The following Privacy Policy is drawn up to raise awareness of the privacy principles governing the use by M Stretch S.p.A. of the data collected from users/visitors through this website. For this purpose, this policy describes the website’s management methods in relation to the processing of personal data of users/visitors who consult it. The following information is provided to those who interact with web services electronically accessible starting from the address, according to GDPR – Reg. (EU) no. 679/2016 and the Legislative Decree no. 196/2003, amended by Legislative Decree no. 101/2018.

The information refers exclusively to this website and not to other websites that may be consulted by the user through the links posted on this website. By using or consulting the aforementioned website, visitors and users explicitly approve the following Privacy Policy and consent to the processing of their personal data regarding the methods and purposes described below.

1. Data Controller

M Stretch S.p.A., with registered office in Via Chiaravalle 7 – 20122 Milan – Italy, tel. +39 02 67741413, e-mail:, in the person of its pro-tempore legal representative, is the Data Controller of the processing carried out at the company headquarters for the purposes provided by this Privacy Policy.

2. Legal basis of the processing

M Stretch S.p.A. carries out the processing of personal data:
– on the basis of the consent given by the user for requesting information, pursuant to art. 6, par. 1, lett. a) GDPR;
– to enforce the contractual obligations of the interested party, pursuant to art. 6, par. 1, lett. b) GDPR;
– to fulfill a legal obligation to which the Data Controller is subject, pursuant to art. 6, par. 1, lett. c) GDPR.

3. Personal data collected

As part of this Privacy Policy, “personal data” means any information that could allow the identification of the user. In particular, the following data may be collected by browsing this website:

  • Browsing data

The computer systems and software procedures used to operate this website regularly acquire some personal data that are then transmitted by means of Internet communication protocols. We are dealing with information that, by its nature, could allow users and visitors to be identified through associations and processing with data held by third parties.
This category of data includes, for example, the IP address, the domain names of the computers used by the users/visitors that connect to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the date and time of the request and the method used in submitting it, the size of the response file, the numeric code indicating the status of the response given by the server and other parameters relating to the operating system and the computing environment of the user.
These data are collected automatically and exclusively in order to allow browsing on the website, and they can also be used for statistical surveys in a completely anonymous manner. The data could be used by the Judicial Authority to check the responsibility in the event of hypothetical computer crimes against the website.

  • Data provided voluntarily and directly by users

The user is free to provide the personal data requested in the forms or indicated in specific sections of the website in order to obtain information or other communications. Their absence does not involve the impossibility of obtaining what is required also anonymously.
By way of example, the name, surname and contact details are covered by this category of data. Any request for information or service from the user/visitor will entail the acquisition by M Stretch S.p.A. of the sender’s address and/or any other personal data that will be processed exclusively in order to respond to the request, or to provide the related service.

4. Purpose of processing

The purpose of data processing is to:

  1. provide services offered through the website;
  2. perform instrumental activities for the Company in order to improve services and/or guarantee its functionality.

For security purposes, the data automatically registered may also include personal data such as, for example, the IP address. This could be used in compliance with the laws in force on the matter, to block attempts that could damage the website, to cause damage to other users or, in any case, harmful activities or activities representing a crime. These data are never used for user’s identification or profiling, but only for protecting the website and its users. The data used for website security purposes (blocking attempts that could damage the website) is stored for 7 days.

5. Nature of data provision

  • No consent is required for processing the personal data collected for the purposes referred to in point 4 of the previous paragraph, as they are used for the fulfillment of legal and contractual obligations connected to the provision of the services offered.
  • The compilation of the forms and the consequent provision of data are optional and are necessary to respond to the requests included in the message by the Customer/User. Failure to provide the aforementioned data will make it impossible to process the request received.

6. Processing method

The processing of data for the aforementioned purposes is carried out using both automated methods, electronic or magnetic, and non-automated, on paper, in compliance with the privacy and security rules provided for by the Law, the Guidelines and internal regulations.

7. Storage time and security of the processing

Personal data are processed for the time strictly necessary to fulfill the purposes referred to in point 4) and for which they were collected. Specific security measures are followed in order to prevent the loss of data, illegal or incorrect use.

8. Communication recipients

The processing operations related to the web services of this website are only carried out by the internal staff of the Data Controller, specifically identified as “personnel authorized for processing”, and occasionally, by subjects involved in the maintenance/management of this website, assigned as External data processors.

9. Rights of the interested party

According to articles 15-22 of the GDPRT, the user has the right to access at any time the data concerning him/her. In particular, the user may request the correction, deletion or processing limitation of the data in the cases provided for by art. 18 of the GDPR, the revocation of the consent according to art. 7 of the GDPR, and to obtain the portability of data concerning him/her in the cases provided for by art. 20 of the GDPR.

As an interested party, where applicable, the user also has the right to lodge a complaint with the Guarantor for the Protection of Personal Data in the capacity of the Supervisory Authority (Reg. No. 679/2016, art. 77), according to the procedures provided for by art. 142 of Legislative Decree no. 196/2003, amended by Legislative Decree no. 101/2018.

The user may also make a request to oppose the processing of the data according to Article 21 of the GDPR; the request must include evidence of the reasons justifying the opposition: the Data Controller reserves the right to assess the request, which cannot be accepted in the event of binding legitimate reasons that justify the processing and prevail over the interests, rights and freedoms of the individual.

Requests should be addressed in writing to the Data Controller at the aforementioned contact details, specifying the subject of the request and the right to be exercised.

The Privacy Policy published on the website is subject to periodic updates, posted and bearing the date of the update. The use of the collected data is subject to the Privacy Policy in force at the time of use.

Privacy Policy updated on 25/07/2019.