Legal
Last updated: July 2026
Privacy & Cookie Policy
Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (the “GDPR” or the “Regulation”), Sala Effe APS, acting as Data Controller, provides the following information regarding the processing of personal data of users (“Users”) who access and interact with this website (“Website”), dedicated to the promotion of the activities of Sala Effe APS, including the exhibition of modern art hosted at Sala Effe.
1. Data Controller
The Data Controller of personal data is Sala Effe APS (Social Promotion Association – Associazione di Promozione Sociale), with registered office in Cremona (CR), Corso Vittorio Emanuele II, 44 – Tax Code and VAT No. 01843490192 (“Sala Effe” or the “Controller”).
The Controller may be contacted at the following addresses:
- e-mail: info@salaeffe.eu
- certified e-mail (PEC): salaeffe@pec.it
2. Purposes and Legal Bases for Processing
Users’ personal data are processed for the following purposes:
“Contact” Section
Data communicated through the contact form or via e-mail are processed in order to manage information requests and provide the User with a response.
Legal basis: performance of pre-contractual measures taken at the request of the data subject (Art. 6(1)(b) GDPR).
“Newsletter” Section
Data collected through the newsletter subscription form are processed for the purpose of sending communications relating to activities, initiatives, exhibitions, and events organised by Sala Effe.
Legal basis: consent of the data subject (Art. 6(1)(a) GDPR and Art. 130 of Italian Legislative Decree No. 196/2003, as subsequently amended – Personal Data Protection Code), expressed through the voluntary completion of the newsletter subscription form, the entry of the User’s e-mail address in the designated field, and confirmation of the subscription by clicking the “Iscriviti/Subscribe” button. Consent is optional and the data subject may withdraw consent at any time, without affecting the lawfulness of the processing carried out prior to the withdrawal, by using the unsubscribe link included in each communication or by contacting the Controller at the addresses indicated in this Privacy Policy.
In the event of withdrawal, the data subject will no longer receive any communication.
Legal Obligations
Data may be processed in order to comply with legal, tax, accounting, and administrative obligations to which the Controller is subject.
Legal basis: compliance with a legal obligation to which the Controller is subject (Art. 6(1)(c) GDPR).
Defence Purposes
Data may be processed in order to establish, exercise, or defend a right of the Controller in judicial or extrajudicial proceedings.
Legal basis: legitimate interest of the Controller in protecting its rights (Art. 6(1)(f) GDPR).
3. Nature of Data Provision
Except as specified for browsing data, the User is free to provide personal data in the dedicated forms in order to obtain a specific service. However, failure to provide personal data may make it impossible to fulfil the User’s requests.
4. Categories of Personal Data Processed
Data voluntarily provided by the User
The personal data subject to processing consist of information provided by the User (first name, surname, e-mail address and, if communicated, telephone number and any other personal data included in the message) through the contact form or the newsletter subscription form.
The Website is not intended for the collection of special categories of personal data (Art. 9 GDPR); Users are therefore invited not to communicate such data through the Website’s forms.
Browsing data
Browsing data are information collected automatically by the Website’s computer systems during normal operation. This category of data includes, by way of example, IP addresses, the type of browser and device used, pages visited, and the date and time of access. Such data are used solely for the purpose of obtaining anonymous statistical information on the use of the Website and for monitoring its proper functioning and are deleted immediately after processing.
Browsing data are not collected for the purpose of association with identified data subjects, but by their very nature they could, through processing and association with data held by third parties, allow Users to be identified.
Cookies
The Website uses cookies. For further information, please refer to the dedicated section at paragraph 9 below.
5. Methods of Collection and Processing
Personal data are collected directly from the User through the voluntary completion of the forms on the Website, or automatically during browsing.
Processing is carried out in compliance with the principles of lawfulness, fairness, transparency, data minimisation, accuracy, storage limitation, integrity, and confidentiality set out in Art. 5 GDPR, by means of paper-based, electronic, and telematic tools, with the adoption of appropriate technical and organisational security measures designed to protect the confidentiality and integrity of the data and to prevent loss, unauthorised access, or unlawful use.
6. Recipients of Personal Data
Personal data provided by Users may be disclosed to: (a) employees and collaborators of Sala Effe duly authorised to process data pursuant to Art. 29 GDPR; (b) third parties providing ancillary or instrumental services to the Controller’s activities, acting as data processors pursuant to Art. 28 GDPR (by way of example: providers of IT services, website hosting, and newsletter distribution platform management); as well as (c) professionals, consultants, and public authorities where this is necessary to comply with legal obligations or for the exercise of the Controller’s rights.
Personal data are not subject to dissemination.
7. Data Retention Period
Personal data are retained for the time strictly necessary to pursue the purposes for which they were collected, and in particular:
- Contact: for the period strictly necessary to manage the request and provide a response to the User;
- Newsletter: until the withdrawal of consent or the request for deletion by the User;
The retention periods indicated above may be extended where processing is necessary for the establishment, exercise, or defence of a right of the Controller in judicial or extrajudicial proceedings, for compliance with legal obligations, or by order of an authority.
Upon expiry of the applicable retention periods, data are deleted or irreversibly anonymised.
8. Transfer of Data to Third Countries
Personal data are processed within the European Economic Area (EEA). Where, in order to make use of certain services of the Controller, a transfer of data to non-EU countries becomes necessary, Sala Effe ensures that any such transfer shall take place in compliance with Articles 44 et seq. of the Regulation. All necessary safeguards shall therefore be adopted in order to guarantee the fullest protection of personal data, basing such transfer on: (a) adequacy decisions regarding the recipient third countries issued by the European Commission; (b) appropriate safeguards provided by the recipient third party pursuant to Art. 46 of the Regulation, including the execution of standard contractual clauses adopted by the European Commission.
9. Cookies and Tracking Technologies
The Website uses exclusively technical cookies (strictly necessary cookies), which are necessary for the proper functioning and secure delivery of the Website’s content. The Website does not use profiling, advertising, or analytics cookies and does not track Users’ browsing for marketing purposes. The technical cookies used are those set by the providers of hosting and content distribution services for the Website in order to route traffic, balance the load, ensure security, and keep the Website available.
As these are strictly necessary cookies, pursuant to applicable privacy legislation and the Guidelines of the Italian Data Protection Authority (Garante per la protezione dei dati personali) of 10 June 2021, they do not require the User’s prior consent.
The User may block or delete cookies at any time through the browser settings; however, disabling technical cookies may compromise the proper functioning of the Website.
10. Rights of the Data Subject
The User may exercise at any time the rights provided for by Articles 15–22 of the GDPR and, in particular:
- right of access to personal data (Art. 15);
- right to rectification (Art. 16);
- right to erasure (“right to be forgotten”) (Art. 17);
- right to restriction of processing (Art. 18);
- right to data portability (Art. 20);
- right to object to processing (Art. 21);
- right not to be subject to automated decision-making (Art. 22);
- as well as the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent given prior to its withdrawal;
- the right to lodge a complaint pursuant to Art. 77 GDPR with the supervisory authority (Italian Data Protection Authority – Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Rome; e-mail: protocollo@gpdp.it; certified e-mail (PEC): protocollo@pec.gpdp.it; switchboard: +39 06 696771), where the data subject considers that the processing of personal data relating to him or her infringes the applicable data protection legislation.
11. How to Exercise Your Rights
To exercise the above rights or to request information regarding the processing of personal data, the data subject may write to the Controller at the e-mail address: info@salaeffe.eu
The Controller shall respond within the time limits set out in Art. 12 GDPR.
12. Amendments to this Privacy Policy
The Controller reserves the right to amend or update this privacy policy, including as a result of changes to applicable legislation. Updated versions shall be published on the Website with an indication of the date of the last update.