The purpose of this Privacy Policy is to describe the way in which the GALLERIA BAROVIER&TOSO website (hereinafter, the “Site“) is managed with regard to the processing of personal data of the individuals who consult it and interact with its services and functionalities (hereinafter, the “Users,” the “User” or the “Interested Party“). The information does not refer to other websites that may be consulted by the User through links accessible from the Site.
1. Data controller
The Data Controller is the company Galleria Barovier&Toso s.r.l. with headquarters in Murano (VE), Fondamenta Daniele Manin 1/D (hereinafter “Galleria B&T“, the “Company,” or the “Data Controller“), which can be contacted at the e-mail address: info@galleriabarovier.com.
Galleria B&T acts as an autonomous Data Controller for the purposes set forth in paragraph 4 of this Privacy Policy. In addition, Galleria B&T – together with (i) Barovier&Toso Vetrerie Artistiche Riunite s.r.l., headquartered in Venice (VE), in Fondamenta Vetrai 28 (hereinafter, “B&T“) and (ii) Fondazione Barovier&Toso headquartered in Murano (VE), in Fondamenta Vetrai 28 (hereinafter, “Foundation“) (hereinafter, jointly “Joint Data Controllers“) – acts as joint data controller for the purposes specified in paragraph 6 of this Privacy Policy.
2. Types of data collected
Below are the categories of personal data (hereinafter, the “Personal Data” or just the “Data“) that we collect when you access our Site.
A. Automatic browsing data
The Site’s computer systems only collect certain technical usage data, the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with the User, but which by its very nature could, through processing and association with data held by third parties, allow you to be identified only if this is necessary in relation to the commission of offences.
B. Data voluntarily provided by the User
Through the completion of forms on the Site, the User may voluntarily provide his/her Data, including: i) identification and contact data such as first name, last name, company name or business name, e-mail address, telephone number.
C. Access and usage data
By using our Site, the User has the ability to create a personal user profile and, through the “Login” form, access restricted content posted on the Site. Once the registration procedure to the restricted area is completed, in order to provide the User with the requested services, our Site will collect additional Personal Data, including: the date of the login/logout/password recovery event; the Pdf of the download/upload; other Personal Data possibly entered in the forms available on the Site.
D. Cookies
Cookies are tracking tools that consist of small portions of data stored within the User’s browser and used by the Company for various purposes. Information regarding the use of cookies is available at Cookie Policy.
3. Method of processing
The Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. The processing is carried out by means of computer and/or telematic tools, with organizational methods and logics strictly related to the purposes indicated below.
4. Purpose of processing, legal basis and retention period
Below, Galleria B&T, as the Data Controller, describes the purposes of the processing of Users’ Personal Data, the legal bases that make the processing lawful, and the relevant storage period.
|
Purpose |
Legal Basis |
Retention |
|
a. Allowing Users to navigate the Site and to use the related features / services. |
The processing is necessary for the execution of pre-contractual measures taken at the request of the Data Subject (Art. 6, par. 1, lett. b GDPR). |
For a period equal to the duration of the provision of the requested services and for 10 years thereafter (statute of limitations for any contractual liability). |
|
b. Manage the request to subscribe to the newsletter and to send the newsletter. |
The processing is based on Data Subject’s consent (Art. 6(1)(a) GDPR) to be provided by clicking on “Subscribe”. |
Until unsubscribe or withdrawal of consent. |
|
c. Fulfilling obligations arising from national or European Union regulations or legislation (e.g., tax and accounting obligations) or handling or responding to requests from judicial or administrative and tax authorities. |
Processing is necessary for the performance of a legal obligation to which the data controller is subject (Art. 6(1)(c) GDPR). |
For as long as it takes to meet the demands of the authority. |
|
d. Obtain information necessary to detect anomalies, fraudulent activity and/or abuse in the use of the Site or to exercise the Company’s rights. |
Legitimate interest of the data controller in the proper functioning of the Site, the prevention of unlawful conduct and the exercise of its rights (Art. 6(1)(f) GDPR). |
For the period of time necessary to conclude any disputes or to respond to requests from competent authorities. |
5. Optionality of providing Personal Data
Except as specified with regard to navigation data, with specific reference to the purpose referred to in point b) of paragraph 4 above, the User is free to provide Personal Data through the completion of forms on the Site: any refusal to communicate such Data may make it impossible for the Data Controller to fulfill the requests of the Interested Party. Likewise, the User is free to provide Personal Data when sending requests, communications or memberships to events promoted by Galleria B&T.
With regard to the processing of personal data subject to data subject’s consent, please be informed that consent is optional and may be withdrawn anytime, according to the modalities set forth by paragraph 9 below, without affecting the lawfulness of processing carried out prior to said withdrawal. Failure to provide consent will in no way affect the data subject’s ability to use on the Site or to access and use the services made available by the Company through the Site.
6. Processing carried out under joint controllership
Pursuant to Article 26 of the Regulation (EU) 2016/679 (“GDPR“), the Joint Data Controllers, as identified in Paragraph 1 of this Privacy Policy, have entered into a co-ownership agreement (the “Agreement“) under which Galleria B&T, B&T, and the Foundation may carry out, severally and/or jointly, personal data processing activities for the following purposes:
- organization and management of the NL service: sending periodic communications regarding exhibitions, art installations, presentations, projects and news as organized by the Joint Owners and related to the products and services already provided by Galleria B&T, B&T and Foundation;
- marketing activities: sending commercial and promotional communications concerning products marketed by the Contractors (so-called direct marketing) via mail, e-mail, SMS, messaging app.
In relation to the aforementioned purposes, the Joint Controllers have jointly determined, as part of the Agreement, their respective roles and responsibilities with respect to compliance with their obligations under the GDPR, with particular regard to the provisions pertaining to the exercise of the rights of data subjects (Articles 15-21 GDPR) and the obligations to provide information to data subjects, which can be accessed via the following link.
The essential contents of the Agreement are made available to you by consulting the following link.
7. Recipients or categories of recipients of Personal Data
The management of the Site also takes place with the support of specialized third party providers – by way of example but not limited to: Internet service providers and/or marketing / website agencies – duly appointed by Galleria B&T as Data Processors (art. 28 GDPR) who have received specific instructions from the Data Controller for the proper processing of Personal Data in relation to the purposes set out in this Privacy Policy. Finally, Personal Data may be disclosed to private entities (e.g., entities operating in the banking, financial, insurance, legal, tax) or to public authorities that have access to the same by virtue of legal provisions or other measures issued by competent authorities.
8. Place and Transfer of Personal Data
The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. Should Galleria B&T need to transfer Personal Data outside the European Union, to countries not considered adequate by the European Commission, Galleria B&T will take the necessary measures to protect Users’ Personal Data in compliance with legal guarantees, pursuant to applicable legislation and, in particular, Articles 45 and 46 GDPR.
9. Rights of the Interested Party
With respect to the Data Controller, with reference to your Personal Data, the Data Subject may, at any time, exercise the following rights:
- Right of access (Art. 15 GDPR): the Data Subject may obtain confirmation as to whether or not Personal Data concerning him or her is being processed, including in order to have knowledge of the processing itself and to verify its lawfulness as well as its correctness and updating. In this case, the Data Subject will be able to obtain access to his or her Personal Data and information, in particular, information on the purposes of the processing, the categories of Personal Data concerned, the recipients or categories of recipients to whom the Data are or will be communicated, the storage period, etc.
- Right of rectification (Art. 16 GDPR): the Data Subject may obtain, without undue delay, the rectification of inaccurate Personal Data concerning him or her or the integration of the same, if incomplete.
- Right to erasure (Art. 17 GDPR): the Data Subject may obtain, without undue delay, the erasure of Personal Data concerning him or her, if the Data is no longer necessary to fulfill the purposes for which it was collected. Note that deletion is subject to the existence of valid reasons.
- Right to restriction of processing (Art. 18 GDPR): the Data Subject may obtain the restriction of the processing of Personal Data concerning him or her or the marking of the Data used to restrict its processing in the future.
- Right to portability (Art. 20 GDPR): in the case of automated processing carried out on the basis of consent or in performance of a contract, the Data Subject has the right to receive from the Data Controller, in a structured, commonly used and machine-readable format, the data concerning him/her and to transmit it to another Data Controller.
- Right to object to processing (Art. 21 GDPR): the Data Subject has the right to object to the processing of Personal Data concerning him/her, unless there are reasons of legitimate interest of the Data Controller that justify the continuation of the processing
- Right to revoke freely given consent (Art. 7 GDPR): the Data Subject has the right to revoke consent at any time without affecting the lawfulness of processing based on consent given before revocation, only for the purposes whose legal basis is consent.
The Data Subject may exercise his or her rights by sending an appropriate request to the Data Controller by e-mail to: info@galleriabarovier.com
Requests regarding the exercise of the rights of the Data Subject will be processed without undue delay and, in any case, within 30 days of receipt of the request, save for extension according to GDPR.
10. Complaint
The Data Subject always has the right to lodge a complaint with the competent supervisory authority pursuant to Article 77 of the GDPR if he/she believes that the processing of his/her data is contrary to the applicable data protection legislation. For Italy, the supervisory authority is the Garante Per La Protezione Dei Dati Personali (“Garante“), which can be contacted by the methods indicated at the following link: https://www.garanteprivacy.it/home/footer/contatti.
Information not contained in this Privacy Policy
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.
Changes to this Privacy Policy
The Data Controller reserves the right to make changes to this Privacy Policy at any time by notifying Users on this page as well as, if technically and legally feasible, by sending a notification to Users through one of the contact details it has.
Version updated as of February 2026