Privacy policy


Art. 13 of the EU Regulation no. 2016/679 (General Data Protection Regulation – EU GDPR)

Data Controller

The Data Controller is the company Gianluca Gariboldi S.r.l., Taxpayer Identification Number and VAT no. 04044410134, having its registered office at 2 Via Monte Grappa, 23876 Monticello Brianza (LC) Italy, Economic and Administrative Index No. 415727, e-mail: telephone number: +39 339 782 9974, The legal representative of the company shall act as the Data Controller of the personal data of the users accessing and registered on the website and e-shop management site located at , The data subject may contact the aforementioned company to enforce the rights set out by the EU Regulation no. 2016/679 of 27 April 2016. The Data Controller can be contacted by telephone at the number +39 339 782 9974 or by electronic mail at the address

 Personal data

The personal data of the client (hereinafter, “Client”) that will be collected are the following (hereinafter, “Personal Data”):


The services provided through the Website are reserved for subjects of at least 18 years of age. The personal data of children under the age of 18 shall not be collected by the Data Controller. In case the Client is a legal entity, in addition to the aforementioned data (hereinafter, “Personal Data”), the Data Controller will collect also non personal data concerning the company, which include but are not limited to the company name, the VAT number, and the address of the registered office.

The Client shall be liable for the completeness and truthfulness of the Personal Data; therefore, the Client shall indemnify and keep the Data Controller indemnified from and against any liability towards third parties.

Purposes and legal basis of the data processing

Pursuant to the obligations set out by the regulations in force, the Data Controller may collect the Personal Data and process them for the following purposes:


Provision of Personal Data

The Personal Data provided pursuant hereto are strictly instrumental to the aforementioned purposes. The provision of Personal Data for the purposes a) and b) above is always voluntary; however, failure to provide such Personal Data will result in the impossibility of performing the contractual agreements. Concerning the Compliance purpose set out at paragraph c) above, the legal basis of the provision of the Personal Data is the mandatory compliance with a legal obligation of the Data Controller. Concerning the provision of Personal Data for the purpose of Direct Marketing, as set out at paragraph d) above, the processing of personal data is based on the legitimate interest of the seller.

Processing method

The Personal Data may be processed manually, electronically, or through telecommunication means, based on management and processing methods strictly related to the purposes of the processing, which anyhow shall guarantee the security, the integrity, and the confidentiality of the data in compliance with the organizational, physical, and procedural measures provided for by the regulations in force.

The data shall be processed in full compliance with the principles of correctness, lawfulness, and transparency, protecting in any moment the confidentiality and rights of the data subject pursuant to the regulations in force.

The Data Controller represents and guarantees that the Personal Data provided by the Client shall be processed according to the strictest confidentiality and protection standards, and that the adequate technical and organizational security measures will be implemented to prevent the unauthorized access to, or dissemination, loss, destruction, accidental or unlawful alteration of the Personal Data.

  Data retention

Pursuant to the regulations in force, the Personal Data may be kept for no longer than it is necessary for the purposes for which the personal data are collected and processed, and for allowing the Seller to defend its rights in case any dispute arises.

The Personal Data provided for the Services and Invoicing purposes and the obligations related thereto may be kept by the Data Controller for the whole duration of the contractual relationship and for further 10 (ten) years from the date in which the last invoice was recorded, pursuant to art. 2220 of the Italian Civil Code.

Data sharing with third parties

The Data Controller represents that the Personal Data may be shared with third parties, on which the Data Controller relies for pursuing the purposes of the processing, and more precisely:

  • Physical persons authorized by Gianluca Gariboldi S.r.l.  to process the Personal Data upon execution of their appointment as Data Processors;
  • Persons normally acting as data controllers. Such persons are appointed Data Controllers or data processors; therefore, they shall process the data in compliance with this Privacy Policy Statement;
  • Persons, entities, or authorities to which the Personal Data shall be communicated based on the Services provided by the Data Controller, or pursuant to legal provisions or orders of the authorities related to compliance purposes

The Data Controller may not transfer the Personal Data outside the European Economic Area.

Rights of the data subject

Pursuant to the EU Regulation no. 2016/679, the data subject has the following rights:   


To exercise the aforementioned rights (hereinafter, jointly the “Rights”), the Client may send a written request to the following e-mail address:

Discover the exclusivity of Gianluca Gariboldi's fragrances

Sign up now for our newsletter to receive personalized updates and early access to a unique world of special fragrances.