: USA
For more informations: Privacy Policy – Opt-Out
Google Tag Manager (Google LLC)
Google Tag Manager is a tag management service provided by Google LLC. It allows this site to integrate
other scripts and tracking codes.
Personal Data collected: Cookies and Usage Data.
Processing location: USA
For more informations: Privacy Policy
Google Maps (Google LLC)
Google Maps is a map visualization service managed by Google LLC that allows this site to integrate such
contents within its pages.
It is also used for geolocation services that allow you to calculate a route based on your location.
Personal Data collected: Cookies and Usage Data.
Processing location: USA
For more informations: Privacy Policy
Facebook (Social Plugins)
Facebook "Like" button (social network facebook.com managed by Facebook, Inc., 1601 S. California Ave,
Palo Alto, CA 94304, USA). When the Sites are accessed by another website that contains this type of
plug-in, the browser establishes a direct connection with the Facebook servers and sends this data to
Facebook. This happens regardless of whether you are a member of Facebook, you have logged into the
Sites as a member of Facebook or have clicked the plug-in. If you are a member of Facebook and you are
connected to Facebook while you are on the Sites, Facebook will insert your visit to the Sites on your
Facebook account, even if you do not click the social plug-in. Instead, if you click the plug-in, this
information will be transmitted to your Facebook account, where it will be stored. We do not know in
detail which of your data will be transmitted to Facebook or for which purpose Facebook will use such
data. This information includes your IP address, the Facebook information on the site you have visited,
the date and time of your visit and other information about the browser. If you enter the sites while
you are still connected to Facebook, your login identification code will also be collected and processed
and Facebook will assign this visit to your Facebook account. If you do not want Facebook to collect
your personal data through the Sites, you must disconnect from Facebook before visiting the Sites. To
know the purposes of the treatment and the subsequent use of such by Facebook, as well as your rights
and possible settings on the protection of your privacy, please read the Facebook data protection
guidelines carefully.
Personal Data collected: Usage data and various types of Data as specified in the privacy policy of
the service.
Facebook reserves the right to change the terms of this policy at any time, with or without notice.
Processing location: USA
For more informations: Cookie Policy - Privacy Policy
Google Ads Remarketing (Google LLC)
Google Ads is a remarketing and behavioral targeting service provided by Google LLC that links
the activity of this site with the Google Ads advertising network and the DoubleClick Cookie.
The service monitors conversions through statistics provided by Google LLC that connects data from the Google Ads advertising network with actions within this Website.
Personal Data collected: Cookies and Usage Data.
Processing location: USA
For more informations: Privacy Policy – Opt-Out
Awin (Affiliate Marketing Network)
Awin is an affiliate marketing network service that enables tracking of sales and conversions from affiliate partners. When you click on an affiliate link or make a purchase through our website, Awin uses cookies and tracking technologies to attribute the sale to the correct publisher and ensure proper commission tracking.
This service allows us to participate in affiliate marketing programs and receive commissions for referring customers to partner merchants.
Personal Data collected: Cookies, click data, conversion data, Usage Data, and referral information.
Processing location: United Kingdom / Germany
For more informations: Privacy Policy
Stripe (Stripe, Inc.)
Stripe is a payment service provided by Stripe, Inc. that allows Users to make online payments securely using credit cards, debit cards, or other payment methods.
Stripe processes payment information on behalf of this website and may collect data necessary to complete transactions, prevent fraud, and comply with legal obligations.
Personal Data collected: Payment information (credit card details, billing address), email address, name, transaction data, and various types of Data as specified in the privacy policy of the service.
Processing location: USA
For more informations: Privacy Policy
Microsoft Clarity (Microsoft Corp.)
Microsoft Clarity is a service used to record heat mappings and sessions used to identify which areas of a page are
subject to the passage of the cursor or mouse click in order to detect which of them attract the most
interest. These services allow you to monitor and analyze traffic data and are used to keep track of
User behavior. Some of these services may log sessions and make them available for later viewing.
Personal Data collected: Cookies, Usage Data and various types of Data as specified in the privacy policy of the service.
Processing location: USA
For more informations: Privacy Policy
Cookies
Cookies are installed inside the browser while browsing a Website and may contain various information, some of which may allow us to identify User preferences.
This Website and its domain https://www.paynowsolution.com does not save Personal Data in cookies.
The saved data have the sole purpose of memorizing the preferences requested by the User, or
information necessary to allow the functionality of this Site and its safe and efficient browsing.
The cookies used by this site are:
- Session cookies (which disappear when the browser is closed)
- Persistent cookies (expire on a pre-established date)
The use of Cookies - or of other tracking tools - by this Site or by third party services used by it, unless otherwise specified, has the purpose of identifying the User and recording the relative preferences for the required purposes or statistical purposes.
For the deactivation modalities or for other information concerning cookies and privacy, please consult the Cookie Policy.
Data processing, sharing and methods
The Data Controller, in compliance with regulations, processes the Personal Data of Users by adopting appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
The processing is carried out through IT and / or telematic tools, automated tools and with organizational and logical methods strictly related to the purposes indicated.
It is guaranteed by law that the processing of personal data is carried out in compliance with fundamental rights and the dignity of the person concerned, in particular as regards the secrecy, personal identity and the right to protection of the same.
Personal Data will be processed exclusively by persons in charge of processing specifically authorized and controlled by the Data Controller:
- Employees in charge of the company organization: administrative, commercial, marketing, legal, system administrators
- External subjects: third-party service providers, consultants, technical partners
- E-commerce service providers: Payment processors (Stripe, PayPal), shipping carriers and logistics companies, warehouse management systems, order fulfillment services, and other providers necessary for the execution of the purchase contract.
- Competent authorities: law enforcement or other governmental authorities in cases provided for by law or if strictly necessary to prevent, detect or prosecute any criminal acts and fraud; other organizations/entities and in general to every public and private entity, associated, controlled and parent companies with respect to which we have an obligation to communicate and this also for the purpose of the most correct fulfillment of any respective obligation (even of an instrumental nature) however connected or referable to the present and future relationships that will be established with you, imposed by laws and/or regulations or for the achievement of the purposes expressed above.
External parties may also be appointed, if necessary, as Data Processors by the Data Controller.
In addition to the companies that act as data processors, the Personal Data are also made available to third parties, independent data controllers, for ancillary purposes related to the provision of the requested services.
The updated list of managers can always be requested at any time at the email address of the Owner and Data Controller.
Place and communication of data
The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For more information, contact the owner.
The User's Personal Data may be transferred to a country other than that in which the User is located. In any case they will never be transferred outside the countries belonging to the European Union, unless safeguard clauses are guaranteed or equal levels of protection of Personal Data.
The transfer will be made only to pursue commercial purposes agreed upon explicit request by the User.
Retention period
The Data are processed and stored for the time required by the purposes for which they were collected.
In particular:
- Personal Data collected for purposes related to the execution of a contract between the Owner and the User will be retained until the execution of the contract is completed.
- Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is met.
When the processing is based on the consent of the User, the Data Controller may retain the Personal Data for a longer period until such consent is revoked. Furthermore, the Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or an order of an authority. At the end of the retention period the Personal Data will be deleted or anonymized.
Security Measures for E-commerce
We implement appropriate technical and organizational measures to protect your personal data, especially payment information and order details:
- SSL/TLS encryption for all data transmission
- Secure payment processing through PCI-DSS compliant payment providers
- Regular security audits and updates
- Access controls and authentication systems
- Encrypted storage of sensitive data
- Regular backups and disaster recovery procedures
Credit card information is never stored on our servers. All payment data is processed directly by our certified payment service providers (Stripe, PayPal).
Rights
The User can know their rights, request further information and be up-to-date on the legislation regarding the protection of persons with regard to the processing of Personal Data by consulting the Website of the Guarantor for the protection of Personal Data at the address www.garanteprivacy.it.
The User has the right to:
- Revoke a previously expressed consent to the processing of personal data.
- Object to the processing of their data, if it occurs on a legal basis other than consent.
- Access to data and obtain all the information on the Data processed by the Data Controller.
The data will be provided by a copy of the Data in a format in common use, and readable by automatic device. - Verify and request the correction of your data.
- Obtain the limitation of treatment, if certain conditions are met. In this case, the Data Controller will not process the Data for any other purpose other than its conservation.
- Request cancellation or removal (right to be forgotten) of your Personal Data.
- Transfer data to another Data Controller, where technically feasible, obtaining or requesting the forwarding of data in a structured format, commonly used and readable by an automatic device. This provision is applicable when the Data are processed with automated tools and the processing is based on the User's consent, on a contract of which the User is a party or on contractual measures connected to it.
- File a complaint to the competent personal data protection authority or take legal action.
The users may exercise their rights at any time by forwarding the request to the Owner and Data Controller.
Defense in court
The User's Personal Data may be used for the defense by the Owner in court or in the stages leading to its possible establishment, by abuse in the use of the same or related services by the User.
The User is aware that the Data Controller may be required to disclose the Data at the request of the public authorities.
Legal obligations
The Owner reserves the right to access, store and share information with regulatory bodies, law enforcement agencies or other subjects in the following cases:
- In response to a legal request, in terms of good faith and within the time limits set by law.
- For all cases where it is necessary to detect, prevent and resolve unauthorized uses of the Services or Products provided or sold by this Site, in order to detect violations of our contractual or regulatory conditions.
- In order to detect harmful or illegal activities, to protect the activity, in relation to the Owner of the Activity, the User and / or Third Parties.
The data that is collected can be consulted and stored for a prolonged period of time when they are the subject of a legal proceeding or obligation, a government investigation or investigations regarding possible violations of our conditions or regulations or to avoid damage.
We may also retain the Data for at least one year in order to avoid repetition of improper use or other violations of the conditions.
Applicable laws
This Privacy Policy is governed by the aforementioned GDPR and the Italian law in force, which govern the processing of personal data - also held abroad - carried out by anyone who is resident or is based in a country of the European Community.
The GDPR guarantees that the processing of personal data will be carried out respecting the fundamental rights and freedoms, as well as the dignity of the interested party, with particular reference to privacy, personal identity and the right to protection of personal data.
Policy changes and updates
The Data Controller reserves the right to modify, in whole or in part, this Privacy Policy also in consideration of regulatory updates that protect the rights of Users.
Changes and updates to the Privacy Policy will be binding as soon as they are published in this section. We therefore ask you to regularly access this section to check the publication of the most recent and updated version of the Privacy Policy.
Legal notices
All documentation retrievable from this Site has been created and checked with the utmost care but the user
is always required to check its accuracy and is responsible for its use.
In the event of defects, liability for direct or indirect damages suffered by the User or by third
parties due to the use or non-use of the information collected is not attributable.
Although the contents of these pages are subject to continuous updating and verification, errors and /
or omissions may still occur.
By accessing this Site, the User implicitly declares to have read, understood and accepted the information on Legal Notice and Privacy and declares to comply with all applicable laws and regulations.
If the User does not accept these conditions, they cannot use this Site.
Last modified: Wednesday 8 October 2025
