The data may be processed in hard copy, by automated or electronic means.

2. HOW WE PROCESS PERSONAL DATA

Data processing is carried out using information systems and organizational and technical methods strictly related to the specified purposes, and the Company has implemented all necessary technical and organizational security measures to ensure the confidentiality, integrity, availability, and resilience of data processing, in accordance with Article 32 of the GDPR.

3. DATA RETENTION

Your data will be stored in accordance with applicable laws, for a period of time not exceeding what is necessary to achieve the purposes for which it is processed. The criteria for determining the data retention period take into account the lawful processing period and applicable laws, the statute of limitations, and the nature of legitimate interests where they serve as the legal basis for the processing.

Your data may be stored for a longer period than originally planned in the event of any disputes or requests from the relevant authorities.

The data processed to provide the newsletter service as described above will be stored until you withdraw your consent.

Provided that your data is retained only for as long as necessary, it will be deleted, aggregated, or anonymized in a secure manner once it is no longer needed.

4. DISCLOSURE OF PERSONAL DATA

The data will be disclosed to authorized personnel within the Company.

The Company may disclose the Data solely and exclusively for the purposes indicated and, where necessary, to the following categories of recipients:

• where required, the competent judicial authorities;

• where required, public administrations and supervisory and control authorities;

• service providers (e.g., legal consultants, marketing consultants);

• information technology providers (e.g., cloud and software providers). 

Your data will not be made public.

Entities belonging to the categories listed above may act, as the case may be, as data processors (in which case they will receive appropriate instructions from the Company) or as independent data controllers.

5. DATA TRANSFER OUTSIDE THE EEA

If this is necessary to achieve the purposes set out above, your Data may also be transferred abroad to companies located both within and outside the European Economic Area (EEA). Some of these jurisdictions may not provide the same level of data protection as guaranteed by European laws. In such cases, the Company undertakes to ensure that the data is processed with the utmost confidentiality, entering into agreements, if necessary, that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.

6. DATA SUBJECT RIGHTS

At any time, you are entitled to exercise the following rights, and therefore:

• obtain confirmation as to whether your personal data are being processed, and, if so, access to such data, pursuant to Article 15 of the GDPR (Right of access);

• to obtain the rectification of inaccurate personal data concerning you or, taking into account the purpose of the processing, the completion of incomplete personal data pursuant to Article 16 of the GDPR (Right to rectification);

• request the erasure of your Data where one of the grounds under Article 17 of the GDPR applies (Right to be forgotten);

• request the restriction of the processing of your Data, when one or more of the circumstances set forth in Article 18 of the GDPR apply (Right to restriction);

• object to the processing of your data on grounds relating to your particular situation, where applicable, under Article 21 of the GDPR (Right to object);

• receive your data in a structured, commonly used, and machine-readable format, as well as to transmit that data to another controller in the cases and within the limits set forth in Article 20 of the GDPR, where applicable (Right to data portability)

Furthermore, where applicable, you have the right to withdraw your consent to the processing of your Data at any time, without affecting the lawfulness of the processing based on the consent given prior to the withdrawal.

In accordance with the GDPR, the Company may not charge a fee for complying with any of the requests mentioned in this paragraph, unless they are clearly unfounded, excessive, or repetitive.

If you request more than one copy of your Data, or in cases of excessive or unfounded requests, the Company may: (i) charge a reasonable fee, taking into account the administrative costs incurred in fulfilling the request; or (ii) refuse to fulfill the request. In such cases, the Company will inform you of the costs before fulfilling the request.

The Company may request additional information before processing the requests if it needs to verify the identity of the person who submitted them.

To exercise your rights, you can send an email with the subject line “PRIVACY” to info@stora.it. Please note that you can also use the unsubscribe link included in our newsletters.

Without prejudice to any administrative or legal remedy, you also have the right to lodge a complaint with the relevant supervisory authority (further information about the supervisory authorities is available on the website https://edpb.europa.eu/about-edpb/about-edpb/members_en) if you believe that the processing of your data violates the GDPR. With respect to Italy, more information is available on the website https://www.garanteprivacy.it/.

In any case, the Company would like to know the reasons for the complaint and asks that you use the contact methods listed above before contacting the authorities, in order to prevent and resolve any disputes amicably and promptly.

7. Links to Third-Party Websites

Third-party websites accessible from this Website are the responsibility of those third parties. The Company assumes no responsibility for requests for or the provision of Data to third-party websites. The Company does not control any data processing carried out by such websites.

This website may also contain iframes with content from third parties. The Company is not responsible for third-party content displayed in iframes. The information contained therein is the sole responsibility of the owners of those websites.

The Company has no control over or responsibility for the content of third-party websites and provides this external content to its visitors for their convenience. As a result, when you visit a page containing such content, you may be presented with cookies from these third-party websites.

The company does not control the distribution of these cookies.

Please review the third party’s cookie policy and privacy policy for more information.

8. Links to Social Media

Our website includes links to social media platforms.

To protect your data while you visit our website, we do not use social plugins. Instead, HTML links are embedded on the website, making it easy to share content on social media platforms. Embedding the link prevents a direct connection to various social media network servers when you open a page from our website. When you click on one of the buttons, a browser window opens and directs you to the respective service provider’s website, where (after logging in) you can use the “Like” or “Share” button, for example.

For more information on the purpose and scope of data processing and the further use of your data by the provider and their websites, as well as your rights and options for protecting your privacy, please refer to the privacy policy of the respective service provider.

9. AMENDMENTS

The Company reserves the right to amend the Privacy Policy in whole or in part, or simply to update its content (e.g., as a result of changes in applicable law). We will post any updates on this Website. You should therefore review these periodically for changes to our Privacy Policy.

10. CONTACTING US

STORA - Limited Liability Company, Milan (MI), 8 Corso Italia, ZIP code 20122.

You can contact the Company by emailing stora@legalmail.it.

UPDATED IN MAY 2025