Privacy Policy
Last Updated: July 2026
1. Introduction and Scope
Welcome to Caprineli Art (https://caprineli.com). We are committed to protecting the privacy and security of your personal data. This Privacy Policy outlines how we collect, process, share, and protect personal data obtained from users of our website, customers purchasing our unique art and vintage products, and subscribers to our blog.
This website and e-commerce platform are technically managed, maintained, and operated by Gretor LTD (registered in the United Kingdom, email: [email protected]) on behalf of Caprineli Art (based in Greece, EU, email: [email protected]). For the purposes of the General Data Protection Regulation (GDPR) and applicable local data protection laws, Caprineli Art and Gretor LTD act as joint data controllers.
2. The Types of Personal Data We Collect
We may collect, use, store, and transfer different kinds of personal data about you, which we have categorized as follows:
- Identity Data: First name, last name, and username or similar identifier.
- Contact Data: Billing address, delivery address, email address, and telephone numbers.
- Financial Data: We do not store financial data. All payment details are processed directly by our secure payment partners (Stripe and PayPal) and are encrypted via Secure Socket Layer (SSL) technology.
- Transaction Data: Details about payments to and from you and other details of products you have purchased from us.
- Technical Data: Internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Usage Data: Information about how you use our website, products, and services, including page interaction information and search history within the blog.
- Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.
3. How We Collect Your Personal Data
We use different methods to collect data from and about you, including:
- Direct Interactions: You give us your Identity, Contact, and Financial Data by filling in forms on our site, creating an account, or by communicating with us by email or contact forms.
- Automated Technologies: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.
- Third Parties: We may receive Technical Data from analytics providers (such as Google Analytics) and payment processing platforms.
4. Legal Bases for Processing Your Data
Under the GDPR, we only process your personal data when we have a valid legal basis to do so. Specifically:
- Performance of a Contract: Processing is necessary to fulfill your order, arrange delivery, and manage payments.
- Legitimate Interests: Processing is necessary for our legitimate business interests, including keeping our website secure, preventing fraud, managing customer relations, and optimizing our blog content.
- Compliance with Legal Obligations: Processing is necessary for compliance with tax, accounting, and legal reporting requirements.
- Consent: Where you have given explicit consent, such as subscribing to our newsletter. You have the right to withdraw consent at any time.
5. How We Share Your Personal Data
We do not sell, trade, or rent your personal data to third parties. We only share your information with trusted service providers who perform essential business operations on our behalf:
- Shipping and Logistics: Courier services and the Hellenic Post (ELTA) to deliver your physical goods.
- Payment Gateways: Stripe and PayPal to securely authorize and process your payments.
- IT and Hosting Providers: Companies providing secure server infrastructure, database storage, and website maintenance services.
- Professional Advisers: Accountants, legal consultants, and auditors who assist us with tax and regulatory compliance.
- Law Enforcement: If required to do so by law or in response to valid requests by public authorities.
6. International Transfers of Data
Because Gretor LTD is registered in the United Kingdom and some of our secure cloud hosting servers or service providers may be located outside the European Economic Area (EEA), your personal data may be transferred to, and processed in, countries outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring that appropriate safeguards are implemented, such as using specific Standard Contractual Clauses (SCCs) approved by the European Commission, or relying on adequacy decisions (such as the UK adequacy decision).
7. Data Security
We have put in place appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. All communication between your browser and our website is encrypted using SSL (Secure Sockets Layer) technology.
In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
8. Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.
For tax and accounting purposes, European law requires us to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for up to 10 years after they cease being customers.
9. Cookies and Tracking Technologies
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our blog and e-shop and also allows us to improve our platform. We categorize our cookies as follows:
- Strictly Necessary Cookies: These are required for the operation of our website, including managing your shopping cart, user sessions, and security protocols.
- Analytical/Performance Cookies: These allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it.
- Functionality Cookies: These are used to recognize you when you return to our website, enabling us to personalize our content for you.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
10. Your Legal Rights
Under European data protection laws (GDPR), you have the following rights in relation to your personal data:
- Request Access: Commonly known as a “data subject access request”. This enables you to receive a copy of the personal data we hold about you.
- Request Correction: This enables you to have any incomplete or inaccurate data we hold about you corrected.
- Request Erasure: Also known as the “right to be forgotten”. This enables you to ask us to delete personal data where there is no good reason for us continuing to process it.
- Object to Processing: You can object where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing.
- Request Restriction: This enables you to ask us to suspend the processing of your personal data in certain scenarios.
- Request Transfer: We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
- Withdraw Consent: You can withdraw consent at any time where we are relying on consent to process your personal data.
If you wish to exercise any of these rights, please contact us at [email protected].
You also have the right to make a complaint at any time to your local supervisory authority for data protection issues (for Greece, the Hellenic Data Protection Authority – HDPA, www.dpa.gr / for the UK, the Information Commissioner’s Office – ICO, www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us first.
11. Contact Details
If you have any questions about this Privacy Policy or our privacy practices, please contact us:
- Email for Privacy and Data Requests: [email protected]
- Email for Platform Management Inquiries: [email protected]