CharityStars
Watchlist
0
no reserve Sports Art Football Match Worn Music Collectibles Experiences

Privacy Policy

 Last updated: 11 March 2026

Information notice pursuant to Article 13 of EU Regulation 2016/679 (GDPR)

In compliance with Italian law (Legislative Decree 196/2003, as amended), European law (EU Regulation 2016/679 – GDPR), and UK law (UK GDPR and Data Protection Act 2018), CharityStars S.r.l. protects the privacy of users of the platform www.charitystars.com, making every possible and proportionate effort to safeguard their rights.

1. Purpose of Data Processing

We process personal data to operate our platform www.charitystars.com, facilitate auctions and experiences, support charitable initiatives, and fulfil purchased items.
Data is also processed to comply with tax, accounting, and other legal obligations in force.

Personal data are visible to users within their personal profiles and may be processed by electronic means (including portable devices), using methods strictly necessary to achieve the purposes described above.

2. Legal Basis for Processing

CharityStars S.r.l. lawfully processes your personal data where:

  • you have provided your consent;
  • processing is necessary for the completion of the charitable initiative, such as the shipment of a purchased or awarded item, or the fulfilment of an experience;
  • processing is necessary to comply with a legal obligation binding on CharityStars S.r.l. or for reasons of public safety.

Marketing Communications Legal Basis

Marketing emails and newsletters are sent on the basis of your consent or, where legally permitted, under the “soft opt-in” exemption for existing customers. You may withdraw consent or unsubscribe at any time via your account settings or the unsubscribe link in each email.

Failure to provide and/or communicate personal data prevents the completion of the charitable initiative and therefore the receipt of the purchased or awarded item and/or participation in an experience.

For LIVE auctions, CharityStars’ legal basis for processing is the necessity of performing the task as a Data Processor on behalf of the Host Organisation (acting as Data Controller) in accordance with the DPA. 

3. Data Retention

Your personal data, as a registered user, will be retained for as long as your account remains active and, thereafter, for the period in which CharityStars S.r.l. is subject to legal data retention obligations for tax or other purposes, as provided by applicable law or regulations.

4. Data Communication

Your personal data may be disclosed to the following categories of recipients:

  1. tax, accounting, and IT consultants providing services related to the purposes described above;
  2. entities processing data in compliance with specific legal obligations;
  3. judicial or administrative authorities, to fulfil legal obligations.

In the event of purchasing or winning goods, you will need to provide the courier—also through your user profile on **www.charitystars.com**—with the data necessary for shipment.
For the purposes of this privacy notice, couriers are considered independent data controllers for shipping data.

Similarly, if you purchase or win an experience, the organizing entity may request additional information (such as a copy of your ID) to verify your identity and ensure safety and public order. In such cases, the organizing entity acts as an independent data controller.

For LIVE auctions, CharityStars acts as a Data Processor on behalf of the Host organisation (the Data Controller), processing data only according to the DPA and instructions provided by the Host Organisation. 

5. Profiling and Analytics

Our objective is to promote and facilitate charitable actions. To this end, we may inform you of charitable opportunities aligned with your interests, including through newsletters. You may select your communication preferences within your personal profile.

Cookie Consent and Management

We use a cookie consent banner that allows you to accept or reject optional cookies (including analytics and marketing cookies) before they are activated. You can change your cookie preferences at any time via our Cookie Settings page.

For detailed information on the cookies we use and how they operate, please refer to our Cookie Policy.

Google Analytics Advertising Features
This website uses additional features of Google Analytics (Google Analytics Advertising Features), including:

  • Google Display Network Impression Reporting;
  • Google Analytics Demographics and Interest Reporting;
  • Integrated services requiring Google Analytics to collect data for advertising purposes, including data collection through advertising cookies and similar identifiers.

CharityStars S.r.l. uses first-party cookies (e.g., Google Analytics cookies) and Google Advertising cookies to optimize the website.
Users can prevent data collection in the following ways:
a) by configuring their browser settings to block cookies;
b) by adjusting Google Ads preferences at https://www.google.com/ads/preferences/?hl=en.

Users who disable cookies may not be able to use the full functionality of the website.

Hotjar
This website also uses Hotjar to better understand user needs and optimize the browsing experience. Hotjar is a technological service that helps CharityStars analyze user behavior (e.g., time spent on pages, clicked links, liked or disliked elements), enabling continuous improvement of the service based on user feedback.

Hotjar uses cookies and other technologies to collect data on user behavior and device characteristics, including:

  • IP address of the device (processed during the session and stored in anonymized form);
  • device screen size and type;
  • browser information;
  • geographic location (country only);
  • preferred language.

Hotjar stores this information on behalf of CharityStars in a pseudonymized profile.
Hotjar is strictly prohibited from selling any data collected on behalf of CharityStars.

6. Data Controller

The Data Controller is:

CharityStars S.r.l.
Via Morimondo 7, 20143 Milan (MI), Italy
Email: [email protected]
Certified Email (PEC): [email protected]

7. Joint Data Controllers

Joint Controllers with CharityStars S.r.l. are:

Vip4Aid Ltd t/a CharityStars
3 Crewe Road, Sandbach, Cheshire, United Kingdom, CW11 4NE
Email: [email protected]

Where personal data is transferred outside the EU/EEA or UK, such transfers are conducted in compliance with GDPR/UK GDPR, using Standard Contractual Clauses or other lawful transfer mechanisms.

LIVE Auctions – Data Controller and Sharing

For auctions explicitly marked as LIVE on our platform, the charity or organisation hosting the event (the "Host Organisation") assumes the role of Data Controller for the personal data collected in relation to that specific auction (the "Auction Data"). CharityStars acts solely as a Data Processor on the Host Organisation's behalf, processing Auction Data strictly in accordance with a signed Data Processing Agreement (DPA) and the Host Organisation's instructions.

Data Shared: In its capacity as Data Processor, CharityStars is authorized to share the Auction Data with the Host Organisation, which includes, but is not limited to, bidder contact information and bid history, only for the purposes of:

  • Administering the auction.
  • Issuing receipts.
  • Supporting the Host Organisation's stated objectives.

The Host Organisation, as the Data Controller, is responsible for determining the specific legal basis for its own processing and is solely accountable for how it further uses and protects the Auction Data in compliance with its separate privacy obligations.

For all other auctions not marked LIVE, CharityStars remains the Data Controller.

8. Data Subject Rights

Pursuant to the GDPR, you have the following rights with respect to your personal data:

  1. Right of Access, Rectification, Erasure, and Restriction – You may access, correct, update, supplement, or delete your personal data at any time via the platform www.charitystars.com, or request access, rectification of inaccurate data, integration of incomplete data, erasure (under Article 17, paragraph 1 of the GDPR, subject to paragraph 3), or restriction of processing (under Article 18, paragraph 1).
  2. Right to Data Portability – Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, and machine-readable format for transmission to another data controller.
  3. Right to Object – You may object at any time to the processing of your personal data for reasons relating to your particular situation.
  4. Right to Withdraw Consent – You may withdraw consent at any time where processing is based on your consent for one or more specific purposes and concerns common personal data (e.g., date and place of birth, residence) or special categories of data (e.g., racial or ethnic origin, political opinions, religious beliefs, health, or sexual life). Processing carried out before withdrawal remains lawful.
  5. Right to Lodge a Complaint – You may lodge a complaint with the supervisory authority:
    1. For EU residents: the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) – www.garanteprivacy.i
    2. For UK residents: the UK Information Commissioner’s Office (ICO) – https://ico.org.uk
  6. How to Exercise Your Rights – You may exercise your rights under points 1–4 by requesting the appropriate forms via email at [email protected]. A fee may be requested to cover administrative and management costs.


These rights apply under both EU GDPR and UK GDPR to all users depending on their jurisdiction.