Information pursuant to art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council

Minoronzoni Srl, owner of the The Gallery Italy brand, wishes to inform you that, pursuant to art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council concerning the protection of individuals with regard to the processing of personal data (hereinafter ” European Regulation “), needs to proceed with the processing of some personal data collected automatically or provided by browsing or using the website (hereinafter the ” Website “).

This Privacy Notice, therefore, refers exclusively to the Website and does not also apply to other sites, pages or  online services that can be reached via  hypertext links  that may be published within it.


The Data Controller is  Minoronzoni Srl in the person of its legal representative, domiciled at the registered office in Via Enrico Fermi, 24036 Ponte S. Pietro (BG)  (hereinafter the “Data Controller ”).


The Data Processor is IBOX in the person of its legal representative, domiciled at the registered office of Centro Galleria 1, via Cantonale, 6928 Manno, Switzerland (hereinafter ” Data Processor “) designated by the Data Controller with an Agreement pursuant to art. 28 of the European Regulation signed on 15/10/2018. This designation agreement is a consequence of the Services Agreement for the exclusive management of the e-commerce site The Gallery Italy (hereinafter  “Services Agreement” ), trademark of the Owner, signed on 15/10/2018 between Minoronzoni Srl and IBOX SA . 

The  Service Agreement  provides that the Data Processor, hosts the contents of the Website, carries out all the monitoring and analysis functions of the same, provides technical and organizational services functional to the aforementioned purposes, maintains the customer database, takes care of marketing, communication and managing emailing, market analysis, surveys, promotions, sales, complaints, returns, invoicing, transactions, providing assistance to the user also through the Call Center and carrying out automated processing relating to user profiling, only with the explicit authorization of the same, and according to the instructions given by the Data Controller.


To allow the use of the Website and its services, the Data Controller needs to know and process some of your personal data. In particular, when browsing or purchasing on the Website, Minoronzoni Srl processes the following personal data (hereinafter, collectively, ” Services “):

– to purchase the products on the Website: email, name, surname, address, telephone number, billing address;

– to subscribe to the newsletter: email address, name, surname, day and month of birth;

– to use the Call Center assistance services: the personal data that will be communicated to provide the requested assistance;

– to register in the personal area ” my account “: name, surname, email, password.

For the simple navigation of the Website, however, the types of data processed and the relative specific information for “cookies” are specified below.

Navigation data

The IT systems and software procedures used to operate IBOX SA acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes the IP addresses or domain names of the computers used by users who connect to the Website, the URI ( Uniform Resource Identifier ) ​​addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.

These data, necessary for the use of the Website, are processed for the sole purpose of obtaining statistical information on the use of the services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.) and to check the correct functioning of the services offered.

The navigation data do not persist for more than seven days and are deleted immediately after their aggregation, without prejudice to the possible need for the investigation of crimes by the judicial authority.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of e-mail messages, as well as the compilation and forwarding of the forms on the Website and / or the sending of your  curriculum vitae  entail the acquisition of the sender’s e-mail address, necessary to respond to your requests, as well as any other personal data included in the e-mail message, in the forms or in your  curriculum vitae , if attached.

In particular, users who intend to submit their application and curriculum vitae through the Website  are invited from now on to pay the utmost attention to its content, not including for any reason any type of personal data belonging to it. particular categories, or personal data suitable for revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as data relating to health or sexual life or sexual orientation.


The Website uses the following types of cookies.

– Technical cookies

Technical and session cookies are used, i.e. small text files containing a certain amount of information exchanged between the Website and the terminal (or rather with the  browser  used), which allow the correct functioning and use of the same. No persistent cd cookies of any kind are used. 

– Analytical cookies

Analytical cookies created and made available by a third party, namely Google Analytics, are used. This is done for mere internal statistical analysis of access, to improve the Website and simplify its use, as well as to monitor its correct functioning. The Data Controller has in any case adopted the most suitable tools to minimize the identification power of this type of cookie. Google Analytics publishes   its cookie policy here .

– Profiling cookies

Profiling cookies are used. These cookies are not essential, but they help us to personalize and improve your experience on the Website. For example, they help us to point you to the Store closest to your location, to know and remember your preferences and to show relevant and personalized advertisements. . They also allow us to limit the number of times each advertisement is shown, measure the effectiveness of the advertising campaign, remember the visit and share the collected data with third parties, such as advertisers.

The elimination of these cookies, therefore, although it does not affect the general usability of the Website, could still lead to a limitation of some functions. 

– Third party cookies

Third parties can also install cookies on your device. We do not control the use of third party cookies and, therefore, we are not responsible for their use. Third parties have their own privacy policies and data collection methods. Below is the list of third-party cookies used: 


Facebook –

Instagram –

Twitter –


Pingdom –




To withdraw consent to these cookies, you can refer to the following sites:  or


Options regarding the use of cookies by the site through the browser settings

However, the delivery of all cookies can be deactivated by changing your browser settings. It should be noted, however, how intervening on these settings could make the Website unusable if the cookies essential for the provision of our services are blocked. However, each browser has different settings for disabling cookies. The links to the instructions for the most common browsers are here  Apple Safari ,  Google Chrome ,  Microsoft Internet Explorer ,  Mozilla Firefox ,  Opera .



Any telephone calls to the Call Center numbers indicated on the Website may involve the processing of the personal data of the caller, in order to provide the services requested by the same, such as, by way of example, personal data useful for the management of requests for returns or assistance. after sales. The finalization of electronic transactions may involve the acquisition of the credit card data of its customers, which will be treated with all the necessary precautions required by sector legislation. Minoronzoni Srl can also make use of third party call centers that operate, always in full compliance with the privacy legislation, with a specific service contract on behalf of the Data Controller, as Data Processors pursuant to Article 28 of the European Regulation.


The personal data that the Data Processor is in possession of are exclusively those provided when browsing the Website and during the use of the Services offered on this site. 

Personal data are processed for the following purposes:

  1. conclude and execute the purchase contract for the goods offered through the Website. The provision of your personal data for this purpose is mandatory, as, in the event of failure to provide it, IBOX SA would not be able to process your order and therefore you cannot purchase any of our products.

The legal basis on which the processing is based is the need to execute a contract to which you are a party and the need to fulfill legal obligations.

  1. Allow the registration to the personal area ” my account ” within the Website and the use of the services reserved for registered users. The provision of your personal data for this purpose is optional. However, in the absence of such consent, it will not be possible to use the convenience and all the services offered to you through the personal area.

The legal basis on which the processing is based is your explicit consent to the processing of personal data.

  1. Manage requests forwarded to the Call Center. The provision of your personal data for this purpose is optional. However, in the absence of such consent, it will not be possible for IBOX SA to process the requests it decides to make to our Call Center.

The legal basis on which the processing is based is your explicit consent to the processing of personal data.

  1. Send your curriculum vitae for any working collaborations. The provision of your personal data for this purpose is optional. However, in the absence of such consent, it will not be possible for Minoronzoni Srl to collect and evaluate your spontaneous application.

The legal basis on which the processing is based is your explicit consent to the processing of personal data.

  1. Send commercial and promotional communications containing commercial offers of products and services similar to what you have already purchased (” soft spam “) using the email address provided at the time of the previous purchase. The provision of your personal data for this purpose is however optional and you can withdraw it at any time.

The legal basis on which the processing is based is the legitimate interest of the Company to develop relationships with its customers and increase the volume of sales of products in which you have already expressed an interest.

  1. Subject to your express consent, use your email address to send commercial communications about our products and services, updating you on news, new arrivals, exclusive products, our offers and promotions. The provision of your personal data for this purpose is optional. However, in the absence of such consent, it will not be possible for Minoronzoni Srl to keep it constantly updated on offers and promotions reserved for our customers.

The legal basis on which the processing is based is your explicit consent to the processing of personal data.

  1. Subject to your express consent, use your email address to propose advances and commercial offers in line with your tastes and purchasing preferences. This personalization will be carried out by analyzing previous purchases and other information described in the previous paragraph ” Definition and type of personal data processed “. The provision of your personal data for this purpose is optional. However, in the absence of such consent, it will not be possible for IBOX SA to send you offers in line with your tastes and preferences.

The legal basis on which the processing is based is your explicit consent to the processing of personal data.

Personal data may be processed both through IT tools and on paper.


The Data Controller intends to keep personal data for a period of time not exceeding that necessary to achieve the purposes for which they were collected and processed. On the instruction of the Data Controller, the same criterion will be applied by the Manager. 

With this in mind, in compliance with the regulatory provisions in force, including the accounting one, IBOX SA Data Processor, will keep your personal data acquired through the sale of its products for a period not exceeding 10 years. Subsequently, it will arrange for their cancellation, or for their transformation into anonymous form in a permanent and non-reversible way.

With regard to the processing of your personal data for direct marketing purposes, if it has been explicitly authorized by you, in compliance with the regulatory requests and with the General Provision of the Guarantor for the protection of personal data adopted on 24 February 2015, Minoronzoni Srl has established to provide for the cancellation of your personal data processed for direct marketing purposes within 24 months of their registration. The personal data processed for profiling purposes, on the other hand, will be deleted after 12 months from registration.

With regard to other personal data, not being able to accurately determine the retention period of your personal data, the Data Controller undertakes from now on to inspire the processing of your personal data to the principles of adequacy, relevance and data minimization, so as required by the European Regulation, annually verifying the need for their conservation. Therefore, once the purposes for which they were collected and processed have been achieved, we will remove them from our systems and registers and / or we will take appropriate measures to make them anonymous, so as to prevent you from being identified. 

This, without prejudice to the case in which we need to keep such data to fulfill regulatory obligations, or to ascertain, exercise or defend our right in court.


The personal data processed will not be disclosed to third parties. However, they may become aware of your personal data in relation to the processing purposes set out above:

  • the subjects who can access the data by virtue of the law provided for by the law of the European Union or that of the Member State to which the Data Controller is subject;
  • the subjects who carry out, within the borders of the European Union, in total autonomy, as separate Data Controllers, or as Data Processors appointed for this purpose by Minoronzoni Srl purposes auxiliary to the activities and services referred to in paragraph 4., i.e. banking operators, internet providers, couriers and shippers, companies that carry out marketing activities, companies that offer IT infrastructures and IT assistance and consultancy services as well as design and implementation of software and websites, law firms, companies that offer services useful for personalizing and optimizing our services, companies that offer data analysis and development services (including those relating to user interactions with our services), service centers,companies or consultants appointed to provide additional services to the Data Controller, within the limits of the purposes for which they were collected;
  • the issuer of the credit card used by you, the service providers for the anti-fraud control connected to the payment process and (where necessary) for the activation of the anti-fraud control procedure. 

Furthermore, our employees as well as that of the Data Processor may also become aware of your personal data, provided that they are previously designated as a subject acting under the authority of the Data Controller pursuant to art. 29 of the European Regulation or as System Administrator.

Any communication of your personal data will take place in full compliance with the provisions of the law provided for by the European Regulation and the technical and organizational measures prepared by the Data Controller to ensure an adequate level of security.


For the provision of its Services, the Data Controller may transfer personal data to third countries. In this case, we undertake to: 

  • make sure that the country to which your personal data will be sent guarantees an adequate level of protection, as required by Article 45 of the General Data Protection Regulation (“GDPR”); or
  • use the standard contractual personal data protection clauses approved by the European Commission for the transfer of personal information outside the EEA (these are the clauses approved under Article 46.2 of the GDPR); or
  • make sure, if we were to transfer your personal data to the United States, that the third party is registered with the Privacy Shield.

For more information on the rules for data transfers to third countries, click  here .


The Data Processor, following the instructions given by the Data Controller, does not use automated decision-making processes, including the profiling referred to in Article 22, paragraphs 1 and 4, of the European Regulation, without his consent. If you consent to profiling, the data you provide may be used to analyze or predict preferences and behaviors, and to detect your GPS location, in order to be able to customize the content of commercial communications and offer only products and offers dedicated to you and in in line with his tastes and preferences.

In particular, the following could be detected and analyzed:

  • the number and type of requests for information on the products on the Website over the last 12 months;
  • the number and type of expenses incurred for products on the Website over a 12-month period;
  • number and type of visits to the Website over a predetermined time horizon, including through profiling cookies.

In relation to the processing of your personal data, pursuant to the European Regulation, the interested party has the right to:

  • withdraw consent to processing at any time. It should be noted, however, that the withdrawal of consent does not affect the lawfulness of the processing based on consent before the withdrawal, as required by art. 7, paragraph 3, of the European Regulation;
  • ask the Data Controller for access to personal data, as required by art. 15 of the European Regulation;
  • obtain from the Data Controller the rectification and integration of personal data deemed inaccurate, also by providing a simple supplementary declaration, as required by art. 16 of the European Regulation;
  • obtain from the Data Controller the cancellation of personal data if there is even just one of the reasons provided for by art. 17 of the European Regulation;
  • obtain from the Data Controller the limitation of the processing of personal data if one of the hypotheses provided for by art. 18 of the European Regulation;
  • receive from the Data Controller the personal data concerning you in a structured format, commonly used and readable by an automatic device, as well as having the right to transmit such data to another data controller without impediments, as required by art. 20 of the European Regulation;
  • oppose at any time, for reasons connected with your particular situation, to the processing of personal data carried out pursuant to art. 6, paragraph 1, letters  e)  or  f) , including profiling on the basis of these provisions, as required by art. 21 of the European Regulation;
  • not be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you, if you have not previously and explicitly consented, as required by art. 22 of the European Regulation. By way of example and not limited to, this category includes any form of automated processing of personal data aimed at analyzing or predicting aspects concerning consumption and purchase choices, the economic situation, interests, reliability, behavior;
  • propose a complaint to a supervisory authority (art.77) or take appropriate judicial offices (art.79), if you believe that the treatment that concerns you violates the European Regulation. The complaint can be lodged in the Member State in which he habitually resides, works or in the place where the alleged violation has occurred.

To exercise each of your rights, you can contact the Data Controller, in the person of the legal representative, by sending a communication to providing the following personal data:

– Name, surname and postal address;

– Details of the request;

– Purchase code;

– Photocopy of a valid identity document.


It is explicitly forbidden for minors under the age of sixteen (16) to use the services provided through the Website. In consideration of the technologies available and the services provided, IBOX SA has established systems for verifying personal data to ascertain that consent to the processing of personal data of the minor is provided or authorized by the person exercising parental authority. By registering or purchasing on the Website, you confirm that you have reached the age of majority in your country of residence.