with reference to the processing of personal data of users.
This is a general information notice provided in accordance with Article 13 of Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the “GDPR”) to all
users who to interact with the services provided through the Site by Storykube S.r.l., with registered office in Via Marsala no. 29/H, Rome, in the capacity of data controller
(hereinafter, the “Controller”).
which are the rights of the data subjects and how they can be exercised.
hyperlinks on the Site itself. In addition, this policy refers to data acquired from pages, managed by the Controller, of social network platforms such as, by way of
example, Facebook and Instagram.
The processing of users’ personal data will be carried out by means of suitable instruments, whether electronic, paper-based or telematic. Processing activities will be
conducted with an approach strictly related to the purposes of this document and, in any case, in such a way as to ensure security and confidentiality of data.
Users are invited to read this policy before providing personal information of any kind through the Site.
1. Categories of personal data
a. Navigation Data
Computer systems and software procedures used to operate this Site acquire, during their normal operation, some personal data whose transmission is implicit
in the use of internet communication protocols.
This information is not collected to be associated with identified data subjects, but due to its very nature could allow users to be identified through processing and
association with third party data.
This category of data includes IP addresses or domain names of the devices used by users connecting to the website, URI (Uniform Resource Identifier) addresses of the
requested resources, the time of the request, the method used to submit the request to server, the size of the file obtained in response, the numerical code indicating
the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and computer environment of the user.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted
immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site.
b. Data provided voluntarily by the user
Without prejudice to what has been specified above in relation to browsing data, the Controller will acquire any personal data provided by the User in order to
create a personal account on the Site (such as name and e-mail address).
2. Purposes, legal basis of processing and data retention period
a. Enabling navigation on the Site
The data indicated in paragraph 1, letter a) will be processed by the Controller to enable the navigation on the Site and the use of related functions.
The provision of such data is necessary for the proper functioning of the Site.
b. Providing requested services
The data indicated in paragraph 1, letters b) will be processed by the Controller in order to create a personal account on the Site and allow the User
to access the services provided by the Controller.
The providing of such data is necessary in order to perform the contractual relationship that will be established with the Controller following the user’s request.
The provision of any data not included in those required by the forms on the Site is not, in any event, mandatory.
The processing is necessary to fulfill a request made by the user and, therefore, the legal basis falls under Article 6(1)(b) of the GDPR.
c. Marketing activity
The data indicated in paragraph 1, letters b) will be processed by the Controller in order to send to the user, using the email address provided, newsletter containing,
where appropriate, commercial communications concerning its products or services.
The processing of personal data carried out for this purpose is based on the legitimate interest pursued by the Controller pursuant to Article 6(1)(f) of the GDPR.
The User may object to this processing at any time by clicking on the unsubscribe button in newsletters or by writing to the addresses in paragraph 5.
3. Categories of subjects to whom personal data can be communicated and purposes of communication
The Controller may communicate, for the same purposes above, some of the users’ personal data to subjects designated and expressly authorised to process such data,
in accordance with the provision of Article 29, GDPR.
For the same purposes, the Controller may also communicate some of the users’ personal data to third parties, who will process such data as data processors pursuant
to Article 28 of the GDPR (e.g., companies that provide newsletter services, such as Mailchimp or similar service provider).
The complete list of data processors may be requested from the Controller at any time by writing to email@example.com .
Furthermore, the data may be communicated to the competent authorities, in the event of specific requests which the Controller is compelled to fulfil.
If applicable, these entities will act as autonomous data controllers.
Personal data will not be disseminated or disclosed under any circumstances.
4. Transfer of data outside the European Union
The Controller may transfer certain data relating to the User outside the European Union to providers of services implemented on or via the site
(e.g. the newsletter service), based in the USA. The Company carries out the aforementioned transfer through the use of standard contractual clauses adopted by the
The Controller does not carry out other transfers of User’s personal data outside the European Union. However, whether a transfer should take place, the Company shall
carry out the aforementioned transfer through the use of standard contractual clauses adopted by the European Commission or, alternatively, on the basis of a Commission
adequacy decision or other appropriate instrument under the GDPR.
You may obtain information on the place where your data has been transferred and copies of such data by writing to the contact details set out in paragraph 5.
5. Rights of the data subject
In their quality of data subjects and in accordance with current regulations, users have the following rights:
Right of access (Article 15, GDPR):
you may request and obtain information about the existence of your data available to the Controller and access to such data;
Right to rectification (Article 16, GDPR):
you may request and obtain the amendment and/or correction of your personal data if you believe it is inaccurate or incomplete;
Right to erasure / “Right to be forgotten” (Article 17, GDPR):
in certain circumstances, you may request and obtain the erasure of your personal data if it is not necessary - or no longer necessary - for the purposes mentioned above,
once the retention period indicated in paragraph 4 has expired;
Right to restriction of processing (Article 18, GDPR):
in certain circumstances, you may request and obtain a restriction of the processing activities involving your personal data;
Right to data portability (Article 20, GDPR):
in certain circumstances, you may request and obtain the personal data concerning you, in a structured, commonly used, machine-readable format. You may also request
and obtain that such data be transmitted to another data controller without hindrance by the Controller;
Right to object (Article 21, GDPR):
at any time, you may object to processing of personal data concerning you based on Article (1)(f), GDPR.
Requests to exercise your rights may be addressed to Storykube S.r.l., with registered office in Via Marsala no. 29/H, Rome or to
We would also like to inform you that, in accordance with the regulations in force, you may lodge any complaints regarding the processing of your personal data with the
Italian Data Protection Authority.
6. About cookies
Cookies are pieces of information sent by a web server (e.g., the Site) to your web browser (i.e., the application used to browse the Internet), automatically stored on
your device and automatically sent back to the server each time you access the website.
By default, almost all web browsers are set to automatically accept cookies. Typically, cookies can be installed:
- directly by the owner and/or administrator of the website (first-party cookies);
by parties external to the website visited by the user (third-party cookies). Unless otherwise specified, these cookies fall under the direct and exclusive responsibility
of the third party itself. Further information on privacy and their use can be found directly on third-party websites.
Cookies can be classified as follows.
Classification of cookies according to their storage time
these are not permanently stored on the user’s computer and are deleted when the browser is closed. They are strictly limited to the transmission of session identifiers,
which are necessary to allow the safe and efficient exploration of the site, avoiding the use of other IT techniques that could potentially prejudice the confidentiality
of users’ browsing.
these remain stored on the hard disk of the device until they expire or are deleted by the user. Through persistent cookies, visitors accessing the site
(or any other users of the same device) are automatically recognised at each visit. Users can set their computer browser to accept/reject all cookies or to display a
warning whenever a cookie is proposed/requested, so that they can decide whether to accept/provide it. The user may, however, change the default configuration and disable
cookies (i.e., block cookies permanently), thus setting the highest level of protection.
Classification of cookies according to their functionality
these are used to log in, to make use of media contents or to allow the choice of navigation language. It is therefore not necessary to obtain the user’s prior informed
consent for their use. This class also includes cookies used to statistically analyse access/visits to the site only if they are aggregated and used for statistical
these are used for profiling and marketing purposes. Their use is forbidden unless the user/data subject has been adequately informed beforehand and has given their
valid opt-in consent. These types of cookies can, in turn, be grouped according to the functions they perform in:
these are used to collect and analyse statistical information on access/visits to the website. When associated with other information, such as the credentials entered
to access restricted areas (your email address and password), they can be used to profile the user (visited websites, content downloaded, types of interaction carried
out, personal habits, etc.);
these include all the graphic components of a user interface, which aim to facilitate user interaction with the programme used. By way of example, Facebook, Twitter
or LinkedIn cookies are widgets;
these are used to advertise on a website. This group may include cookies from Google or Tradedoubler;
web beacons / Pixels:
these are code snippets that allow a website to transfer or collect information by requesting a graphic image. Websites may use them for various purposes, such as
analysing website usage, monitoring and reporting on advertisements, as well as customizing advertisements and content in general.
7. Cookies used on the Site
This Site may use, also in combination, the following types of cookies, according to the indications of the Italian Data Protection Authority and to the official
documents issued by the European Data Protection Board:
a. Technical cookies for which consent is not required
The Data Controller will install - or allow third parties to install - in your browser a few cookies necessary to acquire, in an anonymous and aggregate form, statistical
information relating to your navigation on the pages of the Site.
b. Analytics cookies
The Controller collects cookies or statistical information on the use of the Site by users. These cookies are used to analyse our pages anonymously, without storing
About the processing of personal data performed by the social media platforms used by the Controller, please see the information provided by them through their privacy
Here is a detailed list of the tracking tools we use:
Amazon Web Services (AWS)
- Provider: Amazon Web Services, Inc.
- Purpose: Hosting and backend infrastructure
- Service Description: Amazon Web Services (AWS) is a hosting and backend service provided by Amazon Web Services, Inc.
Google Analytics with anonymized IP
- Provider: Google LLC / Google Ireland Limited
- Purpose: Statistics
- Personal data collected: Tracking tools / Usage data
- Personal data collected: Tracking tools / Usage data
Google may use Personal Data to contextualize and personalize ads in its ad network.
This Google Analytics integration anonymizes your IP address. The anonymization works by shortening within the borders of member states of the European Union or other countries that are parties to the Agreement on the European Economic Area the IP address of Users. Only in exceptional cases will the IP address be sent to Google's servers and abbreviated in the United States.
- Provider: Google LLC
- Purpose: Displaying content from external platforms
- Personal data collected: Usage data Tracking tools
- Service Description: Google Fonts is a font style display service operated by Google LLC that allows this Application to integrate such content within its pages.
- Provider: Intuit Inc.
- Purpose: Managing contacts and sending messages
- Personal data collected: Email
- Service Description: Mailchimp is an address management and email message sending service provided by Intuit Inc.
Hotjar Heat Maps & Recordings
- Provider: Hotjar Ltd.
- Purpose: Heat mapping and session recording
Description: Hotjar is a heat mapping and session recording service provided by Hotjar Ltd.
Hotjar respects generic "Do Not Track" headers. This means that the browser can instruct the script not to collect any User data. This is a setting that is available in all major browsers. More information about opting out of Hotjar is available here.
- Provider: Microsoft Corporation
- Purpose: Heat mapping and session logging
- Personal data collected: Tracking tools
Description: Microsoft Clarity is a heat mapping and session recording service provided by Microsoft Corporation.
Meta ads conversion monitoring
- Provider: Meta Platforms, Inc. / Meta Platforms Ireland Limited
- Purpose: Statistics
- Personal data collected: Tracking tools / Usage data
Description: Meta ads conversion tracking (Meta pixel) is a statistics service provided by Meta Platforms, Inc. or Meta Platforms Ireland Limited, depending on how the Data Controller manages the processing of the Data, which links data from the Meta ad network with actions taken within this Application. The Meta pixel monitors conversions that can be attributed to Facebook, Instagram, and Audience Network ads.
- Provider: Stripe Inc / Stripe Technology Europe Ltd / Stripe Payments Ltd
- Purpose: Management of payments
Description: Stripe is a payment service provided by Stripe Inc, Stripe Technology Europe Ltd or Stripe Payments Ltd, depending on how the Data Controller manages the processing of the Data.