Logo Celestial Gallery
Go to content
PRIVACY POLICY
INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA
pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR)
Privacy Policy
This page provides information regarding the processing of personal data of users who visit the website www.celestialgallery.it, in accordance with Regulation (EU) 2016/679.
The methods of processing personal data are described below, including data collected during website navigation or provided directly by users through forms and contact addresses.

1. Data Controller
The Data Controller is Cubize S.r.l., with registered office at Via Cimabue, 13 - 30027 San DonĂ  di Piave (VE) Tax Code: 04792010276 and VAT Number: 04792010276.
To contact the Data Controller, you can send an email to info@celestialgallery.it.

2. Data Protection Officer
The Data Controller is Cubize S.r.l., with registered office at Via Cimabue, 13 - 30027 San DonĂ  di Piave (VE) Tax Code: 04792010276 and VAT Number: 04792010276.

Types of Collected Data - Purposes

3.1 Processing of Personal Data for Order Fulfillment

- Data Collection: We collect personal information such as name, tax code, shipping address, phone number, and email address to process the order and ensure product delivery.

- Data Retention: Personal data is securely stored and kept in compliance with privacy regulations for the time necessary to fulfill the order and comply with local laws.

- Data Usage: Personal data is used solely for order fulfillment and communication with the customer. They will not be used for any other purposes without the user's consent.

- Data Sharing: In some cases, we may share data with third parties, such as shipping companies, to ensure proper product delivery. We ensure that these third parties respect data privacy and adopt appropriate security measures.

- User Rights: Users have the right to access, rectify, delete, and restrict the processing of their personal data. We provide a mechanism to handle such requests in a timely and efficient manner.

- Data Security: We have implemented technical and organizational security measures to protect personal data from unauthorized access or improper use.

- Data Breaches: In the event of a data breach, we will take immediate steps to mitigate the impact, notify the relevant authorities, and inform the affected individuals.

We are committed to treating our customers' personal data responsibly, respecting their privacy, and ensuring the security of information. For further details on data processing, please refer to our comprehensive privacy policy.


3.2 Contact Forms
Data provided directly by the user through the completion and submission of contact forms is collected.
The explicit and voluntary submission of messages to the contact addresses, as well as the completion and submission of forms on the website, involve the collection of the sender's contact data and any personal data included in the communications.
Such data is processed for the following purposes, in compliance with the relevant legal bases of processing, and is retained for a period not exceeding that necessary for the purposes for which it was collected and processed.

3.2.1 Purpose: Responding to inquiries sent by the data subject for legitimate interest, processing is necessary to respond to the requests; for the performance of pre-contractual measures taken at the data subject's request.

3.2.2 Purpose: Sending direct promotional information for marketing activities (in the case of consenting to subscribe to the newsletter). Such communications will be conducted via email and not through other channels such as phone calls, postal mail.
Legal basis: Consent of the data subject.

3.3. Newsletter
Data provided directly by the data subject through the completion and submission of the newsletter subscription form. The optional, explicit, and voluntary subscription to the newsletter on this website involves the collection of the sender's contact information.

The data is processed for the following purpose, in accordance with the legal basis for processing and is necessary for the purposes for which it was collected and processed.

3.3.1 Purpose: Sending direct promotional information for marketing activities.
Legal basis: Consent of the data subject - Opt-out: Possibility to revoke consent in every newsletter communication or by contacting the data controller.

For newsletter management, the emailchef platform is used. The data is transferred to the service provider for the provision of the service, and the processing is carried out in accordance with the methods specified in the service's privacy policy: https://emailchef.com/it/norme-sulla-privacy-regolamento-ue-2016-79-gdpr

3.4 Product Reviews
The data is provided directly by the data subject through the completion of a form and the submission of one or more reviews to be published on the website. The completion of the review is optional, explicit, and voluntary and involves the collection of the sender's contact information, as well as any personal data included in the review. Additionally, users are given the option to have their reviews published on the website.
Users are responsible for the content of their reviews.

3.4.1 Purpose: Responding to reviews.
Legal basis: Legitimate interest in providing the service offered.

3.5 Website Navigation Data
During the normal navigation of this website, certain personal data necessary for its proper functioning are collected. This data includes IP addresses or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.), and other parameters relating to the user's operating system and computer environment. Navigation data is collected anonymously and is not used to identify users. The collection of such data serves the sole purpose of gathering statistical information about the use of the site and its services.

3.6 Cookies
Cookies are small text strings that websites visited by the user send to their device (usually to the browser), where they are stored and then transmitted back to the same sites during the user's next visit. While browsing a website, the user may also receive cookies from different websites or web servers (called "third parties"), which can contain elements such as images, maps, sounds, or specific links to pages of other domains present on the same site. Cookies, which are often present in large numbers and can persist for a prolonged period in users' browsers, are used for various purposes, including computer authentication, session monitoring, and storing information about specific configurations of users accessing the server. In relation to this, and for the purposes of this document, two main categories of cookies can be identified: "technical" cookies and "profiling" cookies. For further information, please refer to the Cookie Policy.

4. Consent of minors for information society services
According to Article 2-quinquies of Legislative Decree August 10, 2018, No. 101, a minor of at least fourteen years old has the right to consent to the processing of their personal data to receive services directly from the information society. However, when it comes to such services, the processing of personal data of a minor under the age of fourteen is considered lawful only if consent is given by a parent or a person with parental responsibility, as provided for in Article 6(1)(a) of the Regulation.

5. Categories of recipients of personal data
The following categories of individuals may have access to your personal data:
- The Data Controller and authorized personnel who have been appointed in writing by our company, including partners, accounting staff, billing staff, sales staff, external consultants engaged, and individuals who need to access the data for legal consultations. These individuals may access the data only to perform the specific tasks assigned to them, subject to a letter of engagement or contract imposing confidentiality and security obligations.
- In addition to the Data Controller, it may be necessary to share the data with other individuals involved in the organization of this website, such as administrative, sales, marketing, legal, and system administrators. Furthermore, external parties such as third-party technical service providers, postal couriers, hosting providers, IT companies, and communication agencies may be involved. These parties may be appointed as Data Processors, if necessary. To obtain an updated list of Data Processors, you can request it from the Data Controller.

6. Methods of data processing
The processing of data is carried out using tools and procedures that ensure their security and confidentiality. Data may be processed both in paper form and through the use of automated computer systems that allow for the storage, management, and transmission of data.

The Data Controller processes the data at its operational offices, both within the European Union and the European Economic Area. In the event that, for technical, organizational, or operational reasons, it is necessary to involve entities (such as those listed above) outside the European Union or the European Economic Area, we would like to inform you that the Company will ensure that the processing of data by such entities complies with applicable regulations. Adequate security measures will be implemented, such as adequacy decisions, Standard Contractual Clauses approved by the European Commission, or other considered appropriate safeguards. If you require further information, you can contact us by sending an email to info@celestialgallery.com.

7. Communication and Disclosure
Personal data will not be disclosed or made available to unspecified individuals through their disclosure or consultation.
The data may be communicated, within their respective jurisdictions, to public or private entities when there is an obligation (or the authority recognized by laws, secondary or community regulations) or a need to communicate with such entities.

8. Rights of Data Subjects
Articles 15 to 22 of the EU GDPR 2016/679 grant specific rights to data subjects. These rights include the right to obtain confirmation of the existence of their personal data, access to such data, and the ability to correct or delete them, restrict or object to their processing. Data subjects also have the right to data portability, communication of their data, and knowledge of the purposes of the processing. They can also withdraw consent at any time without affecting the lawfulness of the processing carried out before the withdrawal. Data subjects have the right to request the anonymization of their data or the blocking of data processed in violation of the law, as well as the update or integration of data if there is a legitimate interest. Data subjects have the right to object to the processing for legitimate reasons.
Any changes to personal data must be promptly reported to the Data Controller to comply with Article 16 of the GDPR, which requires that collected data be accurate and up-to-date.
Data subjects who believe that the processing of their personal data through this website is in violation of the provisions of the Regulation have the right to lodge a complaint with the competent supervisory authority (in Italy: Garante per la protezione dei dati personali www.garanteprivacy.it), as provided for in Article 77 of the Regulation, or to take appropriate legal action (Article 79 of the Regulation).

Updated on 04/06/2023.

Back to content