Privacy Policy
Effective date · 22 May 2026 · Version 1.0
This Privacy Policy describes how Donati Atelier Co., Ltd. ("Donati", "we", "us") collects, uses and protects personal data when you visit donati.com or otherwise interact with us. We act as the data controller within the meaning of the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"). For users outside the EU/UK, equivalent local protections apply where mandatory.
1. Who we are
Donati Atelier is an Italian high-jewellery atelier based in Bangkok, Thailand, serving maisons, retailers and private clients worldwide.
- Email: care@donatigioielli.net
- Telephone: +66 98 961 0610
- Postal: Donati Atelier, Sukhumvit, Bangkok, Thailand
For privacy-related requests, please contact us at the email above with the subject line "Privacy".
2. What data we collect
2.1 Data you provide directly
- Contact data. name, role, company, country, email, phone, when you write to us, fill the Trade Login request, or open a brief through the chatbot.
- Brief data. information about your project (volumes, timelines, design references, gemstones) shared with our Technical Direction.
- Correspondence. the content of messages exchanged with us by email, WhatsApp, LinkedIn or other channels.
2.2 Data collected automatically
- Technical data. IP address, browser type, language, device, referring URL, pages visited and timestamps, collected by our hosting provider for security and operational logs.
- Session data. the chatbot stores draft replies in your browser's sessionStorage so you don't lose progress; this data does not leave your device until you choose to send a message.
3. Why we use your data (purposes and legal basis)
| Purpose | Legal basis (GDPR Art. 6) | Retention |
|---|---|---|
| Reply to your enquiry and prepare a commercial brief | Pre-contractual measures at your request (Art. 6(1)(b)) | 3 years from last contact |
| Execute and manage a commission | Performance of contract (Art. 6(1)(b)) | 10 years (accounting and warranty) |
| Comply with tax, accounting and anti-money-laundering obligations | Legal obligation (Art. 6(1)(c)) | As required by applicable law |
| Site security, fraud prevention, abuse logs | Legitimate interest (Art. 6(1)(f)) | 12 months |
| Direct communications about projects you opened | Legitimate interest / consent (Art. 6(1)(a) or (f)) | Until you object |
4. Who can access your data
Access is limited to Donati staff who need it to handle your request. We may share data with:
- Hosting and CDN providers (e.g. Vercel, Netlify or Cloudflare). to operate the website. Data processed in EU/US under appropriate transfer safeguards.
- Email and communication providers. to deliver replies and brief documents.
- Professional advisors. accountants, auditors, lawyers, under confidentiality.
- Public authorities. only where legally required.
We do not sell or rent your personal data. We do not use it for automated decision-making with legal effects.
5. International transfers
Donati is headquartered in Thailand and operates with clients worldwide. When your data leaves the EEA, we rely on the European Commission's Standard Contractual Clauses or other lawful transfer mechanisms, and we apply technical and organisational measures consistent with EU standards.
6. Your rights
You have the right to: access your data, rectify inaccuracies, request erasure, restrict or object to processing, request portability, and withdraw consent at any time without affecting prior lawful processing. To exercise any right, write to care@donatigioielli.net. We respond within 30 days.
You also have the right to lodge a complaint with your local data-protection authority. For Italy, this is the Garante per la protezione dei dati personali (garanteprivacy.it).
7. Security
We use HTTPS in transit, restricted access in storage, and confidentiality agreements with all staff and partners. Despite best efforts, no transmission is fully secure; we encourage you not to send highly sensitive data (e.g. financial credentials, passport numbers) by email.
8. Children
Our services are directed to adults. We do not knowingly collect data from minors under 16. If you believe a minor has provided data, please contact us so we can remove it.
9. Changes
We may update this Policy to reflect changes in law or operations. The current version is identified by the "Effective date" above. Material changes will be highlighted on the homepage.
10. Cookies
For information on cookies and similar technologies, see our Cookie Policy.
← Back to home