Privacy and Cookie Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA & COOKIE POLICY PROVIDED PURSUANT TO ART. 13 EU 2016/679

In compliance with the legislation on the protection of personal data, information is provided below on the processing of personal data of users who consult the website of the Galleria Mattia De Luca, accessible electronically at the following address: https://www. mattiadeluca.com/
This information does not concern the processing of personal data carried out by other sites, pages or online services accessible via hypertext links possibly published on the website but referring to resources external to the domain of the Galleria Mattia De Luca, such as for example the processing of personal data carried out by the managers of the Social Media platforms used by the Galleria Mattia De Luca, for which please refer to the information provided in the relevant privacy policies.

Data controller
The data controller is Mattia De Luca S.r.l. (VAT number 14649541001), in the person of the l.r.p.t., with headquarters in Rome, Piazza di Campitelli n. 2, e-mail info@mattiadeluca.com

Treatment methods
The processing is carried out in an automated and/or manual manner by subjects specifically appointed by the data controller, in compliance with current legislation on security measures and the principles set out in art. 5 of EU Reg. 2016/679, as well as the provisions of Legislative Decree 196/2003.

Purpose of the processing
Following consultation of the website, data relating to identified or identifiable natural persons may be processed, attributable to the categories detailed below.
Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. These data, necessary for the use of web services, are also processed for the purpose of checking the correct functioning of the services offered.
Data provided by the user
The optional, explicit and voluntary communication of information to the data controller (e.g. via e-mail, contact form or written comments in the guest book on the occasion of certain events) involves the subsequent acquisition of such information, where necessary to respond to the request or acquire feedback on the activities of the data controller.
Newsletter
The e-mail address entered in the request to receive the newsletter or provided to the data controller in other ways is processed for the purpose of providing the information service in favor of the interested party, relating to the scope of activity of the Mattia De Luca Gallery and to the initiatives carried out by it. At any time, the interested party who no longer wishes to receive the newsletters or receives them by mistake can request to deactivate this service, by expressly requesting the contact addresses of the data controller or by clicking on the appropriate link at the bottom of the newsletter.
Data published by users on social media
The data controller processes the personal data provided by users through the pages of the social media platforms dedicated to the Mattia De Luca Gallery, as part of its activity, exclusively to manage interactions with users.

Legal basis of the processing
Personal data may be processed for the purposes of establishing a relationship with the data controller, at the request of the interested parties, or on the basis of the legitimate interest of the data controller, consisting in the purpose of guaranteeing the correct functioning of the website, of giving following communications received that do not have the purpose of establishing a relationship with the data controller and interactions involving the data controller on social media, as well as exercising a right in court. In specific cases, the data may be processed to comply with legal obligations.

Communication of data by the user
Although optional, failure to provide data may not allow users to correctly access the website, obtain the requested service or receive a response to communications sent, as well as interact with the data controller.

Data retention period
User data will be stored for a period of time not exceeding that necessary to achieve the purposes for which they were collected and processed, in accordance with the provisions of the relevant legal obligations.

Any recipients of the data
Users’ personal data will not be disclosed or communicated, except as strictly necessary to pursue the purpose of the processing (for example: public authorities, for the fulfillment of legal obligations; legal consultants, for the exercise of a right in court). User data may be processed, on behalf of the data controller, by subjects who perform various types of services, such as, by way of example, the maintenance and assistance of the website and related services.

Transfers of personal data outside the EU
The newsletter service uses the MailChimp provider of Intuit Inc., based in the USA, which for this purpose has implemented the standard contractual clauses pursuant to art. 46, par. 2, letter. c, EU Reg. 2016/679, as available on its website, in the addendum section on data processing.

Cookies
Only technical session cookies are used, which are not persistent, strictly limited to what is necessary for safe and efficient navigation of the sites. For the use of these cookies, it is not necessary to obtain the user’s consent.

Rights of interested parties
Interested parties may exercise the right of access to personal data, of rectification or cancellation of the same, of limitation and opposition to processing (the latter, in particular, in relation to processing based on legitimate interest), in addition to the right to portability of data, free of charge and without any constraints, by sending a request to the contact address of the data controller, where the exercise of these rights is applicable, as well as the right to lodge a complaint with a supervisory authority.

INFORMATION ON THE PROCESSING OF PERSONAL DATA Made pursuant to Art. 13 EU 2016/679 (Information on Consultants and Suppliers)

In compliance with legislation on the protection of personal data, this document provides information on the processing of personal data of consultants, suppliers, and any parties involved in the relationship with the data subject (e.g., collaborators). Certain types of processing are subject to specific disclosures that may be consulted separately (e.g., video surveillance). This information does not cover the processing of personal data carried out by other autonomous data controllers to whom the data may be transmitted for the purposes described below, including compliance with legal obligations or the exercise of legal rights in court. For these, please refer to the relevant processing notices provided by those controllers.

Data Controller
The data controller is Mattia De Luca S.r.l. (VAT number: 14649541001), represented by the legal representative. It is headquartered at Piazza di Campitelli n. 2, Rome, with email contact at info@mattiadeluca.com. The processing of data is conducted in both automated and/or manual form by individuals specifically appointed by the data controller, in compliance with current legislation on security measures and the principles outlined in Article 5 of EU Regulation 2016/679, as well as the provisions of Legislative Decree 196/2003.

Purposes and Legal Basis of the Processing
Personal data are processed for purposes directly related and necessary for managing the relationship with the data subject, as well as for fulfilling legal obligations and exercising legal rights in court, including communication or dissemination of data as required. Processing of special categories of data may occur in relation of specific events, such as managing information related to allergies or food preferences of a religious nature.
Personal data are processed for the following purposes: performance of a contract to which the data subject is a party, or for the performance of pre-contractual measures taken at the request of the data subject; fulfillment of a legal obligation to which the data controller is subject; pursuit of legitimate interests pursued by the data controller, including exercising a right in court and protecting the property of the employer or client. Any special data processed will be handled based on explicit consent.

Disclosure of Data by the User
The communication of data by the user is necessary for the proper management of the relationship, including as necessary to fulfill legal obligations to which the data controller is subject. Failure to provide such data could prevent the establishment, continuation or proper conclusion of the relationship. The expression of consent for the processing of special data is necessary for the proper management of events.

Period of Data Retention
Personal data of data subjects will be retained for a duration not exceeding that necessary to achieve the purposes for which they were collected and processed, in accordance with applicable legal obligations.

Possible Recipients of the Data
Personal data of subjects will not be disclosed or communicated, except when strictly necessary for the purposes of processing (e.g., to the Tax Agency for legal compliance, or to legal advisors for legal proceedings). Such data may be processed, on behalf of the data controller, by third parties providing various services (e.g., cloud services), duly appointed as data processors.

Source of Personal Data
Personal data are typically collected directly from the subject, unless received from family members, public authorities, data recipients (e.g., during interactions with a litigant), or third parties (e.g., through reports). In such cases, the subject will be informed of the data source, unless there is a legal obligation of confidentiality or secrecy regarding the source (e.g., in whistleblowing reports).

Rights of Data Subjects
Data subjects have the right to access their personal data, request their rectification or deletion, restrict or object to processing (particularly in cases of processing based on legitimate interest), and request data portability. These rights can be exercised by sending a request to the contact address of the data controller, where applicable. Additionally, subjects have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal, by contacting the data controller. They also have the right to lodge a complaint with a supervisory authority.

INFORMATION ON THE PROCESSING OF PERSONAL DATA Made pursuant to Art. 13 EU 2016/679 (Customer Information)

In compliance with legislation on the protection of personal data, this document provides information on the processing of personal data of customers and any parties involved in the relationship with them (e.g., collaborators).
Certain types of processing are subject to specific disclosures that may be consulted separately (e.g., video surveillance). This information does not cover the processing of personal data carried out by other autonomous data controllers to whom the data may be transmitted for the purposes described below, including compliance with legal obligations or the exercise of legal rights in court. For these, please refer to the relevant processing notices provided by those controllers.

Data Controller
The data controller is Mattia De Luca S.r.l. (VAT number: 14649541001), represented by the legal representative. It is headquartered at Piazza di Campitelli n. 2, Rome, with email contact at info@mattiadeluca.com.
The processing of data is conducted in both automated and/or manual form by individuals specifically appointed by the data controller, in compliance with current legislation on security measures and the principles outlined in Article 5 of EU Regulation 2016/679, as well as the provisions of Legislative Decree 196/2003.

Purposes and Legal Basis of the Processing
Personal data are processed for purposes directly related and necessary for managing the contractual relationship with the subject and the possible performance of ancillary activities related to the contract, as well as for fulfilling legal obligations and exercising legal rights in court, including communication or dissemination of data as required. Processing of special categories of data may occur in relation to specific events, such as managing information related to allergies or food preferences of a religious nature.
Personal data is processed for the fulfillment of a contract to which the data subject is a party, or for pre-contractual measures requested by the data subject. Data may also be processed to comply with legal obligations applicable to the data controller, or for legitimate interests pursued by the data controller, such as exercising legal rights and protecting the property of the employer or client. In specific cases, processing may occur for activities related to the contract, based on the consent of the data subjects. Any special data processed will be handled based on explicit consent.

Disclosure of Data by the User
The communication of data by thes ubject is necessary for the proper management of the relationship, including as necessary to fulfill legal obligations to which the data controller is subject. Failure to provide such data could prevent the establishment, continuation or proper conclusion of the relationship. In relation to ancillary activities related to the contract, failure to express freely given consent will prevent their execution. The expression of consent for the processing of special data is necessary for the proper management of events.

Possible Recipients of the Data
Personal data of data subjects will not be disclosed or communicated, except when strictly necessary for the purposes of processing (for example: suppliers, for transporting goods collected or transmitted to the data subject, for condition reports; Tax Agency and Ministry of Culture, for compliance with legal obligations; consultants, for legal proceedings). Such data may be processed, on behalf of the data controller, by third parties providing various services (e.g., cloud services), duly appointed as data processors.

INFORMATION ON THE PROCESSING OF PERSONAL DATA Made pursuant to Art. 13 EU 2016/679 (II Level Video Surveillance Information)

In compliance with data protection regulations, we provide information on the processing of personal data through the active video surveillance system at our premises, as briefly outlined in the Level I privacy notice available for consultation upon entering the monitored area.These details do not pertain to the processing of personal data conducted by other independent data controllers to whom data may be transmitted for the purposes described below, including compliance with legal obligations or exercising a right in court, for which one may refer to the respective processing notices.

Processing Method
The processing of data is conducted in both automated and/or manual form by individuals specifically appointed by the data controller, in compliance with current legislation on security measures and the principles outlined in Article 5 of EU Regulation 2016/679, as well as the provisions of Legislative Decree 196/2003.

Purpose of the proceeding
Personal data are processed for the purpose of protecting corporate assets and fulfilling legal obligations, as well as for any purposes related to exercising a right in judicial proceedings, including relevant communication or dissemination of data.

Legal Basis of the Processing
Personal data are processed on the legal basis of the data controller’s legitimate interest, pursuant to and for the purposes of the combined provisions of Article 6(1)(f) of EU Regulation 2016/679 and Article 4 of Law No. 300/1970. This includes the protection of corporate assets and, where applicable, the exercise of a right in judicial proceedings, as well as compliance with legal obligations (e.g., upon request of the judicial or police authorities).

Disclosure of Data by the user
The communication of data by the subject is necessary to access the organization’s premises, also as required to fulfill the legal obligations to which the data controller is subject. Failure to communicate such data may prevent access to the premises (e.g., if wearing a full-face helmet).

Period of data retention
The data of the data subjects will be stored for a period of 48 hours, after which the file will be deleted by overwriting. In case of the need to protect corporate assets or specific requests from judicial or police authorities, access to the data may only be granted to the surveillance personnel or in their presence, or to a person formally authorized and instructed by them.

Possible Recipients of the Data
No dissemination of personal data is planned. Any potential communication of data is limited to what is strictly necessary to achieve the purpose of protecting corporate assets or complying with legal obligations to which the data controller is subject (e.g., filing a theft report/complaint).

Rights of Data Subjects
Data subjects may exercise the right to access their personal data, request rectification or deletion, restrict or object to processing (particularly for processing based on legitimate interest), and the right to data portability, free of charge and without any constraints, by sending a request to the data controller’s contact address, where the exercise of these rights is applicable.