Privacy Policy of culti.com

This Application collects some Personal Data from its Users.

Personal Data processed for the following purposes and using the following services:

    • Advertising

      • Meta ads conversion tracking (Meta pixel), Google Ads conversion tracking and Google Ads Similar audiences

        Personal Data: Trackers; Usage Data

      • Google Ads Customer Match

        Personal Data: country; email address; first name; last name; phone number; Trackers; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example); User ID; ZIP/Postal code

    • Analytics

      • Google Analytics (Universal Analytics)

        Personal Data: Tracker; Usage Data

      • Meta Events Manager and Google Analytics (Universal Analytics) with anonymised IP

        Personal Data: Trackers; Usage Data

      • Google Analytics 4

        Personal Data: number of Users; session statistics; Trackers; Usage Data

      • Cloudflare Web Analytics

        Personal Data: device information; language; Usage Data

      • Google Analytics Granular location and device data collection

        Personal Data: browser information; city; device information; number of Users; session statistics; Trackers; Usage Data

    • Contacting the User

      • Mailing list or newsletter

        Personal Data: email address

    • Displaying content from external platforms

      • Instagram widget, Google Fonts and Font Awesome

        Personal Data: Tracker; Usage Data

    • Interaction with data collection platforms and other third parties

      • Mailchimp widget

        Personal Data: email address

    • Interaction with live chat platforms

      • Zendesk Chat

        Personal Data: email address; first name

    • Interaction with support and feedback platforms

      • Zendesk Widget

        Personal Data: email address; first name

    • Managing support and contact requests

      • Zendesk

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Registration and authentication provided directly by this Application

      • Direct registration

        Personal Data: academic background; billing address; budget; city; company name; country; county; date of birth; email address; fax number; field of activity; first name; gender; house number; language; last name; number of employees; password; phone number; physical address; picture; prefix ; profession; profile picture; Social Security number (SSN); state; Tax ID; Trackers; Twitter handle; Usage Data; User ID; username; various types of Data; VAT Number; website; workplace; ZIP/Postal code

    • Remarketing and behavioural targeting

      • Google Ads Remarketing

        Personal Data: Trackers; Usage Data

    • Spam and bots protection

      • Google reCAPTCHA

        Personal Data: answers to questions; clicks; keypress events; motion sensor events; mouse movements; scroll position; touch events; Trackers; Usage Data

      • Cloudflare Bot Management

        Personal Data: app information; Application opens; browser information; browsing history; city; clicks; country; county; custom events; device information; device logs; geography/region; interaction events; IP address; keypress events; language; latitude (of city); launches; longitude (of city); metro area; motion sensor events; mouse movements; number of sessions; operating systems; page events; page views; province; scroll position; scroll-to-page interactions; search history; session duration; session statistics; state; touch events; Trackers; Usage Data; video views; ZIP/Postal code

    • Tag Management

      • Google Tag Manager

        Personal Data: Tracker

    • Traffic optimisation and distribution

      • Cloudflare

        Personal Data: Trackers; various types of Data as specified in the privacy policy of the service

Information on opting out of interest-based advertising

In addition to any opt-out feature provided by any of the services listed in this document, Users may learn more on how to generally opt out of interest-based advertising within the dedicated section of the Cookie Policy.

Further information about the processing of Personal Data

    • PRIVACY POLICY PURSUANT TO ARTICLE 13 OF REGULATION EU 2016/679

      This privacy policy contains information on the processing of personal data carried out by Culti Milano SpA for the registration of user accounts and/or the subscription to the newsletter in the website www.culti.com, in accordance with the current Regulation of the European Union 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended by Italian Legislative Decree 101/2019.

      The Data Controller is Culti Milano SpA, with registered office and operational headquarters at Via dell’Aprica, 12, Milan.

      The Data Protection Officer (DPO) is EKO Sicurezza di Colonnello Francesco, which can be contacted at the email address francesco.colonnello@protonmail.com.

      Processing of personal data
      1. Personal data subject to processing and purposes
      The Users’ personal data will be processed by the Controller pursuant to Article 6 of the GDPR for the following processing purposes:

      A) Contractual obligations and supply of the service which, subject to consent, are accepted by the User during registration, and to fulfil specific requests of the User. The User’s data collected by the Controller for this purpose include: first name, surname and email address, residential and shipping address (country, province, town/city, post code, address), telephone number, tax identification number/VAT number (if invoice is requested), as well as all the User’s personal information that may be voluntarily published. The Controller will use the User’s personal data to check the User’s identity and avoid possible fraud or misuse, to contact the User through the website or by phone operator to provide assistance should the User have difficulty completing the order, to provide general assistance and to contact the User for service requirements only.

      B) Administration and accounting purposes, i.e., to carry out organisational, administrative, financial and accounting activities, such as internal organisation activities and activities required to fulfil contractual and pre-contractual obligations.

      C) Legal obligations, i.e., to fulfil obligations required by the law, an authority, a regulation or the applicable European legislation.

      D) Browsing data: in normal operation the computer systems and software procedures required to operate the website gather certain personal data transmitted implicitly when using internet communication protocols. This information is not collected for the purpose of associating it with identified data subjects. However, by its very nature, it could enable user identification through processing and associations with data held by third parties. This data category includes the IP addresses or domain names of the computers used by users connecting to the website, the URI addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the response file, the numeric code indicating the status of the response provided by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are only used to gather anonymous statistical information on use of the website, monitor its correct functioning and detect irregularities and misuse. The data could be used to establish liability in the event of hypothetical computer crimes against the website or third parties.

      E) In addition to filling in the forms found on the website, you can also request certain services and provide your personal data – where this feature is enabled – through your Facebook, Instagram and PayPal profile. In these cases, Facebook, Instagram and PayPal could automatically send Culti Milano SpA your personal data (name, email address, mobile phone number, profile picture and invoicing data).

      F) Cookies: detailed information on cookies can be found in the Cookie Policy.
      The disclosure of personal data for the processing purposes A, B, and C is necessary for registering on the website and/or using the services offered by the Controller through the website (purchase of products). The personal data required to achieve the processing purposes are marked with an asterisk in the website registration form.

      2. Additional processing purposes: marketing and newsletter
      Certain personal data (email address) may also be processed by the Controller for direct marketing purposes (for example, for sending advertising material, commercial communications and newsletters containing news of relevance to the Controller’s business sector), but only with the User’s specific, free and voluntary consent.
      If consent is not given, the possibility of pursuing the purposes set out in paragraph 1 will not be affected in any way.
      If consent is given, it may be withdrawn at any time upon request to the Controller.
      You may also easily object to further promotional email communications by clicking on the appropriate link for withdrawing consent, provided in each promotional email.

      3. Processing methods
      Data may be processed manually or electronically and will be accessed only by authorised operators, previously appointed as “Authorised Processors”. All operators accessing the computerised data will be provided with a personal password, and data access will only be permitted for purposes associated with the operator’s role and only for the time strictly necessary to achieve the purpose. Data may also be processed by external collaborators, previously appointed as “Data Processors”.

      4. Data storage period
      The personal data provided by you will be stored for as long as necessary to fulfil the purposes described in this Privacy Policy, as required by law, for example, for tax and accounting purposes or to ensure a better service. For example, we store your transaction history so that you can review the purchases made (and repeat orders if you wish), and the addresses to which you have requested orders to be sent. For marketing purposes your personal data will be processed, as a general rule and without prejudice to the principle of data retention proportionate to the purpose of processing, until you withdraw your consent.

      5. Scope of disclosure and dissemination
      Users’ personal data may be disclosed to the Controller’s employees and/or collaborators entrusted with managing the website and the e-commerce orders. These people, formally appointed by the Controller as “Authorised Processors”, will process the User’s data solely for the purposes stated in this Privacy Policy and in compliance with the provisions of the applicable legislation.
      Users’ personal data may also be disclosed to third parties who process personal data on the Controller’s behalf in the capacity of “External Data Processors”, such as, for example, providers of computer and logistics services required for operating the website, providers of outsourcing or cloud computing services, professionals and consultants, forwarding agents and the like. Some of the service providers are US based companies. They are compliant with the former EU-US Privacy Shield and guarantee compliance with standard contractual clauses.
      Users are entitled to obtain a list of the data processors appointed by the Controller, upon request to the Controller or the DPO.

      Users’ personal data may also be disclosed to the parent company Intek Group SpA, only in order to fulfil administration and accounting purposes associated with the performance of organisational, administrative, financial and accounting activities.

      6. Consequences of non-consent
      The disclosure of personal data for the processing purposes referred to in paragraph 1 A, B, C is optional for browsing the website only, but is necessary for placing orders. Processing for marketing purposes (Paragraph 2) is optional and a refusal will not compromise the possibility of placing an order.

      7. Data subject’s rights
      Users may exercise the rights guaranteed by the legislation, contacting the Controller or the DPO by sending an email to the address francesco.colonnello@protonmail.com.

      Pursuant to the applicable legislation, the Controller informs Users that they are entitled to obtain specification of:

      i. the origin of the personal data;
      ii. the processing purposes and methods;
      iii. the logic involved when processing is carried out using electronic tools;
      iv. the identification details of the controller and the processors;
      v. the persons or categories of persons to whom the personal data may be disclosed or who may become aware of them in their capacity of processors or persons in charge of processing.

      Users are also entitled to obtain:

      a. access, update, rectification or, when it is in their interest, supplementation of their data;
      b. erasure, anonymisation or blocking of data processed unlawfully, including data that do not need to be stored for the purposes for which they were collected or subsequently processed;
      c. declaration that the operations referred to in points a) and b), and their content, have been brought to the attention of those to whom the data have been communicated or disclosed, unless fulfilment of this obligation proves impossible or entails an employment of resources that is clearly disproportionate to the protected right.

      Users also have:

      a. the right to withdraw consent at any time, when the processing is based on consent;
      b. the right to data portability (right to receive all the personal data concerning them in a structured, commonly used and machine-readable format), the right to restriction of processing and the right to erasure (“right to be forgotten”);
      c. the right to object:
      i. in full or in part, for legitimate reasons, to the processing of personal data concerning them, even if pertinent to the purpose of the collection;
      ii. in full or in part, to the processing of personal data concerning them, for the purpose of sending advertising material;
      iii. if personal data are processed for direct marketing purposes, at any time, to the processing of their data for that purpose;
      if they believe that the processing breaches the Regulation, the right to lodge a complaint with a supervisory authority (in the member state where they habitually reside, where they work or where the alleged breach has occurred).

Contact information

    • Owner and Data Controller

      Il Titolare del trattamento è CULTI MILANO SpA con sede legale e operativa in via dell' Aprica 12, 20158 Milano, contattabile all’indirizzo culti@culti.com o al numero di telefono 02 49784974.

      Il Responsabile della Protezione dei dati personali (DPO) è EKO Sicurezza di dott. Colonnello Francesco, contattabile all’indirizzo e-mail privacy@culti.com.

      Owner contact email: culti@culti.com