🚚 Free shipping in Italy over €30
Sign in ›

Privacy Notice

Privacy Policy

Last updated: 18 June 2026

This notice is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”) to all those who interact with the https://www.miraclay.it website and with the services offered by Miraclay.

1. Data Controller

The Data Controller is Miraclay S.r.l., with registered office in Nocera Umbra (PG), Umbria, Italia, Tax Code and VAT no. 03983580543, registered with the Companies Register — REA no. PG-369903.

For any request regarding the processing of personal data you may write to info@miraclay.it or via certified email (PEC) to miraclaysrl@pec.it.

The Controller has not appointed a Data Protection Officer (DPO), as the conditions for mandatory appointment under Art. 37 GDPR do not apply.

2. Categories of data processed

  • Identification and contact data: first name, last name, email, phone number, shipping and billing address.
  • Account data:login credentials and customer profile data (“Stable”).
  • Order and payment data: products purchased, amounts, transaction outcome. Payment card data is processed directly by the provider Stripe and is not stored by the Controller.
  • Data provided for protocols and nutrition plans: information about the horse and its needs, supplied through the relevant forms.
  • Browsing data and cookies: IP address, device data and usage statistics (see Cookie Policy).
  • Content of interactions with the virtual assistant (chatbot) and with contact forms.

3. Purposes and legal bases of processing

PurposeLegal basis
Management of orders, shipping, invoicing and supportPerformance of a contract (Art. 6.1.b)
Creation and management of the customer accountPerformance of a contract (Art. 6.1.b)
Generation of personalised protocols and nutrition plansPre-contractual measures / consent (Art. 6.1.b/a)
Tax, accounting and legal obligationsLegal obligation (Art. 6.1.c)
Response to requests via contact form or chatbotLegitimate interest / pre-contractual measures (Art. 6.1.f/b)
Sending service emails (order confirmations, shipping)Performance of a contract (Art. 6.1.b)
Marketing: newsletter, promotional emails and WhatsApp messages, lifecycle campaignsConsent (Art. 6.1.a)
Usage statistics (Google Analytics) and advertising profiling (Google Ads)Consent via cookie banner (Art. 6.1.a)

4. Methods of processing

Data is processed using electronic tools, adopting appropriate technical and organisational measures to ensure its security and confidentiality. Processing is carried out by the Controller and by persons authorised or appointed as Data Processors.

5. Recipients and data processors

Data may be disclosed to service providers acting as Data Processors, including:

  • Stripe — payment processing;
  • Hosting/infrastructure provider of the site;
  • Automation and communication-delivery services (e.g. a workflow platform for generating PDF documents, sending emails and WhatsApp messaging);
  • Virtual assistant (AI) service provider for processing the chatbot conversations;
  • Google — Analytics, Ads and Maps;
  • Consultants, accountants and parties to whom disclosure is required by law.

Data is neither disseminated nor sold to third parties.

6. Transfer of data outside the EU

Some providers (e.g. Google, Stripe, AI service providers) may process data outside the European Economic Area. In such cases the transfer takes place with adequate safeguards pursuant to Articles 44 et seq. GDPR (e.g. the European Commission's Standard Contractual Clauses or adequacy decisions).

7. Retention period

  • Order and invoicing data: for the period required by tax and civil-law obligations (typically 10 years).
  • Account data: for as long as the account remains active.
  • Data processed for marketing purposes: until consent is withdrawn.
  • Statistical and profiling data: according to the durations indicated in the Cookie Policy.

8. Rights of the data subject

The data subject may exercise at any time the rights provided for by Articles 15-22 GDPR: access, rectification, erasure, restriction, portability, objection, as well as withdrawal of consent (without prejudice to the lawfulness of prior processing). Requests should be sent to info@miraclay.it.

The data subject also has the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

9. Nature of the provision of data

Providing the data necessary for the performance of the contract and for legal obligations is mandatory: refusal makes it impossible to complete the order. Providing data for marketing purposes is optional.

10. Changes

The Controller reserves the right to update this notice. The current version is the one published on this page, indicating the date of last update.

ShopProtocols