Data subjects
Data controller under applicable laws is STOCK YARN ITALY S.R.L., who can be contacted via the CONTACT section (link at the bottom of the page).
Legal basis for processing
This site processes data mainly on the basis of users’ consent. By using or consulting the site, visitors and users approve this privacy policy and consent to the processing of their personal data in the manner and for the purposes described below, including possible disclosure to third parties if necessary for the provision of a service. Through communication or service request forms, additional consents related to the specific purpose of the service are collected.
Data for site security and prevention from abuse and SPAM, are processed based on the legitimate interest of the Data Controller in protecting the site and the users themselves. In such cases, the user always has the right to object to the processing of data.
Purposes of processing
The processing of data collected from the site, in addition to the purposes related, instrumental and necessary to the provision of the service, is aimed at the following purposes:
– Security
Collection of data and information in order to protect the security of the website (spam filters, firewalls, virus detection) and Users and to prevent or expose fraud or abuse against the website. The data are recorded automatically and may possibly include personal data (Ip address) that could be used, in accordance with the relevant laws, in order to block attempts to damage the site itself or to harm other users, or otherwise harmful or criminal activities. Such data are never used for User identification or profiling and are deleted periodically.
– Ancillary Activities
Communicate data to third parties who perform functions necessary or instrumental to the operation of the service, and to enable third parties to perform technical, logistical and other activities on our behalf.
Data collected
During Users’ browsing, the following information may be collected and stored in the log files of the server (hosting) of the site: first name, last name, phone number, email – internet protocol (IP) address; – type of browser; – parameters of the device used to connect to the site; – name of the internet service provider (ISP); – date and time of visit.
The IP address is used for security purposes only and is not cross-referenced with any other data.
Place of Processing
Data are processed at the Data Controller’s office, and at the web hosting datacenter (Aruba Business S.r.l.). The web hosting (Aruba Business S.r.l. VAT No.: 01497070381), is responsible for the processing, processing the data on behalf of the owner. Aruba Business S.r.l. is located in the European Economic Area and acts in accordance with European standards.
Data Retention Period
Data collected by the site during its operation are retained for the time strictly necessary to carry out the specified activities. Upon expiration, the data will be deleted or anonymized unless there is no further purpose for retaining the data.
Data (IP address) used for site security purposes (blocking attempts to damage the site) are kept for 30 days. Data for analytics (statistical) purposes are kept in aggregate for 24 months.
Transfer of collected data to third parties
The data collected by the site are generally not provided to third parties, except in specific cases: legitimate request by the judicial authority and only in cases provided by law; if it is necessary for the provision of a specific service requested by the User; for the performance of security checks or optimization of the site.
Transfer of data to countries outside the EU
Data collected by the site are generally not provided to third parties in countries outside the EU, except in specific cases: legitimate request by the judicial authority and only in cases provided by law; if it is necessary for the provision of a specific service requested by the User; for the performance of security checks or optimization of the site.
Security Measures
We process visitor/user data lawfully and fairly, taking appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of data. We are committed to protecting the security of your personal information as it is sent, using Secure Sockets Layer (SSL) software, which encrypts information in transit. The processing is carried out by means of computer and/or telematic tools, with organizational methods and logic strictly related to the indicated purposes. In addition to the Data Controller, in some cases, categories of appointees involved in the organization of the site or external parties (such as third-party technical service providers, hosting providers) may have access to the data.
Users’ Rights
Users may exercise certain rights with respect to the Data processed by the Data Controller. In particular, to the extent provided by law, the User has the right to:
revoke consent at any time.
object to the processing of their Data.
access their Data.
verify and request rectification.
obtain restriction of processing.
obtain the deletion or removal of their Personal Data.
receive their Data or have them transferred to another owner.
file a complaint.
How to Exercise Your Rights
To exercise their rights, Users may address a request to the contact details of the Owner set out in this document. The request can be filed free of charge and the Holder will respond as soon as possible, in any case within one month, providing the User with all the information required by law. Any rectification, deletion or restriction of processing will be communicated by the Controller to each of the recipients, if any, to whom the Personal Data has been transmitted, unless this proves impossible or involves disproportionate effort. The Owner notifies the User of these recipients if he or she so requests.