Data Controller: CodiceFacile S.r.l., Via Torino 12, 20123 Milan, Italy (P.IVA IT12345678901).
Data Protection Officer (DPO): We have appointed a DPO who can be contacted at privacy@codicefacile.it or by post to the registered office address above, marked "Attn: DPO".
The DPO is responsible for overseeing compliance with GDPR and serves as the point of contact for the Italian supervisory authority (Garante per la protezione dei dati personali — "Garante").
| Purpose | Data used | Legal basis |
|---|---|---|
| Creating and managing your account | Registration data, profile data | Contract (Art. 6(1)(b) GDPR) |
| Providing the Platform's core features | All account data, content you submit | Contract (Art. 6(1)(b) GDPR) |
| Processing payments and subscriptions | Payment data, email address | Contract (Art. 6(1)(b) GDPR) |
| Sending transactional emails (receipts, password reset, account notices) | Email address, account data | Contract (Art. 6(1)(b) GDPR) |
| Sending marketing emails and newsletters | Email address, usage data | Consent (Art. 6(1)(a) GDPR) |
| Improving and personalising the Platform | Usage data, device data, cookies | Legitimate interest (Art. 6(1)(f) GDPR) |
| Security, fraud prevention, and abuse detection | IP address, log data, usage patterns | Legitimate interest (Art. 6(1)(f) GDPR) |
| Complying with legal obligations (e.g., tax records, court orders) | Account data, payment data | Legal obligation (Art. 6(1)(c) GDPR) |
| Aggregated analytics and reporting | Anonymised usage data (no personal identifiers) | Legitimate interest (Art. 6(1)(f) GDPR) |
We will never sell your personal data to third parties or use it for purposes incompatible with those listed above.
Under GDPR Article 6, every processing activity must rest on a valid legal basis. We rely on the following bases:
Processing necessary to deliver the service you signed up for — account creation, code sharing, payment processing, and support. Without this data we cannot provide the Platform.
We process certain data for our legitimate interests in operating a secure, high-quality service: security monitoring, fraud detection, performance analytics, and product improvement. We have carried out balancing tests and determined that our interests are not overridden by your rights. You may object to processing on this basis at any time (see Article 8).
For marketing emails and non-essential cookies, we rely on your freely given, specific, informed consent. You may withdraw consent at any time using the unsubscribe link in any marketing email or through the cookie preference centre accessible from the footer of every page. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
We may process and retain data when required to do so by Italian law, including fiscal and accounting obligations under D.P.R. 633/1972 and anti-money-laundering rules under D.Lgs. 231/2007.
We do not intentionally collect special category data (Art. 9 GDPR) such as health information, political opinions, or biometric data. If you inadvertently include such data in a code submission or support message, please contact us so we can remove it.
We share data with carefully selected third-party service providers who process it on our behalf under data processing agreements (DPAs) as required by GDPR Article 28:
If CodiceFacile is involved in a merger, acquisition, or asset sale, your personal data may be transferred as part of that transaction. We will notify registered users by email and/or prominent site notice before any such transfer and before data becomes subject to a different privacy policy.
We may disclose your data if required by applicable law, regulation, legal process, or governmental request — for example, in response to a court order or a request from the Italian Guardia di Finanza or other competent authority. Where permitted, we will notify you of such requests.
Codes, links, and notes you publish on the Platform are visible to all users (registered or not) by design. Do not include personal information in publicly shared codes or notes.
We do not share your personal data with advertising networks or data brokers for the purpose of serving third-party advertisements.
CodiceFacile is based in the EU (Italy) and stores all primary data within the European Economic Area (EEA). Some of our service providers are located in or transfer data to third countries, including the United States.
For any transfer of personal data outside the EEA, we ensure an adequate level of protection through one of the following mechanisms:
You may request a copy of the applicable transfer safeguards by contacting privacy@codicefacile.it.
We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law:
| Data category | Retention period | Basis |
|---|---|---|
| Account data (name, email, hashed password) | Duration of account + 30 days after deletion request | Contract / legitimate interest |
| Content (codes, links, notes) | Duration of account; anonymised copies may persist in aggregated data | Contract |
| Payment records and invoices | 10 years from transaction date | Italian fiscal law (D.P.R. 633/1972) |
| Marketing consent records | 3 years from last interaction or until consent withdrawn | Consent |
| Server logs (full IP) | 90 days | Legitimate interest (security) |
| Anonymised analytics data | 36 months (no personal identifiers) | Legitimate interest (product improvement) |
| Support communications | 2 years from ticket closure | Legitimate interest |
| Backup snapshots | Overwritten on a rolling 30-day cycle | Contract / legitimate interest |
When the applicable retention period expires, data is securely deleted or irreversibly anonymised. You may request early deletion in accordance with Article 8.
Under GDPR Articles 15–22, you have the following rights as a data subject. To exercise any of these rights, contact us at privacy@codicefacile.it. We will respond within 30 days (extendable by a further two months for complex requests, with notice).
The Platform is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we discover that a child under 16 has created an account without verifiable parental consent, we will promptly delete the account and all associated data.
If you are a parent or guardian and believe your child under 16 has provided personal data to us without your consent, please contact privacy@codicefacile.it immediately.
For users aged 16–18, processing is permitted under GDPR Article 8(1) as implemented by Italian law (D.Lgs. 196/2003, Art. 2-quinquies), which sets the digital consent age at 14 for information society services. CodiceFacile applies the more protective threshold of 16.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration (GDPR Art. 25 and Art. 32), including:
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay as required by GDPR Article 34.
Despite our best efforts, no system is completely secure. We encourage you to use a strong, unique password and to enable two-factor authentication when available.
The Platform may contain links to third-party websites, Merchant storefronts, or external resources. This Privacy Policy applies only to CodiceFacile and our own processing activities. When you follow a link to a third-party site, that site's own privacy policy governs the collection and use of your personal data.
We recommend reviewing the privacy policy of any third-party site before providing personal data. CodiceFacile accepts no responsibility or liability for the privacy practices of third parties.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify registered users by email at least 14 days before the changes take effect and will update the "Effective date" at the top of this page.
If required by applicable law (e.g., where we change the legal basis for processing or begin processing data for a new purpose), we will seek fresh consent before the changes take effect.
Your continued use of the Platform after the effective date of a revised Privacy Policy constitutes your acknowledgement of the changes. Archived versions of this policy are available on request.
For any questions, requests, or concerns about this Privacy Policy or our data practices, please contact:
We aim to address all requests within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with: