Privacy Policy
Information on the processing of personal data pursuant to EU Regulation 2016/679 (GDPR)
Privacy Policy
Last updated: 31/03/2026
This privacy notice is provided pursuant to Articles 13 and 14 of EU Regulation 2016/679 (hereinafter "GDPR") and describes how No Limits S.r.l. collects, uses and protects the personal data of users who visit the website nolimits.com (hereinafter the "Website").
1. Data Controller
The Data Controller is:
- No Limits S.r.l.
- Via Enrico Fermi, 8/10 – 25030 Castel Mella (BS), Italy
- Email: info@nolimits.com
- Certified email (PEC): nolimits@pec.it
- Phone: +39 030 7777336
2. Types of Data Collected
The Controller collects the following categories of personal data:
Browsing data
The IT systems and software procedures used to operate the Website automatically collect certain personal data during their normal operation. This data is transmitted implicitly through the use of Internet communication protocols. Although not collected to be associated with identified individuals, this information could, by its nature, through processing and association with data held by third parties, allow users to be identified. This category includes: IP addresses, browser type, operating system, domain names and website addresses from which access or exit was made, pages visited, time of access, time spent on individual pages, internal path analysis, and other parameters related to the operating system and user's IT environment.
Voluntarily provided data
The optional, explicit and voluntary submission of messages through the contact forms on the Website (contact form, sponsorship request, co-branding proposal) involves the collection of the following data: full name, email address, phone number (optional), company/organisation (optional), subject and message text.
Cookies and similar technologies
The Website uses technical, analytical and marketing cookies. For detailed information, please consult our Cookie Policy.
Data collected by Google reCAPTCHA
The Website uses Google reCAPTCHA v3 to protect forms from automated submissions (spam and bots). This service collects information about the user's hardware and software, such as device and application data, and sends this data to Google for analysis purposes. Data collected by reCAPTCHA is subject to Google's Privacy Policy and Terms of Service.
3. Purposes of Processing and Legal Basis
Personal data is processed for the following purposes:
| Purpose | Legal basis | Retention |
|---|---|---|
| Responding to contact requests | Art. 6.1.b GDPR – Performance of pre-contractual measures at the request of the data subject | 24 months from the request |
| Managing sponsorship requests | Art. 6.1.b GDPR – Performance of pre-contractual measures at the request of the data subject | 24 months from the request |
| Managing co-branding proposals | Art. 6.1.b GDPR – Performance of pre-contractual measures at the request of the data subject | 24 months from the request |
| Anonymous statistical analysis of browsing (Google Analytics) | Art. 6.1.a GDPR – Consent of the data subject (via cookie banner) | 26 months (Google Analytics setting) |
| Marketing and remarketing (Facebook Pixel) | Art. 6.1.a GDPR – Consent of the data subject (via cookie banner) | 90 days (_fbp cookie) |
| Protection against spam and abuse (Google reCAPTCHA) | Art. 6.1.f GDPR – Legitimate interest of the Controller in Website security | Session duration |
| Compliance with legal, regulatory or statutory obligations | Art. 6.1.c GDPR – Compliance with a legal obligation | As required by applicable law |
| Technical operation of the Website (session cookies, CSRF) | Art. 6.1.f GDPR – Legitimate interest in the proper functioning of the Website | Session duration |
4. Data Recipients
Personal data may be disclosed to the following categories of recipients:
- Google LLC (Google Analytics, Google reCAPTCHA) – for statistical analysis and anti-spam protection purposes
- Meta Platforms, Inc. (Facebook Pixel) – for marketing and remarketing purposes
- Hosting and server infrastructure providers – for service delivery
- Consultants and professionals – as part of legal, tax or accounting consultations, within strictly necessary limits
- Competent authorities – where required by law or for the protection of rights in judicial proceedings
Personal data will not be disseminated.
5. Data Transfers Outside the EU
Some of the third-party services used (Google LLC, Meta Platforms, Inc.) are based in the United States. Data transfers to the USA are based on the EU-US Data Privacy Framework (DPF) and/or Standard Contractual Clauses (SCC) approved by the European Commission, which ensure an adequate level of protection for personal data. For more information, please refer to the privacy policies of the respective services.
6. Retention Period
Personal data is retained for the time strictly necessary to pursue the purposes for which it was collected, as indicated in the table in section 3. At the end of the retention period, data is deleted or irreversibly anonymised.
7. Data Subject Rights
Pursuant to Articles 15-22 of the GDPR, the data subject has the right to:
- Access – obtain confirmation of the existence of processing of their data and access its content (Art. 15)
- Rectification – obtain the correction of inaccurate data or the completion of incomplete data (Art. 16)
- Erasure ("right to be forgotten") – obtain the deletion of their data in the cases provided for by law (Art. 17)
- Restriction – obtain the restriction of processing in the cases provided for by law (Art. 18)
- Portability – receive their data in a structured, commonly used and machine-readable format (Art. 20)
- Objection – object to the processing of their data, in particular processing based on legitimate interest (Art. 21)
- Withdrawal of consent – withdraw consent at any time for the processing of data, without affecting the lawfulness of processing based on consent before its withdrawal (Art. 7.3)
- Complaint – lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali – www.garanteprivacy.it)
To exercise their rights, the data subject may send a request to:
- Email: privacy@nolimits.com
- Certified email (PEC): nolimits@pec.it
- Mail: No Limits S.r.l. – Via Enrico Fermi, 8/10 – 25030 Castel Mella (BS), Italy
8. Nature of Data Provision
The provision of browsing data is necessary for the operation of the Website. The provision of data through contact forms is optional, but failure to provide data marked as mandatory (name, email, message) will make it impossible for the Controller to respond to the request. Consent to analytical and marketing cookies is optional and may be withdrawn at any time through the cookie banner.
9. Automated Decision-Making
The Controller does not carry out automated decision-making processes, including profiling, as referred to in Article 22, paragraphs 1 and 4, of the GDPR.
10. Cookies
For detailed information on cookies and tracking technologies used by the Website, please consult our Cookie Policy.
11. Google reCAPTCHA
The Website uses Google reCAPTCHA v3, a service provided by Google LLC, to protect the forms on the Website from automated content submission (spam) and abusive access. reCAPTCHA analyses visitor behaviour on the Website through various parameters. The analysis begins automatically when the visitor accesses the Website. reCAPTCHA evaluates various information (e.g. IP address, visit duration, mouse movements). The data collected during the analysis is forwarded to Google. Processing is carried out on the basis of the Controller's legitimate interest in protecting the Website from computer abuse and spam (Art. 6.1.f GDPR). For more information about Google reCAPTCHA, please consult Google's Privacy Policy (https://policies.google.com/privacy) and Terms of Service (https://policies.google.com/terms).
12. Updates to the Privacy Policy
The Controller reserves the right to make changes to this privacy notice at any time, giving adequate notice to Website users by publishing the updated version on this page. Please check this page regularly for updates. The date of the last update is indicated at the top.
13. Contacts
For any questions or requests regarding this Privacy Policy or the processing of personal data, please contact the Controller using the details provided above.