Privacy Policy

Information relating to the processing of personal data for registration on the site and for registering purchases pursuant to art. 13 of the GDPR

Data controller

Italian Image Institute s.r.l. with a registered office in Italy in Via Daniele Manin, 5, Milan, 20121 (MI).

Personal data protection officer 

The Data Controller has designated the Wildside Human First Law Firm as the Personal Data Protection Officer (DPO) who can be contacted at the following email address:

Place of data processing

The processing connected to the web services of this site takes place at the aforementioned headquarters and on a third-party server - as specified below - and is handled only by personnel authorized to process, or by any persons in charge of maintenance and secretarial operations.

Types of data processed and purpose of the processing

“Personal data” means any information capable of directly or indirectly identifying a natural person. In particular, Italian Image Institute processes personally identifiable data (for example, name, surname, residential address, tax code, user ID, age, etc.), contact information (for example, telephone number, e-mail address ), financial data (for example, bank details), as well as other specific data necessary for each purpose.

Below, it is indicated in detail which types of personal data we process, for what reasons and on what legal bases:

• Registration form – Creation of a personal account

In our user registration form you will be asked to provide the following data: name, surname, email, mobile phone, date of birth, credentials, shipping address, telephone and armocromia color palette. The telephone and the armocromia color palette are not mandatory data, all the others are. You can purchase online and therefore have your own reserved area only if you are over 18 years old.


This means that the data collected is used to create the user through which your personal profile will be activated.

Your personal data will be processed only for the following purposes:

1. To register on the site and create your own reserved area and profile;

2. To proceed with purchases, receive orders and manage any critical issues (returns, non-delivery);

3. To participate in contests linked to the accumulation of points both online;

4. For customer care and for completing questionnaires;

5. For browsing the site and processing anonymous statistics in relation to the data acquired from the user's browsing experience;

6. For fulfillment of administrative and legal obligations connected with the activity of the site;

7. For technical information relating to navigation (where collected through acquisition, for example, of the IP resource or cookies);

The site uses technical/session cookies and also third-party cookies better described in the specific information found here (Extended Cookie Information).

• Newsletter and profiling

In our user registration form you will be asked to provide: personal identification data, contact information, some data generated through the use of the services (for example, balance/budget set, date of account activation, date of the first transaction, number of transactions in a given period); data on participation in some previous promotional campaigns.

Your personal data will be processed only for the following purposes:

1) For profiling purposes aimed at allowing personalised communication based on expressed preferences;

2) To subscribe to the newsletter.

The legal basis of our data processing is:

Article 6, paragraph 1 letter. a), b) and f) of EU Reg. 2016/679 for the purposes of n. 1 to n.7. As regards purposes no. 8 and 9 the legal basis is art. 6, paragraph 1 letter. a), i.e. the express consent of the interested party. In particular, it is noted that it is the legitimate interest of the Data Controller to offer the customer care service, as well as submit questionnaires for free completion in the users' reserved area.

Mandatory or optional nature of the provision of data, consequences of any refusal

For the purposes indicated by numbers 1 and 7, the provision of your personal data is mandatory, otherwise we will not be able to respond to you or offer you the requested service, except as provided for third-party and profiling cookies in the specific information. Consent to profiling and receiving the newsletter is free and optional and can always be revoked through the unsubscribe procedure.

Processing methods

The processing will be carried out both on paper and with the aid of electronic and automated tools. Your data will be processed under the authority of the Data Controller, only by persons specifically appointed, authorized and trained in processing pursuant to art. 29 of EU Reg. 2016/679. Suitable safety measures will be observed pursuant to articles. 5 and 32 of EU Regulation 2016/679 to prevent the loss of your data, illicit or incorrect use, unauthorized access, involuntary deletion. Each person in charge of processing is bound to the principles of lawfulness and confidentiality in processing. Your personal data is processed in compliance with applicable law and using adequate security measures, in compliance with the legislation in force also pursuant to articles. 5 and 32 of EU Regulation 2016/679. If consent is given to the processing of personal data for the purpose of using personalized services through profiling, the same may be subject to an automated decision-making process, using a specific algorithm which will decide which communications are most suited to your profile or which could be of more interest. The processing carried out in this way has, as expected consequences, for example, the sending of highly profiled commercial communications, the sending of discounts, the sending of invitations to events deemed of interest, etc.

To whom can we transmit your personal data? Do we transfer your personal data outside the EU?

Your personal data may be communicated within the EU, in full compliance with the provisions of EU Regulation 2016/679, to the following subjects: to public authorities, where this is required by law or at their request; to the external structures and/or companies that the Data Controller uses to carry out related or instrumental activities; to external consultants. The Data Controller will appoint data controllers pursuant to art. 28 third parties who process data in your name and on your behalf.

The Italian Image Institute CRM database is located in the Cloud Flare server located in the United States; the provider declares to be GDPR compliant ____________(insert link)

Duration of treatment

Personal data will be stored for a specific period of time, which can be determined using the following criteria:

- For accounting and administrative purposes related to purchases: up to ten years from the date of purchase and payment;

- For marketing and profiling purposes: up to two years from the last purchase, without prejudice to the user's desire to remain registered or until the request to unsubscribe.

- For navigation and cookie purposes: please refer to the cookie policy.

Your rights

At any time you can exercise the rights referred to in the articles. 15, 16, 17, 18, 20 and 21 of EU Regulation 2016/679, by sending us a written communication to the following email address: You can request: confirmation of the existence or otherwise of your personal data in our databases , verify its accuracy or request its updating, rectification, integration; access, rectification, deletion of your personal data or limitation of processing; the cancellation, transformation into anonymous form or blocking of your personal data if you believe they are being processed in violation of the law.

Privacy guarantee complaint

We remind you that if you think that one of your rights has been violated, you have the possibility to lodge a complaint with the Privacy Authority, which can be contacted on the website