Privacy & Cookie Policy

Last updated on 27 March 2023

This privacy policy illustrates the management of the website (hereinafter, the “Site”) with reference to the processing of personal data of users.

This is a general information notice provided in accordance with Article 13 of Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the “GDPR”) to all users who to interact with the services provided through the Site by Storykube S.r.l., with registered office in Via Marsala no. 29/H, Rome, in the capacity of data controller (hereinafter, the “Controller”).

This privacy policy explains the purposes and methods by which the Controller collects and processes your personal data, which categories of data are processed, which are the rights of the data subjects and how they can be exercised.

This privacy policy is provided exclusively for the Site, therefore the Controller does not undertake any liability for third party websites that may be consulted via hyperlinks on the Site itself. In addition, this policy refers to data acquired from pages, managed by the Controller, of social network platforms such as, by way of example, Facebook and Instagram.

The processing of users’ personal data will be carried out by means of suitable instruments, whether electronic, paper-based or telematic. Processing activities will be conducted with an approach strictly related to the purposes of this document and, in any case, in such a way as to ensure security and confidentiality of data.

Users are invited to read this policy before providing personal information of any kind through the Site.

1. Categories of personal data

a. Navigation Data

Computer systems and software procedures used to operate this Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols.

This information is not collected to be associated with identified data subjects, but due to its very nature could allow users to be identified through processing and association with third party data.

This category of data includes IP addresses or domain names of the devices used by users connecting to the website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and computer environment of the user.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site.

b. Data provided voluntarily by the user

Without prejudice to what has been specified above in relation to browsing data, the Controller will acquire any personal data provided by the User in order to create a personal account on the Site (such as name and e-mail address).

2. Purposes, legal basis of processing and data retention period

a. Enabling navigation on the Site

The data indicated in paragraph 1, letter a) will be processed by the Controller to enable the navigation on the Site and the use of related functions. The provision of such data is necessary for the proper functioning of the Site.

b. Providing requested services

The data indicated in paragraph 1, letters b) will be processed by the Controller in order to create a personal account on the Site and allow the User to access the services provided by the Controller.

The providing of such data is necessary in order to perform the contractual relationship that will be established with the Controller following the user’s request. The provision of any data not included in those required by the forms on the Site is not, in any event, mandatory.

The processing is necessary to fulfill a request made by the user and, therefore, the legal basis falls under Article 6(1)(b) of the GDPR.

c. Marketing activity

The data indicated in paragraph 1, letters b) will be processed by the Controller in order to send to the user, using the email address provided, newsletter containing, where appropriate, commercial communications concerning its products or services.

The processing of personal data carried out for this purpose is based on the legitimate interest pursued by the Controller pursuant to Article 6(1)(f) of the GDPR. The User may object to this processing at any time by clicking on the unsubscribe button in newsletters or by writing to the addresses in paragraph 5.

3. Categories of subjects to whom personal data can be communicated and purposes of communication

The Controller may communicate, for the same purposes above, some of the users’ personal data to subjects designated and expressly authorised to process such data, in accordance with the provision of Article 29, GDPR.

For the same purposes, the Controller may also communicate some of the users’ personal data to third parties, who will process such data as data processors pursuant to Article 28 of the GDPR (e.g., companies that provide newsletter services, such as Mailchimp or similar service provider).

The complete list of data processors may be requested from the Controller at any time by writing to .

Furthermore, the data may be communicated to the competent authorities, in the event of specific requests which the Controller is compelled to fulfil. If applicable, these entities will act as autonomous data controllers.

Personal data will not be disseminated or disclosed under any circumstances.

4. Transfer of data outside the European Union

The Controller may transfer certain data relating to the User outside the European Union to providers of services implemented on or via the site (e.g. the newsletter service), based in the USA. The Company carries out the aforementioned transfer through the use of standard contractual clauses adopted by the European Commission.

The Controller does not carry out other transfers of User’s personal data outside the European Union. However, whether a transfer should take place, the Company shall carry out the aforementioned transfer through the use of standard contractual clauses adopted by the European Commission or, alternatively, on the basis of a Commission adequacy decision or other appropriate instrument under the GDPR.

You may obtain information on the place where your data has been transferred and copies of such data by writing to the contact details set out in paragraph 5.

5. Rights of the data subject

In their quality of data subjects and in accordance with current regulations, users have the following rights:

Right of access (Article 15, GDPR):

you may request and obtain information about the existence of your data available to the Controller and access to such data;

Right to rectification (Article 16, GDPR):

you may request and obtain the amendment and/or correction of your personal data if you believe it is inaccurate or incomplete;

Right to erasure / “Right to be forgotten” (Article 17, GDPR):

in certain circumstances, you may request and obtain the erasure of your personal data if it is not necessary - or no longer necessary - for the purposes mentioned above, once the retention period indicated in paragraph 4 has expired;

Right to restriction of processing (Article 18, GDPR):

in certain circumstances, you may request and obtain a restriction of the processing activities involving your personal data;

Right to data portability (Article 20, GDPR):

in certain circumstances, you may request and obtain the personal data concerning you, in a structured, commonly used, machine-readable format. You may also request and obtain that such data be transmitted to another data controller without hindrance by the Controller;

Right to object (Article 21, GDPR):

at any time, you may object to processing of personal data concerning you based on Article (1)(f), GDPR. 

Requests to exercise your rights may be addressed to Storykube S.r.l., with registered office in Via Marsala no. 29/H, Rome or to .

We would also like to inform you that, in accordance with the regulations in force, you may lodge any complaints regarding the processing of your personal data with the Italian Data Protection Authority.

6. About cookies

Cookies are pieces of information sent by a web server (e.g., the Site) to your web browser (i.e., the application used to browse the Internet), automatically stored on your device and automatically sent back to the server each time you access the website. By default, almost all web browsers are set to automatically accept cookies. Typically, cookies can be installed:

  • directly by the owner and/or administrator of the website (first-party cookies);
  • by parties external to the website visited by the user (third-party cookies). Unless otherwise specified, these cookies fall under the direct and exclusive responsibility of the third party itself. Further information on privacy and their use can be found directly on third-party websites.

Cookies can be classified as follows.

Classification of cookies according to their storage time

Session cookies: these are not permanently stored on the user’s computer and are deleted when the browser is closed. They are strictly limited to the transmission of session identifiers, which are necessary to allow the safe and efficient exploration of the site, avoiding the use of other IT techniques that could potentially prejudice the confidentiality of users’ browsing.

Persistent cookies: these remain stored on the hard disk of the device until they expire or are deleted by the user. Through persistent cookies, visitors accessing the site (or any other users of the same device) are automatically recognised at each visit. Users can set their computer browser to accept/reject all cookies or to display a warning whenever a cookie is proposed/requested, so that they can decide whether to accept/provide it. The user may, however, change the default configuration and disable cookies (i.e., block cookies permanently), thus setting the highest level of protection.

Classification of cookies according to their functionality

Technical cookies: these are used to log in, to make use of media contents or to allow the choice of navigation language. It is therefore not necessary to obtain the user’s prior informed consent for their use. This class also includes cookies used to statistically analyse access/visits to the site only if they are aggregated and used for statistical purposes only.

Non-technical cookies: these are used for profiling and marketing purposes. Their use is forbidden unless the user/data subject has been adequately informed beforehand and has given their valid opt-in consent. These types of cookies can, in turn, be grouped according to the functions they perform in:

  • analytics: these are used to collect and analyse statistical information on access/visits to the website. When associated with other information, such as the credentials entered to access restricted areas (your email address and password), they can be used to profile the user (visited websites, content downloaded, types of interaction carried out, personal habits, etc.);
  • widgets: these include all the graphic components of a user interface, which aim to facilitate user interaction with the programme used. By way of example, Facebook, Twitter or LinkedIn cookies are widgets;
  • advertising: these are used to advertise on a website. This group may include cookies from Google or Tradedoubler;
  • web beacons / Pixels: these are code snippets that allow a website to transfer or collect information by requesting a graphic image. Websites may use them for various purposes, such as analysing website usage, monitoring and reporting on advertisements, as well as customizing advertisements and content in general.

7. Cookies used on the Site

This Site may use, also in combination, the following types of cookies, according to the indications of the Italian Data Protection Authority and to the official documents issued by the European Data Protection Board:

a. Technical cookies for which consent is not required

The Data Controller will install - or allow third parties to install - in your browser a few cookies necessary to acquire, in an anonymous and aggregate form, statistical information relating to your navigation on the pages of the Site.

b. Analytics cookies

The Controller collects cookies or statistical information on the use of the Site by users. These cookies are used to analyse our pages anonymously, without storing personal data.

c. Widget

About the processing of personal data performed by the social media platforms used by the Controller, please see the information provided by them through their privacy policies.

Here is a detailed list of the tracking tools we use:

Amazon Web Services (AWS)

  • Provider: Amazon Web Services, Inc.
  • Purpose: Hosting and backend infrastructure
  • Personal data collected: Various types of data, as specified in the privacy policy of the service.
  • Service Description: Amazon Web Services (AWS) is a hosting and backend service provided by Amazon Web Services, Inc.

Google Analytics with anonymized IP

  • Provider: Google LLC / Google Ireland Limited
  • Purpose: Statistics
  • Personal data collected: Tracking tools / Usage data
  • Personal data collected: Tracking tools / Usage data
  • Google may use Personal Data to contextualize and personalize ads in its ad network. This Google Analytics integration anonymizes your IP address. The anonymization works by shortening within the borders of member states of the European Union or other countries that are parties to the Agreement on the European Economic Area the IP address of Users. Only in exceptional cases will the IP address be sent to Google's servers and abbreviated in the United States.

Google Fonts

  • Provider: Google LLC
  • Purpose: Displaying content from external platforms
  • Personal data collected: Usage data Tracking tools
  • Service Description: Google Fonts is a font style display service operated by Google LLC that allows this Application to integrate such content within its pages.


  • Provider: Intuit Inc.
  • Purpose: Managing contacts and sending messages
  • Personal data collected: Email
  • Service Description: Mailchimp is an address management and email message sending service provided by Intuit Inc.

Hotjar Heat Maps & Recordings

  • Provider: Hotjar Ltd.
  • Purpose: Heat mapping and session recording
  • Personal data collected: Tracking tools / Usage data / Various types of data as specified by the service's privacy policy
  • Description: Hotjar is a heat mapping and session recording service provided by Hotjar Ltd. Hotjar respects generic "Do Not Track" headers. This means that the browser can instruct the script not to collect any User data. This is a setting that is available in all major browsers. More information about opting out of Hotjar is available here.

Microsoft Clarity

  • Provider: Microsoft Corporation
  • Purpose: Heat mapping and session logging
  • Personal data collected: Tracking tools
  • Description: Microsoft Clarity is a heat mapping and session recording service provided by Microsoft Corporation. Microsoft processes or receives Personal Data through Microsoft Clarity, which in turn may be used for any purpose in accordance with Microsoft's Privacy Policy, including the enhancement and delivery of Microsoft advertising.

Meta ads conversion monitoring

  • Provider: Meta Platforms, Inc. / Meta Platforms Ireland Limited
  • Purpose: Statistics
  • Personal data collected: Tracking tools / Usage data
  • Description: Meta ads conversion tracking (Meta pixel) is a statistics service provided by Meta Platforms, Inc. or Meta Platforms Ireland Limited, depending on how the Data Controller manages the processing of the Data, which links data from the Meta ad network with actions taken within this Application. The Meta pixel monitors conversions that can be attributed to Facebook, Instagram, and Audience Network ads.


  • Provider: Stripe Inc / Stripe Technology Europe Ltd / Stripe Payments Ltd
  • Purpose: Management of payments
  • Personal data collected: Various types of data as specified by the service's privacy policy
  • Description: Stripe is a payment service provided by Stripe Inc, Stripe Technology Europe Ltd or Stripe Payments Ltd, depending on how the Data Controller manages the processing of the Data.

8. How to disable cookies by setting up your browser

If you wish, you can also manage cookies directly through your browser settings. However, please note that if you delete all cookies from your browser, you may remove the preferences you have set for the Site. For this reason, it is advisable for you to visit this page periodically to review your preferences. For further information and support you can also visit the specific help page of the web browser you are using. Below are some links:

Microsoft Edge

Google Chrome


Mozilla Firefox