Stosa S.p.A, Via C. Colombo 1, 50021 Barberino Val D’Elsa (Province of Florence), Italy.
The Data Processor under Article 28 of the GDPR is DigitalMind srl – Via Fratelli Bandiera, 7 30020 Marcon (VE). For requests regarding the processing of your data or your rights as a data subject, you can email firstname.lastname@example.org.
Duration of processing: Data may be stored for a maximum period of 20 years. Nevertheless, the data subject may exercise the right to their erasure where applicable and unless in conflict with other applicable regulations.
Portability: In accordance with Article 20 of the GDPR (EU Regulation 2016/679), the appointed Data Processor of DigitalMind Srl guarantees the portability of the data, where technically possible.
TRANSFER OF DATA TO NON-EU COUNTRIES: Data may be transferred to third parties in non-EU countries for the sole purposes indicated above and in full compliance with the processing to which you consent. To safeguard a right that the European Union considers fundamental, the transfer of data collected within the EU to international organisations or to non-EU countries must comply with the stringent rules laid down in Chapter V of the GDPR: the transfer must be carried out in compliance with the principles of fair processing and with sufficient and appropriate safeguards in place to protect all data subjects. In accordance with Articles 46 and 49 of the GDPR (Regulation EU 2016/679), the Data Controller guarantees that any transfer to third parties residing in non-EU countries will be carried out in compliance with these rules and will only concern the data of users who have given their explicit consent to the transfer. The data will be processed in such a way as to ensure adequate security in accordance with the principles of integrity and confidentiality. This consent may be withdrawn at any time under Article 13 of the GDPR.
Data Controller’s email address: email@example.com.
Types of Data collected:
The Personal Data collected by this Website, either independently or through third parties, include: Cookies; Usage data; Geographical location; First name; Surname; Telephone number; Country; Province; Email address; Postcode; VAT number; Business name; Address; User name; Password; Data disclosed while using the service.
Personal Data may be freely provided by you or, in the case of usage data, may be automatically collected through your use of this Website.
Unless otherwise specified, all Data requested by this Website is mandatory. If you do not disclose this Data, the Website may be unable to provide the Service. Where this Website indicates that certain Data is optional, you are free not to disclose the Data. Such a refusal will not affect the availability or operation of the Service.
If you are unsure which Data are mandatory, we would encourage you to contact the Data Controller.
You assume liability for any Personal Data of third parties obtained, published or shared through this Website and you guarantee that you are entitled to disclose or disseminate them. In doing so, you release the Data Controller from any liability towards third parties.
Methods and place of processing of the Data collected
Methods of processing
The Data Controller will take appropriate security measures to protect Personal Data from unlawful access, disclosure, alteration or destruction.
Processing will be performed by computerised and/or electronic tools and using organisational methods and logic that are closely related to the stated purposes of the processing. In addition to the Data Controller, any other subjects involved in the organisation of this Website (administrative, commercial, marketing, legal, system administrators) or third parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies), which the Data Controller has – if necessary – also appointed as Data Processors, may have access to the Data in some cases. An updated list of the Data Processors can be requested from the Data Controller at any time.
Legal basis for processing
The Data Controller processes your Personal Data if at least one of the following conditions applies:
- you have given consent for one or more specific purposes; N.B. in some jurisdictions, the Data Controller may be authorised to process Personal Data without your consent or without any of the other legal bases specified below applying unless you opt out of such processing. However, this does not apply if the processing of Personal Data is governed by EU data protection legislation;
- processing is necessary for the performance of a contract to which you are party and/or to take steps prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
- processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.
Nevertheless, you may ask the Data Controller at any time to clarify the specific legal basis for each instance of processing and to specify whether the processing is based in law, provided for by contract or necessary to enter into a contract.
Data are processed at the operational headquarters of the Data Controller and anywhere else where the parties involved in the processing are located. For more information, please contact the Data Controller.
Your Personal Data may be transferred to a country other than the one in which you are located. For more information on the place of processing, see the “Details of Personal Data processing” section.
You are entitled to receive information regarding the legal basis for transferring Data outside of the European Union or to an international organisation governed by public international law or set up by agreement between two or more countries (such as the United Nations), as well as regarding the security measures adopted by the Data Controller to protect the Data.
To verify whether any of the transfers described above has taken place, see the “Details of Personal Data processing” section of this document or contact the Data Controller at the contact details given at the beginning of this document for details.
Data is processed and stored for the time required by the purposes for which it was collected.
- Personal Data collected for the purposes of performing a contract between you and the Data Controller will be stored until the performance of that contract is complete.
- Personal Data collected for the purposes of the legitimate interest of the Data Controller will be stored until that interest is satisfied. For more information on the legitimate interest pursued by the Data Controller, see the relevant sections of this document or contact the Data Controller.
When processing is based on your consent, the Data Controller may store the Personal Data for a longer period until that consent is withdrawn. In addition, the Controller may be required to store Personal Data for a longer period in compliance with a legal obligation or on the orders of a public authority.
The Personal Data will be erased at the end of the storage period. Therefore, once this period expires, the rights of access to and rectification and erasure of personal data and the right to data portability may no longer be exercised.
Purposes of processing the Data collected
Your Data is collected to enable the Data Controller to provide the Service, to comply with its legal obligations, to respond to requests or enforcement actions, to protect its rights and interests (or yours and those of third parties), to detect any malicious or fraudulent activities, and for the following purposes: Interaction with social media and external platforms; Remarketing and behavioural targeting; Traffic optimisation and distribution; Heat mapping, Location-based interactions; Statistics; Displaying content from external platforms; Contacting the User; Registration and authentication; Access to accounts with third-party services; Hosting and backend infrastructure; and Performance testing of content and functionality (A/B testing).
For detailed information on the purposes of the processing and the Personal Data processed for each purpose, see the “Details of Personal Data processing” section.
Details of Personal Data processing
Personal Data is collected for the following purposes and using the following services:
- Access to accounts with third-party services
- Contacting the User
- Heat mapping
- Hosting and backend infrastructure
- Interaction with social media and external platforms
- Location-based interactions
- Traffic optimisation and distribution
- Registration and authentication
- Remarketing and behavioural targeting
- Performance testing of content and functionality (A/B testing)
- Displaying content from external platforms
Information on how to disable interest-based advertisements
More information on Personal Data processing
iubenda cookies under the CCPA (US privacy law)
iubenda Cookie Solution (consent cookie)
Iubenda Cookie Solution (remote consent cookie)
You may exercise certain rights with respect to the Data processed by the Data Controller.
In particular, you have the right to:
- withdraw consent at any time. You are entitled to withdraw your previously expressed consent to the processing of your Personal Data.
- object to the processing of your Data. You are entitled to object to the processing of your Data when they are being processed on a legal basis other than consent. This right to object is explained in more detail in the following section.
- access your Data. You are entitled to obtain information on the Data being processed by the Controller, on certain aspects of the processing and to receive a copy of the Data being processed.
- verify the accuracy of your Data and request their rectification. You are entitled to verify the accuracy of your Data and request that it be updated or corrected.
- obtain the restriction of processing. When certain conditions apply, you are entitled to request the limitation of the processing of your Data. Where this restriction is obtained, the Data Controller will not process your Data for any purpose other than storage.
- obtain the erasure or removal of your Personal Data. When certain conditions apply, you are entitled to request the erasure of your Data by the Data Controller.
- receive your Data or have them transferred to another data controller. You are entitled to receive your Data in a structured, commonly used and machine-readable format, and to freely transmit it to another data controller where feasible. This right applies where the Data processing is carried out by automated means and is based on your consent, on a contract to which you are party or on the steps prior to entering into a contract.
- lodge a complaint. You are entitled to lodge a complaint with the competent data protection supervisory authority or to commence legal proceedings.
Details of the right to object
When Personal Data is processed in the public interest, in the exercise of official authority vested in the Data Controller or to pursue a legitimate interest of the Data Controller, you are entitled to object to the processing on grounds relating to your particular situation.
You are reminded that if your Data is processed for direct marketing purposes, you may object to their processing on no specific grounds. To find out whether the Data Controller is processing data for direct marketing purposes, please refer to the relevant sections of this Policy.
How to exercise your rights
To exercise your user rights, you can send a request to the contact details of the Data Controller given in this Policy. Requests can be filed free of charge and will be processed by the Data Controller as soon as possible, yet always within one month.
More information on processing
The Data Controller may use your Personal Data in legal proceedings or in the stages before such proceedings are commenced to defend itself against any abusive use by users of this Website or the connected Services.
You declare that you are aware that the Data Controller may be required to disclose the Data on the orders of public authorities.
System logs and maintenance
For operational and maintenance purposes, this Website and any third party services used by it may collect system logs (i.e. files that record interactions and which may also contain Personal Data, such as user IP address).
Information not contained in this Policy
More information on the processing of Personal Data can be requested from the Data Controller at any time using the contact details provided.
If any changes made affect processing carried out on the legal basis of consent, the Data Controller will collect your consent again, if necessary.