Website Privacy Notice
(art. 13 of Regulation (EU) 679/2016)
This Privacy Notice describes how this Website is managed with respect to the processing of user/visitor personal data and identifies the information and personal data that we collect on users/visitors when they visit the Website.
This information is provided pursuant to art. 13 of Regulation (EU) 679/2016 to those persons who connect to Stocksmetic SRL’s corporate website and use its web services.
The www.stocksmetic.com site is owned and operated by Stocksmetic SRL with registered office at Via Gera 16/18, 20060 Gessate, Milan, taxation no. 10367490967, and VAT no. 10367490967.
1. Website navigation data, purpose and communication
When Users/visitors visit this Website, the computer systems and software procedures used to operate it acquire information on website use i.e. information on connections to internet standards and data on the behavioural models of Registered Users/Users.
The collected data are used to record the number of visitors, the use of various sections of the Website, features or useful links. However, they are not used to identify users/visitors personally.
The data are collected by third parties (Webriffe, Google Analytics, Google Adwords, Facebook Pixel, Hotjar, Live Chat, MailUp) that process them only in ways that do not permit personal identification of Registered Users/Users.
The collected data may be communicated to third party service suppliers administering and managing the Website.
2. Data on the Registered User’s/User’s computer, purpose and communication
When Registered Users/Users visit this Website, the computer systems and software procedures used to operate it acquire information related to the Registered User’s/User’s IP address, operating system and type of browser.
The collected data are used to ensure the Website’s security and identify trends to improve performance and customize the Website to the interests of Registered Users/Users. They are not used to identify Registered Users/Users personally.
The collected data may be communicated to third party service suppliers administering and managing the Website.
3. Data provided voluntarily by the Registered User/User, purpose and communication
If, while browsing the Website, the Registered User/User shares personal data voluntarily in any way (e.g. contact form on the Website, sending an email) to access certain services, the sender’s email address and/or any other collected data will be used only to respond to the Registered User’s/User’s requests or to provide the requested service.
If, while using social media (e.g. Facebook, Twitter, Instagram, etc.) via his/her personal or corporate account, the Registered User/User spontaneously and in any way requests interaction with Stocksmetic SRL’s social profile (e.g. by writing a post, sending a message, Following, Tweeting, participating in discussions or labelling), spontaneously sharing personal data (e.g. name or username/nickname, Website, email address, telephone number, personal information in the profile description, comments, etc.), such personal data will be processed by Stocksmetic SRL as the autonomous data controller in accordance with this privacy policy.
If the Registered User/User uses social media (e.g. Facebook, Twitter, Instagram, etc.) via his/her personal or corporate account, his/her personal data will be processed in accordance with the policy in use by the individual platforms as autonomous data controllers.
Personal data shared in these ways will be processed by Stocksmetic SRL to respond to the Registered User’s/User’s request and to manage it.
If the Registered User/User uses social media (e.g. Facebook, Twitter, Instagram, etc.) via his/her personal or corporate account, his/her personal data will be processed in accordance with the policy in use by the individual platforms as autonomous data controllers.
Personal data provided by the Registered User/User may be shared with third parties only if necessary to comply with the Registered User’s/User’s requests.
4. Data provided with the registration profile, purpose and communication
Personal data does not need to be provided in order to use the Website. However, certain services may be provided only after registration on the Website and the creation of a Registered User profile.
The personal data provided when creating a Registered User profile will be used only to provide the service requested by the Registered User.
The data provided by the Registered User during checkout (billing or shipping address different from that provided at registration) will be used only to provide the service requested by the Registered User.
The personal data provided by the Registered User may be shared with third parties only if necessary to comply with the User’s requests.
5. Data on online financial transactions, purpose and communication
All financial transaction data are managed directly by the payment platforms and are not processed, collected or seen by Stocksmetic SRL.
For more information, please see the notices on the individual online payment platforms.
6. Processing
Personal data collected in accordance with the procedures referred to in points 1, 2, 3, 4 and 5 will be processed electronically by automated systems for the purposes specified in those points.
Personal data collected in accordance with the procedures referred to in points 1, 2, 3, 4 and 5 will be processed in accordance with legislation in force and the principles of legality, correctness, transparency and privacy protection provided for therein.
Personal data collected in accordance with the procedures referred to in points 1, 2, 3, 4 and 5 will be processed by natural or legal persons specifically identified as data processor or data controller at the offices of the data controller at Via Gera 16/18, Gessate, and/or only by technical staff at the registered office of the Website host and/or manager.
The personal data processed will not be disclosed.
The personal data processed are up-to-date, relevant, complete and not excessive in relation to the purposes specified in points 1, 2, 3, 4 and 5 for which they were collected and subsequently processed.
7. Website security measures and adopted application systems
The Website has appropriate security measures (compatible with implementation costs, the technological state of the art in terms of computer security and the nature of the data) to protect users’ personal data and prevent unauthorised access, publication or modification. The Website was developed using Magento, an open-source electronic commerce platform. This platform periodically publishes updates to resolve security problems as they are discovered. These updates are applied as soon as possible, at installation of Magento at the base of this site, compatible with implementation times and costs. Users can visit the Website using the HTTPS secure communication protocol. However, transmission of information via the Internet cannot be guaranteed as 100% secure. All passwords entered on the Website are encrypted upon saving and therefore are not saved unencrypted in the database. The user is responsible for creating strong passwords and protecting their confidentiality. The data entered by the user on the Website are saved on a password protected database that can only be accessed through authentication.
8. Data Controller and processor
The data controller is Stocksmetic SRL.
To contact the data controller, send an email to [email protected]
The data processors are:
- Vivien Charrey, internal data processor
- Webgriffe Srl, with registered office at Viottolo Peloso 1, 42013 Casalgrande (RE), VAT no. 02277170359
- OnOff Communication Snc di Elena Enza Rossi & C, with registered office at Via Rovigana 34 /A, Monselice (PD), VAT no. 04598180281
9. Transfer of personal data
The personal data collected in accordance with the procedures referred to in points 1, 2, 3, 4 and 5 will be processed in Italy and will not be transferred to a third country outside the EEA or to an international organisation, or they will be transferred and stored by our service provider(s) on secure servers located outside of the European Economic Area (EEA). The website and the databases are hosted on servers provided by DigitalOcean, currently located in Frankfurt.
10. Transfer of data to third parties
The collected personal data will not be sold to third party companies for the sending of commercial communications.
11. Mandatory or optional nature of data provision
The personal data collected in accordance with the procedures referred to in points 1 and 2 are not mandatory and are collected in the legitimate interest of the data controller. Therefore, the provision of these data is optional although refusal to provide them may prevent the user from browsing the site and using its content.
The personal data collected in accordance with the procedures referred to in point 3 are not mandatory and will be used in the legitimate interest of the Data Controller. Therefore, the provision of these data is optional although refusal to provide them may prevent the user from using the services offered by the Site.
The personal data collected in accordance with the procedures referred to in point 4 are required to conclude the contract of sale via the Site. Therefore, refusal to provide them may prevent the user from creating a personal account to register on the Website.
The personal data collected in accordance with the procedures referred to in point 4 are required to conclude the contract of sale via the Site. Therefore, refusal to provide them may prevent execution of the contract concluded between the Data Controller and the registered User.
12. Data storage
The personal data collected in accordance with the procedures referred to in points 1 and 2 are kept only for the time necessary to perform the specified purposes. As a general rule, the Data Controller deletes user navigation data after three years.
The personal data collected in accordance with the procedures referred to in point 3 are kept only for the time needed to manage the information requests sent by the Registered User/User. Normally, the Data Controller keeps ordinary information requests for three years, but in some cases (e.g. where the request for information is related to a contract between the Data Controller and the Registered User/User or where the Data Controller requires legal advice to respond to a complaint), the Data Controller may be required to keep records of our communications for up to 10 years.
The personal data collected in accordance with the procedures referred to in point 4 are kept for as long the Registered User’s/User’s account or profile is active, and in any case, for 10 years after the Registered User’s last purchase.
13. Rights of the Registered User/User
Pursuant to Article 7 of the Privacy Code and to Articles 13, paragraphs 2b) and d), and Articles 15, 16, 17, 18, 19, 20 and 21 of the Regulation, we inform you that:
a) the Registered User/User has the right to ask the Data Controller to access, correct (via his/her profile or account at https://www.stocksmetic.com/it/customer/account/login/) or delete his/her personal data or to limit or oppose their processing, as well as the right to data portability
b) the Registered User/User has the right to withdraw consent at any time without affecting the legality of processing based on the consent given prior to withdrawal
c) if processing is based on Article 6, paragraph 1a), or on Article 9, paragraph 2a), the Registered User/User has the right to withdraw consent at any time without affecting the legality of processing based on the consent given prior to withdrawal
d) the Registered User/User has the right to lodge a complaint with the Italian Data Protection Authority in accordance with the procedures and information published on the Authority’s official website www.garanteprivacy.it
Exercise of the rights referred to above is not subject to any formal constraint and is free of charge. These rights can be exercised by writing to [email protected] or by registered letter with notice of receipt to Stocksmetic SRL, Via Gera 8/10, 20060 Milan, Italy.
For the purposes of the provisions above, interested parties are invited to communicate any updates of the collected data to the Data Controller at [email protected]
14. Automatic decision-making
The collected data will not be subject to any automatic decision-making process.
15. Cookies
The Cookies policy is available at {{config path="web/secure/base_url"}}cookies-policy/
This Privacy Notice was updated on 23/05/2018