Registration Reserved Area and Marketing
Privacy policy
Personal Data Privacy Notice: Registration reserved area and Marketing
Stonefly S.p.A., in its capacity as the data controller (hereinafter referred to as the "Data Controller"), issues this notice to the Data Subject in compliance with European and Italian regulations concerning data protection.
The Data Controller has appointed a Data Protection Officer (DPO), who may be contacted by the Data Subject via email at the following address: dpo@stonefly.com
This notice complements our website’s navigation policy in order to illustrate to the User how the Data Controller will specifically process the data entered into this contact form. We, therefore, invite you to read our Privacy Policy here.
Purpose and legal basis of processing
The Data Controller processes personal data for various purposes:
1) to allow the User to register in the reserved area and to access the related services provided to the User, such as creating a wish list, accessing the address book, subscribing to lists of in-stock products, etc.: the legal basis of the processing is the need to pursue the aforementioned purposes;
2) ) to use the Data Subject's contact details (email address, landline and mobile telephone number, postal address) to carry out opinion and satisfaction surveys and to send commercial messages containing information on products or services, as well as promotions or invitations to events organised by Stonefly: express consent is required for this purpose.
Data retention period
The Data Controller intends to process the data according to the following time criteria:
✔ Five years from the last login to the reserved area, without prejudice to further storage for the time necessary to settle any disputes that may have arisen (regardless of how this settlement is reached);
✔ for the purpose referred to in point 2), the data will be processed for twenty-four months from the last notification, regardless of the channel used: the Data Subject may withdraw consent or object to the processing at any time.
Nature of data provision and consequences of refusal
The provision of data for the purposes referred to in point 1) is necessary, and, therefore, any refusal to provide it in whole or in part may make it impossible for the Data Controller to pursue the aforementioned purposes. The provision of data for further purposes is optional: without it, the Data Controller will not be able to carry out the corresponding activities but will still be entitled to pursue the purposes referred to in point 1).
Scope of data communication and categories of recipient
The Data Controller will not disclose the data, which will be communicated exclusively to internal personnel authorised to process it according to their respective duties, as well as to professionals, companies or other third parties that carry out outsourced activities and that are, therefore, appointed as data processors under the terms of a specific contract or other legal document.
Transfer of data to a third country and/or international organisation
The personal data of the Data Subjects may be transferred, for the purposes for which it was collected, to a third party not belonging to the European Economic Area (EEA), that offer services related to the processing carried out by the Data Controller and described in this privacy policy or to which the transfer of data would be necessary as part of the execution of the service for the Data Subject.
The transfer of personal data to persons located outside EEA will take place solely by virtue of the execution by Data Controller and the non-EEA recipient of the standard contractual clauses adopted or approved by the European Union Commission (Commission implementing decision (EU) 2021/914 of 4 June 2021 and subsequence modification) or, alternatively, based on the decision of adequate of European Commission and/or other law instruments. If applicable the transfer of the personal data shall be based on the conditions of article 49 of the GDPR.
The Data Subject may obtain information about the transfer of her/his by sending a request to Data Controller as specified in the paragraph “Data Subjects’ Rights” below.
Rights of Data Subjects
The Data Subject has the right to unsubscribe from this service at any time and may also ask the Data Controller to access his/her personal data and rectify it if inaccurate, to erase it or restrict its processing if the conditions are met, and to obtain its portability.
To exercise his/her rights, the Data Subject may use the form available here and forward it to the Data Controller at the following address: dpo@stonefly.com The Data Subject also has the right to lodge a complaint with the relevant supervisory authority, the Italian Data Protection Authority (www.garanteprivacy.it).
Updated, 01st of march, 2023.