Privacy Policy
Last updated: 14/07/2026
This policy describes how notruffa.it processes personal data in compliance with EU Regulation 2016/679 (GDPR) and Italian law. notruffa.it is a fraud-prevention information service: it publishes indicators (phone numbers, email addresses, URLs, IP addresses) linked to reports of possible scams, sourced from public databases and user reports.
1. Data Controller
The data controller is
Horizon Peak S.r.l.s., registered office at Via Aldo Moro n. 1, 87056 Santo Stefano di Rogliano (CS), VAT 03962080788, Italy.
Email:
acundari+notruffa@gmail.com /
horizonpeak@gmail.com. To exercise your rights, see the dedicated section.
2. Categories of data
- Navigation data: IP address, user agent, pages visited and timestamps, processed for security, abuse prevention and aggregated statistics.
- Search content: terms entered for verification (numbers, URLs, emails), stored anonymously for statistics.
- Data published in the anti-fraud database: indicators linked to possible scams (numbers, emails, URLs, IPs). Where referable to a natural person they constitute personal data of the reported subject.
3. Source of published data
Published indicators come from:
- public databases and third-party feeds (URLhaus / Abuse.ch, AbuseIPDB, IPQualityScore and others);
- user reports, verified before publication.
For data not collected from the data subject, Art. 14 GDPR applies; individual notice is omitted where impossible or involving disproportionate effort under Art. 14(5)(b) GDPR, given the nature and volume of aggregated data.
4. Purposes
- prevention of fraud and scams (primary purpose);
- site security and abuse prevention;
- anonymous statistics;
- advertising via Google AdSense.
5. Legal basis
- Legitimate interest in fraud prevention under Art. 6(1)(f) GDPR. Recital 47 GDPR expressly recognises fraud prevention as a legitimate interest.
- Consent for profiling cookies under Art. 6(1)(a) GDPR.
6. Informational nature and accuracy
Published indications are informational and preventive and do not constitute a final determination or attribution of liability. Data comes from third parties and reports and may contain inaccuracies or false positives. Anyone who believes a report is wrong may request verification and removal as described in the Rights section.
7. Data subject rights and removal procedure
Data subjects have the rights of access, rectification, erasure, restriction, objection and portability (Arts. 15-22 GDPR).
Reported subjects may request
rectification (Art. 16) or
erasure (Art. 17) via:
Upon request the item may be
temporarily suspended (hidden) pending verification; if the report is unfounded the item is deleted, if confirmed by documented sources it is restored. The controller responds within
one month (Art. 12(3) GDPR), extendable in the cases provided.
8. Cookies
- Technical cookies: necessary for operation, no consent required.
- Advertising cookies: Google AdSense. Manage at adssettings.google.com.
9. Third-party services
10. Data retention
- Navigation data: max 12 months.
- Data published in the anti-fraud database: for as long as needed for the prevention purpose or until removal upon verification.
- Logs of removal requests and decisions: kept to document the fairness and diligence of processing.
11. Complaint
You may lodge a complaint with the Italian Data Protection Authority:
garanteprivacy.it.
12. Governing law and versions
Processing is governed by Italian and EU law. In case of discrepancy between language versions, the Italian version prevails.
13. Changes
The controller may amend this policy. Changes will be published on this page with the update date.