The “Data Controller”
Pursuant to art. 13 of D.Lgs. 196/2003, the Protection of Personal Data Act, Sottosopra sas (hereinafter also referred to as:  DO NOT IRON) with registered office in  Milan (MI), Via San Francesco D’Assisi, 6 – 20122 Milan – Italy, is the Data Controller, pursuant to  art. 28 of D.Lgs. 196/03, in charge of the processing of your personal data. Please note that your personal data acquired will be processed in compliance with the above-referred law. Concerning the processing of your personal data, the Data Controller also provides the following information.

What type of personal data do we record?
We record the personal data sent by users, for example on issue of an order or when the customer contacts our customer service. The personal data sent includes for example contact data, address, date of birth and information on payments. We may also record personal data from external sources, such as credit information and address updates.

How do we use your personal data? 
Your personal data may be used for the following purposes:

  • To create and manage your personal account on Do Not Iron
  • To process your orders and returns via our on-line services
  • To send notifications and text messages concerning the progress of your shipments
  • To contact us in the event of any problems in the delivery of your order
  • To reply to your questions and inform you of new services or changes in existing services
  • To send commercial offers, such as newsletters and discount vouchers
  • To manage your account and run credit checks
  • To carry out analyses in order to provide you with commercial offers and the most interesting information for your profile
  • To send surveys to help us better target our range and our services
  • To test and improve the systems we use to provide our services
  • To prevent the improper use or abuse of our services

Place of Data Processing.

c/o OVH Srl with offices in Via Trieste, 25 – 20097 San Donato Milanese (MI)

Duration of the processing.

Your data will be processed for as long as is necessary to ensure our commercial relations and will be kept as long as necessary to satisfy the above purposes, or for the period indicated by law. After this period, your personal data will be deleted.

What are your rights? 
You have the right at any time (and free of charge every year) to request information on your personal data in our possession. If your data is not correct, or is incomplete or irrelevant, you may request that your information be corrected or deleted. We cannot delete your data if it is kept by law, for example due to the accounting laws, or if there are any other legitimate reasons for keeping your data, such as outstanding payments. You can at any time withdraw your consent to the processing of your data for commercial purposes. You can contact us by sending an e-mail to our customer service .

Who has access to your personal data? 
Your data may be disclosed within the company Do Not Iron. Do Not Iron will not disclose, sell or exchange your data for commercial purposes to other parties outside of Do Not Iron. The data may be disclosed to third parties solely to provide the above-mentioned services, for example to couriers delivering the goods purchased by you, e-mail marketing platforms for sending out newsletters and debt collection or credit rating agencies to check your credit rating, identify customers or collect any outstanding payments.

How do we protect your personal data? 
We have adopted all the technical and organisational measures available to protect your data from losses, tampering and unauthorised access. We constantly adapt our safety measures in line with technological progress and developments. To make credit card payments as secure as possible, all data is sent in encrypted form. This means that the data passes through secure connections and personal information cannot be read by outside parties. For purchases by credit card, we collaborate with an authorised payment agency, which helps us to directly check with your bank that the card is valid for making purchases. For payments by credit card, we reserve the right to check your identity.


HTTP Cookies (commonly known as Web cookies, tracking cookies or simply cookies) are strings of text used for automatic authentication, to track sessions and save specific information concerning users accessing the server, such as preferred websites or, for purchases on the Internet, the content of the “shopping cart”.

Specifically, they are small text strings sent from a server to a  client website (usually a browser) and then sent back to the client on the server (without any modification) every time the client accesses the same part of the same web domain.

For the purposes of the provisions of the Privacy Authority, no. 229 of 8 May 2014, two macro-categories have been identified: “technical” cookies and “profiling” cookies.

Technical Cookies.

Technical cookies are those used solely for the “transmission of a communication on an electronic communication network, or where strictly necessary to the supplier of a company service of the information explicitly requested by the subscriber or user to deliver this service” (see art. 122, paragraph 1 of the Privacy Code).

They are not used for any other purposes and are usually installed directly by the website owner. They may be divided into navigation or session cookies, which ensure the normal navigation and use of the website (allowing, for example, purchases or authentication to access reserved areas); analytical cookies, which are considered technical cookies where used directly by the website manager to collect information, in aggregated form, on the number of users and how they visit the website; function cookies, which allow the user to navigate according to a series of selected criteria (for example, language, the products selected for purchase) in order to improve the services provides.
The prior consent of the users is not required for the installation of these cookies, but information must be provided pursuant to art. 13 of the Code, that the website manager, when using only these devices, may provide in the most appropriate methods.

Profiling cookies.

Profiling cookies are used to create user profiles and are used in order to send advertising messages in line with the preferences shown by the user when navigating the web. Due to the specifically invasive nature these devices may have on the users’ privacy, European and Italian law requires that users be appropriately informed on the use of these cookies in order to express their valid consent.

Every domain or portion thereof which is visited via a browser may set cookies. As a typical Internet page, such as that of an on-line newspaper, contains objects from many different domains and each one may set their own cookies, we usually host hundreds of cookies in our browser. The purpose is to record, and sometimes track, information concerning the navigation experience, passing from one page to another on the website and keeping the user authenticated, saving entered user preferences (username, password etc.), tracking tastes and preferences in order to better manage the users’ presence and send targeted marketing initiatives. When limits are set on their use, this certainly affects the user status during consultation. Blocking or removing them from the browser cache could lead to the incomplete user of the services offered by the web application. The website could use third party cookies to collect information on visitors, keywords used to reach the website, or other websites visited; in this case you may consult an information notice specifying the use that DO NOT IRON makes of Cookies at http:// The DO NOT IRON website could use both persistent Cookies and session Cookies. The former continue to run even after having closed the browser in order to ensure more rapid access to the preferences set in a previous session. The latter on the other hand last only for the session in use and expire when the session is closed.

Social Media

The website could offer access to a range of “Social Media” services (which may include, but are not limited to Facebook, Instagram etc.); these services provide areas for comment, chat walls, public forums and other communication platforms. Concerning the specific use of chat services, Do Not Iron recommends caution on the disclosure of personal information when using these platforms. The terms of use and Privacy policies applicable to these social media published on each website govern the information provided. Do Not Iron does not run any controls on the use of the personal information provided in a public forum, comment area, wall, and the user is the sole person responsible for any information disclosed.

Further information on the processing and communication of data provided directly or otherwise acquired can be requested from the Data Manager appointed for the processing of data, Elena Milazzo, at the company headquarters. This information notice does not exclude the fact that other information may be provided verbally to the persons concerned at the time of data collection. Taking note of this communication shall be deemed to constitute express consent for the processing of your personal data pursuant to art. 23 of D.Lgs. 196/03.


Sottosopra sas – Do Not Iron
Via San Francesco D’Assisi 6
20122 Milan (Italy)
VAT Reg. no. 03713210965
Milan, 01 June 2016