Registration Reserved Area

Privacy policy

Personal Data Privacy Notice: Registration reserved area

STONEFLY S.p.A., in its capacity as the data controller (hereinafter referred to as the "Data Controller"), issues this notice to the Data Subject in compliance with European and Italian regulations concerning data protection.

The Data Controller has appointed a Data Protection Officer (DPO), who may be contacted by the Data Subject via email at the following address:

This notice complements our Website's navigation policy in order to illustrate to the User how the Data Controller will specifically process the data entered into this contact form. We, therefore, invite you to read our Privacy Policy here.

Purpose and legal basis of processing

The Data Controller processes personal data for various purposes:

1)    to allow the User to register in the reserved area and to access the related services provided to the User, such as creating a wish list, accessing the address book, subscribing to lists of in-stock products, etc.: the legal basis of the processing is the need to pursue the aforementioned purposes;

2)    to use the Data Subject's contact details (email address, landline and mobile telephone number, postal address) to carry out opinion and satisfaction surveys and to send commercial messages containing information on products or services, as well as promotions or invitations to events organised by STONEFLY: express consent is required for this purpose.

Data retention period

The Data Controller intends to process the data according to the following time criteria:

✔      Five years from the last login to the reserved area, without prejudice to further storage for the time necessary to settle any disputes that may have arisen (regardless of how this settlement is reached);

✔      for the purpose referred to in point 2), the data will be processed for twenty-four months from the last notification, regardless of the channel used: the Data Subject may withdraw consent or object to the processing at any time.

Nature of data provision and consequences of refusal

The provision of data for the purposes referred to in point 1) is necessary, and, therefore, any refusal to provide it in whole or in part may make it impossible for the Data Controller to pursue the aforementioned purposes. The provision of data for further purposes is optional: without it, the Data Controller will not be able to carry out the corresponding activities but will still be entitled to pursue the purposes referred to in point 1).

Recipient categories

The Data Controller will not disclose the data, but intends to communicate it to internal personnel authorised to process the data according to their respective duties, as well as to consultancy firms, hosting companies, software houses, technological partners, and public and private bodies, including as a result of inspections and audits.

Should these recipients process data on behalf of the Data Controller, they will be appointed as data processors under the terms of a specific contract or other legal document.

Transfer of data to a third country and/or international organisation

Personal data will not be transferred either to non-European third countries or to international organisations.

Rights of Data Subjects

The Data Subject has the right to ask the Data Controller to access his/her personal data and to rectify it if inaccurate, to erase it or limit its processing if the conditions are met, to object to its processing for legitimate interests pursued by the Data Controller, and to obtain the portability of data provided personally only if it is subject to automated processing based on consent or on a contract. The Data Subject also has the right to withdraw the consent given for the processing purposes that require it, without prejudice to the lawfulness of the processing carried out until the time of withdrawal.

To exercise his/her rights, the Data Subject may use the form available here and forward it to the Data Controller at the following address: dpo@stonefly.comThe Data Subject also has the right to lodge a complaint with the relevant supervisory authority, the Italian Data Protection Authority (