Privacy Policy of culti.com

This Application collects some Personal Data from its Users.

Personal Data processed for the following purposes and using the following services:

    • Analytics

      • Facebook Ads conversion tracking (Facebook pixel) and Google Analytics

        Personal Data: Tracker; Usage Data

    • Contacting the User

      • Mailing list or newsletter

        Personal Data: email address

    • Displaying content from external platforms

      • Instagram widget, Google Fonts and Font Awesome

        Personal Data: Tracker; Usage Data

    • Interaction with data collection platforms and other third parties

      • Mailchimp widget

        Personal Data: email address

    • Interaction with support and feedback platforms

      • Zendesk Widget

        Personal Data: email address; first name

    • Tag Management

      • Google Tag Manager

        Personal Data: Tracker

Further information about the processing of Personal Data

    • PRIVACY POLICY NOTICE AS PER ART. 19 OF EU REGULATION 2016/679

      This notice describes the information related to the handling of personal data by Culti Milano SpA for user account registration and newsletter sign-up on the www.culti.com website, in accordance with the applicable European Union Regulation no. 2016/679 (GDPR) and Law 196/2003 as modified by Law 101/2019.

      The Data Controller is Culti Milano SpA with legal and operating headquarters in 27 via Santa Sofia, Milano, contactable by e-mail at culti@culti.com.

      Data Protection Officer (DPO) is EKO Sicurezza of Dr. Colonnello Francesco, contactable by e-mail at privacy@culti.com.

      Processing of Personal Data
      1. Personal Data Subject to Processing and Purpose
      The user's personal data is handled by the Data Controller according to Art. 6 of the GDPR for the following data handling purposes:

      A) Contractual obligations and service supply that, by prior consent, are accepted by the user upon registration and are to fulfil specific requests by the user. The user data collected by the Data Controller for such purposes include: the first name, surname and e-mail address, residential and delivery addresses (country, province, town, postal code), contact telephone number, tax code /VAT number (in case of request for invoice), as well as all the user's personal information possible and voluntarily to be published. Unless the user gives a specific and discretionary consent to the Controller of his own data for the further purposes foreseen in the following paragraphs, the user's personal data will be used by the Data Controller exclusively for the purpose of ascertaining the user's identity to avoid possible scams or abuses, to contact the user either through the website or by telephone contact with the operator in order to provide assistance in cases of user difficulty in finalising an order, for providing general assistance and contacting the user solely for service reasons.

      B) Accounting and administrative purposes, that is to say undertake activities of an organisational, administrative, financial and accounting nature, as internal organisational and functional activities for the fulfilment of contractual and pre-contractual obligations;

      C) Lawful obligations, that is to say for complying with the provisions of law, of an Authority, a regulation or applicable European norms.

      D) Browsing data: the information systems and software procedures offered for operating the website acquire, in the course of their normal operation, some personal data whose transmission is implied by the use of internet communication protocols. It deals with information that is not collected to be associated with involved parties, but by its very nature could, by data processing and association with data held by third parties, allow the identification of the users. Included in this category are IP addresses or computer domain names used by the users that connect to the website, the addresses in URI notation of the requested resources, the time of the request, the method used for submitting the request to the server, the size of the reply file, the numeric code indicating the state of the reply from the server (good result, error, etc.) and other parameters related to the operating system and the user's information environment. This data is used only for the purpose of obtaining anonymous statistical information about site usage, for controlling its correct operation and to identify anomalies and/or abuses. The data could be used for scrutinising responsibilities in the case of possible information misdemeanours damaging the website or third parties.

      E) Beyond compiling the forms present on the website, you can request some services and supply your personal data – as well as use whatever functionality is made available – even through your own Facebook, Instagram and PayPal profiles. In these cases, Facebook, Instagram and PayPal could automatically send Culti Milano your personal data (name, e-mail address and mobile number, image profile, invoice date).

      F) Cookies: for details on the cookies refer to the Cookie Policy

      The bestowal of personal data for processing purposes A, B and C is voluntary but necessary for registering with the website and/or benefitting from the services offered through the site by the Data Controller. The personal data necessary for pursuing the processing purposes are indicated by an asterisk on the registration form of the website.


      Only by specific consent given freely and as an option by the user, some personal data (e-mail address) can be processed by the Data Controller also for direct marketing purposes (for example, sending publicity materials, commercial communications, sending newsletters covering relevant news for the sector related to the Data Controller).
      When consent is lacking, the possibility of pursuing the purposes set out in paragraph 1 will not be prejudiced in any way.
      When consent has been given, it can be revoked at any time on request to the Data Controller.
      Besides, you may also easily cancel receiving further promotional communications via e-mail also by clicking on the designated link for the revocation of consent that is present in each promotional e-mail.

      3. Processing Method
      The data can be processed manually and electronically with access permitted only to authorised operatives, previously nominated “Authorised Processors”. All operatives who access information data have a personal password; access to data is permitted only for purposes linked to the role of the operator and only for the narrow period of time necessary to obtain the purpose. The data may be processed also by external collaborators already nominated “Processor Managers”.

      4. Data Retention Period
      Personal data supplied by you is kept for all the time necessary to pursue the purposes described in this notification, as required by law, for example for tax or accounting purposes or to guarantee a better service. For example, we keep transaction chronology so that you can examine the purchases you have made (and repeat the orders if you wish) and to which address the orders were to be shipped. Your personal data will processed for marketing purposes, under general rules and subject to the data retention principle of proportionality to the processing purpose processing until your consent is revoked.

      5. Communication and Dissemination Environment
      Some of the user's personal data may become known to employees and/or collaborators of the Data Controller who are charged with managing the website and e-commerce orders. Such individuals that are formally nominated by the Data Controller as “Authorised Processors” will process the user's data solely for the purposes indicated in this Privacy Notice and in accordance with applicable laws.

      Some of the user's personal data could also become known to third parties that can process personal data on behalf of the Data Controller as "External Processor Managers" who, by way of example, supply computing services and logistical functions to the website operation, supply outsourcing or cloud computing services, professionals and consultants, shippers and similar people.

      Some of the service suppliers are companies with legal headquarters in the USA. These companies conform to the EU-USA ex-“Privacy Shield” and offer guarantees to abide by standard contractual clauses.

      Users have the right to obtain a list of the processor managers nominated by the Data Controller on request to the Data Controller or the DPO.

      6. Consequences of Lack of Consent to Processing
      The conferment of personal data for the purposes of processing under paragraphs 1 A-B-C is discretionary solely for website navigation, but this is necessary for placing an order. The processing for marketing purposes (paragraph 2) is discretionary and any denial does not compromise the possibility of placing orders.

      7. The Parties Rights
      The users can exercise the rights guaranteed by law by contacting the Data Controller or DPO by sending an e-mail message to the address culti@culti.com.

      Pursuant to the applicable law, the Data Controller informs the users that they have the right to obtain the indication of :

      i. the origin of the personal data;
      ii. the methods and purposes of its processing;
      iii. the logic applied in the case of processing by electronic means;
      iv. the identity details of the Data Controller and its processor managers;
      v. the individuals or categories of individuals to whom the data may be communicated or who may have knowledge of it as being responsible for or in charge of it.

      In addition, the users have the right to obtain:

      a. access to their data, its updating and correction, namely when of interest, supplements to the data;
      b. the cancellation or anonymous modification of blocks of data processed in violation of the law including that which it is not necessary to keep in relation to the objectives for which it had been collected or subsequently processed;
      c. the demonstration that the operations under letters a) and b), also as regards their content, have been made aware to those whose data has been communicated or disseminated, excepting cases in which such compliance turns out to be impossible or entails manifestly disproportionate means with respect to the protected right.

      In addition, the users have:

      a. the right to revoke their consent at any time for any processing based on their consent;
      b. the right to transfer their data (right to receive all their own personal data in a structured form for common use and legible by automatic devices), the right to limit the processing of personal data and the right to its cancellation (“right to oblivion”);
      c. the right to oppose:
      i. fully or in part, for legitimate reasons of processing, their personal data even if pertinent to the objectives of its collection;
      ii. fully or in part, to the processing of their personal data regarding the purpose of sending publicity material;
      iii. whatever personal data may be processed at any time for purposes of direct marketing, and to the processing of their data carried out for such purposes;
      d. the right to make a complaint to a controlling authority (in EU member states where the user normally resides, in that where he/she works or where the presumed violation occurs) whenever it is considered that the processing of their data violates regulations.

Contact information

    • Owner and Data Controller

      Il Titolare del trattamento è CULTI MILANO SpA con sede legale e operativa in via Santa Sofia, 27, Milano, contattabile all’indirizzo culti@culti.com o al numero di telefono 02 49784974.

      Il Responsabile della Protezione dei dati personali (DPO) è EKO Sicurezza di dott. Colonnello Francesco, contattabile all’indirizzo e-mail privacy@culti.com.

      Owner contact email: culti@culti.com