Privacy Policy

Last updated: September 8, 2025

At Gatti Luxury (“Gatti Luxury”, “we”, “us”, or “our”), we respect your privacy and are committed to protecting your personal data. This policy explains what data we collect, for what purposes, the legal bases we rely on, with whom we share it, how long we keep it, your rights, and how to exercise them.

1) Data Controller

Controller: Gatti Luxury
Website: https://gattilux.com/
Address: Via Marsala 101/103, San Benedetto del Tronto, 63074 (AP), Italy
Phone: +39 0735 561933
Email: info@gattilux.com

2) Data We Collect

• Identification and contact data: name, surname, email, phone, shipping/billing address.
• Account data: login credentials (hashed), preferences, order history.
• Payment and billing data: information needed to process payments and issue invoices (card data is processed directly by the payment gateway).
• Usage and browsing data: IP address, device identifiers, browsing events, pages viewed, referrers/UTM, time zone, language, cookies and similar technologies.
• Communications: messages sent to support, responses to campaigns, reviews and surveys.

3) Purposes of Processing

• Performing the purchase and contractual relationship: account setup, order processing, shipping/returns, customer service, warranties.
• Billing and legal compliance: tax, accounting, and warranty obligations.
• Commercial communications: newsletters, offers and recommendations (where legally allowed and/or with your consent).
• Analytics and site improvement: measure usage and performance, fix errors, optimize experience.
• Security and fraud prevention: anti-fraud checks and site protection.
• Advertising and remarketing: personalize and measure campaigns on platforms such as Google and Facebook/Meta, based on your consent and/or our legitimate interests.

4) Legal Bases (GDPR)

• Performance of a contract (Art. 6(1)(b)): processing orders, managing your account, customer service.
• Legal obligation (Art. 6(1)(c)): invoicing, tax obligations, warranties.
• Legitimate interests (Art. 6(1)(f)): improving the website, security, fraud prevention, and—where permitted—communications about products similar to those already purchased (with opt-out available).
• Consent (Art. 6(1)(a)): non-essential cookies (analytics/marketing), newsletters where required, remarketing and personalized advertising.

5) Recipients and Categories of Third Parties

We may share data with service providers who help us deliver our services, under contracts imposing confidentiality and security:

• E-commerce platform and modules (PrestaShop): store functionality.
• Payment gateways: secure payment processing (e.g., banks, card processors).
• Logistics and carriers: order delivery and returns management.
• Email and customer support services: communications and support.
• Analytics and marketing: Google Analytics, Google Ads/Tag Manager, reCAPTCHA; Facebook/Meta Pixel and other ad platforms.
• Technical and security providers: hosting, CDN, monitoring, fraud prevention.
• Public authorities and third parties where legally required or necessary to defend rights.

We do not sell your personal data.

6) Cookies and Similar Technologies

We use first-party and third-party cookies to make the site work, analyze usage and, with your consent, provide personalized advertising. When you visit the site for the first time, we will ask you to accept or configure your cookie preferences.

• Necessary cookies: essential for site operation and security (do not require consent).
• Preference cookies: remember your choices (language, region, etc.).
• Analytics cookies: help measure and understand site usage.
• Marketing/remarketing cookies: enable relevant ads and performance measurement.

You can update your choice at any time via our Cookie Preferences Center (if available) or in your browser settings.

6.1 Google (Analytics, Ads, Tag Manager, reCAPTCHA)

We may use Google services that employ cookies and/or identifiers:

• Google Analytics: website analytics. You can opt out using the Analytics Opt-out Add-on and manage ads in Ads Settings. More info: Google Privacy Policy.
• Google Ads (incl. Remarketing) and Tag Manager: conversion measurement and ad personalization, subject to your consent.
• reCAPTCHA: protects forms from automated abuse. Use is subject to Google’s Privacy Policy and Terms of Service.

6.2 Facebook/Meta (Meta Pixel and Business Tools)

We may use the Meta Pixel and other Meta Business Tools to measure conversions and build audiences. This may involve cookies and/or sending identifiers to Meta to show you personalized ads, in line with your consent. You can manage your ad preferences in your Facebook account: Ad Settings and Ad Preferences.

7) Data Retention

• Account and orders: for the duration of the contractual relationship and as needed to meet responsibilities (e.g., warranties). Billing data: for legally applicable periods (e.g., tax obligations).
• Marketing: until you withdraw consent or object to receiving marketing.
• Analytics and cookies: according to the lifetime indicated in our consent panel or provider/browser settings.
• Security and fraud: as long as necessary to investigate and mitigate incidents.

8) International Transfers

Some providers may be located outside the EEA. Where data are transferred to countries without an adequacy decision, we will apply appropriate safeguards (e.g., Standard Contractual Clauses) or request your explicit consent where applicable.

9) Security

We implement reasonable technical and organizational measures to protect your data (access control, encryption in transit, internal policies). No system is 100% invulnerable, but we work to minimize risks.

10) Your Rights (GDPR)

As a user, you can exercise the following rights over your personal data:

• Access your data and information about its processing.
• Rectification of inaccurate or incomplete data.
• Erasure (“right to be forgotten”), in the cases provided by law.
• Restriction of processing in certain circumstances.
• Objection to processing based on legitimate interests (including profiling) and to direct marketing.
• Portability where processing is based on consent or a contract and carried out by automated means.
• Withdraw consent at any time, without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with your supervisory authority. In Italy: Garante per la protezione dei dati personali.

11) How to Exercise Your Rights

Send your request to info@gattilux.com or by post to the address in Section 1. To protect your account, we may request additional information to verify your identity. We respond within the statutory time limits.

12) Children’s Privacy

Our services are not directed to children under 16. If you believe a child has provided us with data without authorization, please contact us so we can delete it.

13) Third-Party Links

Our site may include links to third-party sites. We are not responsible for their privacy practices; please review their policies before providing data.

14) Changes to This Policy

We may update this policy to reflect legal, technical, or business changes. We will publish the updated version with its effective date.

15) Contact

For any questions about this policy or your personal data:

Gatti Luxury
Via Marsala 101/103
San Benedetto del Tronto
63074 (AP), Italy
Phone: +39 0735 561933
Email: info@gattilux.com

Annex: Cookie Preferences

If this site provides a Cookie Preferences Center, you can open it from the initial banner or a permanent link in the footer. There you can:

• View active cookie categories.
• Enable/disable non-essential cookies (analytics and marketing).
• Get more information about each provider.

You can also manage cookies directly in your browser (check your browser’s help to block/delete cookies).

Note: This site may be protected by Google reCAPTCHA; Google’s Privacy Policy and Terms of Service apply.