PRIVACY POLICY

pursuant to Articles 13 and 14 of EU Regulation 2016/679 of 27/04/2016

INTRODUCTION

Welcome to our website www.storiesofitaly.com. Please read our privacy policy carefully, as it applies each time you access the website, navigate through it and use its services, regardless of whether or not you purchase products. In accordance with Articles 13 and 14 of EU Regulation 2016/679, hereinafter referred to as GDPR (General Data Protection Regulation), this privacy policy provides you with all the information you need to understand our data processing terms and your rights in this respect.

This privacy policy applies only to this website and does not apply to other websites that you may consult from links on our website or other websites.

1. DATA CONTROLLER

According to articles 4 and 24 of the GDPR, the Data Controller is:

STORIES OF ITALY S.r.l.

via San Francesco d’Assisi, 15, Milan, 20122

VAT no. 09151450963

pec: storiesofitaly@legalmail.it

e-mail: customercare@storiesofitaly.com

phone: +39 02 8088 6546

2. PERSONAL DATA - DATA PROCESSING

According to Art. 4 of the GDPR, a personal data is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as, for example, a name, an identification number, location data or an online identifier. Moreover, processing means any operation which is performed on personal data or on sets of personal data, whether or not by automated means, such as, for example, collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

3. HOW WE PROCESS YOUR PERSONAL DATA AND WHY WE DO THAT

This website collects, either independently or through third parties (see § 5), for the different purposes listed below, personal data which include, but are not limited to: cookies[1], IP address, e-mail address, first name and last name, payment details and delivery address.

Your personal data is processed using primarily electronic and telematic means by Stories of Italy srl and by other parties (see § 5), selected for their reliability and expertise, who perform operations which are instrumental to pursuing purposes that are strictly related to the use of the website, its services and the purchase of products through the website.

Personal data may be entered voluntarily or collected automatically through the use of this website. The personal data provided will be processed using appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of your personal data.

In general, your personal data are collected and processed to enable us to provide our services, as well as for navigation statistics, user contact, marketing and advertising purposes. More specifically, the data are processed to perform the following services, which are available by accessing our website:

  • Browsing the website

While browsing the website, we collect information about your IP address and anonymous data that are used only for statistical and analytical purposes, to evaluate the functioning of our website and improve navigation, quality and experience;

The registration form asks you to enter the following personal data: social title, first name, last name, e-mail address and password. The registration form allows us to provide you the services requested and to fulfil pre-contractual or contractual obligations. The registration will take place only if you have read this privacy policy and you have selected the appropriate flag when the registration request is sent. The provision of your personal data is voluntary, but any refusal to provide us such data will lead to the impossibility to process your request;

  • Browsing the Reserved Area (website section: Login/ My Account)

Browsing within the Reserved Area allows you to access your profile and enter additional information, such as your address or telephone number. Through the Reserved Area you can also view your orders and credit notes or make purchases. In this latter case, we will ask you to enter information about the payment method (including information about credit/debit card). We will not store or collect your payment card details: that information is provided directly to our third-party payment processors (see § 5), whose use of your personal information is governed by their own privacy policy.

The provision of your personal data is voluntary, but any refusal to provide us such data will lead to the impossibility to process your request.

  • Purchase as Visitor

Our website also allows to make purchases as visitor (without the registration step). In this case you will require to enter the following personal data: social title, first name, last name, email, address and telephone number, as well as the payment method (including information about credit/debit card). We will not store or collect your payment details: this information is provided directly to our third-party payment processors (see § 5), whose use of your personal information is governed by their own privacy policy.

The provision of your personal data is voluntary, but any refusal to provide us such data will lead to the impossibility to process your request.

  • Contact us form (https://www.storiesofitaly.com/shop/contact-us)

The contact us form asks you to enter the email address and the message. The contact us form allows us to provide you the information you may request about our products and services. The provision of your personal data is voluntary, but any refusal to provide us such data will lead to the impossibility to process your request.

  • Newsletter

By entering your e-mail address, you can subscribe to our newsletter service. This service allows us to inform you regarding our offers, product and services. If you no longer wish to receive our news and promotions, you can easily unsubscribe from this service  using the unsubscribe link found in each newsletter. The provision of your personal data is voluntary, but any refusal to provide us such data will lead to the impossibility to process your request.

Each website user takes full responsibility for the personal data of third parties published or shared through this website. You consequently guarantee that you are entitled to communicate or disclose those information, releasing Stories of Italy srl as Data Controller from any liability towards third parties.

4. LAWFULNESS OF PROCESSING

Pursuant to Articles 6 and 9 of the GDPR - legal basis for processing -, personal data will be processed if at least one of the following conditions is met:

• your consent;

 performance of a contract or pre-contractual measures taken at your request;

• compliance with a legal obligation;

• pursuit of legitimate interests.

Personal data are processed exclusively for the company's institutional purposes, i.e. dependent on legal obligations, including the need to adopt security measures.

If you have given your prior consent in this regard, personal data may also be processed for marketing and advertising purposes.

5. DISCLOSURE OF YOUR PERSONAL DATA

The personal data you provide may be disclosed to recipients or categories of recipients to fulfil the purposes set out in § 3 hereinabove. These recipients or categories of recipients will process the data in their capacity as Data Processors or Data Controllers.

As part of our activities and for the purposes specified above, your personal data can be shared with:

  • DHL Express S.r.l.:

which handles the processing of data needed to perform shipping, delivery and returns for products purchased on our web site;

  • BITsense Sagl:

for processing data concerning management and server maintenance service;

  • Third Parties services:

e.g. payment processors such as Banca Sella S.p.A. or PayPal.

The updated list of all Data Processors is available at the headquarter of Stories of Italy srl in  via San Francesco d’Assisi, 15, Milan, 20122; for further details, please contact our Customer Care Department by phone (+39 02 8088 6546) or by e-mail (customercare@storiesofitaly.com).

6. DATA TRANSFER TO A THIRD COUNTRY AND/OR INTERNATIONAL ORGANISATION

The personal data provided and processed or intended to be processed after the transmission may be transferred by the Data Controller or the Data Processor to third countries that are members of the European Union, in full compliance with the terms of Chapter V of the GDPR.

Your personal data will not be stored or transferred abroad to countries that do not belong to the European Union, or which do not provide adequate levels of personal protection. Should this be necessary to provide you with the services you have requested, or to enter into a contract with Stories of Italy to purchase products, the transfer of your personal data to countries which do not belong to the European Union or which do not provide an adequate level of protection will be performed only prior to the signing of specific agreements between Stories of Italy srl and said parties, in accordance with the applicable law and regulations.

7. PERIOD OF CONSERVATION OF PERSONAL DATA

In accordance with Art. 13 paragraph 2, letter a) of the GDPR and in compliance with the storage limitation principle, the personal data you provide will be stored in a form that allows us to identify you for a period of time that does not exceed the fulfilment of the purposes for which the personal data were obtained and processed.  Your personal data will eventually be destroyed or transformed into anonymous form.

Without prejudice to the above, where processing is based on consent, your personal data may be stored for longer periods or until you withdraw your consent.

8. PROTECTING CHILDREN’S PRIVACY

Our website is not designed for use by anyone under the age of 16. We do not verify the age of our users. If you are less then 16 years old, please seek the permission of a parent or guardian before using our website. If we discover that a child has created an account on our website, we will immediately delete the account as soon as we discover it; we will not use the information for any purpose, and we will not disclose the information to third parties. However, the parent of such minor is legally liable for any transactions created by the minor.

9. YOUR RIGHTS AS DATA SUBJECT

You may exercise at any time the rights reserved to you as a data subject, as provided for in Articles 15 et seq. of the GDPR. In particular, you have the right:

  1. to obtain confirmation of the existence of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
  2. to obtain the indication of: a) the origin of personal data; b) the purposes and methods of the processing; c) the existence of an electronic decision-making process, including profiling, and of the logic applied, as well as of the importance and consequences envisaged for the interested party in case of processing carried out with the aid of electronic instruments; d) the contact details of the Controller and, where applicable, its representative, as well as the Data Processor; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, as data processors or agents;
  3. to obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of unlawful data processed, including data that retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated, except in the case in which this fulfillment proves impossible or involve a use of means manifestly disproportionate to the protected right;
  4. to object, in whole or in part for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection. You also have the right to object to the processing of your personal data for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
  5. Where applicable, you also have the rights referred to in Articles 16-21 RGPD (right of rectification, right to cancellation -"right to be forgotten"-, right to limitation of processing, right to data portability[2], right of opposition), as well as the right to lodge a complaint with the Data Protection Authority .

You may exercise your rights freely and at any time by:

-contacting us at:

STORIES OF ITALY S.r.l.

via San Francesco d’Assisi, 15, Milan, 20122

VAT no. 09151450963

pec: storiesofitaly@legalmail.it

e-mail: customercare@storiesofitaly.com

phone: +39 02 8088 6546

-accessing to your Reserved Area, and selecting "GDPR - Personal Data"

-contacting the Italian Data Protection Authority (www.garanteprivacy.it).

9. LAW REFERENCES

The full text of the EU Regulation (GDPR) and further relevant national legislation on data protection can be viewed on the Italian Data Protection Authority website at https://www.garanteprivacy.it/web/garante-privacy-en/home_en.

10. VARIATIONS

You will be informed without delay of any substantial changes that may occur regarding the way in which personal data are processed.

Pag.  


[1] The use of cookies - or of other tracking tools - by this website or by the owners of third party services used by this website, is aimed, unless otherwise specified, at identifying you as a user and recording your preferences for purposes strictly related to the provision of the service requested by you. For further information, please consult our Cookie Policy at the following link: https://www.storiesofitaly.com/shop/content/10-cookies-policy

[2] In accordance with Article 20 of the GDPR, in the event of a request for data portability, the Data Controller will provide you with the requested data in a structured, commonly used and machine-readable format