www.galleriaorsi.com collects certain Personal Data regarding its Users.
Users may be subject to different protection levels. Thus some Users enjoy a higher level of protection. Further information on protection criteria may be found in the applicability section.
Data Processing Controller
Carlo Orsi Antichità Srl
Via Bagutta 14, 20121 Milan (Italy)
Data Controller's e-mail address: firstname.lastname@example.org
Types of Data Collected
Personal Data collected by www.galleriaorsi.com, either independently or via third parties, includes cookies, usage data, e-mail address, forename, family name..
Unless otherwise specified, all data requested by www.galleriaorsi.com is compulsory. If the User refuses to communicate the data in question, it may be impossible for www.galleriaorsi.com to provide the service requested. Where www.galleriaorsi.com indicates that certain data is optional, the User is free to withhold the data in question without his or her action having any impact whatsoever on the service's availability or operation.
Users harbouring doubts regarding compulsory data are encouraged to get in touch with the Data Controller.
The User is responsible for any third parties' Personal Data obtained, published or shared on www.galleriaorsi.com and guarantees that he or she has to right to communicate and/or to disseminate such data, thus relieving the Controller of any and all responsibility towards those third parties.
Processing method and storage of the data collected
The Controller takes appropriate security measures to prevent unauthorised access to Personal Data and / or that Data's unauthorised dissemination, alteration or destruction. Processing is performed with the use of information technology tools and with organisational and logical methods strictly connected with the purposes indicated. In addition to the Controller, other individuals involved in the organisation of www.galleriaorsi.com (such as administrative, commercial, marketing, legal or systems administration staff) or third parties (such as technical services providers, postal couriers, hosting providers, IT companies and communications agencies), appointed by the Controller as Data Processors where necessary, may have access to the Personal Data. The Data Controller may be asked at any time to supply an up-to-date list of Data Processors.
Legal basis for processing
The Controller processes the User's Personal Data wherever one of the following conditions is met:
- the User has bestowed his or her consent for one or more specific purposes. NB: In certain legal contexts the Controller may be authorised to process Personal Data without the User's consent or without one or other of the legal bases specified below, unless or until the User expressly opposes such processing by availing him or herself of the opt-out option. This does not apply, however, where Personal Data processing is regulated by the relevant European Personal Data protection legislation;
- such processing is required for the implementation of a contract with the User and / or for the implementation of precontractual measures;
- such processing is required for the Controller to comply with the legal requirements by which he is bound;
- such processing is required for the implementation of a public interest duty incumbent upon, or for the exercise of public powers invested in, the Controller;
- such processing is required for the pursuit of the Controller's or third parties' legitimate interest.
It is in any case possible for the User at any time to demand that the Controller clarify the concrete legal basis of each kind of processing, and in particular that he specify whether the processing has a legal basis, is part of a contract or is required to complete a contract.
The Data is processed on the Controller's business premises and in any other place in which the parties involved in the processing may be situated. For further information, the User may get in touch with the Controller.
The User's Personal Data may be transferred to a country other than the country in which the User is located. For further information regarding the processing location, the User may refer to the section on Personal Data processing details.
In the event of a higher level of protection, the User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organisation governed by international public law or comprising two or more countries, such as for example the United Nations, and regarding the security measures adopted by the Controller to protect the Data.
If one or more of the above-mentioned transfers takes place, the User may refer to the appropriate sections in this document or seek information from the Controller by getting in touch with him via one of the contact details provided at the beginning of this document.
Duration of storage
Data is processed and stored for the time required to fulfil the purposes for which it has been collected.
- Personal Data collected for purposes connected with the implementation of a contract between the Controller and the User will be stored until the contract in question has been successfully completed.
- Personal Data collected for purposes attributeable to the Controller's legitimate interest will be stored until that interest has been met. The User may obtain further information regarding the legitimate interest pursued by the Controller either in the appropriate sections of this document or by getting in touch with the Controller.
When processing is based on User consent, the Controller may store Personal Data for a longer period of time, until that consent is withdrawn. Moreover, the Controller may be obliged to store Personal Data for a longer period of time in compliance with a legal obligation or with an order issued by the public authorities.
Personal Data is erased at the end of the storage period. Thus, once that term has expired, right of access, cancellation, rectification and data portability rights may no longer be exercised.
Purposes for which the data collected is processed
The User's Personal Data is collected for the purpose of allowing the Controller to provide his services and for the following additional purposes: statistical purposes; to get in touch with the User; to manage payments; to interact with social media and external platforms; to manage contacts; and to send messages.
For further detailed information on processing and on Personal Data relevant to each individual purpose, the User may refer to the appropriate sections of this document.
Details regarding the processing of Personal Data
Personal Data is collected for the following purposes and use of the following services:
• Getting in touch with the User
• Managing contacts and sending messages
• Interacting with social media and external platforms
• Statistical purposes
Further information on Personal Data
• Online sale of goods and services
Users may exercise certain rights in connection with the Data processed by the Controller.
In the event of a higher level of protection, the User may exercise all the rights described below. In every other instance, the User may get in touch with the Controller to find out what rights are applicable in his or her particular case and how to exercise those rights.
In particular, the User has the right to:
- withdraw his or her consent at any time. The User may withdraw consent previously bestowed for the processing of his or her Personal Data;
- oppose the processing of his or her Data. The User may oppose the processing or his or her Data when that processing is performed on a legal basis other than consent. Further details regarding the right to oppose processing are provided in the section below;
- accede to his or her Data. The User has to the right to obtain information regarding the Data processed by the Controller or regarding given aspects of that processing, and to receive a copy of the Data processed;
- to verify and demand rectification. The User may verify that his or her Data is correct and demand that it be updated and / or corrected;
- obtain limitation of processing. Under certain circumstances, the User may demand limitation of the processing of his or her Data, in which case the Controller shall refrain from processing the Data for any purpose other than its storage.;
- obtain the cancellation or removal of Personal Data. Under certain circumstances, the User may demand that the Controller cancel or remove his or her Data;
- receive Data or have it transferred to another controller. The User has the right to receive his or her Data in a commonly used structured format readable by an automatic device and, where technically feasible, to obtain the unhindered transfer of that Data to another controller. This measure is applicable when the Data is processed with automatic instruments and when processing is based on consent bestowed by the User, on a contract to which the User is party or on contractual measures connected with that contract;
- file a complaint. The User may file a complaint with the appropriate Personal Data Protection supervisory authority or take legal action.
Details regarding the right to oppose processing
When Personal Data is processed in the public interest, in the exercise of public powers invested in the Controller or in the pursuit of the Controller's legitimate interest, Users have the right to oppose processing for reasons connected with their individual situation.
Users should be aware that if their Data is processed for direct marketing purposes, they may oppose that processing without providing any reason for their opposition. To find out whether the Controller is processing data for direct marketing purposes, Users may refer to the appropriate sections of this document.
How to exercise User rights
In order to exercise User rights, Users may address a request to the Controller's contact details provided at the beginning of this document. Such requests are deposited free of charge and are addressed by the Controller as soon as possible, or within a month at the latest.
Applicability of a higher level of protection
While a majority of the measures outlined in this document are applicable to all Users, some of them are expressly subject to the applicability of a higher level of protection to the processing of Personal Data.
A higher level of protection is always guaranteed in every instance in which processing:
- is performed by a Controller with registered offices in the EU; or
- concerns the Personal Data of Users located in the EU and is functional to the offer of goods and services to those Users, whether free of charge or otherwise; or
- concerns the Personal Data of Users located in the EU and enables the Controller to monitor the conduct of those Users to the extent that that conduct takes place within the European Union.
Further processing information
The User's Personal Data may be used by the Controller in legal proceedings or in the preparatory phases of such proceedings for defence against misuse by the User of www.galleriaorsi.com or of any of the services associated with it.
The User acknowledges that he or she is aware of the fact that the Controller may be obliged to reveal his or her Personal Data in compliance with an order from the public authorities.
Maintenance and system log
For requirements associated with its proper functioning and maintenance, www.galleriaorsi.com and / or any third-party services it uses may collect system logs, in other words files which record interactions and which may also contain Personal Data such as the User's IP address.
Information not contained in this policy
Further information regarding Personal Data processing may be sought from the Data Processing Controller at any time, via the contact details provided at the beginning of this document.
Response to "Do Not Track" requests
www.galleriaorsi.com does not support "Do Not Track" requests.
To find out whether any of the third-party services used does support them, the User is encouraged to consult those third parties' respective privacy policies.
If the changes mentioned above concern processing whose legal basis is consent, the Controller shall, where necessay, seek fresh consent from the User.