Last updated: 01 March 2026
This Privacy Policy explains how Rosella Novelli (“we”, “us”, “our”) collects and processes personal data when you visit https://rosellanovelli.com (the “Website”), in accordance with the EU General Data Protection Regulation (GDPR) and applicable French law.
1) Data Controller
Controller: Rosella Novelli
Address: Périgord Vert, France
Email: info@rosellanovelli.com
Phone: +33 (0)7 80 03 35 23
2) What personal data we collect
Depending on how you use the Website, we may collect:
- Contact details: name, email address, phone number (if you provide it).
- Message content: information you submit via contact forms, email, or inquiries (e.g., bespoke requests, exhibition inquiries).
- Transaction-related data (if e-commerce is enabled): shipping/billing details, order information, payment confirmation (note: we do not store full card details if handled by a payment provider).
- Newsletter data (if enabled): email address and subscription preferences.
- Technical and usage data: IP address, device and browser information, pages visited, approximate location derived from IP, cookies/identifiers (see Cookie Policy).
We do not intentionally collect special categories of data (e.g., health, biometric data). Please do not include such data in messages.
3) Purposes and legal bases (GDPR Art. 6)
| Purpose | Data used | Legal basis | Typical retention |
|---|---|---|---|
| Respond to inquiries / manage communications | Contact details, message content | Legitimate interests or steps prior to a contract | Up to [24 months] after last contact |
| Provide bespoke services / manage customer relationship | Contact details, order/project details | Contract / steps prior to contract | Duration of relationship + [X years] for legal obligations |
| Manage orders, delivery, invoicing (if applicable) | Identity, contact, billing/shipping, order details | Contract + Legal obligation (accounting/tax) | As required by law (typically [6–10 years]) |
| Newsletter (if enabled) | Email, preferences | Consent | Until you unsubscribe |
| Website security and abuse prevention | Technical data, logs | Legitimate interests | Usually [6–12 months] |
| Analytics and performance (if enabled) | Usage data, cookie IDs | Consent (where required) or Legitimate interests (for strictly necessary metrics) | [14 months] or per tool settings |
| Comply with legal requests | Relevant data | Legal obligation | As required |
4) How we collect data
- Directly from you (forms, email, phone).
- Automatically through your device (server logs, cookies, similar technologies).
5) Cookies and similar technologies
We use cookies and similar tools to operate the Website and, where applicable, to measure performance and marketing effectiveness. For details, see our Cookie Policy and cookie preferences tool/banner (if enabled).
6) Who we share data with
We may share personal data only when necessary with:
- Hosting and infrastructure providers (website hosting, email hosting).
- Website/IT service providers (maintenance, security).
- Analytics providers (if enabled).
- Payment and delivery providers (if e-commerce is enabled).
- Professional advisers (accountants, legal) where necessary.
- Public authorities when legally required.
All service providers process data under contractual safeguards.
7) International transfers
Some providers may be located outside the European Economic Area (EEA). If personal data is transferred outside the EEA, we rely on appropriate safeguards such as:
- an adequacy decision (where applicable), and/or
- Standard Contractual Clauses (SCCs) plus additional measures where needed.
You may request information about applicable safeguards via the contact details in Section 1.
8) Data retention
We keep personal data only as long as needed for the purposes described in Section 3, then delete or anonymize it, unless we must retain it longer to meet legal obligations, resolve disputes, or enforce agreements.
9) Security
We implement reasonable technical and organizational measures to protect personal data (e.g., access controls, secure hosting, backups). No system is 100% secure; please use caution when submitting information online.
10) Your GDPR rights
Subject to conditions and exceptions under GDPR, you may have the right to:
- access your data,
- rectify inaccurate data,
- request erasure,
- restrict processing,
- object to processing (including direct marketing),
- data portability (where applicable),
- withdraw consent at any time (for consent-based processing).
To exercise your rights, contact us using the details in Section 1. We may ask for information to verify your identity.
11) Complaints
If you believe your data protection rights have been infringed, you may lodge a complaint with your local supervisory authority. In France, this is the CNIL (Commission Nationale de l’Informatique et des Libertés).
12) Children
The Website is not directed to children, and we do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us and we will take appropriate steps.
13) Third-party links
The Website may contain links to third-party sites (e.g., social platforms, exhibition pages). We are not responsible for their privacy practices. Please review their privacy policies.
14) Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date indicates when changes were made. Material changes will be posted on the Website.