Privacy Policy
Below we inform you that the service provider Galleria Mucciaccia S.R.L. (registered seat: Italy, Via Po, 12, 00198 Roma, Company Registration Number: P.IVA 08860151003) handles your personal data in the following ways and for the following purposes.
During data processing, we act in accordance with the relevant legislation – especially Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
This Privacy Policy covers the following website: https://mucciaccia.com/en/
We reserve the right to modify this Privacy Policy at any time, and any modifications become effective upon publication.
Data Controller
- Name: Galleria Mucciaccia S.R.L.
- Registered Seat: Italy, Via Po, 12, 00198 Roma
- E-mail: roma@mucciaccia.com
- Phone Number: +39 06.69923801
Legal Bases of Data Processing
- Performance of a contract (GDPR Article 6(1)(b))
- Compliance with a legal obligation (GDPR Article 6(1)(c))
- Legitimate interests of the controller or a third party (GDPR Article 6(1)(f))
- Consent of the data subject (GDPR Article 6(1)(a))
- Public interest or exercise of official authority (GDPR Article 6(1)(e))
- Fulfillment of accounting and tax obligations (e.g., GDPR Article 6(1)(c), other relevant national legislation)
- Enforcement of legal claims or defenses (GDPR Article 6(1)(f))
Data Processed During Use of the Website:
| Processed Data | Purpose of Processing |
| fulfillment of orders, contact forms, newsletter, remarketing, analytics | |
| name | fulfillment of orders, contact forms, newsletter, analytics |
| phone number | fulfillment of orders, remarketing |
| address | fulfillment of orders, analytics |
| purchase history | fulfillment of orders, remarketing |
| device | remarketing, analytics |
| behavior | remarketing, analytics |
| IP address | remarketing, analytics |
| browser | remarketing |
| search terms | remarketing |
Hosting Provider Information
The data is processed and stored by the following hosting provider for the operation of the service.
- Provider Name: Serverplan
- Address: Via Giacomo Leopardi 22, 03043, Cassino Fr, ITALY
- E-mail: dpo@messaggipec.it
- Website: https://www.serverplan.com/
Data Processors
We use external data processors to carry out certain data processing tasks. Data processors may only process the data in accordance with the contract concluded with us and the relevant legislation.
- Google Analytics– Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Purpose: analytics.
Range of processed data: device, behavior, IP address. - Google Pay– Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Purpose: analytics.
Range of processed data: e-mail, name, device, behavior, IP address, address.
Remarketing Activities
In the scope of the service provider’s marketing activities, we may collaborate with external partners (e.g., displaying ads). We only transfer data to these partners with the data subject’s explicit consent.
- Google Ads– 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”
Processed data: e-mail, device, behavior, IP address, phone number, browser, purchase history, search terms. - YouTube Ads– 901 Cherry Ave, San Bruno, CA 94066, USA; “Google LLC”
Processed data: e-mail, device, behavior, IP address, phone number, browser, purchase history, search terms.
Cookies
While browsing the website, so-called cookies may be placed on the user’s computer. These cookies contain technical information, and their primary purpose is to ensure convenient, personalized browsing. However, the site may also use cookies for analytics, remarketing, or media elements.
Essential
Essential cookies and services enable basic functions and are necessary for the proper functioning of the website. These cookies and services do not require user permission according to GDPR.
Required
These cookies and services are necessary for the proper functioning of the website, but their use requires user consent. These may include, but are not limited to: payment gateways, captcha services, embedded booking services.
Analytics
Statistics cookies collect usage information, enabling us to gain insights into how our visitors interact with our website.
Marketing
Marketing services are used by third-party advertisers or publishers to display personalized ads. They do this by tracking visitors across websites.
Media
These cookies and services are necessary to display certain media elements, such as embedded videos, maps, social media posts, etc.
Other services
This category includes all cookies, domains, and services that do not fall into the other specified categories or have not been explicitly categorized.
Cookies Used on This Website
| Cookie Name | Purpose |
| mhcookie | essential |
| _ga | analytics |
| et_* | essential |
| et-pb-recent-items-colors | essential |
| map_consent_status | analytics |
| map_cookie_15 | unknown |
| map_cookie_33 | unknown |
| map_cookie_400 | unknown |
| map_accepted_all_cookie_policy | unknown |
| wp-settings-* | essential |
| wp-settings-time-* | essential |
| wordpress_logged_in_* | essential |
| sbjs_migrations | analytics |
| sbjs_current_add | analytics |
| sbjs_first_add | analytics |
| sbjs_current | analytics |
| sbjs_first | analytics |
| sbjs_udata | analytics |
| et-editor-available-post-* | essential |
| wp-wpml_current_admin_language_* | essential |
| wp-wpml_current_language | essential |
| sbjs_session | analytics |
| _ga_* | analytics |
| perf_* | unknown |
| et-saved-post* | unknown |
| cbLDBex | unknown |
| _dd_s | unknown |
| dd_cookie_test_43ad0c50-1e95-49da-a54f-0335edf8ff72 | unknown |
| dd_cookie_test_9572a85c-d61b-4662-81d8-f19650ee1602 | unknown |
| woocommerce_items_in_cart | essential |
| woocommerce_cart_hash | essential |
| wp_woocommerce_session_* | essential |
| mp_*_mixpanel | analytics |
| wordpress_test_cookie | essential |
| SLO_GWPT_Show_Hide_tmp | unknown |
| SLO_wptGlobTipTmp | unknown |
| cbLDB | unknown |
| ssm_au_c | unknown |
| uaval | unknown |
| appval | unknown |
| et-editing-post-* | unknown |
| et-recommend-sync-post-* | unknown |
| sessionId | essential |
| dd_cookie_test_c5deefb1-889b-4860-92a3-e65143973d80 | unknown |
| dd_cookie_test_ac5415b6-5a78-45d3-bb0a-b3eb5bc1c2ae | unknown |
| _tea_utm_cache_10000007 | unknown |
| dd_cookie_test_c0af5a1b-8679-43cd-b247-921a72709b23 | unknown |
| dd_cookie_test_47f61564-5c33-427d-9047-10db9b1c7ac0 | unknown |
| SL_G_WPT_TO | unknown |
| SL_GWPT_Show_Hide_tmp | unknown |
| SL_wptGlobTipTmp | unknown |
| et-reloaded-post-* | unknown |
Users can regulate or disable the use of cookies in their browser settings; however, this may affect certain functions of the site.
Data of Minors
Our service is not specifically directed at minors under the age of 16. If we do collect and process data of minors, we do so only if the law prescribes consent or parental/guardian authorization.
Parents and guardians may request the modification or deletion of any recorded data about themselves or the minors under their supervision at any time.
Contact Forms
The forms on the website record the data voluntarily provided by the user, which we use for contact or case handling.
- name
Newsletter and Marketing Communications
By subscribing to our newsletter or other marketing communications, you consent to receiving notifications (promotions, news, etc.) at the provided contact details. You can unsubscribe or withdraw your consent at any time.
Data processed in case of newsletter subscription
- name
Data Retention Periods
We only store data for the necessary period or for the deadlines prescribed by the relevant legislation. After that, the data is deleted or anonymized.
Data Transfer to Third Parties
We only transfer your data to third parties if you have explicitly consented to this, or if it is required by law or an authority order.
Data Security Measures
During data processing, both the data controller and the data processor employ organizational and technical protection measures that take into account modern technological possibilities and the nature of data processing (purpose, scope, circumstances), as well as the varying degrees of risk faced by natural persons. These safeguards aim to maintain data protection proportionate to the risks continuously.
These measures may include data encryption, maintaining the availability, confidentiality, and integrity of systems and services, and ensuring sufficient resilience. We pay particular attention to restoring the availability of and access to data as soon as possible in the event of any physical or technical incident.
By regularly reviewing and testing security measures, we ensure that the guarantees provided are not merely theoretical but actually provide an adequate level of protection in practice. We store data so that unauthorized persons cannot access it; for this purpose, paper-based documents are kept in a closed, secure environment, while electronic data is accessible only to persons with properly regulated access rights.
We also ensure that data can be deleted in a way that makes it impossible to restore once the retention period has ended or for any other reason that makes deletion necessary. In the case of paper-based documents, destruction is carried out using a specialized shredder or by involving an external partner specializing in this. When decommissioning or scrapping electronic media, we also ensure that data is irretrievably removed.
Protection of Paper-Based Documents
We provide physical protection for printed data to ensure secure, dry storage and adequately lockable rooms. Only authorized personnel have access to these documents. If the paper-based documents are also digitized, the rules for digital processing apply to them. Anyone handling data must not leave the work area without ensuring that the materials entrusted to them are locked and protected from unauthorized access.
The building and rooms where paper-based records are located have adequate fire and property protection systems, thus reducing the possibility of physical damage.
IT Protection
The computers and mobile devices involved in data processing are equipped with appropriate antivirus protection and access control. To secure the electronically stored information, we apply up-to-date backups and archiving solutions, ensuring these backups are accessible if needed.
Only authorized individuals with defined authorization levels can connect to the central server. The computers used for work and the data stored on them are protected by passwords and other access-protection measures against unauthorized access.
Management and Reporting of Data Protection Incidents
If an event occurs that threatens personal data with unauthorized access, damage, or loss, we immediately take steps to further protect the affected data and mitigate damages. If the situation suggests that the incident poses a significant risk to individuals’ rights or freedoms, we notify the affected individuals without undue delay, explaining the nature of the incident in understandable terms, as well as the measures we have taken or plan to take to address it.
We may omit notifying the affected individuals if we have previously implemented security solutions (e.g., encryption) that render the personal data unintelligible to unauthorized persons, or if further measures significantly reduce the probability of risk. In some cases, public disclosure may suffice instead of direct notification if individual notification would involve disproportionate effort.
In accordance with applicable regulations, if a data protection incident occurs that is likely to result in a risk to the rights and freedoms of natural persons, the data controller reports it to the competent supervisory authority within 72 hours of becoming aware of it. If the notification is made beyond this period, the reasons for the delay must also be provided.
User Rights
As a data subject (user), you have the following rights regarding the processing of your personal data:
- Right of access (GDPR Article 15)
You can find out whether we store information about you, and if so, what details, and you can request information about the purpose, legal basis, and other relevant circumstances of data processing. - Right to rectification (GDPR Article 16)
You have the right to request the correction or completion of inaccurate or incomplete data. - Right to erasure (“right to be forgotten”) (GDPR Article 17)
If the data is no longer needed or if the legal conditions for erasure are met, you can request that it be deleted as soon as possible. - Right to restriction of processing (GDPR Article 18)
In certain cases, you can request that we only store the data and not use it otherwise (for example, if you dispute the accuracy of the data but do not want them to be deleted immediately). - Right to data portability (GDPR Article 20)
You have the right to receive the data we hold about you in a machine-readable format, or to request that we transfer it to another service provider if technically feasible. - Right to object (GDPR Article 21)
You may object to the further processing of your personal data if you believe that our legitimate interests (or any other legal basis) do not sufficiently justify such processing.
To exercise these rights, please contact us (e-mail: roma@mucciaccia.com). We strive to respond to incoming requests as quickly as possible. Typically, we will respond within one month of receiving your request, but if necessary—e.g., if the request is complex—this period may be extended by a further two months. We will inform you of the reasons for the extension within that initial one-month period.
If we cannot fulfill your request, we will also inform you of this and the reasons why within the above deadline. In this case, you have the right to lodge a complaint with the supervisory authority or seek judicial remedy.
Complaints and Remedies
If you believe there has been an abuse of your personal data, you can make an official report at the following contact details:
- E-mail: roma@mucciaccia.com
- By post: Italy, Via Po, 12, 00198 Roma
We thoroughly investigate incoming complaints and inform you about the results of our investigation and any measures taken. If there is no specific time period prescribed by law for handling complaints, then at least once every three years, we review how the investigation of complaints and our process meet the purpose of data processing and the applicable legal requirements.
You are also entitled to file a complaint with the competent data protection authority:
- Authority Name: Garante per la protezione dei dati personali
- Address: Piazza Venezia 11, 00187 Roma, Italy
- Phone: +39-06-69677-1
- E-mail: protocollo@gpdp.it
Date of last update: 26 February 2025
