The explicit and voluntary submission of messages to the contact addresses, as well as the completion and submission of forms on the website, involve the collection of the sender's contact data and any personal data included in the communications.

Such data is processed for the following purposes, in compliance with the relevant legal bases of processing, and is retained for a period not exceeding that necessary for the purposes for which it was collected and processed.

3.2.1 Purpose: Responding to inquiries sent by the data subject for legitimate interest, processing is necessary to respond to the requests; for the performance of pre-contractual measures taken at the data subject's request.

3.2.2 Purpose: Sending direct promotional information for marketing activities (in the case of consenting to subscribe to the newsletter). Such communications will be conducted via email and not through other channels such as phone calls, postal mail.

Legal basis: Consent of the data subject.

The data is provided directly by the data subject through the completion of a form and the submission of one or more reviews to be published on the website. The completion of the review is optional, explicit, and voluntary and involves the collection of the sender's contact information, as well as any personal data included in the review. Additionally, users are given the option to have their reviews published on the website.

Users are responsible for the content of their reviews.

Legal basis: Legitimate interest in providing the service offered.

During the normal navigation of this website, certain personal data necessary for its proper functioning are collected. This data includes IP addresses or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.), and other parameters relating to the user's operating system and computer environment. Navigation data is collected anonymously and is not used to identify users. The collection of such data serves the sole purpose of gathering statistical information about the use of the site and its services.

According to Article 2-quinquies of Legislative Decree August 10, 2018, No. 101, a minor of at least fourteen years old has the right to consent to the processing of their personal data to receive services directly from the information society. However, when it comes to such services, the processing of personal data of a minor under the age of fourteen is considered lawful only if consent is given by a parent or a person with parental responsibility, as provided for in Article 6(1)(a) of the Regulation.

The processing of data is carried out using tools and procedures that ensure their security and confidentiality. Data may be processed both in paper form and through the use of automated computer systems that allow for the storage, management, and transmission of data.

The Data Controller processes the data at its operational offices, both within the European Union and the European Economic Area. In the event that, for technical, organizational, or operational reasons, it is necessary to involve entities (such as those listed above) outside the European Union or the European Economic Area, we would like to inform you that the Company will ensure that the processing of data by such entities complies with applicable regulations. Adequate security measures will be implemented, such as adequacy decisions, Standard Contractual Clauses approved by the European Commission, or other considered appropriate safeguards. If you require further information, you can contact us by sending an email to info@celestialgallery.com.

Personal data will not be disclosed or made available to unspecified individuals through their disclosure or consultation.

The data may be communicated, within their respective jurisdictions, to public or private entities when there is an obligation (or the authority recognized by laws, secondary or community regulations) or a need to communicate with such entities.

Articles 15 to 22 of the EU GDPR 2016/679 grant specific rights to data subjects. These rights include the right to obtain confirmation of the existence of their personal data, access to such data, and the ability to correct or delete them, restrict or object to their processing. Data subjects also have the right to data portability, communication of their data, and knowledge of the purposes of the processing. They can also withdraw consent at any time without affecting the lawfulness of the processing carried out before the withdrawal. Data subjects have the right to request the anonymization of their data or the blocking of data processed in violation of the law, as well as the update or integration of data if there is a legitimate interest. Data subjects have the right to object to the processing for legitimate reasons.

Any changes to personal data must be promptly reported to the Data Controller to comply with Article 16 of the GDPR, which requires that collected data be accurate and up-to-date.

Data subjects who believe that the processing of their personal data through this website is in violation of the provisions of the Regulation have the right to lodge a complaint with the competent supervisory authority (in Italy: Garante per la protezione dei dati personali www.garanteprivacy.it), as provided for in Article 77 of the Regulation, or to take appropriate legal action (Article 79 of the Regulation).

Updated on 04/06/2023.