Cookies policy





The site (hereinafter, the Site) uses cookies. Therefore, in accordance with the legislation on the processing of personal data and, in particular, in compliance with Regulation (EU) 2016/679 (hereinafter, “GDPR”), UP TO YOU S.r.l. in S.B. (hereinafter, the Data Controller) provides You with the following information regarding the processing of Your personal data by the cookie.


1. What is a cookie?

Personal data are processed using cookies. Cookies are text strings sent and stored on the User's computer from the Site (for more information, see

Cookies are used to make Your online experience more efficient and enjoyable, recognize you whenever you visit this website in order to speeds up Your access to the Site, obtain information about Your preferences and use of our website and carry out research and statistical analysis to help improve our content and services and to help us better understand our users' requirements.


There are different types of cookies:

  • first party/third party cookies: cookies can be installed by the operator of the website the user is visiting (“first party cookies”) or by other websites (“third party cookies”)
  • session cookies/persistent cookies: cookies can be automatically eliminated any time the website browsing session ends or when the browser is closed (“session cookies”) or permanently stored in the user’s device until their expiration or deletion by the user (“persistent cookies”)


The Site uses the following types of cookies:

a)     technical cookies (which guarantee the navigation and operation of the Site), for which the consent of the User is not required;

b)    analytical cookies managed directly by the Data Controller and by third parties (which guarantee the optimization of the usability of the Site, by collecting data in aggregate form), for which the consent of the User is not required.

The Site does not use profiling cookies.


2. Cookies on the Site and data retention period






Requested Functionality Cookies


Stores the Order ID that guest shoppers use to retrieve their order status.


Requested Functionality Cookies


Preserves the destination page the customer was navigating to before being directed to log in.


Requested Functionality Cookies 


Tracks error messages and other notifications that are shown to the user, such as the cookie consent message, and various error messages, The message is deleted from the cookie after it is shown to the shopper.

 1 year

Requested Functionality Cookies 


Stores translated content when requested by the shopper.

Per local storage rules

Requested Functionality Cookies 


Tracks the version of translations in local storage

Per local storage rules


Requested Functionality Cookies 


Stores configuration for product data related to Recently Viewed / Compared Products.

Per local storage rules

Requested Functionality Cookies 


Stores product IDs of recently compared products.

Per local storage rules

Requested Functionality Cookies 


Stores product IDs of previously compared products for easy navigation.

Per local storage rules

Requested Functionality Cookies 


Stores product IDs of recently viewed products for easy navigation.

Per local storage rules

Requested Functionality Cookies 


Stores product IDs of recently previously viewed products for easy navigation.

Per local storage rules

Requested Functionality Cookies 


Records the time messages are sent by the SendFriend (Email a Friend) module.


Requested Functionality Cookies 


Configuration setting that improves performance when using Varnish static content caching.

Per local storage rules

Persistent Customization Session Cookies


(Used by Amazon Pay) Value “1’ indicates an authorization error.

 1 anno

Persistent Customization Session Cookies 


(Used by Amazon Pay) Value “1” indicates that the user should be logged out.

 1 day

Persistent Customization Session Cookies


A security measure that appends a random string to all form submissions to protect the data from Cross-Site Request Forgery (CSRF).


Persistent Customization Session Cookies


The value of this cookie triggers the cleanup of local cache storage. When the cookie is removed by the backend application, the Admin cleans up local storage, and sets the cookie value to “true.”


Persistent Customization Session Cookies


Local storage of visitor-specific content that enables ecommerce functions.


Persistent Customization Session Cookies


Forces local storage of specific content sections that should be invalidated.

Per local storage rules

Persistent Customization Session Cookies


Stores the key (ID) of persistent cart to make it possible to restore the cart for an anonymous shopper.

Per local storage rules

Persistent Customization Session Cookies


Appends a random, unique number and time to pages with customer content to prevent them from being cached on the server.

1 year

Persistent Customization Session Cookies


Stores customer-specific information related to shopper-initiated actions such as display wish list, checkout information, etc.


Persistent Customization Session Cookies


Tracks the specific store view / locale selected by the shopper.

 1 year

Google Analytics Cookies






Distinguishes shoppers and sessions

2 years


Used to throttle request rate

10 minutes


Determines new sessions/visits

30 minutes


Saves the traffic source or campaign that explains how the shopper reached your site

6 months


Stores visitor-level custom variable data

2 years

For more information on Google Analytics Cookies and how to disable, see and


3. Management and disabling of cookies

In addition to the previous pages, to find out how your browser stores cookies during your navigation and to manage the disabling options, please follow these links, depending on the browser used:


Mozilla Firefox

Google Chrome

Internet Explorer/Edge


Safari 8 Yosemite

Safari on iPhone, iPad, o iPod touch




For more information about cookies and how they are managed, please visit the following pages: , and


4. Processed data, purpose of processing and lawfulness

The Data Controller processes your personal data, by the cookies, for contractual purposes and/or connected to the execution of pre-contractual measures on your specific request, as well as to fulfil to eventual legal obligation related to those purposes. In this case, the necessity to proceed with the processing in order to perform the agreement and/or to manage the pre-contractual relationship, provides the legal basis.


5. Optional nature of consent and consequences in case of lack of consent

In relation to personal data processed and retained for the purposes referred to in point a), number 4 of this information to data subject (contractual and pre-contractual purposes), the communication of personal data is both a contractual obligation and a necessary requirement for the pre-contractual negotiation performance and for the conclusion of the contract. The data subject has the right to provide personal data; however, in case of failure to communicate such data, it will not be possible to correctly visit the Site.


6. Recipients of data

The Data Controller may have to communicate Your personal data to the following subjects, qualified as Persons in charge or Joint Controllers or Data Processors:

  1. employees or collaborators or consultants (e.g.: accountants, lawyers, auditors, social media managers, etc.) of the Data Controller
  2. companies operating in the electronic payments sector
  3. IT consultants and technicians
  4. consultants in the field of marketing, communication and market research
  5. credit institutions and insurance companies
  6. public administrations
  7. judicial authorities, judicial operators and police forces
  8. supervisory and financial authorities.

The list of Persons in charge, Joint Controllers and Data Processors is available to data subjects.

The transfer of personal data to the aforementioned subjects, if based in a third country or international organization, is carried out according to a decision of suitability of the European Commission, which evaluates how the third country, the territory or one or more specific sectors in the third country or the international organization ensure an adequate level of protection of the data subject’s rights. In the absence of such decision, the Data Controller – if deemed in any case appropriate – reserves himself the right to conclude specific separate agreements that oblige such subjects to adopt adequate security and also organizational measures, in order to offer appropriate guarantees related to the data subject’s rights. The data may be transferred in the following countries: U.S.A. In order to obtain a copy of those data or the place where they are made available it is possible to send a request to the Data Processor, at the above-mentioned addresses.


7. Modalities for providing the consent

The consent, if requested, can be given through the following technologies by signing a digital document, also by specific checkbox.


8. The source of personal data

Only the data provided in the respect of the current information to data subject, collected by our locations or by email, will be processed. The data, resulting from public available sources, will not be processed.


9. Categories of data

The data subject’s personal data will be processed.


10.  Children under 16 years old

The Site and the services are not intended for children under 16; therefore, the Data Controller does not intentionally process personal data of children under 16 years.

However, the Data Controller is aware of the impossibility to prevent access to the Site and its use to minors under 16 years in advance; therefore, the Data Controller reserves the right to check the age of the users and to deny them access to the services, if they are under 16 years.

These subjects can access the services only if and to the extent that the consent to the processing of their personal data is provided or authorized by the holder of parental responsibility.

By accepting this information to data subject, the user declares to be at least 16 years old.


11. Right to object

The data subject has the right to object in the circumstances listed hereinbelow:

  • At any time, in relation to reasons related to your particular situation, to oppose to the processing of personal data concerning yourself, according to point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. The Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;
  • Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing;
  • Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes;
  • Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, on grounds relating to the particular situation, the data subject shall have the right to object to the processing of personal data concerning itself, unless the processing is necessary for the performance of a task carried out for reasons of public interest.


12. Other rights

The Data Controller shall also inform the data subject about the existence the following rights:


  • The right of access by the data subject: the data subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and other specific information, pursuant to article 15 of the GDPR;
  • The right to rectification: the data subject shall have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement, pursuant to article 16 of the GDPR;
  • The right to erasure/right to be forgotten and the right of withdrawal of the consent: the data subject shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay and the Data Controller shall have the obligation to erase personal data without undue delay where the grounds set out in article 17 of the GDPR apply. In relation to the withdrawal of the consent, the data subject has the right to revoke the consent in any moment without prejudice to the lawfulness of the processing based on the consent given before the withdrawal;
  • The right to restriction of processing: the data subject shall have the right to obtain from the Data Controller restriction of processing where the grounds set out in article 18 of the GDPR apply;
  • The right to data portability: the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from the Data Controller to which the personal data have been provided under the conditions set out in article 20 of the GDPR;
  • The right to object to marketing communications: the contractor has the right to oppose, in every moment, free of charge, to the receipt of commercial communication.


13. Exercise of the rights

The request to exercise the rights outlined in this information to data subject must be addressed directly to the Data Controller at the email address indicated, or by register mail indicated


14.  Contact persons

Data Controller: UP TO YOU S.R.L. S.B. (C.F. e P. IVA 10856450969), with registered office in via Maurizio Quadrio n. 20 (20154) Milano.

For more information on GDPR see


15. Acceptance of cookies

By continuing to browse the Site, you accept this document. In case of non-acceptance of cookies by abandoning the navigation, any cookies already registered locally on the User's computer will remain registered there, but will no longer be read, nor used by the owner of this Site.

UP TO YOU S.R.L. reserves the right to modify and update this document. Therefore, it is advisable to periodically consult the information to data subject in order to know promptly any changes and updates, provided that the use of the Site, after the publication of such changes and updates, constitutes acceptance of the same.


This document can be changed at any time. Consultation is recommended for each access.


Last update: 15/11/2019