Privacy Policy

Privacy Policy

Boutique del Gioello srl (“BDG”) processes personal data from Users who visit and use our Online Marketplace. This Privacy Policy describes exactly what personal data we process, how and why we process it, and what your rights are under the General Data Protection Regulation (“GDPR”).

If you want to know more about how we collect personal data using cookies or similar technologies, please read our Cookie Policy. We’ve defined the capitalised terms we use in this policy in our General Terms of Use.

1. The information we collect and process
When you use our Online Marketplace, we’ll collect from you the following information:

Creating an Account. 

When you create an Account with us, we’ll ask you to provide us with your email address and to choose a secure password. You can also use a social media account, like your Facebook account, to create an Account. If you create an Account using social media, we’ll receive some basic information from your social media account, which we use to create your Account. This includes the email address associated with your social media account. We might also receive information about your status updates or content you’ve viewed or clicked on while using that social media account. You can always check and change the privacy settings of the relevant social media platform, and this will update what data we have access to. 

Creating your BDG profile. 

After you’ve created your Account, we’ll ask for some extra information before you can use all the features of our Online Marketplace. This includes your full name, email address, telephone number, date of birth and address. We might also ask for your bank account number and, if applicable, the VAT number and Chamber of Commerce number of your company (for instance if you’d like to become a Seller). We need this information to ensure you are at least 18 years of age, to contact you, to make sure that the Produtct(s) you bought in an Online Auction can be shipped to you or picked up at your address and to make sure you can make or receive payments or refunds.

Providing you customer support. 

When you contact our Customer Experience team or when they contact you, we collect information about the reason for this contact. We’ll also collect the information you provide to us over the phone or via email. This includes for instance any communication we have with other Users about you or the Produtct(s) you’ve offered or bought. If you contact our Customer Experience team via phone, your call may be recorded for quality and training purposes if we’ve received your consent thereto. Finally, we can also collect information if you reach out to us through your social media account, for example via Facebook Messenger. But keep in mind, we don’t use this chat as our official channel for handling questions or complaints. Nonetheless, we try to respond to your messages in time and to provide you with further information or assistance if necessary. The privacy policy of the relevant social media provider is applicable when you use their services. 

Verifying your identity. 

If you’re looking to sell on BDG, we might ask for a scan or photo of your valid proof of identification (government-issued photo ID). We or our third-party payment providers may have to verify your identity to comply with financial regulations. That’s why we ask for proof of identification, which clearly shows at least your full name, date of birth and ID (document) number. For the Netherlands, please make sure your citizen service number (BSN) is redacted. 

Your transactional information.

When you purchase or sell something on BDG, we’ll keep records of transaction and payment data, such as the Produtct(s) that you’ve purchased or sold on our Online Marketplace, invoices, price and date of payment, the payment method, payment status, bank account- or credit card details. We securely store such information for payment and billing purposes and for our internal administration. This may be more detailed than the concise overview you see in your Account.

Your feedback.

We might ask you to provide us with feedback through an email or online survey. In these cases, we’ll only process personal data (such as your email address or User ID) for our internal analytics, which help to enhance our Services. We may also process the opinions, experiences, preferences and interests and reviews that you provide to us or share with us online or through social media.

Your communications with other Users

We also process your information when you communicate with other Users in light of an Online Auction, through the internal messaging system offered on our Online Marketplace.

Your cookie data

Subject to your prior consent (to the extent required), when you visit BDG we collect electronic identification data from your browser or device by making use of cookies (small text files your computer sends each time you visit our Online Marketplace) and similar technologies on our (mobile) website and app. For example, we may collect access times, hardware and software information, information about the device you used, your IP address, MAC address, mobile device identifier (IDFA or GAID), cookie ID, browsing behavior on our Online Marketplace and which Produtct(s) you like. Please see our Cookie Policy to find out more.

2. Why we use this information 
For the performance of our agreement with you:
To fulfil our contractual obligations towards you, while also making sure you can enjoy all the exciting features of our Online Marketplace, we use your personal data as described above to:
Provide you with our Services and information you request. Give you access to use all the features of our Online Marketplace, including by means of creating your Account and BDG profile, to facilitate Online Auctions, to facilitate communication between Users and to facilitate the payment and shipment of Produtcts. Support you if you have any questions, complaints or encounter issues with your Account or transactions. Send you status updates, invoices and/or payment reminders by email, SMS, Whatsapp, any other direct messaging platform, or push notifications. Send you service-related emails related to your Account, transactions or security. Examples of such service-related emails include email address confirmations, welcome emails when you’ve registered your Account and emails relating to your Produtct status, transactions or messages from other Users. 
For our legitimate business interests:
In light of our, or a third party’s, legitimate interests, we may use your personal data as described above to:
Contact you via email, telephone, regular mail or otherwise for marketing or other commercial purposes, if you have not opted out of receiving such communications. If you have not given consent, we will only send you commercial communications via email to service you as an existing customer. If this is the case, we may send you newsletters, surveys, inform you about additional BDG services, events, offers, promotions  and/or benefits.  At any time, you may opt out of such commercial communications by sending an email to or by following the instructions in any communication you receive from us.
Improve our Services and better understand you as a User both on an aggregate and an individual basis. We analyse your use of our Services and use this information to better understand you (for example, what pages you visit, which Produtcts you are interested in), to optimize navigation on our Online Marketplace and to give you a better user experience. We also use your personal data as described above to allow us to provide, personalise, measure, and improve our advertising and marketing. For example, to send you personalized marketing communications, show you suggestions (such as interesting Produtcts) and targeted adverts (on other websites) based on how you interact with our Online Marketplace. We may also use the personal data as described above to send you a gift, for example at the end of year.
Make sure BDG is a secure, trusted platform for both Buyers and Sellers. We might have to process your personal data to prevent, trace, and counter fraud or any other unlawful or non-compliant use of our Online Marketplace. For example, our Fraud team uses this data to look into Users who don’t comply with our General Terms of Use and our systems can match various data points to (temporarily or permanently) block these Users from using our Online Marketplace. We may also need to process your personal data for system integrity purposes (for example, to prevent hacking or credential stuffing attacks), to register, mediate, and resolve possible disputes or irregularities or to enforce our General Terms of Use and other policies. For example, if a contract has been entered into between you and another User and there’s an issue or dispute, we might provide certain information to help you resolve the issue directly with that User. We also use prediction models to determine whether we need to ask certain Users for a form of payment security or obstruct their Bid or payment. For example, we use your bidding, buying, or selling history and location to predict the chances of the Contract of Sale being cancelled. Based on the outcome of this model, we may ask you to verify your credit card before placing a Bid as a safety measure. When making use of our internal messaging system to communicate with other Users through our Online Marketplace, we may review, scan, or analyse your messages for fraud prevention, risk assessment, investigation, or support purposes.
Facilitate our business operations, to generate aggregate statistics, to perform market analysis, to operate company policies and procedures,  to respond to any claims against us and, to protect the rights, property, or personal safety of BDG, our Users, or the public, to enable us to make corporate transactions, such as any merger, sale, reorganization, acquisition, bankruptcy or similar event and for other legitimate business purposes permitted by applicable law.
Subject to your prior consent
Provided that we’ve received your prior explicit consent, we may use your personal data as described above to:
Send you personalised direct marketing communications via email, SMS, other electronic means or otherwise. For example, to send you personalised recommendations, newsletters, tips and promotions or to send you updates with respect to followed auctions, favorited Produtcts, auction categories or auction alerts. You can withdraw your consent at any time using the unsubscribe link in these communications or by adjusting the Emails and Notifications settings in your Account.
Record your communication with our Customer Experience team via telephone for internal quality and training purposes. 
Please note that you can withdraw your consent at any time (see the section 3. Your choices about our use of your personal data or section 7. Your rights below).
To comply with legal obligations
Your personal data may also be used to maintain appropriate business records, to comply with lawful requests by public authorities or court orders or to comply with applicable laws and regulations (such as to verify your identity as a Seller in light of AML requirements) or as otherwise required by law.

3. Your choices about our use of your personal data
Internal Messaging System
After the Online Auction, you have the option to contact the Seller of a Produtct using our internal messaging system. The availability of the internal messaging system may be subject to certain conditions. If you use the internal messaging system, you’ll get an email every time you get a response. If you want to stop getting these emails, you can opt out via the Emails and Notifications settings in your Account. If you’re a Seller, you can opt out of receiving these messages from potential Buyers by adjusting your Account settings.
Marketing emails
If you no longer wish to receive our marketing emails, you can unsubscribe using the link in one of these marketing emails. Alternatively, you can unsubscribe by adjusting the Emails and Notifications settings in your Account. If for any reason you can’t adjust these settings yourself, you can contact our Customer Experience Team  who will be happy to help. 
Push notifications
If you use our app, push notifications are a great way for you to quickly find out about interesting auctions or messages from our experts. You have the option to opt in and opt out of push notifications in our app. 
Personalised adverts
We want to make sure you’re always seeing content that interests you, which is why we may personalise our adverts to your interests. If you don’t want to see personalised banners or other adverts on third-party websites, you can turn off your marketing cookies and clear your browser history. Read our Cookie Policy to find out how to do this. Keep in mind, you will still see adverts from us, but these adverts will no longer be tailored to your interests. 

4. Cookies and personalisation
We use cookies and similar technologies to understand how you use our Online Marketplace and to give you a better BDG experience. For instance, they help us to recognize your device(s), store your language preferences, and keep you signed in so you don’t need to keep signing in every time you use BDG. 
We may also use the collected information to personalise your experience on our Online Marketplace and to provide you targeted advertisements on other websites. To optimise our Services and marketing, we may use ‘cross-device tracking’ from third-party service providers. We use cross-device tracking to track your behaviour across different devices that are linked using a unique User ID. This User ID is assigned to you during registration. By tracking your behaviour, we can provide personalised content for you across your devices. For instance, we may show you personalised content on your computer based on your behaviour on our mobile application. Please see our Cookie Policy to find out more about how and why we use cookies or to withdraw your consent at any time.

5. Sharing information with third parties
We might need to share information with other Users
If you buy or sell Produtcts, we might need to share some of your information with other Users for you to complete the transaction. This can include your name, address, email address, and phone number. For example, if you buy a Produtct from another User and they need to ship the Produtct to you, we will share your address and contact information (including phone number and email address) with them so they can arrange shipping. If there’s an issue between you and another User, we might also provide this information to help you resolve the issue directly with that User. Please note, if you change your contact details during an auction, during a dispute, or shortly after a dispute, we can provide the ‘old’ contact details to the other User if we have reason to believe this is necessary for the other User to obtain their rights under the Contract of Sale.
With your consent
We may also provide your personal data to other Users if you have given us permission to do so. For example, if another User wants to refund you directly, we will ask for your permission to share your financial information with that User. In some cases, we might need to share your information with other Users before you enter into a Contract of Sale. For example, if a User needs to view a Produtct on site before entering into the Contract of Sale we may share this information so that a viewing can be arranged. 
For services from third-party service providers
We may also use the services of third-party service providers. As part of their services, they might need to process your personal data. For example, service providers might provide us with payment, advertising, customer, or sales support services. Or they might support us in sending emails, analysing feedback, or securing our Online Marketplace against fraud. Consistent with applicable legal requirements, these service providers have a duty to maintain confidentiality, may only use the specific data necessary for providing services to us, and may only use this data in accordance with our instruction. 
For example, to ensure safe payment, we use third-party payment service providers to securely process payments made to us and to other Users. For these purposes, we may share information, including your name, bank account number, date of birth and, if applicable, Chamber of Commerce and VAT identification number, via an encrypted connection. In performing its services payment service providers generally act as a data processor on behalf of BDG. However, payment service providers also have their own regulatory obligations. With respect to the latter, the privacy policy of the applicable payment service provider applies. 
When we are (legally) obliged to or need to enforce our General Terms of Use
We may also disclose your personal data to third parties:
- If we are obliged to do so, for instance if there’s a dispute or if your User material is manifestly unlawful.
- To comply with statutory obligations, such as court orders.
- To cooperate with authorities, such as the police or tax authorities, whether this is legally required from us or whether it’s in our legitimate interest to cooperate.
- To make sure our General Terms of Use are upheld. 
In light of a corporate transaction
In addition, your personal data may be disclosed as part of any merger, (partial) sale or (partial) transfer of our assets. We’ll always make sure to timely inform you should a corporate transaction involving your personal data occur. 

6. International transfers of personal data
Please note that in certain cases, third parties we share your personal data with (as set out above) might be based outside the European Economic Area or might use servers that are outside the European Economic Area. The laws of these countries may not provide the same level of protection to your personal data. That’s why we make sure your personal data is protected in accordance with applicable law. This means that we entered into legally necessary contracts with recipients of your personal data, including standard contractual clauses as approved by the European Commission where required and ensuring the appropriate technical and organisational information security measures are in place.

7. How we secure your personal data and how long we store it for
We take the security of your personal data very seriously. That’s why we take reasonable steps to ensure that your personal data is properly secured using appropriate technical, physical, and organizational measures, so that they are protected against unauthorised or unlawful use, alteration, unauthorised access or disclosure, accidental or wrongful destruction, and loss. Furthermore, we take steps to limit access to your personal data to those employees who need to have access to it for one of the purposes listed in this Privacy Policy. 
In addition to the security measures on our end, such as encryption of your personal data, we highly recommend you carefully select a strong password and make sure you keep your login details secret.
We retain your information for as long as necessary to fulfil the purposes outlined in this Privacy Policy (for example,  as long as your Account is active or as needed to provide our Services to you), unless a longer retention period is necessary to fulfil our legal obligations or to defend a legal claim. The retention period for your personal data can vary depending on the processing purpose (for example, for payment services or fraud prevention) and our legal obligations. For instance, for the Netherlands, we are legally obligated to retain information about your purchases and sales (for tax purposes) for 10 years.

8. Your rights
Subject to the conditions set forth in the applicable law, you have the following rights concerning your personal data: right of access, right of rectification, right to erasure, right to restrict data processing, right to object against profiling or processing based on our legitimate interests, the right to withdraw consent and your right to data portability. 
If you’d like to exercise any of these rights, you can do by sending an email to Please clarify the nature of your request in the subject line. Furthermore, please note that you can adjust the information associated with your Account using your Account settings. Also, you can delete your Account using the “Delete my Account” button in your Account settings.
If needed, we might ask for additional information to verify your identity, such as a copy of your ID card, before we can start working on your request. In that case, please ensure that you have blacklined all information that is not required to identify you (social security number, photo etc.). 
If you’ve asked us to erase your personal information, please note this is not an absolute right. We will erase your personal data when (i) the data is no longer necessary in relation to the purposes for which they are collected; (ii) you withdraw your consent and there is no other legal ground for processing; (iii) you object to the processing in case of direct marketing purposes, or – in any other case - there is no overriding legitimate ground for processing; (iv) we unlawfully processed your personal data. 
As such:
- We are unable to delete certain information, until you have fulfilled your obligations towards us or another User (for instance, if you still have to deliver a Produtct or if you have to pay your outstanding commission invoice).
- We may retain some of your personal information if required in light of statutory retention periods or if necessary for our legitimate interests, such as for fraud detection and prevention. For example, if you delete your Account and we have good reason to believe you have not acted in accordance with our General Terms of Use, we may retain certain limited information from that Account to prevent you from opening another Account in the future.
- The User Material you’ve uploaded to our Online Marketplace (including artists’ names) will continue to be publicly visible on our Online Marketplace.

9. Privacy violations
If you think we’ve infringed on your privacy rights, please notify us by sending an email to We’ll investigate as soon as possible after receiving your email. You can also lodge a complaint at the relevant national supervisory authority.

10. Changes to our Privacy Policy
We may update this Privacy Policy from time to time. If we do so, we’ll post the updated version on our Online Marketplace. We’ll also let you know via email if an update significantly affects how you use our Online Marketplace. If there is any conflicting information between the English version of our Privacy Policy and any of the translations into other languages, the English version prevails. 

11. Contact
If you have questions about this Privacy Policy, you can contact the BDG Data Protection Officer at any time via You can also reach out to us using the below contact details or by contacting our Customer Experience team (“contact us” button):

Boutique del Gioiello srl
Piazza Santa Maria Beltrade 2
20123 Milano