Nova Capital S.r.l. – S.B. – Privacy Notice
Version 1, April 10, 2024

Nova Capital S.r.l. – S.B., a limited liability/benefit company incorporated under Italian law, with its registered office at Via Albarina 11B, 20020, Milan (MI), Tax Code and VAT number 12358930969 (hereinafter also referred to as “Finanz”), as the data controller, respects your privacy and is committed to protecting your personal data.
This privacy notice (hereinafter, “Notice”) explains the reasons, methods of collection, management, and protection of personal data in relation to the customers of Finanz services.
Finanz commits to processing your data in accordance with the General Data Protection Regulation (Reg. EU 2016/679), better known as “GDPR”, and any other applicable privacy laws. In particular, the personal data processing carried out by Finanz will adhere to the principles of legality, fairness, transparency, purpose limitation and retention, data minimization, accuracy, integrity, and confidentiality.

This Notice is issued pursuant to Articles 13 and 14 of the GDPR and aims to provide you with information on how Finanz processes your personal data. Your personal data has been collected through your use of the website and the Finanz app (hereinafter, the “Finanz App”) when you decide to use one of the services offered by Finanz.
It is important that you read this Notice, along with any other notice we may provide on specific occasions when collecting and processing your personal data. We aim to coordinate these notices to always represent the conditions applied to the processing of your personal data in the most transparent and accessible way.

Finanz acts as the data controller and is responsible for your personal data. You can contact the data controller to receive information about the processing of personal data and to exercise the rights recognized by the GDPR at the following email address:

This section describes the categories of personal data we process. In section 4, we will illustrate the purposes for which we process these categories of personal data.
The personal data we collect depends on your use of the website or the Finanz app if you use our services.
If you visit the website or download our app, your browser automatically transmits some data, such as the date and time of your visit to the web pages, the type and settings of your browser, your operating system, your IP address.
By using our services, we may process the following personal data relating to the following categories of subjects.
Consumer Data
– Contact and identification data – Name, surname, date of birth, age, email.
– Information on the consumer’s behavior history with Finanz – financial education level, goal, total number of lessons completed, number of courses started, number of levels and chapters completed, percentage of correct answers, number of times the Finanz app was opened, total number of “kiwis” earned, number of “kiwis” available, consent to share data with third-party partners, response to the survey “how did you find out about us”, time spent watching video courses, friends invited, “kiwi” parties held, number of stories viewed, number of logins, badges obtained, lives lost, links clicked of third-party partners or to purchase the premium version or to try to skip a video, purchases made, activation of notifications or not.
– Payment information – Details about the credit or debit card (last four digits of the card, expiry date, and place of issue, transaction history).
– Information about your contacts with Finanz customer service – email correspondence.
– Device information – Device ID, IP address, browser settings, operating system;

We limit the amount and quality of personal data collected only to what is necessary for the purposes for which they are collected, as described in the table below. We limit, protect, and control all our IT resources against unauthorized access, damage, loss, or destruction, both physical and electronic. We retain personal data only for the time described below, to respond to requests from interested parties, or longer if required by law. If we retain your personal data for historical or statistical purposes, we ensure that the personal data cannot be used further. As long as they are in our possession, with your help, we try to maintain the accuracy of your personal data.
To facilitate understanding of the purposes, legal bases, and conditions under which we process data, we provide below a table showing the categories of personal data processed, the purposes of processing, the “legal basis” that authorizes each processing and gives it legality, as well as the period for which Finanz will retain your personal data:

Finanz also informs you that for the above

purposes your personal data will be processed using computer, telematic, and manual tools, in compliance with the rules of confidentiality and security established by law.

The Finanz App may include links to third-party websites (e.g., the websites of stores where you buy products or services). By clicking on such links or enabling them, third parties may process your personal data; therefore, we invite you to also refer to the privacy notice of such sites, as well as the privacy notice of the Finanz App.

In some cases, we need to collect your personal data by law or under the terms of a contract we have with you or are trying to enter into with you. In these cases, not providing personal data will prevent Finanz from entering into a contract with you.

Some of the third parties we rely on are located outside the European Economic Area (“EEA”), so processing your personal data may involve a data transfer outside the EEA. Whenever we transfer your personal data outside the EEA, we ensure an adequate level of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
– Adequacy decisions: when the transfer of personal data occurs to countries that have been deemed to provide an adequate level of data protection by the European Commission;
– Standard contractual clauses: in the absence of adequacy decisions, we will use specific contracts approved by the European Commission, aimed at ensuring the same protection of personal data as within the European territory.

Within the organization of Finanz, data may be processed by the staff of the offices competent for carrying out individual processing activities.
Furthermore, to provide our services, we may disclose your personal data to the categories of recipients listed below, for the purposes listed below, in compliance with the principles of data minimization and purpose limitation, implementing appropriate security measures. The exact identification of the recipients to whom we will disclose your personal data will depend on the services you use. Such subjects will have access to the personal data necessary to perform the functions regulated by an agreement between the companies, pursuant to Art. 28 GDPR (and may not use them for different purposes) and will be required to process the data in accordance with applicable law and agreements entered into with Finanz. We will adopt all reasonable contractual, legal, technical, and organizational measures to ensure that your personal data is treated with an adequate level of protection. In particular, for the provision of services, the categories of subjects to whom we will communicate the data, in reason and within the limit of the pursued purposes, are:
– Suppliers and subcontractors: we may share personal data with suppliers and subcontractors we use to provide you with services. Suppliers and subcontractors are companies authorized to process only the personal data they receive from Finanz. Examples of such suppliers and subcontractors are software and data storage providers, payment processing services, and business consultants.
– Payment Service Providers (“PSPs”): PSPs enable you to accept electronic payments through a wide range of payment methods, such as credit card, bank payments such as direct debit, etc.
– Authorities: Finanz may provide information deemed necessary to law enforcement, financial, tax, or other authorities and courts. Personal data is shared with the authority if required by law, in some cases at your request, or if necessary for the management of tax deductions or to combat crime.

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including the purpose of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. You can find more information about the retention period in the table present in section 4.


We limit the amount of data, collecting only those necessary for the purposes described in section 4 and for the necessary time to achieve it. We limit, protect, and control all our resources in which data is stored to prevent access, damage, loss, or destruction, whether physical or electronic, or unauthorized access, whether physical or electronic.


We remind you that you can exercise your rights regarding personal data in the ways and within the limits provided by data protection laws. Below is a brief description of such rights:

12.1. Right to be informed

All individuals have the right to be informed about the collection and use of their personal data. This represents a fundamental requirement of transparency as established by the GDPR. This Notice, our cookie policy, and the responses we will provide to your requests meet this requirement.


Right to request access to personal data

Known as the “access request”, it allows you to obtain a copy of your personal data in our possession and to verify its correct processing.

12.3. Right to request rectification of personal data

It allows you to correct any incomplete or inaccurate data we hold about you; however, we may need to verify the accuracy of the new data you provide.

12.4. Right to request the deletion of personal data (“right to be forgotten”)

It allows you to request the removal and deletion of your personal data where there is no valid reason for us to continue processing it. It is possible to obtain the deletion of your personal data in the cases provided for by Art. 17 GDPR.
However, we inform you that in certain cases we may not be able to fulfill your request for deletion for specific legal reasons (for example, if it is necessary to allow us to fulfill a legal obligation or to ascertain, exercise, or defend a right in court) which will be communicated to you at the time of your request.

12.5. Right to object to the processing of personal data

Under the terms set by Art. 21 GDPR, you may object to the processing of data in cases where we, or a third party, need to rely on legitimate interest and you believe that such processing in some way infringes upon your fundamental rights and freedoms.

12.6. Right to request restriction of processing of personal data

You can request the restriction of processing of your personal data in the cases provided for by Art. 18 GDPR, we will continue to process personal data only if an exception to such request applies.

12.7. Right to request the transfer of personal data to you or a third party (“data portability”)

We will deliver to you or a subject you designate your personal data in a structured, commonly used, and machine-readable format, under the conditions set by Art. 20 GDPR. We remind you that this right applies only to information processed by automated means and for processing that occurs on the basis of consent, or in the context of the fulfillment of the contract entered into with you.

12.8. Right to withdraw consent at any time

You have the right to withdraw consent at any time for the processing of personal data based on consent, and we will cease to use your personal data, without prejudice to the legality of the processing based on the consent given before its withdrawal.

12.9. Right to file a complaint with the authority

We remind you that you always have the right to file a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), located in Piazza Venezia 11, Rome, at the email address:


To exercise your rights or to request information on how we process your personal data, you can contact us via email at, and we will do our best to assist you.