Website Privacy Policy

Last updated: April 2024

The Italian Art Guide ( respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Website This policy is in compliance with the General Data Protection Regulation (GDPR), and industry best practices for data protection, privacy, and security.

1.    Information we collect
        1.1.  We may collect and process the following categories of personal information:
        1.2.   Personal Identification Information: Full name, date of birth, gender, and contact details.
        1.3.   Demographic Information: Address, preferences, and interests.
        1.4.    Financial Data: Payment details for transactions processed through our third-party payment processor, STRIPE.
        1.5.    Technical Data: IP address, browser type, and version, operating system.
        1.6.    Usage Data: Information about how you use our website and services.

2.    How we collect your data
        2.1.    Your personal data is collected through:
                  2.1.1.    User Sign-ups: When you register to use our Website.
                  2.1.2.    Newsletter Subscriptions: When you opt-in to receive our newsletter.
                  2.1.3.    Social Media Engagement: When you interact with our social media platforms.
                  2.1.4.    Service Payments: When you complete transactions on our Website through STRIPE.

3.    Use of your information
        3.1.    The Italian Art Guide will only use your personal data when the law allows us to. Most commonly, we use your personal data in the following circumstances:
                  3.1.1.    To register you as a new user.
                  3.1.2.    To manage and perform services to you.
                  3.1.3.    To comply with a legal obligation.
                  3.1.4.    Where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests.
4.    Sharing your personal data
       4.1.    To facilitate the smooth operation of our Website, enhance our business activities, and deliver superior service to our Users, we engage with select third-party service providers. These collaborations are essential solely for the functioning and management of our Website. It is our policy to share personal data with these providers under strict agreements for terms of service and privacy, ensuring that your information is handled with the utmost care and respect for your privacy.
        4.2.    Selection of Service Providers: In our commitment to uphold the highest standards of data protection and privacy and align with General Data Protection Regulations (GDPR) standards, we have meticulously selected third-party service providers based on their compliance with the General Data Protection Regulation (GDPR) and other data security protocols considered to be the industry standard. 
        4.3.    While we exert our best efforts to verify and ensure their ongoing adherence to GDPR principles, it’s important to note that continuous compliance monitoring falls beyond our direct oversight. Should we become aware of any deviation from GDPR compliance by our providers, we pledge to promptly inform our Users, and reassess our choice of providers to maintain the integrity of our data protection practices.
        4.4.    These third-party providers with whom we share your personal data with include:
                    4.4.1.    Website Hosting by We entrust our website hosting to, under the assurance that they adhere to GDPR compliance for the processing and storage of personal data on their servers.
                    4.4.2.    Newsletter Distribution via Brevo: For distributing our newsletters, we partner with Brevo, chosen for their representation of GDPR-compliant practices in managing and utilizing subscription data, including email addresses.
                    4.4.3.    Payment Processing through STRIPE: Our financial transactions are facilitated by STRIPE, a third-party payment processor known for its robust data protection measures in line with GDPR.
        4.5.    Our Commitment and Limitation: While we make a concerted effort to verify that our third-party service providers remain compliant with GDPR, the continuous assurance of their compliance is beyond our direct control. We engage in best efforts to monitor their practices, ensuring they align with our data protection standards.
        4.6.    Should we become aware of any compliance breach or failure to uphold GDPR standards by our service providers, we commit to promptly informing our Users of such incidents. Additionally, we will reassess our partnerships and, if necessary, transition to alternative providers who demonstrate full compliance with GDPR to ensure the continued protection of our Users’ personal data.
        4.7.    In the event of a known breach of GDPR compliance by our third-party service providers, we will take swift action to inform our Website Users of the breach’s nature and scope. We are dedicated to maintaining transparency with our Users, regarding the privacy and security of their personal data.
        4.8.    If you choose to register or access our services using third-party account credentials (e.g., Google Sign-In), we may receive personal information about you from the third-party based on your privacy settings on that service. The information we receive may include your name, email address, profile picture, and other information you choose to allow us to access. We use this information to support your account registration and to facilitate the login process. It is your responsibility to check your privacy settings in your third-party account to control what information is shared with us.
        4.9.    Please note that when you use a third-party login service, our use of the information we receive is governed by the privacy policy of the third-party provider of the login service, and your use of that third-party’s login service is subject to that third-party’s terms and conditions and privacy policy.

5.    Cookies and tracking technologies
       5.1.    Our Website employs cookies and similar tracking technologies to enhance user experience, gather useful site analytics, and tailor our offerings to better suit our Users’ preferences. This may include cookies for essential site functions, analytics to understand site usage, functionality cookies to remember User preferences, and targeting cookies to offer relevant [targeting/advertisements]. Users have the option to manage cookies through their browser settings, though this may affect their ability to utilize certain features of the site. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.
       5.2.    Types of Cookies We May Use:
                  5.2.1.    Essential Cookies: Necessary for the website to function and cannot be switched off in our systems.
                  5.2.2.    Analytical/Performance Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our website.
                  5.2.3.    Functional Cookies: Used to recognize you when you return to our website.
                  5.2.4.    Targeting Cookies: Record your visit to our website, the pages you have visited, and the links you have followed.
                  5.2.5.    Managing Cookies: You can manage your cookies preferences by adjusting the settings on your browser to refuse cookies or to alert you when cookies are being sent. However, if you do not accept cookies, you may not be able to use some portions of our Website.
      5.3.    Other Tracking Technologies: We may also use beacons, tags, and scripts to collect and track information and to improve and analyze our website.

6.  Compliance and cooperation with Regulatory Authorities
      6.1.    We comply with applicable legal frameworks regarding data protection and privacy, including the GDPR. 
      6.2.    In cases of personal data transfer across borders, we take measures to ensure that the data receives an adequate level of protection in the recipient country, in line with GDPR requirements. 
      6.3.    Should you have any inquiries or concerns about our privacy practices or wish to exercise your rights under the GDPR, please contact us at
      6.4.    We are committed to working cooperatively with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.

7.   Your rights under GDPR
      7.1.    Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to access, correct, erase, restrict processing, object to processing, and the right to data portability. If you wish to exercise any of the rights set out above, please contact us at

8.   Data breach procedures
      8.1.    In the unlikely event of a data breach, we will notify you and any applicable regulator of a breach where we are legally required to do so.

9.   Changes to our Privacy Policy
      9.1.    Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.
      9.2.    The date of last revision of the Privacy Policy is mentioned at the top of this page.

10. Contacting us about your data 
      10.1.    If you have any questions or concerns about how we handle your personal data, or if you wish to exercise any of your rights, please contact us at You also have the right to lodge a complaint with a supervisory authority if you believe we have not complied with the requirements of the GDPR or other data protection laws.
Dobroslawa Nowak
Via Parini 9
Milan, 20121

Contact details for third-party providers

●    For GoDaddy:
●    For Brevo:,
●    For Stripe:,