Privacy Policy

1. Data Controller

The Data Controller for personal data processing is Smatily GmbH, with registered office at Friedrichstraße 123, 10117 Berlin, Germany, VAT Number DE 314 728 956, Share Capital €25,000.

For any information regarding the processing of personal data, you can contact the Data Controller:

• Email: info@smatily.com
• Address: Friedrichstraße 123, 10117 Berlin, Germany

2. Types of Data Collected

Smatily GmbH collects the following categories of personal data:

• Browsing data: IP addresses, browser type, operating system, pages visited
• Voluntarily provided data: name, surname, email, address, telephone
• Payment data: necessary to process orders (managed by secure external providers)
• Cookies and similar technologies: to improve browsing experience

3. Purpose of Processing

Personal data is processed for the following purposes:

• Order and shipping management
• Customer support and complaint management
• Tax and accounting compliance
• Sending marketing communications (with prior consent)
• Statistical analysis and service improvement
• Fraud prevention and site security

4. Legal Basis for Processing

Data processing is based on:

• Contract: for the execution of requested orders and services
• Legal obligation: for tax and regulatory compliance
• Consent: for sending marketing communications
• Legitimate interest: for security and fraud prevention

5. Processing Methods

Data processing is carried out using IT and electronic tools, with organizational and logical methods strictly related to the indicated purposes. Data is protected by adequate technical and organizational security measures to ensure an appropriate level of security relative to the risk.

6. Data Communication and Disclosure

Personal data may be communicated to:

• Couriers and shipping companies for product delivery
• Banks and payment institutions for transactions
• Tax advisors and accountants for legal compliance
• Competent authorities for legal obligations
• IT and hosting service providers

Data will not be disclosed or sold to third parties for marketing purposes without explicit consent.

7. Data Transfer Outside the EU

Some services used (such as cloud services) may involve the transfer of data outside the European Union. In such cases, we ensure that providers guarantee adequate protection measures compliant with GDPR.

8. Retention Period

Personal data will be retained for:

• Order data: 10 years for tax obligations
• Marketing data: until consent is withdrawn
• Browsing data: maximum 12 months
• Technical cookies: session duration
• Analytical cookies: maximum 14 months

9. Data Subject Rights

Under EU Regulation 2016/679 (GDPR), the data subject has the right to:

• Access: obtain confirmation and information about processing
• Rectification: correct inaccurate or incomplete data
• Erasure: request data deletion ("right to be forgotten")
• Restriction: restrict processing under certain circumstances
• Portability: receive data in a structured format
• Objection: object to processing for legitimate reasons
• Withdrawal of consent: withdraw consent at any time

To exercise these rights, contact the Data Controller at email address info@smatily.com.

10. Cookie Policy

The site uses technical cookies necessary for operation and analytical cookies to improve user experience. For more information, please refer to our Cookie Policy.

11. Minors

The services of Smatily GmbH are not intended for minors under 18 years of age. We do not knowingly collect personal data from minors without parental consent.

12. Changes to Privacy Policy

The Data Controller reserves the right to modify this Privacy Policy at any time. Changes will be published on this page with an indication of the update date.

13. Complaints

The data subject has the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) if they believe that the processing violates the GDPR.