- Controller and contacts
- Categories of data processed
- Purposes and legal bases
- Processing of access credentials
- Methods and security
- Data retention
- Data recipients
- Transfers outside the EEA
- Data subject rights
- Minors
- Cookies and similar technologies
- Third‑party platforms
- Changes to this Privacy Policy
Last updated: 09/10/2025
This notice explains how NBS SRL (“OniGrow” or the “Controller”), with registered office at Via Francia 5D, 37135 Verona (Italy), VAT IT01563280294, email info@onigrow.com, processes personal data of users of onigrow.com and customers of our Services, pursuant to Regulation (EU) 2016/679 (GDPR) and applicable national law.
Controller and contacts
Controller:
NBS SRL – Via Francia 5D, 37135 Verona (Italy)
Privacy contact:
info@onigrow.com (for requests or to exercise rights)
Categories of data processed
- Identification and contact data: name, surname, email, phone, billing details.
- Payment data: handled via certified providers (e.g., Stripe, PayPal). OniGrow does not store full card details.
- Technical browsing data: IP addresses, device IDs, technical logs, browser info and pages visited, cookies and similar technologies (see “Cookies”).
- Communications: requests via email, contact forms or support channels.
- Social credentials (if provided): Instagram username and password, strictly necessary to provide the Service.
Purposes and legal bases
| Purpose | Legal basis |
|---|---|
| Order management, provision of Services, customer support, activations | Performance of a contract (Art. 6(1)(b) GDPR) |
| Tax and accounting obligations, legal compliance | Legal obligation (Art. 6(1)(c) GDPR) |
| Website security, fraud prevention, legal claims defence, service improvement | Legitimate interests (Art. 6(1)(f) GDPR) |
| Marketing, newsletters, non-essential cookies | User consent (Art. 6(1)(a) GDPR) |
Consent can be withdrawn at any time without affecting the lawfulness of processing prior to withdrawal.
Processing of access credentials
- Optional and requested only when necessary to provide the Service.
- Used exclusively to enable access to the Customer’s account.
- Encrypted and stored securely, with limited and logged access.
- Deleted immediately at the end of the Service or upon Customer request.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
Methods and security
Data are processed lawfully, fairly and transparently using IT/telecommunication tools, applying security measures such as:
- encryption at rest and in transit,
- role-based and logged access,
- periodic backups and monitoring,
- internal incident response procedures.
Data retention
| Data category | Retention period |
|---|---|
| Billing data | 10 years (legal obligation) |
| Social credentials | Only for the duration of the Service, then immediate deletion |
| Browsing logs | Up to 24 months (subject to legal or security needs) |
| Marketing/newsletter | Until consent is withdrawn |
Data recipients
Data may be disclosed to:
- Payment providers (Stripe, PayPal) – independent controllers;
- Technical vendors (hosting, email, CRM, analytics, WordPress plugins) – appointed processors under Art. 28 GDPR;
- Consultants and contractors bound by confidentiality;
- Competent authorities, where required by law.
OniGrow does not sell personal data to third parties.
Transfers outside the EEA
Where some providers process data outside the European Economic Area, we adopt appropriate safeguards (e.g., EU Commission Standard Contractual Clauses and supplementary measures) in accordance with Arts. 44–49 GDPR.
Data subject rights
Users may exercise the rights to:
- access, rectification, erasure, restriction, objection, portability (Arts. 15–22 GDPR);
- withdraw consent where applicable;
- lodge a complaint with the Supervisory Authority (ico.org.uk).
Requests may be sent to info@onigrow.com.
Minors
The Service is intended for adults. We do not knowingly collect data from minors; any such data communicated will be deleted.
Cookies and similar technologies
The site uses strictly necessary cookies and, subject to consent, analytics and marketing cookies, managed via the WP Full Picture plugin, which lets users configure tracking preferences.
Cookie categories
- Strictly necessary: ensure the site works and do not require consent (e.g., session management, language preferences).
- Anonymous analytics: used to statistically analyse site use; data are collected in aggregate form.
- Marketing and profiling: used to personalise content or measure campaign effectiveness; enabled only with explicit consent.
Cookie management
-
- On first visit, users can accept or refuse non‑essential cookies via the consent banner.
- Preferences can be changed at any time via the dedicated button in the footer (“Cookie settings”).
- Consent is recorded and stored for 12 months, unless regulations change.
For further technical information and details on specific cookies installed, please refer to the updated Cookie Policy on the site.
Third‑party platforms
Use of the Service may involve interactions with third‑party platforms (e.g., Instagram).
Such platforms act independently as controllers, with their own policies and terms of use.
OniGrow is not sponsored or certified by Instagram™.
Changes to this Privacy Policy
Material changes will be notified with 30 days’ notice via website notice or email.
Continued use of the site/services after that period implies acceptance of the updated version.
