Privacy Policy

D GROUP EUROPE BV, with registered address at Markt 19, Swalmen JD 6071 Netherlands, VAT no. 862132460B01 (hereinafter, the “Data Controller”), owner of the trademark and website https://stewartdawson.com (hereinafter, the “Website”), as Data Controller of the personal data of the Users who browse and who may also be registered on the Website (hereinafter also referred to simply as “Users” or “Data Subjects”), hereby provides this privacy policy pursuant to Article 13 of EU Regulation 2016/679 (hereinafter also referred to as the “Regulation” or “Applicable Law” or “GDPR”).

It is further clarified that this Website and the services possibly offered through it are reserved for individuals over the age of eighteen: the Data Controller does not, therefore, knowingly collect personal data relating to individuals under 18 years of age. In any case, upon specific request, the Data Controller will promptly delete any personal data inadvertently collected relating to individuals under the age of 18.

The Data Controller places the highest importance on the right to privacy and protection of the personal data of its Users. For any information regarding this privacy policy, Users may contact the Data Controller at any time, also using the methods described in point 5 below.

Regarding other cookies installed on our site, please consult the Cookie Policy available here: [Insert Direct Hyperlink to Cookie Policy].

1. Purposes of the Processing

The personal data of the Users will be lawfully processed by the Data Controller pursuant to Article 6 of the Regulation for the following purposes:

Website navigation: In connection with the ability to collect User data required on a technical level (so-called technical cookies), such as the IP address, while browsing the site. The legal basis for this processing is the Data Controller's legitimate interest in ensuring the proper functioning and security of the Website (GDPR Art. 6, para. 1, letter f).
Sending newsletters or other promotional material to individuals who are not Customers: In this case, the legal basis for processing is the Data Subject’s consent (GDPR Art. 6, para. 1, letter a). Data will be stored until the User objects to the newsletter via the appropriate link or through the means described in paragraph 5.
Responding to requests for information: Received by the Data Controller via the contact form or by other means (e.g., phone or email contact). The legal basis is the necessity to perform a request by the Data Subject (GDPR Art. 6, para. 1, letter b). Data will be retained for the time necessary to fulfill the request and any related follow-up.
Registration to the reserved area of the site: To monitor online purchases, order history, order status, etc. The legal basis is the necessity to perform a request by the Data Subject for account management and service provision (GDPR Art. 6, para. 1, letter b). Data will be retained for as long as the User maintains their account.
Legal obligations: Namely, to comply with legal obligations imposed by laws, authorities, regulations, or EU legislation. The legal basis is the necessity to comply with legal obligations (GDPR Art. 6, para. 1, letter c). Data will be retained for the period required by the specific legal obligation.
Contractual obligations and service provision: In the case of online purchases , to execute the General Terms and Conditions of Sale (accepted by the User at registration on the Website) and to respond, also through our customer care, to specific Customer requests. The legal basis is the necessity to perform the contract and respond to the Data Subject’s requests (GDPR Art. 6, para. 1, letter b). Data will be retained for the duration of the contractual relationship and as required by applicable accounting and tax regulations.
Contact regarding incomplete purchases: The User may be contacted via the email address or phone number provided during navigation, registration, or the beginning of the checkout process, in order to receive support for completing the purchase. The legal basis is the Data Controller’s legitimate interest in improving the customer experience and recovering potentially lost sales (GDPR Art. 6, para. 1, letter f). In the case of the use of the WhatsApp channel, contact will only occur if the Data Subject previously provided their number for communication with the Data Controller. The Data Subject may object to this processing at any time. Data will be retained for a reasonable period aimed at facilitating purchase completion, typically no longer than 7 days. If the Data Subject has provided their number for WhatsApp communication, we may use this channel to provide support for completing purchases.
Administrative-accounting purposes: To perform organizational, administrative, financial, and accounting activities functional to the fulfillment of contractual and pre-contractual obligations. The legal basis is the necessity to comply with legal obligations (GDPR Art. 6, para. 1, letter c). Data will be retained for the period required by applicable accounting and tax regulations.
Sending “soft spam” commercial communications: The Data Controller will send commercial communications regarding products similar to those already purchased, using the email addresses provided for such purchases. The legal basis is the combined provision of Art. 130, paragraph 4 of Legislative Decree 196/2003 and subsequent amendments and Art. 6, para. 1, letter f of the GDPR – legitimate interest in promoting relevant products to existing customers. Data will be stored until the User objects to this processing via the appropriate link or through the means described in paragraph 5.
Klarna payment method: In order to offer the User/Customer Klarna’s payment methods, we may transmit their personal data to Klarna during checkout. The user's personal data transferred is processed in line with Klarna’s privacy policy, available here: [Insert Link to Klarna's Privacy Policy]. By choosing this payment method, the User/Customer consents to the transmission of their personal data to Klarna.

2. Methods of Processing and Data Retention Periods

The Data Controller will process Users’ personal data using manual and IT tools, with logics strictly related to the purposes stated above and, in any case, in a way that ensures the security and confidentiality of the data. The Data Controller has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including but not limited to encryption, access controls, and regular security assessments.

Users’ personal data will be stored only as long as strictly necessary to fulfill the purposes listed in paragraph 1 above, or in any case as long as necessary for the civil protection of the interests of both the Users and the Data Controller and in compliance with legal and regulatory obligations. Specific data retention periods are outlined within the description of each processing purpose in paragraph 1.

3. Data Communication and Dissemination Scope

The personal data of the Users may be accessed by the Data Controller’s employees and/or collaborators who are authorized to process the data under the direct authority of the Data Controller for the purposes outlined in this Privacy Policy (hereinafter referred to as “Internal Data Processors”). These individuals are trained on data protection and process User data solely in accordance with Applicable Law.

Furthermore, Users’ data may be accessed by third parties who process personal data on behalf of the Controller as “External Data Processors”, such as, by way of example, providers of IT and logistics services, outsourcing or cloud computing service providers, professionals and consultants. These External Data Processors are bound by contractual obligations to process personal data in accordance with the Data Controller’s instructions and Applicable Law.

Data may also be communicated to the Tax Authority and/or other public bodies if required by law or upon their request.

Data Subjects have the right to request a list of Data Processors appointed by the Data Controller, by submitting a request using the contact methods provided in paragraph 5 below.

4. International Data Transfers

Personal data may be transferred to countries outside the European Economic Area (EEA) for specific processing purposes, such as [Specify Purposes, e.g., using specific cloud service providers]. In such cases, the Data Controller ensures that appropriate safeguards are in place to protect the personal data in accordance with Applicable Law, such as the implementation of Standard Contractual Clauses approved by the European Commission. Further information regarding specific data transfers and the safeguards in place can be requested by contacting the Data Controller using the methods provided in paragraph 5.

5. Data Subjects’ Rights

Data Subjects may exercise their rights under the Applicable Law, including the right to:

Request access to their personal data (Article 15 GDPR);
Request rectification of inaccurate personal data (Article 16 GDPR);
Request erasure of their personal data (the "right to be forgotten") under certain circumstances (Article 17 GDPR);
Request restriction of processing of their personal data under certain circumstances (Article 18 GDPR);
Object to the processing of their personal data based on legitimate interests or for direct marketing purposes (Article 21 GDPR);
Data portability, i.e., to receive their personal data in a structured, commonly used and machine-readable format and to transmit it to another controller, where applicable (Article 20 GDPR);
Withdraw their consent at any time, where processing is based on consent (Article 7 GDPR). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
Lodge a complaint with the Data Protection Authority (Article 77 GDPR).
You may contact the Data Controller to exercise your rights using the following methods:

By sending a registered letter with return receipt to the registered office of the Controller:

D GROUP EUROPE BV
Markt 19, Swalmen JD 6071
Netherlands

By sending an email to: info@stewartdawson.com