Privacy policy
Pursuant to Article 13 of Regulation (EU) 2016/679, A. Gallo Colors (hereinafter also referred to as the “Company” or the “Data Controller”) informs you that during your use of the e-commerce platform, various personal data may be collected and processed. This includes technical and usage data automatically gathered during browsing, such as IP address, access times, browser and device information, as well as data on your interactions with the site (clicks, pages viewed, time spent, and navigation patterns). While such data is not initially linked to identified users, it may allow identification when combined with other information. With your consent where required, this data may be used for statistical analysis (e.g., via Google Analytics 4) and personalized marketing (e.g., via Meta Pixel, TikTok Pixel) to enhance your experience and optimize promotional strategies. For detailed information about cookies and tracking technologies used on this platform — including those essential for site functionality, personalization, analytics, and marketing — please consult our Cookie Policy.
Additionally, personal data provided during registration, purchases, comments, newsletter subscriptions, contact requests, and waitlist sign-ups will be processed in accordance with applicable laws for purposes including account management, order fulfillment, marketing, and customer assistance. Detailed information on the types of data collected, processing purposes, legal bases, and your rights as a data subject is provided below.
The processing of your personal data will be carried out in compliance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, accountability, and the protection of your rights.
TYPE AND SOURCE OF PERSONAL DATA
REGISTRATION AND PRODUCT PURCHASE (WITH OR WITHOUT REGISTRATION) — When registering on our e-commerce platform, you provide personal and contact data such as your first name, last name, and e-mail address through the registration form. For product purchases — whether through a registered account or as a guest — we also collect necessary data for order processing, including your shipping and billing address, telephone number, and payment details. All such data is obtained directly from you during registration or checkout.
Abandoned Cart Reminders (for registered users only) — If you are a registered user on our e-commerce platform and have added products to your shopping cart without completing the purchase, we process the e-mail address you provided during registration solely to send you a reminder encouraging you to finalize your transaction.
Comments and Reviews (for registered users only) — If you are a registered user on our e-commerce platform, you may post comments or reviews on product pages. In doing so, we process the identifying information you provided during registration, such as your first and last name (which are publicly displayed alongside your comment), your e-mail address (which remains private), and the content of your comment.
PROFILING AND TARGETED MARKETING — The processing concerns personal and contact data (such as your first name, last name, and e-mail address), as well as information relating to your browsing behavior, purchase history, interactions with our website, and the use of cookies. This data is collected both directly from you and indirectly through tracking and analytics tools — such as Google Analytics 4, Meta Pixel, and TikTok Pixel — which monitor your activity on our website. The data is processed with your explicit consent and used to create user profiles and send you personalized promotional content tailored to your interests and preferences. For more details about our use of cookies, please refer to our Cookie Policy.
NEWSLETTER (MARKETING COMMUNICATIONS) — The processing concerns your personal data, such as your e-mail address and, if provided, your first and last name, which you provide when you sign up for the newsletter via the form on our website or when registering on our e-commerce platform or when purchasing our products as a guest.
CONTACT FORM (CONTACT US AND ORDER ASSISTANCE) — The processing concerns your name, surname, e-mail address, and, in the case of post-sales assistance, your order number, along with any additional information necessary to manage your request.
WAITLIST (PRODUCT RESTOCK NOTIFICATION) — The processing concerns your e-mail address, which you voluntarily provide when subscribing to the waitlist.
PROCESSING PURPOSES
REGISTRATION AND PRODUCT PURCHASE (WITH OR WITHOUT REGISTRATION) — Your personal data will be processed to create and manage your personal account, enable access to the reserved area, allow order placement and tracking, and provide any pre-sale or post-sale support. If you purchase as a guest, your data will be processed solely to manage and fulfill your order, issue invoices, arrange delivery logistics, and provide customer service.
Abandoned Cart Reminders (for registered users only) — Your personal data will be processed to send reminder e-mails in the event you add products to your shopping cart without completing the purchase. This processing is carried out solely to assist you in finalizing the sales transaction and is not used for marketing purposes unless you have explicitly provided consent.
Comments and Reviews (for registered users only) — Your personal data will be processed to publicly display your feedback (specifically your first and last name), support the exchange of product experiences among users, and enable us to monitor and moderate the comments section. This processing helps ensure compliance with applicable laws and community standards, including the removal of unlawful, offensive, or inappropriate content. Your comment will remain publicly visible for as long as the product is listed or until you request its removal or anonymization by contacting the Data Controller at the contact details provided in this Privacy Policy.
PROFILING AND TARGETED MARKETING — With your explicit consent, we process your personal and contact data (such as name and e-mail address), together with information about your browsing behavior, purchase history, and interactions with our website. This data is used to send you personalized promotional communications, offers, and discounts tailored to your interests and preferences. To achieve this, we use profiling techniques and automated decision-making tools, such as Google Analytics 4, Meta Pixel and TikTok Pixel, which help us analyze your interaction with the site, monitor conversions, and measure the effectiveness of our marketing campaigns, including the display of interest-based advertisements across third-party platforms like social media. This profiling aims solely to improve the relevance of our communications and does not produce legal effects or significantly affect you, pursuant to Article 22 of Regulation (EU) 2016/679.
NEWSLETTER (MARKETING COMMUNICATIONS) — Your personal data will be processed for the purpose of sending you periodic promotional communications (marketing newsletter) regarding our products, including exclusive offers and discounts that may be reserved for you on special occasions.
CONTACT FORM (CONTACT US AND ORDER ASSISTANCE) — Your personal data will be processed exclusively for the purpose of managing and responding to your inquiries or support requests related to our products or services. This includes handling communications, providing assistance, and fulfilling any related contractual obligations.
WAITLIST (PRODUCT RESTOCK NOTIFICATION) — Your personal data will be processed exclusively for the purpose of notifying you when temporarily unavailable products you have expressed interest in are restocked.
LEGAL BASIS
REGISTRATION AND PRODUCT PURCHASE (WITH OR WITHOUT REGISTRATION) — The legal basis for processing your personal data in relation to registration and purchases is the performance of a contract or the execution of pre-contractual measures at your request, in accordance with Article 6, paragraph 1, letter b) of Regulation (EU) 2016/679.
Abandoned Cart Reminders (for registered users only) — The legal basis for processing your contact data to send abandoned cart reminders is the legitimate interest of the Data Controller in facilitating the completion of the transaction and improving the user experience, pursuant to Article 6, paragraph 1, letter f) and Recital 47 of Regulation (EU) 2016/679.
Comments and Reviews (for registered users only) — The legal basis for processing your personal data when posting comments or reviews is the performance of the contract associated with your user account and/or the legitimate interest of the Company in promoting transparency, encouraging user engagement, and supporting informed purchasing decisions, pursuant to Article 6, paragraph 1, letter f) of Regulation (EU) 2016/679.
PROFILING AND TARGETED MARKETING — The legal basis for the processing of your personal data for profiling and targeted marketing purposes is your explicit consent, pursuant to Article 6, paragraph 1, letter a) of Regulation (EU) 2016/679. Such consent allows us to analyze your preferences, behaviors, and interactions in order to send you personalized promotional content. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
NEWSLETTER (MARKETING COMMUNICATIONS) — The legal basis for processing your personal data for the purpose of sending newsletters and promotional communications is your explicit consent, pursuant to Article 6, paragraph 1, letter a) of Regulation (EU) 2016/679. Consent may be withdrawn at any time, by clicking the unsubscribe link in any newsletter e-mail or by contacting us at privacy.agallocolors@gmail.com, without affecting the lawfulness of the processing prior to its withdrawal.
CONTACT FORM (CONTACT US AND ORDER ASSISTANCE) — The legal basis for processing your personal data submitted through the contact form is the necessity to take pre-contractual measures or to perform a contract to which you are a party, pursuant to Article 6, paragraph 1, letter b) of Regulation (EU) 2016/679.
WAITLIST (PRODUCT RESTOCK NOTIFICATION) — The legal basis for processing your personal data for restock notifications is the necessity to take pre-contractual measures at your request, pursuant to Article 6, paragraph 1, letter b) of Regulation (EU) 2016/679.
NATURE OF CONFERMENTS
REGISTRATION AND PRODUCT PURCHASE (WITH OR WITHOUT REGISTRATION) — Providing personal data for account creation and purchase processing is necessary to establish and manage the contractual relationship. Failure to provide the required data will prevent the creation of an account or the completion of an order. The provision of data for abandoned cart reminders is optional and may be objected to at any time.
Abandoned Cart Reminders (for registered users only) —The provision of data for abandoned cart reminders is optional, and you may object to such processing at any time without affecting the processing of your purchase.
Comments and Reviews (for registered users only) — If you post comments or reviews on our platform, providing your personal data is necessary to display your feedback publicly and to manage the comment section. Failure to provide this data will prevent the publication of your comment.
PROFILING AND TARGETED MARKETING — The provision of your personal data for profiling and targeted marketing purposes is entirely optional and subject to your explicit consent. Refusal to provide such data, or the withdrawal of consent, will not affect your ability to use other services offered by the platform, but will prevent us from sending you personalized marketing communications based on your preferences and online behavior.
NEWSLETTER (MARKETING COMMUNICATIONS) — The provision of your personal data for the purposes indicated is optional but necessary in order to receive informational, promotional, and commercial communications relating to our products. Failure to provide such data will make it impossible to use the newsletter service.
CONTACT FORM (CONTACT US AND ORDER ASSISTANCE) — Providing your personal data through the contact forms is optional but necessary to receive a response to your inquiry or assistance request. Failure to provide the required data will prevent us from processing your request.
WAITLIST (PRODUCT RESTOCK NOTIFICATION) — Providing your e-mail address is optional but necessary in order to receive restock notifications. Without it, the waitlist service cannot be provided.
PROCESSING METHODS
Your personal data will be processed using automated IT and telematic tools, under appropriate technical and organizational measures to guarantee its security, confidentiality, integrity, and availability, and to prevent unauthorized access, disclosure, alteration, or destruction. Processing is performed by authorized personnel within the Data Controller's organization and, when necessary, by carefully selected third-party service providers bound by contractual obligations.
REGISTRATION AND PRODUCT PURCHASE (WITH OR WITHOUT REGISTRATION) — Processing is fully automated for order and payment validation, delivery management, and customer service support.
Abandoned Cart Reminders (for registered users only) — Processing is performed automatically through e-mail systems to send reminder messages aimed at encouraging completion of your purchase. This processing does not involve further marketing use unless you have explicitly consented.
Comments and Reviews (for registered users only) — Your personal data will be processed both manually and automatically: manually by authorized personnel for monitoring and moderation purposes, and automatically for the public display of your feedback and to prevent unlawful or inappropriate content.
PROFILING AND TARGETED MARKETING — Processing involves automated analysis of your data to create user profiles based on your browsing and purchase history, enabling personalized marketing communications. This profiling does not produce legal effects or significantly affect you, pursuant to Article 22 of Regulation (EU) 2016/679. You may withdraw your consent to profiling at any time.
NEWSLETTER (MARKETING COMMUNICATIONS) — Processing is performed automatically via e-mail marketing platforms, which manage subscriptions, cancellations, scheduling of communications, and collection of interaction statistics. Each message contains an easy unsubscribe option.
CONTACT FORM (CONTACT US AND ORDER ASSISTANCE) — Processing may be manual or automated, depending on the nature of your request, solely to respond to inquiries or provide assistance.
WAITLIST (PRODUCT RESTOCK NOTIFICATION) — Notifications are sent automatically when requested products are restocked, ensuring you receive timely updates.
RETENTION PERIODS
REGISTRATION AND PRODUCT PURCHASE (WITH OR WITHOUT REGISTRATION) — Personal data collected for registration and product purchases will be retained only for as long as necessary to fulfill contractual obligations, including administrative and tax requirements, and to manage any post-sale services, in compliance with applicable laws. Specifically, data related to completed purchases will be retained for up to 10 years for legal and fiscal purposes. Data related to registered user accounts will be retained for the duration of the account’s existence and for up to 12 months following inactivity or account deletion. Data from guest purchases will also be retained for up to 10 years.
Abandoned Cart Reminders (for registered users only) — Personal data processed for the purpose of sending abandoned cart reminders will be retained for no longer than 30 days.
Comments and Reviews (for registered users only) — Personal data provided when posting comments or reviews will be retained for as long as the comment remains published on the website. It may be stored for a longer period where necessary to comply with legal obligations or to protect the rights of the Company.
PROFILING AND TARGETED MARKETING — Personal data processed for profiling and targeted marketing purposes will be retained for no longer than 12 months from the date consent is given, unless consent is withdrawn earlier.
NEWSLETTER (MARKETING COMMUNICATIONS) — Personal data processed for sending promotional communications will be retained for a maximum of 24 months from the date of consent, unless consent is withdrawn earlier. After this period, the Data Controller may request renewed consent or proceed with the deletion or anonymization of the data, unless otherwise requested by the data subject.
CONTACT FORM (CONTACT US AND ORDER ASSISTANCE) — Personal data submitted via the contact forms will be retained for as long as necessary to respond to your request and manage any related activities, and in any case no longer than 12 months from the last interaction, unless a longer retention period is required or permitted by law.
WAITLIST (PRODUCT RESTOCK NOTIFICATION) — Personal data submitted via the waitlist form will be retained for up to 12 months from the date of subscription, or until the relevant pre-contractual process concludes, unless you request earlier deletion.
CATEGORIES OF RECIPIENTS
PERSONS ACTING UNDER THE AUTHORITY OF THE DATA CONTROLLER — Your personal data may be processed by employees and collaborators of the Company who have been expressly authorized and instructed to do so, in accordance with Article 29 of Regulation (EU) 2016/679, and within the limits of their respective roles and responsibilities, for the proper fulfillment of the purposes outlined in this Privacy Policy.
EXTERNAL DATA PROCESSORS AND INDEPENDENT DATA CONTROLLERS — For the purposes described in this Privacy Policy, your personal data may be shared with third-party service providers acting as external data processors, appointed pursuant to Article 28 of Regulation (EU) 2016/679, and bound by contractual obligations to process data solely on behalf of the Data Controller and in accordance with documented instructions. Depending on the processing activity involved, these may include:
REGISTRATION ON THE E-COMMERCE PLATFORM
- Shopify – Hosting and operating the e-commerce platform, providing technical infrastructure.
- E-mail service providers – Including those responsible for managing corporate e-mail accounts.
PRODUCT PURCHASE (WITH OR WITHOUT REGISTRATION)
- Shopify – Hosting and operating the e-commerce platform, providing technical infrastructure, automated tools for order and account management, and customer communications.
- Logistics and delivery providers – For the shipment and tracking of purchased products.
- Professional consultants – For administrative, accounting, and tax-related support.
- Technical service providers – Ensuring the functionality of systems supporting sales and order management.
- E-mail service providers — Including those responsible for managing corporate e-mail accounts and certified e-mail (PEC) systems.
- Messaging platforms — Such as WhatsApp Business, used to provide customer assistance.
PROFILING AND TARGETED MARKETING
- Shopify – Hosting and operating the e-commerce platform, providing technical infrastructure, automated tools for order and account management, and customer communications and behavioral tracking.
- Marketing consultants – For the development of profiling strategies and personalization of promotional content.
- Analytics and advertising/marketing service providers – Such as Google (Google Analytics 4), Meta (Meta Pixel) and TikTok (TikTok Pixel), used to monitor platform usage and deliver customized advertising.
- E-mail service providers – Including those responsible for managing corporate e-mail accounts
NEWSLETTER (MARKETING COMMUNICATIONS)
- Shopify – Hosting and operating the e-commerce platform, providing technical infrastructure, automated tools for customer communications.
- Marketing consultants – Managing newsletter subscriptions and campaign activities.
- E-mail service providers – Including those responsible for managing corporate e-mail accounts.
CONTACT FORM (CONTACT US AND ORDER ASSISTANCE) AND WAITLIST (PRODUCT RESTOCK NOTIFICATION)
- Shopify – Hosting and operating the e-commerce platform, providing technical infrastructure, automated tools for customer communications.
- E-mail service providers – Including those responsible for managing corporate e-mail accounts.
An up-to-date list of external data processors is available upon request by contacting the Data Controller at the addresses provided in this Privacy Policy.
Please note that payment platforms, including Google Pay, PayPal, and Shopify’s Shop Pay, act as independent data controllers when processing payment information and related personal data for their own purposes.
DISSEMINATION
Your personal data will not be disseminated, meaning it will not be made publicly available to third parties without your consent. However, personal data related to comments posted by registered users, specifically your first and last name and the content of your comment, are publicly visible on our e-commerce platform. This disclosure is necessary to allow interaction and sharing of product experiences among users. The legal basis for processing your personal data when posting comments or reviews is the performance of the contract associated with your user account and/or the legitimate interest of the Company in promoting transparency, encouraging user engagement, and supporting informed purchasing decisions, pursuant to Article 6, paragraph 1, letter f) of Regulation (EU) 2016/679. You have the right to request the removal or anonymization of your comment at any time by contacting the Data Controller at the contact details provided in this Privacy Policy.
TRANSFER TO THIRD COUNTRIES
In relation to the processing purposes described in this Privacy Policy, your personal data may be transferred to countries outside the European Economic Area (EEA), including the United States of America. Such transfers may occur when certain third-party service providers or external data processors — for example, cloud hosting platforms, analytics providers, or marketing and communication tools — are located or operate in non-EEA jurisdictions.
These transfers are carried out in full compliance with applicable data protection legislation, including Regulation (EU) 2016/679 (GDPR). When personal data is transferred to a country for which no adequacy decision has been adopted by the European Commission, the Data Controller ensures that appropriate safeguards are in place to guarantee a level of protection essentially equivalent to that provided within the EEA. These safeguards may include the adoption of Standard Contractual Clauses (SCCs) approved by the European Commission or other mechanisms recognized under the GDPR.
Please note that the data protection laws in some non-EEA countries may not offer the same level of protection as those in your country of residence. However, the Data Controller undertakes to implement all necessary contractual and technical measures to ensure the continued protection, security, and confidentiality of your personal data.
You have the right to request additional information about the safeguards in place for such transfers, and to obtain a copy of the relevant contractual arrangements, by contacting the Data Controller at: privacy.agallocolors@gmail.com.
DATA SUBJECT RIGHTS
In accordance with Articles 15 to 22 of Regulation (EU) 2016/679 (GDPR), you may exercise the following rights at any time in relation to the processing of your personal data.
RIGHTS APPLICABLE TO ALL PROCESSING ACTIVITIES
- Right of access – You have the right to obtain confirmation as to whether or not your personal data is being processed, and, where that is the case, access to the data and relevant information.
- Right to rectification – You have the right to request the correction of inaccurate or incomplete personal data.
- Right to erasure (“right to be forgotten”) – You may request the deletion of your personal data where permitted by law, for example when the data is no longer necessary for the purposes for which it was collected or if you withdraw your consent.
- Right to restriction of processing – You may request a temporary limitation on the processing of your data in specific cases, such as when the accuracy of the data is contested or if you have objected to the processing.
- Right to data portability – You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller, where technically feasible.
RIGHTS SPECIFIC TO CERTAIN TYPES OF PROCESSING
- Right to object to processing based on legitimate interests – If your personal data is processed on the basis of legitimate interest (e.g., for abandoned cart reminders), you have the right to object at any time.
- Right to removal or anonymization of comments – If you have posted a comment or review as a registered user, you have the right to request its removal or anonymization at any time by contacting the Data Controller using the contact details provided in this Privacy Policy.
- Right to object to marketing and withdraw consent – If your personal data is processed for marketing purposes, including newsletter subscriptions, you may object to the processing or withdraw your consent at any time, without affecting the lawfulness of any processing carried out prior to withdrawal.
- Right to object to profiling – If your personal data is used for profiling and targeted marketing, you may object to such processing or withdraw your consent at any time. In any case, no automated decision-making will produce legal or similarly significant effects on you, in accordance with Article 22 of the GDPR.
DATA CONTROLLER
The Data Controller is A. Gallo Colors S.r.l., with registered office at Via Sandro Pertini, 1 – 06073 Corciano (PG), Italy, VAT number 03750550547.
EXERCISING YOUR RIGHTS
To exercise any of the rights listed above, or to request further information regarding the processing of your personal data, you may contact the Data Controller by sending a written request to the following e-mail address: privacy.agallocolors@gmail.com.
COMPLAINTS AND LEGAL REMEDIES
If you believe that the processing of your personal data violates Regulation (EU) 2016/679, you have the right to lodge a complaint with the competent supervisory authority, pursuant to Article 77 of the Regulation. In Italy, this is the Garante per la Protezione dei Dati Personali. You also have the right, under Article 79 of the Regulation, to bring a judicial action if you believe that your rights have been infringed as a result of unlawful processing of your personal data, either against the Data Controller or against an external Data Processor.
CHANGES TO THIS PRIVACY POLICY
This Privacy Policy may be updated from time to time to reflect changes in laws, technology, or the services we provide. We encourage you to review this page periodically. If significant changes occur, we will notify users through appropriate channels.
A. Gallo Colors is not responsible for the content, services, or personal data processing policies of external websites and pages accessible through links on its own site.
Last updated: July 21, 2025