Last Updated: Version 1.0 of February 2026

SNAP S.r.l.s., with registered office in via Luigi Settembrini n. 30, 00195 Rome, as the Data Controller (hereinafter "Data Controller"), collects and processes personal data in compliance with Regulation (EU) 2016/679, the General Data Protection Regulation ("GDPR"), Legislative Decree 30 June 2003, n. 196, consolidated text ("Privacy Code"), provisions and guidelines of the Data Protection Authority ("Garante") and the European Data Protection Board ("EDPB"), all cumulatively referred to as ("Italian Privacy Legislation"), in observance of privacy principles and the rights of Data Subjects.

Pursuant to Articles 13 and 14 GDPR, the Data Controller communicates through this Privacy Policy how and why it collects and processes personal data of users and customers ("Data Subjects") of the DreamMaster Protocol™ website ("Website").

This Privacy Policy must be read and applies together with the Website’s Cookies Policy.

Please read this Privacy Policy carefully before browsing, registering, using the Website and purchasing the products offered through it.

1. Definitions

The terms used in this Privacy Policy and defined in Art. 4 GDPR, even if not written in capital letters, regardless of singular and/or plural, masculine and/or feminine form, have the same meaning attributed by the GDPR and apply in addition to the definitions identified in this Privacy Policy, for example:

§ Data Controller:
the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

§ Personal Data:
any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

§ Data Subject:
the identified or identifiable natural person to whom the personal data refers;

§ Processing:
any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

§ Data Processor:
a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

§ Third Party:
a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

2. Types of Personal Data

The Data Controller collects and processes personal data provided and/or indicated by Data Subjects at different times during interaction with them through the Website.

🌐 Navigation & Website Usage
• System and maintenance logs: files that record interactions within the Website, including IP addresses
• Usage data: collected automatically through tracking tools such as cookies, including IP addresses, URI addresses, request methods, browser characteristics, visit patterns, and geographic data
• Segmentation data: cart items, wishlist additions, checkout processes, payment data, registration forms, visits, purchases, and user behavior patterns

📝 Registration & Information Requests
• Personal details: name, surname, date of birth
• Contact details: email address, mobile phone number
• Registration data: username and password
• Request data: questions, preferences, opinions related to services and products

🛒 Sales & E-commerce
• Personal details: name, surname, citizenship
• Contact details: email, phone, physical address
• Payment data: payment methods, credit card data, PayPal details
• Billing data: tax code, VAT number
• Product data: type of product, purchase history

3. Purposes and Legal Bases of Processing

The Data Controller collects and processes the personal data of Data Subjects for the following purposes, relying on the following legal bases:

a. Response to Information Requests & Account Registration — Legal basis: Pre-contractual measures at the request of the Data Subject
b. Management of Website Registration — Legal basis: Performance of a contract to which the Data Subject is a party
c. Account Closure/Deletion Management — Legal basis: Performance of a contract to which the Data Subject is a party
d. Product Communications Management — Legal basis: Performance of a contract to which the Data Subject is a party
e. Payment Service Provider Relations — Legal basis: Performance of a contract to which the Data Subject is a party
f. Accounting and Tax Obligations — Legal basis: Performance of a contract / Compliance with legal obligation
g. Purchase Order Processing and Supplier Communication — Legal basis: Performance of a contract to which the Data Subject is a party
h. Invoice Processing and Management — Legal basis: Performance of a contract / Compliance with legal obligation
i. Compliance with Judicial/Administrative Orders — Legal basis: Compliance with legal obligation
l. Website Provision and IT Security — Legal basis: Legitimate interest of the Data Controller
m. IT Infrastructure Security Management — Legal basis: Legitimate interest of the Data Controller
n. Complaint and Rights Management — Legal basis: Legitimate interest of the Data Controller
o. Exercise/Defense of Legal Rights — Legal basis: Legitimate interest of the Data Controller
p. Corporate Operations Management — Legal basis: Legitimate interest of the Data Controller
q. Marketing Communications — Legal basis: Consent of the Data Subject
r. Analytics and Profiling Cookies — Legal basis: Consent of the Data Subject (via CMP)
s. Profile Creation and Personalized Communications — Legal basis: Consent of the Data Subject

4. Nature of Personal Data Provision

📋 Mandatory Data
For personal data processing necessary for legal compliance or contract performance (purposes a.-i.), provision is mandatory. Refusal would make it impossible to provide Website services.

⚖️ Legitimate Interest Data
For processing based on legitimate interest (purposes l.-p.), provision is necessary. Refusal would prevent Website availability and service provision.

✅ Optional Data
For consent-based processing (purposes q.-s.), provision is optional. Refusal does not affect Website usage or core services.

5. Processing Methods

The Data Controller processes personal data through electronic, automated, IT and telematic tools, with organizational methods and logic strictly related to the purposes indicated in this Privacy Policy and in compliance with Italian Privacy Legislation.

Security Measures: During processing, the Data Controller adopts appropriate security measures to prevent unauthorized or unlawful access, disclosure, modification or destruction of personal data.

6. Retention Period

🗂️ Account Data
Personal data for Website registration is kept until account closure. Upon closure request, accounts are deactivated within 2 days and deleted within 30 days.

📊 Legal Obligations
• Accounting/Tax data: 10 years from invoice date
• Website usage data: 3 years from last interaction
• Dispute data: Until exhaustion of judicial proceedings
• Consent-based data: Until consent withdrawal

Note: For cookie retention periods, please refer to our Cookies Policy.

7. Data Communication and International Transfers

👥 Authorized Personnel
Data Controller's personnel, duly trained and authorized, may access personal data based on the principle of minimum privilege.

🔧 Data Processors and Third Parties
Personal data may be shared with external subjects such as:

a) Technology service providers: marketing services, IT services, review services
b) Independent controllers: product suppliers (if any) for shipping/fulfillment
c) Advertising services: Google ads, Facebook/Meta ads, TikTok ads
d) Payment services: PayPal, Apple Pay, banking institutions, payment processors
e) Professional services: legal, tax and commercial consultants
f) Legal authorities: when required by law or court proceedings
g) Corporate operations: in case of mergers, acquisitions, or sales

🌍 International Transfers
Personal data may be transferred outside the European Economic Area. When recipients are in jurisdictions without adequate protection, appropriate measures are adopted (e.g., Standard Contractual Clauses) to ensure equivalent protection.

Contact us at Support@DreamMasterProtocol.com for information about data processors, third parties, or international transfer measures.

8. Automated Processing

The Data Controller may perform automated processing in the following circumstances:

🔐 Consent management: collecting and storing consent logs with timestamps
🍪 Cookie preferences: managing user preferences for tracking technologies
🎯 Profiling: creating user profiles for personalized communications and marketing optimization

9. Rights of Data Subjects

Data Subjects may exercise their privacy rights under Articles 7, 15 et seq. GDPR by contacting us at Support@DreamMasterProtocol.com

🔍 Right of Access — Obtain confirmation of data processing and access to personal data.
✏️ Right to Rectification — Obtain rectification of inaccurate personal data.
🗑️ Right to Erasure — Obtain erasure of personal data when legally applicable.
🛑 Right to Restriction — Obtain restriction of processing in the cases provided by law.
📦 Right to Data Portability — Receive personal data in a structured, machine-readable format.
❌ Right to Object — Object to processing based on legitimate interests or for marketing purposes.
🤖 Automated Decision-Making — Right not to be subject to decisions based solely on automated processing with legal effects, where applicable.
🔄 Withdrawal of Consent — Withdraw consent at any time without affecting lawfulness of prior processing.

Complaint Rights: Data Subjects have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

10. Data Controller Contact Information

Controller: SNAP S.r.l.s.
Registered Office: Via Luigi Settembrini n. 30, 00195 Rome, Italy
Support Email: Support@DreamMasterProtocol.com
Business Email: snapsrls@gmail.com

11. Changes to This Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time by informing Data Subjects through updates published on the Website.

Please regularly consult this Privacy Policy page, referring to the date of last modification.

Consent Updates: If changes concern consent-based processing, the Data Controller will collect renewed consent from users where required.

🌟 Quick Links

Cookies Policy  |  Terms & Conditions