This Disclosure is protected under Directive (EU) 2016/943 and Legislative Decree 63/2018 on the protection of know-how and undisclosed business information (trade secrets), verified and validated by KELONY®.

At STEP spa, the protection of personal data means fairness and transparency.

We have therefore prepared this information in order to clearly explain how we use your personal data, to let you know and then offer our products and services, as well as improve and manage them. This allows us to offer you the best experience in your interactions with us live and in the digital world online or via Apps or dApps for cell phones and other devices.

In accordance with European Regulation 2016/679 (GDPR) on the processing of Personal Data and the protection of individuals and Legislative Decree 101/2018, this Policy provides precise guidance on how we collect, use, protect, store, share and delete your personal data. Operations, which we understand collectively we also refer to by the terms “process”, “processing” or “treatment”. We also provide you with the indications and our references so that you can contact us and exercise your rights in accordance with the regulations in force.

The Data Controller is: Step Re Umberto, 8 – 10121 Torino Italy Website:
For further details on the processing of your personal data, you can contact us at the following e-mail address:

What personal data is potentially collected and for what purposes? Location data – This is data we use to make sure we can provide you with the most relevant information based on your geographic area. This data includes, for example: your country , and therefore also your preferred language for interaction and correspondence. Connection Device Data – This is information we use to improve our services, performance and also to make our network more secure when you connect to our site. This data includes, for example: IP address, date and time of visits, length of sessions on our website, referring URL (if you arrived at our site through another website or through an advertisement), pages visited on our site, browser type, device type, version and type of operating system used.

We use your personal data to provide you with the best possible experience as our customer and to meet your expectations precisely, including over time. Specifically, we use your personal data for the purposes outlined below.

Retaining and Storing Data – We retain your personal data for a period of time reasonably necessary in relation to the purposes for which it is processed. As a result of your interactions with us, the data you have provided to us with your consent will be processed and stored for as long as the consent is effective, after which it will be securely deleted or anonymized. If our communications or broader interactions remain inactive for 24 months (from the date of the last one) we will anonymize your personal data. The deletion of your personal data, as further detailed below, may be limited by the regulatory framework that requires us to retain your personal data if necessary to assist in governmental and judicial investigations, to support legal or administrative actions. If none of these reasons apply we will securely delete it.

Consistently provide you with an excellent experience – We collect and store information that you provide to us directly or indirectly through your online visibility, reviews, connecting devices, computer or browser used, as explained below in the “Cookies” section.

We take appropriate technical, organizational and process measures to protect your personal data from: destruction, whether accidental or unlawful, loss, modification, disclosure or unauthorized access. In particular, where their processing includes the transmission of the data itself, against all other unlawful forms of processing and misuse. We are actively committed to the protection of the Personal and Particular Data that you entrust to us. Therefore, their management and security is guaranteed with the utmost care in the form and especially in the spirit required by the European Regulation 2016/679 (GDPR), on the processing of Personal Data and the protection of individuals, and the Legislative Decree 101/2018

How do we protect your data?

We have first established a Data Protection Team which can be contacted at the Data Controller’s address. The Data Controller determines the purpose and type of processing for your data; has put in place precise security measures for their protection, including choosing the Data Processors from among people with proven experience and training. Aware that the actions to be implemented are articulated and do not concern only the technological or digital part, we are committed to all security processes by implementing technical, organizational and process measures that we regularly update: for example, we use access and authentication controls, encryption, firewalls, software for the detection of malicious programs and manual security procedures – some of which are confidential – to protect the accuracy and security of the data we store. In order to comply with the principle of proportionality of processing, we limit access to data according to operational needs and take care of all aspects related to the protection of analog or digital data such as fire prevention measures. We take the protection of your personal and special data very seriously and consequently the security measures that we apply to ourselves and that we also require from our service providers, wherever they are in the world.

In order to better protect the data you entrust to us and to ensure that we have put in place substantial measures that go beyond compliance, we have decided to use a third-party verification and validation of all our protection processes.

In addition to the measures that depend on us, however, we would like to remind you that the transmission of data on the Internet is never 100% secure and we therefore encourage you to be careful when using the Internet and verify, for example, that you are only surfing on authentic sites, especially if you have to access through authentication applications with codes, PIN, etc..

Children under 16 years of age
Although our site is linked to popular social networks, it is important for us to let you know that our products and services are not intended for persons under the age of 16. We do not want to knowingly collect or process data from persons under the age of 16. If you are under the age of 16, you may not purchase or use our products or services, and we will not be liable for any loss or damage incurred from the unauthorized disclosure or processing of personal data of individuals under the age of 16.

Who do we share your personal information with?
In order to provide you with the best possible experience we share your personal data with service providers who help us provide you with the best possible service. As a Socially Responsible Company, we may be required to share your data with the following entities (as permitted and required by law).
Regulatory Authorities and Law Enforcement – Government authorities and/or law enforcement officials, if required by law or requested for the protection of our legitimate interests.
Partners – We may launch programs, events or promotions in partnership with other companies. Our partners will only use your personal information with your prior consent. If you prefer that your personal information, not be shared with a company other than ours, you can always opt out of such programs, promotions or events.
M&A Advisors – In the event that our company is acquired by another entity, your personal information will be disclosed to our advisors and any advisors of the potential acquirer, as well as the new owners of the company.

Where do we transfer your personal data? Outside the European Union?
For all the purposes set out in this Policy your personal data may be disclosed to other Data Controllers or Data Processors both within and outside the European Union. We will verify that the country in question provides an “adequate” level of protection in accordance with your rights under applicable law. If these rights are not guaranteed, we will put in place appropriate binding contractual agreements to protect your data.

What is the legal basis under which we use your personal data?
Your Consent – We need your consent to process data in order to interact with you through communications, messages, at business or social gatherings. For certain purposes, we need your permission to process your personal data or that of any individuals under the age of 18 for whom you have parental responsibility. For example, consent to receive marketing communications, or consent you have given us to share your data with service providers and partners, and to transfer such data to another country.

Compliance with Applicable Laws – We will process and use your personal data to comply with our legal obligations under applicable laws.

How to exercise them?
The General Data Protection Regulation 2016/679 (GDPR) gives you the following rights over your personal data, within the limits of the applicable legislation. If in some cases we are required by law to retain your data we will, for example, be obliged not to comply with your requests for deletion.

Access to your personal data – You have the right to request access to your personal data. This right also includes information about the following:
a) why we hold your personal data;
b) what categories of data we hold;
c) how we use your personal data;
d) who has access to your personal data (and where it is stored);
e) where your personal data may be transferred to;
f) how long we keep your personal data;
g) how we obtained your personal data if it was not provided to us directly by you;
h) the possibility of restricting their processing;
i) whether we use your personal data for automated decision-making and how.

If you would like a copy of the personal data we hold about you, you may submit the relevant request to the following e-mail address:

Complaint to a regulatory/supervisory authority – If you are dissatisfied with the way we handle your rights or with the principles we have set for the handling of your personal data, you have the right to complain to a regulatory authority in the European member state in which you are resident or in the state where your data is processed.

Deletion of your personal data held by us – If you no longer wish to interact with us, or if you would prefer that we no longer hold your data, you have the right to request that we delete all of your personal data from our systems. However, we point out that there may be legal obligations, which our company is obliged to respect, that require us not to comply with your requests.

Correction of your personal data – You have the right to verify that your personal data is correct and complete.

Limits on how we use and process your personal data – You also have the right to ask us to stop using your personal data for certain purposes.
Data Portability – You have the right to obtain a copy of your personal data in a form and manner that allows you to transfer it to a new company.