Privacy policy


This information disclosure is rendered to customers of GLAM LAB srl, whether they are individual persons or natural persons acting in the name and on behalf of legal person customers, in accordance with Article 13 of Legislative Decree dated 30 June 2003 n. 196 – “Personal Data Protection Code” and with Article 13 of GDPR
679/2016 – “European Regulation on personal data protection”.

Data Controller identity
Mr. Marco Baudraz is the Data Controller of any processing carried out by GLAM LAB srl, with registered and administrative office at via Giuseppe Garibaldi 18/4 – 10124 TORINO.
The Data Controller ensures security, confidentiality and protection of personal data in his possession, at any stage of its processing activity.

The DPO has not been appointed.

Data source

The processed data is what is provided by data subjects when:
• visiting the offices;
• interacting through the website;
• requesting information, also by email;
• making previous transactions.

Processing purpose

Tax obligations, organisational and bureaucratic fulfilments of required services. Negotiation and pre-contractual relationships management. Management of marketing activities, object of the business activities.
In the end, all personal data of the above-mentioned data subjects, will be entered in the Controller’s archive and used to send communications regarding products, services, innovations and promotions.

Legal basis

The legal basis is represented by the execution of a contract to which the data subject is a party, or the implementation of pre-contractual measures adopted in response to the data subject’s requests. Some processing is carried out for the legitimate interest of the Controller (promotion of its own business activities and pursuit of the statutory purpose).

Data recipients

Personal data processed by the Controller will not be disseminated, in other words indeterminate subjects will not gain knowledge of them, in any possible form, including the one made available to them or by mere consultation. It may be communicated, instead, to workers that are employed by the Controller and to some external parties that collaborate with them. It may also be communicated, within the strictly required limits, to subjects that for purchase fulfilment purposes, other requests or for the provision of services regarding the transaction or contractual relationship with the Controller, must provide goods and/or carry out services. To conclude, it may be communicated to persons authorised to access it pursuant to legal provisions, regulations or community legislations. In particular, based on roles and on fulfilled working tasks, some workers have been authorised to process personal data, within the limits of their competences and in compliance with instructions given to them by the Controller.

Transferring data

The Data Controller does not transfer personal data in third countries or to international organisations. However, he reserves the right to use services in cloud; in that case, service providers will be selected among those which provide appropriate guarantees, as provided for by Article 46 GDPR 679/16.

Data retention

The Data Controller retains and processes personal data for as long as is necessary to carry out the indicated purposes. Later, personal data will be retained, and not further processed, for as long as established by current provisions on civil and fiscal matters.

Revocation of consent

With reference to Article 23 of Legislative Decree 196/2003 and of Article 6 of GDPR 679/16, the data subject may revoke the possibly given consent at any time. However, the processing in question in this information disclosure is licit and permitted, even without agreement, as it is required for the execution of a contract to which the data subject is party (provision relationship) or the fulfilment of their requests.

Lodging a complaint

The data subject has the right to lodge a complaint to the controlling authority in their state of residence.

Refusal to provide data

Natural person customers cannot refuse to give personal data required to comply with the rules of law that control commercial transactions and tax system to the Controller. The provision of their further personal data may be necessary to improve quality and efficiency of the transaction. Therefore, the refusal to provide the data required by law will impede the fulfilment of orders; while the failure to provide further data may compromise in whole or in part the fulfilment of other requests and the quality and efficiency of the transaction itself.
People that work in name or on behalf of legal person customers can refuse to give their personal data to the Controller. The provision of personal data is however necessary for the precise and efficient management of the contractual relationship. Therefore, a possible refusal to provide data may compromise the contractual relationship itself, in whole or in part.

Automated decision-making

The Controller does not carry out processing that consist in automated decision-making on the data of natural person customers, or the natural persons which work in name or on behalf of legal person customers.