Privacy & Cookie Policy

Last updated: [June 2024]

The Gilded Knot ("we," "us," "our") designs and manages luxury destination weddings in Italy for couples around the world. We take the privacy of the people who entrust us with their plans seriously. This page explains what personal information we collect, why we collect it, how we use and protect it, and the rights you have over it — wherever in the world you live.

This policy covers both how we handle your personal data and our use of cookies and similar technologies, in one place.

1. Who is responsible for your data

The Gilded Knot is a brand operated by Sarah Pozzi, an event planner established in Italy.

Data Controller: Sarah Pozzi (The Gilded Knot)
VAT / P.IVA: IT03896720129
Registered address: Via Roberto Culin 5, 21052 Busto Arsizio (VA), Italy
Contact email: info@thegildedknot.co

Sarah Pozzi is the "data controller" — the person who decides why and how your personal data is processed. If you have any question about this policy or about how we handle your information, write to us at the email above and we will respond.

2. The information we collect

2.1 Information you give us through our inquiry form

When you complete the inquiry form on our website, we ask you to provide:

First and last name
Email address
Phone number (and, if you choose, your WhatsApp number)
Country of residence
Your wedding date (or intended timeframe)
Your preferred destination in Italy
Approximate number of guests
Your indicative budget
How you heard about us
A description of your vision for the celebration

You provide this information voluntarily when you reach out to us. We only ask for what we genuinely need to understand your project and respond meaningfully.

2.2 Information collected automatically

When you visit our website we use Vercel Analytics, a privacy-friendly analytics tool that does not use cookies and does not track you across other websites. It collects aggregated, anonymised information such as which pages are viewed and the general country a visit comes from. This information cannot be used to identify you personally.

We do not use Google Analytics, advertising pixels, profiling cookies, or any cross-site tracking technology.

3. Why we use your information, and our legal basis

Under the EU General Data Protection Regulation (GDPR) — the standard we apply to everyone, worldwide — we must have a valid legal basis for every use of your data. Here is exactly how we use it:

What we do	Why	Legal basis (GDPR Art. 6)
Respond to your inquiry and discuss your wedding	To answer the request you sent us	Steps taken at your request before entering a contract (Art. 6(1)(b))
Prepare proposals and plan and manage your wedding, if you become a client	To deliver the service you engaged us for	Performance of a contract (Art. 6(1)(b))
Contact you by email, phone, or WhatsApp (if you provided a WhatsApp number)	To communicate with you about your project	Your request / legitimate interest in responding through the channel you chose (Art. 6(1)(b) / 6(1)(f))
Keep records for tax and accounting purposes, if you become a client	To comply with Italian law	Legal obligation (Art. 6(1)(c))
Understand, in aggregate, how our website is used	To improve our website	Legitimate interest (Art. 6(1)(f))

We will never use the information you share for automated decision-making or profiling.

We do not sell your personal information, and we never share it for anyone else's marketing. We share it only with the trusted service providers that make our work possible, and only to the extent necessary. These providers act as our "data processors" — they handle data on our behalf, under contract, and only for the purposes we set.

Here is exactly who they are, what they handle, and where:

Supabase — database

What it does for us: securely stores the details you submit through the inquiry form.
Personal data involved: all the inquiry form fields (name, email, phone/WhatsApp, country, wedding date, destination, guests, budget, how you found us, your message).
Where data is processed: European Union.
Provider: Supabase, Inc. — see supabase.com/privacy

Resend — transactional email

What it does for us: delivers and receives the emails connected to your inquiry and our correspondence with you.
Personal data involved: your name, email address, and the content of the messages exchanged.
Where data is processed: Ireland (European Union).
Provider: Resend — see resend.com/legal/privacy-policy

Vercel — hosting & cookieless analytics

What it does for us: hosts our website and provides privacy-friendly, cookieless analytics.
Personal data involved: technical connection data (such as IP address, handled transiently for security and delivery) and aggregated, anonymised usage statistics that cannot identify you.
Where data is processed: globally distributed infrastructure; serving visitors from their nearest region.
Provider: Vercel, Inc. — see vercel.com/legal/privacy-policy

Meta / WhatsApp — only if you choose it

What it does for us: lets us communicate with you through WhatsApp, but only if you give us your WhatsApp number and choose that channel.
Personal data involved: your phone number and the content of the messages you exchange with us.
Where data is processed: outside the European Union, including the United States. See Section 5 for what this means and how to avoid it.
Provider: WhatsApp / Meta Platforms — see whatsapp.com/legal/privacy-policy

If you become a client, we may also share necessary details with the specific vendors involved in your wedding (for example a venue, photographer, or florist) strictly to deliver the service you engaged us for. We tell you who is involved and share only what each one needs.

We may also disclose information if required to do so by law, or to establish, exercise, or defend a legal claim.

5. International data transfers

The data you submit through our inquiry form is stored within the European Union (Supabase, EU servers; Resend, Ireland), so it does not leave the EU.

If you choose to communicate with us via WhatsApp by providing your WhatsApp number, please be aware that WhatsApp is operated by Meta, and messages may be processed on servers outside the European Union, including in the United States. This transfer happens only because you choose WhatsApp as a communication channel. If you prefer your data not to leave the EU, simply communicate with us by email or phone instead, and do not provide a WhatsApp number.

If you contact us from outside the European Union, please note that to serve you we will necessarily process your data in Italy, within the EU. EU data protection standards are among the strongest in the world, and we apply them to everyone.

6. How long we keep your information

We keep your personal data only for as long as we need it:

If you contact us but do not become a client: we keep your inquiry for up to 24 months from our last contact, after which it is deleted. We keep it this long because weddings are often planned far in advance, and couples frequently return to us months after a first conversation.
If you become a client: we keep the records related to your wedding for up to 10 years after the service ends, in line with the record-keeping obligations imposed by Italian law (Art. 2220 of the Italian Civil Code).

When a retention period ends, we securely delete or anonymise your data.

7. How we protect your information

We use appropriate technical and organisational measures to keep your data safe, including encrypted connections (HTTPS) across our website, reputable infrastructure providers with their own strong security standards, and access limited strictly to those who need it to serve you. No method of transmission over the internet is ever completely secure, but we take meaningful steps to protect the information you entrust to us.

8. Your rights

We believe everyone deserves the same protection, so we extend the following core rights to every person who contacts us, regardless of where they live:

The right to access the personal data we hold about you
The right to have inaccurate or incomplete data corrected
The right to have your data deleted
The right to object to or restrict how we use your data
The right to withdraw consent at any time, where we rely on it
The right to receive a copy of your data in a portable format

To exercise any of these rights, simply email us at info@thegildedknot.co. We will respond as quickly as we can, and in any case within the timeframes required by the law that applies to you. We will never charge you or treat you differently for exercising your rights.

Beyond these universal rights, specific laws may give you additional protections depending on where you live. The most relevant to the couples we serve are set out below.

In addition to the rights above, you have the right to lodge a complaint with a data protection supervisory authority. In Italy, this is the Garante per la protezione dei dati personali (www.garanteprivacy.it). In the UK, it is the Information Commissioner's Office (ICO, www.ico.org.uk). You may also contact the authority in your own EU country of residence.

8.2 California, USA (CCPA / CPRA)

California residents have specific rights under the California Consumer Privacy Act, as amended. You have the right to:

Know what categories of personal information we collect and the purposes for which we use it;
Access the specific personal information we hold about you;
Correct inaccurate personal information;
Delete the personal information we hold about you;
Not be discriminated against for exercising any of these rights.

Categories of personal information we collect. In the language of the CCPA, the information you provide through our inquiry form falls into these categories: identifiers (such as name, email address, phone number), internet or network activity (anonymised, cookieless usage data via our analytics), and other information you choose to provide (your country, wedding date, destination, guest count, budget, and the description of your vision). We collect this information for the business purpose of responding to your inquiry and planning your wedding, as described in Section 3.

We do not sell or share your personal information as those terms are defined under California law, and we never have. We do not exchange your data for money or other value, and we do not share it for cross-context behavioural advertising. Because we do not sell or share your information, there is nothing to opt out of — but you are always free to contact us to exercise any of the rights above, and we will not treat you differently for doing so.

If you reside in another U.S. state with its own privacy law (such as Colorado, Connecticut, Virginia, Texas, Oregon, Utah, or others that have since taken effect), the same commitments apply to you: we honour your rights of access, correction, and deletion, and we do not sell your data.

8.3 Australia (Privacy Act 1988)

Australian residents may request access to the personal information we hold and ask us to correct it, consistent with the Australian Privacy Principles. If you have a concern about how we handle your data, please contact us first; if it remains unresolved, you may contact the Office of the Australian Information Commissioner (OAIC, www.oaic.gov.au).

8.4 Canada (PIPEDA)

Canadian residents have the right to access and correct their personal information and to know how it is used and disclosed. If you are not satisfied with how we have handled a concern, you may contact the Office of the Privacy Commissioner of Canada (OPC, www.priv.gc.ca).

8.5 Anywhere else in the world

If you live in a country with its own data protection law — such as Brazil (LGPD), the United Arab Emirates (PDPL), South Africa (POPIA), India (DPDP Act), or any other — the universal rights listed at the start of this section apply to you, and we will also honour any additional rights granted to you under your local law. Contact us and tell us where you are based, and we will handle your request accordingly. Where your local law provides for a national data protection authority, you retain the right to complain to it.

9. Cookies and similar technologies

A cookie is a small text file that a website stores on your device. Cookies have many uses: some are essential for a site to function, while others track your behaviour for analytics or advertising. We take a deliberately minimal, privacy-first approach.

9.1 The cookies we use today

At present, our website uses only strictly necessary cookies — the small set required for the site to load correctly, remain secure, and respect your choices. These cookies do not track you, do not build a profile of you, and are not used for advertising. Under EU law, strictly necessary cookies do not require your consent, because the website cannot work without them.

We do not currently use:

Analytics cookies — our analytics provider, Vercel Analytics, is cookieless and measures website usage without storing anything on your device or tracking you across other sites.
Advertising or marketing cookies
Social media tracking pixels
Any cross-site profiling technology

This is why you do not currently see a cookie consent banner on our site: we are not setting any cookie that legally requires your consent.

9.2 Cookies we use by category

We currently use the following categories of cookies:

Strictly necessary — These cookies are required for the website to function and cannot be switched off. They are set in response to your actions such as logging in, filling in a form, or setting your privacy preferences. You can set your browser to block or alert you about these cookies, but some parts of the site may not work correctly.

Analytics — These cookies allow us to count visits and understand how visitors move around our website. All information collected is aggregated and anonymous. If you do not allow analytics cookies, we will not know when you have visited our site and will not be able to monitor its performance.

Marketing — These cookies may be set through our site by partners to build a profile of your interests and show you relevant content on other sites. If you do not allow these cookies, you will experience less targeted content.

You can change or withdraw your consent at any time by clicking the Cookie preferences link in the footer of our website.

9.3 How to manage your preferences

When you first visit our website, a cookie preference panel will appear. You can choose to accept all cookies, reject all non-essential cookies, or set your preferences by category.

You can change your choice at any time by clicking Cookie preferences in the footer. Your preferences are saved for 12 months, after which we will ask again.

9.4 Managing cookies in your browser

You can control or delete cookies through your browser settings at any time. Blocking strictly necessary cookies may prevent parts of the site from working correctly. Instructions for managing cookies are available in the help section of every major browser.

10. Children's privacy

Our services are intended for adults planning a wedding. We do not knowingly collect personal data from anyone under the age of 16. If you believe a minor has provided us with personal information, contact us and we will delete it.

11. Changes to this policy

As The Gilded Knot grows, we may add new features and services. When we do, we will update this policy to reflect them and revise the "last updated" date at the top of this page. Significant changes will be communicated clearly. We encourage you to review this page from time to time.

12. How to contact us

For any question about this policy or your personal data:

The Gilded Knot — Sarah Pozzi Via Roberto Culin 5, 21052 Busto Arsizio (VA), Italy info@thegildedknot.co