1. Data Controller
Venetian Murano Glass is the data controller responsible for your personal data. We are a company incorporated under Italian law, operating from the island of Murano, Venice, Italy.
Our registered contact for data protection matters is: Venetian Murano Glass, Murano, Venice, Italy. Email: info@venetianmuranoglass.com
All references in this policy to "we", "us" or "our" refer to Venetian Murano Glass as data controller.
2. Personal Data We Collect
When you interact with our website or place an order, we may collect the following categories of personal data:
- Identity data: first name, last name, title
- Contact data: email address, telephone number, delivery and billing address
- Transaction data: details of purchases, payment method type, order history
- Technical data: IP address, browser type and version, time zone, operating system
- Usage data: information about how you navigate and use our website
- Marketing data: your preferences for receiving communications from us
We do not collect any special category personal data (such as health, racial or ethnic origin, or biometric data).
3. How We Collect Your Data
We collect data through the following means:
- Direct interactions: when you create an account, place an order, sign up for newsletters, or contact us
- Automated technologies: as you browse our website, we automatically collect technical data via cookies and similar technologies
- Third parties: we may receive data from payment providers (Shopify Payments, PayPal), shipping partners, and analytics services (Google Analytics)
4. Legal Bases for Processing
We process your personal data only where we have a valid legal basis under Article 6 of GDPR. The legal bases we rely on are:
- Performance of contract (Art. 6(1)(b)): to process and fulfil your order, arrange delivery, and manage returns
- Legal obligation (Art. 6(1)(c)): to comply with tax, accounting and consumer protection laws
- Legitimate interests (Art. 6(1)(f)): to improve our services, prevent fraud, and maintain IT security
- Consent (Art. 6(1)(a)): for marketing communications and non-essential cookies — you may withdraw consent at any time
5. How We Use Your Data
We use your personal data for the following purposes:
- Processing and fulfilling your order, including arranging delivery and issuing invoices
- Managing returns, refunds and after-sales support
- Sending order confirmation, shipping updates and customer service communications
- Sending marketing communications where you have opted in (you may unsubscribe at any time)
- Improving our website and the quality of our products and services
- Preventing fraud and ensuring the security of our platform
- Complying with our legal and regulatory obligations
6. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse site usage.
We use the following types of cookies:
- Strictly necessary cookies: required for the website to function (e.g. shopping cart, session management). These cannot be disabled.
- Analytics cookies: help us understand how visitors use our website (e.g. Google Analytics). These are only placed with your consent.
- Marketing cookies: used to deliver relevant advertising. These are only placed with your consent.
You can manage your cookie preferences at any time via your browser settings or our cookie preference centre.
7. How We Share Your Data
We do not sell your personal data. We share data only where necessary with the following categories of recipients:
- Payment processors: Shopify Payments, PayPal, Stripe — to process your payment securely
- Logistics partners: specialist art logistics companies — to deliver your order
- Shopify Inc.: as our e-commerce platform provider, Shopify processes data on our behalf as a data processor
8. International Data Transfers
Some of our service providers are based outside the European Economic Area (EEA). Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions issued by the European Commission
- Binding Corporate Rules where applicable
Shopify Inc. is based in Canada, which has received an adequacy decision from the European Commission. All other international transfers rely on Standard Contractual Clauses.
9. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting and reporting obligations.
- Order and transaction data: retained for 10 years to comply with Italian fiscal and commercial law obligations
- Customer account data: retained for the duration of your account plus 2 years after last activity
- Marketing data: retained until you unsubscribe or withdraw consent
- Technical and analytics data: retained for a maximum of 26 months
When data is no longer required, it is securely deleted or anonymised.
10. Your Rights Under GDPR
As a data subject under GDPR (EU 2016/679) and Italian privacy law (D.Lgs. 196/2003 as amended), you have the following rights:
- Right of access (Art. 15): you may request a copy of the personal data we hold about you
- Right to rectification (Art. 16): you may request correction of inaccurate or incomplete data
- Right to erasure (Art. 17): you may request deletion of your data in certain circumstances
- Right to restriction (Art. 18): you may request that we limit how we process your data
11. How to Exercise Your Rights
To exercise any of your rights, please contact us at info@venetianmuranoglass.com with the subject line "Data Subject Request".
We will respond to your request within one month of receipt, free of charge. We may need to verify your identity before processing the request.
If you are not satisfied with our response, or believe we are processing your data unlawfully, you have the right to lodge a complaint with the Italian Data Protection Authority: Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Roma, Italy.
12. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration or disclosure.
These measures include:
- SSL/TLS encryption for all data transmitted to and from our website
- Secure hosting via Shopify's PCI DSS-compliant infrastructure
- Access controls limiting data access to authorised personnel only
- Regular security reviews and updates
No method of transmission over the internet is completely secure. While we do our best to protect your data, we cannot guarantee absolute security. If you believe your data may have been compromised, please contact us immediately.
13. Children's Privacy
Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16.
If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at info@venetianmuranoglass.com and we will take steps to delete such data promptly.
14. Third-Party Links
Our website may contain links to third-party websites, including social media platforms and partner sites. These sites have their own privacy policies, which we do not control and are not responsible for.
We encourage you to read the privacy policy of any third-party website you visit from a link on our site.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will revise the "Last updated" date at the top of this page.
For significant changes, we will notify you by email (if we hold your email address) or by posting a prominent notice on our website.
We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes your acceptance of the updated policy.
For any questions about this Privacy Policy, please contact us at info@venetianmuranoglass.com.