Privacy policy notice following art. 13 of the EU’s General Data Protection Regulation n. 2016/679

This notice is written according to art. 13 GDPR to the users that interact with the web services of Gallery SRL accessible through the website (from now on also known as “website” below).


The data controller is Gallery SRL, via San Nicolò 23/d 34121 Trieste, telephone +39 040 7600250 mail, as known as “controller” or “data controller” below.

The controller treats the personal data collected from the interested party that: a) visits the pages on the website independently from its connection, b) during the navigation the party registers contact or request forms with the information requested, c) during navigation the party provides personal data through the utilisation of the website booking online.

Filling out the forms on the website and the utilisation of “booking online” results in the acquisition of the address and data of the user. This data is necessary to answer the demands and services requested.

The transfer of data is obligatory for points b) and c) (form filling and booking online service). Refusal to give consent to data collection results in the inability to offer the service requested.

Data will be treated with paper and electronic forms inside Gallery SRL headquarters through the acceptance of the online forms. The forms will be conserved with care as per GDRP EU 2016/679 with regards to security, confidentiality, and personal data protection. Data will be treated by authorized employees within Gallery SRL.

The website uses analytic cookies for statistical analyses and to collect information on the user’s navigation and choices in aggregated and anonymous form.

The data controller manages public pages on the main Social Networks (Facebook, Instagram, Twitter, Pinterest, Linekdin, Telegram, Google +). If a user visits these social networks and decides to communicate his or her personal data by posting (also photos and videos), they will be publicly sharing their data. In these cases, the dissemination of data does not depend from the data controller but is conditioned by the nature of social media and how it is used. These actions are the sole responsibility of the user.

The data controller cannot treat data and offer its services to minors. The data controller is not responsible for the information given by users that is wrong, incomplete or false and that can involve third parties (including minors). If this were to happen, the data controller will intervene immediately to protect the privacy of the involved parties, eventually reporting these fraudulent activities the authorities.

The data will not be object of dissemination and will not be communicated and/or given to third parties. In case of data collection towards other non EU countries, the data controller will operate respecting the regulations described in the GDPR 2016/679, paragraph V (“Transferring of personal data towards other countries or international organizations”)

Collected data is kept for a duration connected to the needs of the interested party and refers to the period in which they will be in need of our services. Users are always able to revoke their data collection consent at any moment.

The rights of each concerned person that can be exercised on their data are those set forth in the GDPR 2016/679 (Art. 15 to 22).

1. The concerned person has the right to obtain confirmation of the existence of personal data that regards him/her, even if not yet registered, and their communication in intelligible form

2. The concerned person has the right to obtain:

a) The origin of their personal data;

b) The purpose and mode of the treatment of their data;

c) The logic applied in case of data acquired with the help of electronic devices;

d) the entities or categories in which – for the objectives closely related to the data collection – the personal data can be communicated or can come to know as the representative designated on the territory of the state.

3. The concerned person has the right to ask and obtain:

a) The change, update or integration of their data;

b) The deletion, transformation to anonymity or block of the collected data violating the law, including those that do not need to be conserved in relation to the objectives with which they were acquired or treated.

c) A statement that the operations described in a) and b) were brought to the attention of whoever’s data was communicated or shared, except in the case this fulfilment is impossible or needs a disproportionate means with respect to the protected rights.

d) the portability of all or part of your data towards another data controller;

4. The interested party can oppose in full or in part:

a) for legitimate reasons that regard the treatment of his/her personal data pertinent to the objective of the treatment;

b) to the treatment of personal data that regard the reception of advertising material or direct sale or for market research or commercial communications.

5) the interested party has the right to submit a formal complaint to the authorities that deal with data protection (Data protection supervisor).

In any moment, they can be exercised by contacting the data controller directly or writing to