PRIVACY POLICY OF UNGUESS.IO

For the purposes of the EU Regulation 2016/679 on Data Protection ( hereinafter only “GDPR”) the following information is provided, consistent with the principle of transparency, to make you aware of the characteristics and methods of the processing of data collected for the purpose of the use of this website ( Website or also Platform) and, therefore, also of the respective Online Purchase on the aforementioned Platform of Testing Campaigns .

All terms beginning with a capital letter are related to the definition and relative meaning set forth in the Terms and Conditions of the above Web Site.

This Website collects certain Personal Data of its users (hereinafter Users(s)), as Data Subjects, for the purpose of enabling them to make full use of this Site.

This document can be printed as a reference using the print command in the settings of any browser.

DATA CONTROLLER AND CONTACT INFORMATION

Please be informed that the Data Controller is: UNGUESS S.r.l., an Italian company with registered office in Via del Chiesotto n.4 near Cremona, VAT and tax code 01603290196

The contact email are as follows: 

  • Email of the Data Controller :info@unguess.io ., for any communication or request regarding the processing of their Personal Data;
  • Email of the D.P.O [Data Protection Officer]: legal@unguess.io, to request specific assistance with regard to the processing of your personal data and the exercise of your rights as a Data Subject .



PURPOSE AND LEGAL BASIS FOR

PROCESSING

With the ultimate purpose of bringing Users closer to the Testing Services of UNGUESS through the Online Purchase of the commissioned Campaigns, UNGUESS exploits such Site to provide specifically the Particular Functionalities of the Platform and manage in general the whole interaction of the User with such Site. For this reason, several purposes of data processing are included for which, however, no single legal basis for processing is connected. Thus, starting from the User’s registration to the Platform until the completion of the Online Purchase procedure of the Campaigns and the respective execution thereof, the User’s Data will be processed for the following purposes:

  • USER’S REGISTRATION TO THE UNGUESS.IO PLATFORM, through which the Users themselves will have to provide the Personal Data necessary to turn out to be registered and allow said website to provide its services. THE LEGAL BASIS IN THIS CASE IS REPRESENTED BY THE CONSENT EX ART. 6 PARAG. 1 LETT A) OF THE GDPR;


  • ACTIVATION OF VARIOUS PARTICULAR FUNCTIONS , for the operation of the Platform and which involves the use of personal data provided by the User in order to put them in contact with the internal team of UNGUESS that will support them in the experience of using the Platform . THE LEGAL BASIS IN THIS CASE IS THE CONSENT EX ART. 6 PARAG. 1 LETT A) OF THE GDPR;


  • ONLINE PURCHASE OF PRESCRIBED CAMPAIGNS, allow the Site to unlock a part of the Particular Functions of the Platform, providing the User with the possibility to purchase the Tokens necessary to take advantage of the Campaigns and providing for the use of the personal data provided for the purpose of completing the purchase .  THE LEGAL BASIS IN THIS CASE IS REPRESENTED BY THE SERVICE CONTRACT THAT WILL BE COMPLETED, BETWEEN UNGUESS AND THE USER WHO HAS BECOME AN ACTUAL CUSTOMER, WITH THE SAME ONLINE PURCHASE OF THE TOKENS


  • MANAGEMENT,MONITORING AND EXECUTION OF THE CAMPAIGN and in particular, the Data Processing will be carried out for the purpose of allowing the User to take full advantage of the chosen Campaign and with reference, therefore, to the use of personal data necessary to provide the activities covered by the Campaign. THE LEGAL BASIS IN THIS CASE IS REPRESENTED BY THE SERVICE CONTRACT THAT WILL BE FINALIZED WITH THE PREVIOUS ONLINE PURCHASE AND THUS INVOLVING THE ESTABLISHMENT OF A REAL SERVICE CONTRACT BETWEEN UNGUESS AND THE USER WHO HAS BECOME AN ACTUAL CUSTOMER .

 

In addition, only in relation to the actual execution of the specific activities that are the subject of the purchased Campaign, Users will have to be asked to give additional consent, to the one given by accepting this Privacy Policy, through the consultation and acceptance of the following UNGUESS Customer and Supplier Data Processing Notice, since with the Online Purchase the User goes from being a Potential Customer to becoming an Actual Customer of UNGUESS .

So by accepting this Privacy Policy you acknowledge that you have also read and accept the UNGUESS Customer and Supplier Data Processing Policy , linked to that document .

Finally, in general, then, User Personal Data are collected to enable the Owner to:  

  • Provide their own Service;
  • Fulfilling legal obligations;
  • Responding to requests or enforcement actions; 
  • Protect its own rights and interests (or those of Users or third parties);  
  • Identify any malicious or fraudulent activities; 
  • Perform statistics; allow access to third-party service accounts;
  • Allow registration and authentication provided directly from this Site; 
  • Managing contacts and sending messages; 
  • Allow interaction with data collection platforms and other third parties; 
  • Display content from external platforms; 
  • Manage tags and monitor the website.

TYPE OF PERSONAL DATA BEING PROCESSED

Among the Personal Data collected by this Web Site, either independently or through third parties, are:

 

                                                                    COMMON PERSONAL DATA 

Baptismal name

Last name

Country and city

Language

Bank or financial data

Income or asset data

Online browsing data

Location data

Image/ Voice

Professional data

Fiscal Code/VAT Number

ID card number

Company name containing personal information 

Date of birth

Physical address/ Email address

Cookies/Use Data

 

Personal Data may be freely provided by the User or, in the case of Usage Data, automatically collected during the use of this website.

Unless otherwise specified, all Data requested by this Website is mandatory and failure to provide such Data may result in the inability of this Platform to provide its services. In cases where the Website expressly indicates that some Data is not mandatory, Users are free not to communicate such Data without any consequences on the availability or functioning of the Service.

Users who have doubts about which Personal Data are mandatory are invited to contact the Controller.

The possible use of Cookies – or other tracking tools – by this Website or the owners of third party services used by this Website, is for the purpose of providing the service requested by the User. For a full consultation of the respective Cookies Policy on the Platform, you may view the document at this link : Cookie Policy 

In addition, any use by UNGUESSS of integrated artificial intelligence (hereafter AI) systems is limited to the recording and transcription of any business meetings with the customer so that it can be reviewed and later analyzed for internal use. In addition, UNGUESSS has its own Privacy Management and Information Security Model within which the entire flow of management of personal data processed by the company is described, as well as the measures taken to ensure information security in general . This is set up for the purpose of compliance with the GDPR and the Italian Privacy Code as well as in accordance with ISO 27001 standards .

Particularly with regard to what concerns the management of personal data for AI systems the whole is limited to the above functions which do not necessarily include personal data of Users. In any case, whatever the use of the AI by, UNGUESS itself will abide by the principles of the GDPR applied in conjunction with the articles of the AI Act and therefore in the case of data management for AI systems UNGUESS, by way of example but not limited to, acts in the following ways :

  • a Fundamental Rights Impact Assessment (FRIA) is conducted. The FRIA aims to ensure that AI systems meet the requirements of transparency, security, and accountability, ensuring that they do not violate the fundamental rights of individuals;


  • a Data Processing Impact Assessment (DPIA) is carried out, which is required by the GDPR in Article 35 and requires the owner to conduct an assessment of the necessity and proportionality of the processing of personal data and the risks that may result from it, given in this case the use of AI systems;
  • granular consent is required in advance from the data subject, for automated processing for the purposes of ‘AI, and this means that the data subject is guaranteed to be able to choose which purposes he or she wants to give consent for. So, for example, the data subject will be able to agree to receive advertising but refuse to have his or her data used to train AI.”

Users are responsible for third party Personal Data obtained, posted or shared through this Web Site

MODE OF TREATMENT

The Data Controller shall take appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of the Data.

The processing of Data is carried out using computers and/or computer tools, following organizational procedures and methods strictly related to the stated purposes. In addition to the Data Controller, in some cases, they may have access to the Data : 


  • other individuals involved in the organization of this Web Site and UNGUESS (administrative, sales, marketing, legal, system administrators) 
  • external parties (such as third parties) technical service providers, postal couriers, hosting providers, IT companies, communication agencies, customers, partners, collaborators) appointed, if necessary, as Data Processors by the Data Controller, or in any case as autonomous Data Controllers, and only in this case, pdovrà be given supplementary consent separately (see paragraph “Purpose and legal basis of processing”) .

 

  

  The updated list of such individuals may be requested from the Holder at any time.

 

The Data are processed at the operational offices of the Data Controller and in any other place where the parties involved in the processing are located. Under no circumstances may personal data, which is the subject of this Privacy Policy, be disseminated to unspecified parties. Your data are stored at the UNGUESS offices and on servers located in the European Union. Depending on your location, data transfers may involve the transfer of your Data to a country other than your own, which are recognized as adequate in terms of security under Articles 45-46 of the GDPR.  

 

To learn more about the processing location of the transferred Data, Users can request detailed information from the Data Controller at any time. UNGUESS also uses cloud services provided by third-country companies recognized as adequate in terms of security under Articles 45-46 of the GDPR.

Unless otherwise specified herein, Personal Data will be processed and retained for the time required by the purposes for which it was collected and may be retained for a longer period by virtue of applicable legal obligations or based on the consent of Users .

ADDITIONAL INFORMATION ON SHELF LIFE

Personal Data will be processed and stored for the time required by the purposes for which it was collected.

Therefore:

  • Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until the performance of that contract is completed.
  • Personal Data collected for purposes of legitimate interests of the Data Controller will be retained for as long as necessary to pursue those purposes. Users may find specific information regarding the legitimate interests pursued by the Controller in the relevant sections of this document or by contacting the Controller.

The Controller may be authorized to retain Personal Data for a longer period whenever the User has given consent to such processing, provided that such consent is not withdrawn. In addition, the Controller may be obliged to retain Personal Data for a longer period whenever this is required for the fulfillment of a legal obligation or by order of an authority.

Once the retention period has expired, the Personal Data will be deleted. Therefore, the right of access, the right to erasure, the right to rectification, and the right to data portability cannot be exercised after the retention period has expired.

USERS' RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION (GDPR) AND THE EXERCISE OF THOSE RIGHTS

Users, as Data Subjects, may exercise certain rights with respect to the Data processed by the Data Controller.

In particular, Users have the right to do the following, to the extent permitted by law:

  • Withdraw consent at any time. Users have the right to withdraw their consent if they have previously given their consent to the processing of their personal data.
  • Object to the processing of one’s Data. Users have the right to object to the processing of their Data if the processing is done on a legal basis other than consent.
  • Access to their Data. Users have the right to know whether Data is being processed by the Data Controller, obtain information on certain aspects of the processing, and obtain a copy of the processed Data.
  • Verify and request rectification. Users have the right to verify the accuracy of their Data and request that it be updated or rectified.
  • Restricting the Processing of Your Data. Users have the right to restrict the processing of their Data. In this case, the Data Controller will not process the Data for any purpose other than its preservation.
  • To have their Personal Data deleted or otherwise removed. Users have the right to obtain from the Data Controller the deletion of their Data.
  • Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used, machine-readable format and, if technically feasible, to have it transferred to another data controller without hindrance.
  • Filing a Complaint. Users have the right to bring a complaint before the competent data protection authority.

Users also have the right to know the legal basis for transfers of Data abroad, including any international organization governed by public international law or constituted by two or more countries, such as the UN, and the security measures taken by the Data Controller to safeguard their data.

When Personal Data are processed in the public interest, in the exercise of public authority vested in the Data Controller, or in pursuit of a legitimate interest of the Data Controller, Users may object to such processing on grounds related to their particular situation, justifying the objection.

Users are reminded that, should their Personal Data be processed for direct marketing purposes, they may object to the processing at any time, free of charge and without providing any reasons. If the User objects to the processing for direct marketing purposes, the Personal Data will no longer be processed for such purposes. To find out whether the Controller processes data for direct marketing purposes, Users may refer to the respective sections of this document. The same applies in the case of using Personal Data to train any AI systems .

Any requests to exercise the User’s rights may be addressed to the Controller through the contact details given in this document. Such requests are free of charge and will be answered by the Controller as soon as possible and always within one month, providing Users with the information required by law. Any rectification or deletion of Personal Data or restriction of processing will be communicated by the Controller to each possible recipient to whom Personal Data has been disclosed, unless this proves impossible or involves disproportionate effort. Upon request by Users, the Controller will inform them about such recipients.

In accordance with current legislation, in addition to the above rights, the data subject is also entitled to file a complaint with the Guarantor for the Protection of Personal Data, Piazza di Monte Citorio No. 121 – 00186, Rome, Fax: (+39) 06.69677.3785, . protocollo@pec.gpdp.it

FURTHER DETAILS ON THE PROCESSING OF PERSONAL DATA

Personal Data is also collected for the following and additional purposes and using the following services:

Advertising
This type of service allows User Data to be used for advertising communication purposes. Such communications are displayed in the form of banners and other advertisements on unguess.io, possibly based on the User’s interests. 

This does not mean that all Personal Data is used for this purpose. Information and conditions of use are given below.

Some of the services listed below may use Tracker to identify Users or may use the technique of behavioral retargeting, i.e. displaying advertisements tailored to the User’s interests and behavior, also detected outside of unguess.io. For more information, please consult the privacy policies of the services concerned.

In addition to any opt-out functionality offered by any of the services listed below, Users can disable it by visiting the Network Advertising Initiative’s opt-out page.

Users can also disable certain advertising features through applicable device settings, such as device advertising settings for cell phones or advertising settings in general.

1plusX (1plusX AG)
1plusX is an advertising service provided by 1plusX AG.

Personal Data Processed: Cookies; Usage Data.

Place of processing: Switzerland – Privacy Policy .

Analysis

The services contained in this section allow the Data Controller to monitor and analyze traffic data and serve to track User behavior.

Google Analytics (Google Inc.)
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the Data collected to track and examine the use of unguess.io, compile reports on its activities, and share them with other Google services. Google may use the Data collected to contextualize and personalize ads in its advertising network.

Personal Data Processed: Cookies; Usage Data.

Place of Processing: USA – Privacy Policy Opt Out .

HubSpot Analytics (HubSpot, Inc.)
HubSpot Analytics is an analytics service provided by HubSpot, Inc. 

Personal Data Processed: Cookies; Usage Data.

Place of Processing: United States – Privacy Policy – Opt Out .

Matomo (unguess.io)
Matomo is an analysis software used by unguess.io to analyze data directly, without the help of third parties. Personal Data Processed: Cookies; Usage Data.

Contacting the User.

Contact Form (unguess.io)
The User, by filling out the contact form with his/her Data, consents to their use to respond to requests for information, quotes, or any other nature indicated by the header of the form.

Personal Data Processed: last name; email; first name; profession; company name; various types of Data.

Mailing list or newsletter (unguess.io)
By registering for the mailing list or newsletter, your email address will be added to the contact list of those who may receive email messages containing information of a commercial or promotional nature regarding unguess.io. Your email address may also be added to this list as a result of registering with unguess.io or after making a purchase.

Personal Data Processed: last name; email; first name; company name.

Heat mapping and session recording

Heat mapping services are used to display the areas of unguess.io that Users interact with most frequently. This shows where points of interest are located. These services help monitor and analyze web traffic and track Users’ behavior.

Some of these services may record sessions and make them available for later visual playback.

Hotjar heat maps and recordings (Hotjar Ltd.)

Hotjar is a session recording and heat mapping service provided by Hotjar Ltd.

Hotjar respects generic “Do Not Track” headers. This means that the browser can tell its script not to collect any User data. This is a setting available in all major browsers. Find Hotjar’s opt-out information here.

Personal Data Processed: Tracker; Usage Data; various types of Data as specified by the service’s privacy policy.

Place of processing: Malta – Privacy Policy Opt Out .

Infrastructure monitoring

This type of service allows unguess.io to monitor the use and behavior of its components so that it can improve their performance, operation, maintenance, and troubleshooting.

The Personal Data processed depend on the characteristics and mode of implementation of these services, whose function is to filter the activities of unguess.io.

New Relic (New Relic)
New Relic is a monitoring service provided by New Relic Inc.

The way New Relic is integrated implies that it filters all unguess.io traffic, i.e., communications between the Application and the User’s browser or device, while also allowing the collection of analytical data about unguess.io.

Personal Data Processed: Tracker; Usage Data; various types of Data as specified by the service’s privacy policy.

Place of processing: United States – Privacy Policy .

Managing contacts and sending messages

This type of service allows you to manage a database of email contacts, telephone contacts, or contacts of any other type used to communicate with the User.

These services may also collect data related to the date and time the User views the message, as well as the User’s interaction with it, such as through links embedded in the message.

Mailchimp (The Rocket Science Group, LLC.)
Mailchimp is an email address management and messaging service provided by The Rocket Science Group LLC.

Personal Data Processed: email address.

Place of processing: USA – Privacy Policy .

MailUp (MailUp)
MailUp is an address management and email messaging service provided by MailUp SpA.

Personal Data Processed: last name; email; first name; phone number; profession; company name; various types of Data.

Place of processing: Italy – Privacy Policy .

Tag management

These types of services help the Owner centrally manage the tags or scripts needed on unguess.io.

This involves the flow of User Data through these services, potentially resulting in the retention of such Data.

Google Tag Manager (Google Ireland Limited)
Google Tag Manager is a tag management service provided by Google Ireland Limited.

Personal data processed: Usage Data.

Place of processing: Ireland – Privacy Policy .

User database management

This type of service allows the Owner to create User profiles from an email address, personal name or other information that the User provides to unguess.io, as well as to track the User’s activities through analytics features. This Personal Data may also be combined with public information about the User (such as social network profiles) and used to create private profiles that the Owner may view and use to improve unguess.io.

Some of these services may also allow the scheduled sending of messages to the User, such as emails based on specific actions performed on unguess.io.

Test information and user devices

This type of service allows testing and verification of all information
extracted and reported by the User.

Personal data: name, e-mail, age, gender, location, devices, and personal information depending on the specific test (e.g., customer code, tester’s bank name, tester’s credit card name, etc.).

HubSpot CRM (HubSpot, Inc.)
HubSpot CRM is a user database management service provided by HubSpot, Inc.

Personal Data processed: email; phone number; various types of Data as specified by the privacy policy of the service.

Place of processing: United States – Privacy Policy .

ADDITIONAL INFORMATION ON DATA COLLECTION AND PROCESSING

Defense in Court
The User’s Personal Data may be used by the Owner in legal proceedings or in the preparatory stages to its possible establishment for the defense against abuse in the use of unguess.io or related Services by the User.

The User declares that he/she is aware that the Controller may be obliged to disclose Personal Data at the request of public authorities.

Additional Information on the User’s Personal Data
In addition to the information contained in this privacy policy, unguess.io may provide the User with additional and contextual disclosures regarding specific Services, or the collection and processing of Personal Data.

System Logs and Maintenance
For operation and maintenance purposes, unguess.io and any third-party services it uses may collect System Logs, which are files that record interactions and may also contain Personal Data, such as the User IP address.

Information not contained in this policy
Further details in relation to the collection or processing of Personal Data may be requested at any time from the Data Controller by consulting the contact information at the beginning of this document.

How “Do Not Track” requests are handled.
unguess.io does not support “Do Not Track” requests.

To determine whether any of the third-party services it uses comply with “Do Not Track” requests, the User is encouraged to read their respective privacy policies.

Changes to this Privacy Policy
The Owner reserves the right to make changes to this Privacy Policy at any time by notifying Users on this page and, if possible, on unguess.io and/or – where technically and legally feasible – by sending a notification to Users through one of the contact details held by the Owner. It is strongly recommended that you consult this page often, referring to the date of last modification indicated at the bottom.

If the changes affect processing whose legal basis is consent, the Owner will re-collect the User’s consent, if necessary. 

Latest update: May 25, 2025