Website Privacy Notice
(art. 13 of Regulation (EU) 679/2016)
 
This Privacy Notice describes how this Website is managed with respect to the processing of  Registered Users/Users personal data and identifies the information and personal data that we collect on Registered Users/Users when they visit the Website.
This information is provided pursuant to art. 13 of Regulation (EU) 679/2016 to those persons who connect to Stocksmetic SRL’s corporate website and use its web services.
The www.stocksmetic.com site is owned and operated by Stocksmetic SRL with registered office at Piazza della Repubblica 32, Milan, taxation no. 10367490967, and VAT no. 10367490967.
 
1. Website navigation data, purpose and communication
When Registered Users/Users visit this Website, the computer systems and software procedures used to operate it acquire information on website use i.e. information on connections to internet standards and data on the behavioural models of Registered Users/Users.
The collected data are used to record the number of visitors, the use of various sections of the Website, features or useful links. However, they are not used to identify Registered Users/Users personally.
All data is collected by third parties (Webriffe, Google Analytics, Google Adwords, Facebook Pixel, Hotjar, Live Chat, MailUp Spa through MailUp software,  Benhauer Sp. Z.o.o through Salesmanago software, OnOff Communication Snc, Smartbee Websocial Agency, Equinox Srl) that process them only in ways that do not permit personal identification of Registered Users/Users who have not registered to newsletter.
The data of the Registered Users/Users who have registered to newsletter, collected by third party Salesmanago are processed in ways that permit personal identification of Registered Users/Users.
The collected data may be communicated to third party service suppliers administering and managing the Website.
2. Data on the Registered User’s/User’s computer, purpose and communication
When Registered Users/Users visit this Website, the computer systems and software procedures used to operate it acquire information related to the Registered User’s/User’s IP address, operating system and type of browser.
The collected data are used to ensure the Website’s security and identify trends to improve performance and customize the Website to the interests of Registered Users/Users. They are not used to identify Registered Users/Users personally.
The collected data may be communicated to third party service suppliers administering and managing the Website.
While browsing the Website, the Registered Users/Users can accept the Web Push notifications. In this case, the computer systems and software procedures used to operate  the Web Push notifications service acquire information related to the Registered User’s/User’s IP address, operating system and type of browser. The data of registration to this service will be saved on the Registered User’s/User’s browser.


3. Data provided voluntarily by the Registered User/User, purpose and communication 
If, while browsing the Website, the Registered User/User shares personal data voluntarily in any way (e.g. contact form on the Website, sending an email) to access certain services, the sender’s email address and/or any other collected data will be used only to respond to the Registered User’s/User’s requests or to provide the requested service.
If, while using social media (e.g. Facebook, Twitter, Instagram, etc.) via his/her personal or corporate account, the Registered User/User spontaneously and in any way requests interaction with Stocksmetic SRL’s social profile (e.g. by writing a post, sending a message, Following, Tweeting, participating in discussions or labelling), spontaneously sharing personal data (e.g. name or username/nickname, Website, email address, telephone number, personal information in the profile description, comments, etc.), such personal data will be processed by Stocksmetic SRL as the autonomous data controller in accordance with this privacy policy, in particular as provided for in article 6. 
If the Registered User/User uses social media (e.g. Facebook, Twitter, Instagram, etc.) via his/her personal or corporate account, his/her personal data will be also processed in accordance with the policy in use by the individual platforms as autonomous data controllers.
Personal data shared in these ways will be processed by Stocksmetic SRL to respond to the Registered User’s/User’s request and to manage it.
If the Registered User/User uses social media (e.g. Facebook, Twitter, Instagram, etc.) via his/her personal or corporate account, his/her personal data will be processed in accordance with the policy in use by the individual platforms as autonomous data controllers.
Personal data provided by the Registered User/User may be shared with third parties only if necessary to comply with the Registered User’s/User’s requests.
 
4. Data provided with the registration profile, purpose and communication
Personal data does not need to be provided in order to use the Website. However, certain services may be provided only after registration on the Website and the creation of a Registered User profile.
The personal data provided when creating a Registered User profile will be used only to provide the service requested by the Registered User.
The data provided by the Registered User during checkout (billing or shipping address different from that provided at registration) will be used only to provide the service requested by the Registered User.
The personal data provided by the Registered User may be shared with third parties only if necessary to comply with the User’s requests.
Prior express consent, the personal data provided by the User during newsletter registration or during Registered User profile creation, will be used for direct marketing activities, such as direct advertising, communications for promotional or informative purpose related to products or services provided and/or promoted by Stocksmetic SRL, including free gifts and/or samples.

5. Personal data used for profiling activities
The data of the Registered Users/Users who have not registered to newsletter, collected through cookies (cookies policy is available at the following link: https://www.stocksmetic.com/cookies-policy/) will be processed completely anonymously and without identifying Registered Users/Users personally, 


for individual or aggregate profiling activities and market research (analysis of habits and consumption choices, elaboration of statistics or customers satisfaction degree) with the express exclusion of the application of automated decision-making systems able to produce legal and binding effects for the User. 

The data of the Registered Users/Users who have registered to newsletter, collected through cookies (cookies policy is available at the following link: https://www.stocksmetic.com/cookies-policy/), will be processed, allowing to identify Registered Users/Users personally, for individual or aggregate profiling activities and market research (analysis of habits and consumption choices, elaboration of statistics or customers satisfaction degree) with the express exclusion of the application of automated decision-making systems able to produce legal and binding effects for the User.

6. Social network, live chat, istant messaging and SMS, ticket, email. Phone contacts: purpose and communications.
All data, communications and/or any information that Registered Users/Users send to the operators of the Data Controller’s Customer Care through social networks, live chat, instant messaging and SMS, opening of tickets and email, will be centralized and managed through the Zendesk software owned by the third-party company Zendesk Inc, and stored in a single database located on the servers of the same company.
All data, communications and/or any information that Registered Users/Users send to the operators of the Data Controller’s Customer Care through social networks, live chat, instant messaging and SMS, opening of tickets and email will be stored for security reasons and in order to improve the performance and quality of the services offered. 
All data, communications and/or any information that Registered Users/Users send to the operators of the Data Controller’s Customer Care through social networks, live chat, instant messaging and SMS, opening of tickets and email may be transmitted to third-party service providers that deal with storage and centralized management of the messaging services and the management of their databases.
The calls that Registered Users/Users send to the operators of the Data Controller’s Customer Care won’t be recorded, but technical data related to the calls itself will be collected, such as: time and duration of the call, phone number of the subject making the call, through the Aircall software owned by the third-party company Aircall.io.Inc.
Technical data related to each call made by Registered users/Users to the operators of the Data Controller’s Customer Care will be stored for security reasons and in order to improve the performance and quality of the services offered. 
Technical data related to each call made by Registered users/Users to the operators of the Data Controller’s Customer Care may be transmitted to third-party service providers that deal with the storage and centralized management of the messaging services and the management of their databases.




7. Data on online financial transactions, purposes and communication
All data related to financial transactions is managed directly by payment platforms and is not processed, collected or visualized by Stocksmetic SRL. 
For further information please refer to the information available on each online payment platform.

8. Processing
Personal data collected in accordance with the procedures referred to in points 1, 2, 3, 4, 5 and 6 will be processed electronically by automated systems for the purposes specified in those points.
Personal data collected in accordance with the procedures referred to in points 1, 2, 3, 4, 5 and 6 will be processed in accordance with legislation in force and the principles of legality, correctness, transparency and privacy protection provided for therein.
Personal data collected in accordance with the procedures referred to in points 1, 2, 3, 4, 5 and 6 will be processed by natural or legal persons specifically identified as data processor or data controller at the offices of the data controller at Via Gera 8/10, Gessate, and/or only by technical staff at the registered office of the Website host and/or manager of the software and database for the storage of the content of the communications that Registered Users/Users send to the operators of the Data Controller’s Customer Care through social network, live chat, instant messaging and SMS, opening of tickets and email and will be carried out by specialized technicians. 
The personal data processed will not be disclosed.
The personal data processed are up-to-date, relevant, complete and not excessive in relation to the purposes specified in points 1, 2, 3, 4, 5 and 6 for which they were collected and subsequently processed.
 
9. Website security measures and adopted application systems
The Website has appropriate security measures (compatible with implementation costs, the technological state of the art in terms of computer security and the nature of the data) to protect users’ personal data and prevent unauthorised access, publication or modification. The Website was developed using Magento, an open-source electronic commerce platform. This platform periodically publishes updates to resolve security problems as they are discovered. These updates are applied as soon as possible, at installation of Magento at the base of this site, compatible with implementation times and costs. Users can visit the Website using the HTTPS secure communication protocol. 
However, transmission of information via the Internet cannot be guaranteed as 100% secure. All passwords entered on the Website are encrypted upon saving and therefore are not saved unencrypted in the database. The user is responsible for creating strong passwords and protecting their confidentiality. The data entered by the user on the Website are saved on a password protected database that can only be accessed through authentication.
The third-party company Zendeck Inc guarantees compliance with elevated standards of security regarding software services, database and server offered, as specified at the following link: 
https://www.zendesk.com/company/customers-partners/privacy-policy/ 



The third party Aircall.io. Inc., Delaware corporation, 33 W 17th St, New York, NY 10011 and its subsidiary companies guarantee the respect of elevated standards of security with regard to the software, database and server services offered, as specified in the following link:
https://aircall.io/privacy/

10. Data Controller and processor
The data controller is Stocksmetic SRL.
To contact the data controller, send an email to info@stocksmetic.com
The data processors are:
-       Vivien Charrey, internal data processor
-       Webgriffe Srl, with registered office at Viottolo Peloso 1, 42013 Casalgrande (RE), VAT no. 02277170359
-       Premi Digital Srl with registered office in Piazza della Repubblica 31, 20124 Milan, Italy, VAT No. 11062060964
-       OnOff Communication Snc di Elena Enza Rossi & C, with registered office at Via Rovigana 34 /A, Monselice (PD), VAT no. 04598180281
-       Equinox S.r.l with registered office at Via Ugo Maneo 3, con Partita Iva 01572340295
-       Benhauer sp. z o.o. (Benhauer Ltd.), with registered office at 21 Grzegórzecka Street, 31-532 Cracow, TAX IDENTIFICATION NUMBER (NIP): 676 244 77 54  
-       Zendesk Inc., with registered office at 1019 Market Street, San Francisco, CA 94103, con TAX IDENTIFICATION NUMBER EIN (Taxpayer Id) 26-4411091
-       Aircall.io. Inc., Delaware corporation, 33 W 17th St, New York, NY 10011


11. Transfer of personal data
The personal data collected in accordance with the procedures referred to in points 1, 2, 3, 4, 5 and 6 will be processed within the EEA and will not be transferred to a third-countries outside the EEA or to any international organization. The website and the databases are hosted on servers provided by DigitalOcean, currently located in Frankfurt.
The software and the database on which the contents of the communications that registered users/ users send to operators of the Data Controller’s Customer Care via social network live chat, instant messaging and SMS, opening of tickets and email are stored, are located on servers of the third-party Zendesk Inc, currently located within the territory of the European Union.
12. Transfer of data to third parties
The collected personal data will not be sold to third party companies for the sending of commercial communications.
 13. Mandatory or optional nature of data provision and legal basis of personal data processing
The personal data collected in accordance with the procedures referred to in points 1 and 2 are not mandatory and are collected in the legitimate interest of the data controller. Therefore, the provision of 


these data is optional although refusal to provide them may prevent the user from browsing the site and using its content.
The personal data collected in accordance with the procedures referred to in point 3 are not mandatory and will be used in the legitimate interest of the Data Controller. Therefore, the provision of these data is optional although refusal to provide them may prevent the user from using the services offered by the Site.
The personal data collected in accordance with the procedures referred to in point 4 are required to conclude the contract of sale via the Site. Therefore, refusal to provide them may prevent the user from creating a personal account to register on the Website.
The processing activity of personal data provided by the User during newsletter registration or during Registered User profile creation, referred to in point 4, used for direct marketing purpose is based on express consent of the interested party.

14. Data storage 
The personal data collected in accordance with the procedures referred to in points 1 and 2 are kept only for the time necessary to perform the specified purposes. As a general rule, the Data Controller deletes user navigation data after three years.
The personal data collected in accordance with the procedures referred to in point 3 are kept only for the time needed to manage the information requests sent by the Registered User/User. Normally, the Data Controller keeps ordinary information requests for three years, but in some cases (e.g. where the request for information is related to a contract between the Data Controller and the Registered User/User or where the Data Controller requires legal advice to respond to a complaint), the Data Controller may be required to keep records of our communications for up to 10 years.
The content of the communications and/or any information that Registered users/Users send to the operators of the Data Controller’s Customer Care through social networks, live chat, instant messaging and SMS, opening of tickets and email collected in accordance with article 6 are stored only for the period of time which is necessary to manage the information request sent by the Registered user/User. Generally, the Data Controller stores the contents of ordinary information requests for 3 years, but in some cases (for example when the information request is about a contract between the Data Controller and the Registered user/User or when the Data Controller must need legal advice to respond to a complaint), the Data Controller shall have to preserve recorded communications for 10 years. 
The personal data collected in accordance with the procedures referred to in point 4 are kept for as long the Registered User’s profile is active, and in any case, for 10 years after the Registered User’s last purchase.
The personal data provided by the User during newsletter registration or during Registered User profile creation, referred to in point 4, used for direct marketing purpose, are kept until the User requests the cancellation from the newsletter or the cancellation of the Registered User profile and, in any case, will be delated no later than 30 days from the date of newsletter or Registered User profile cancellation.
The personal data provided by the User during newsletter registration or during Registered User profile creation, referred to in point 5, if used for profiling activities, are kept until the User requests the cancellation from the newsletter or the cancellation of the Registered User profile, and in any case, will be delated no later than 30 days from the date of newsletter or Registered User profile cancellation.



14. Rights of the Registered User/User
Pursuant to Article 7 of the Privacy Code and to Articles 13, paragraphs 2b) and d), and Articles 15, 16, 17, 18, 19, 20 and 21 of the Regulation, we inform you that:
a)     the Registered User/User has the right to ask the Data Controller to access, correct (via his/her profile or account at https://www.stocksmetic.com/it/customer/account/login/) or delete his/her personal data or to limit or oppose their processing, as well as the right to data portability
b)    the Registered User/User has the right to withdraw consent at any time without affecting the legality of processing based on the consent given prior to withdrawal
c)     if processing is based on Article 6, paragraph 1a), or on Article 9, paragraph 2a), the Registered User/User has the right to withdraw consent at any time without affecting the legality of processing based on the consent given prior to withdrawal
d)    the Registered User/User has the right to lodge a complaint with the Italian Data Protection Authority in accordance with the procedures and information published on the Authority’s official website www.garanteprivacy.it
Exercise of the rights referred to above is not subject to any formal constraint and is free of charge. These rights can be exercised by writing to info@stocksmetic.com or by registered letter with notice of receipt to Stocksmetic SRL, Via Gera 8/10, 20060 Milan, Italy.
For the purposes of the provisions above, interested parties are invited to communicate any updates of the collected data to the Data Controller at info@stocksmetic.com
 
15. Automatic decision-making
The collected data will not be subject to any automatic decision-making process.
 
16. Cookies
The Cookies policy is available at https://www.stocksmetic.com/cookies-policy/ 
This Privacy Notice was updated on 21/09/2020