This information is provided pursuant to art. 13 D. Lgs. 30.06.2003, 196 and art. 13 of EU Regulation No 2016/679. The Company PATTY'S ART GALLERY SRLS with registered office in VIA RIVAROTTA 4, C.F. 04288920244 p.iva 04288920244 Owner of the treatment (hereinafter, "Owner"), informs pursuant to art. 13, D. Lgs. 30.06.2003, 196 (hereinafter, "Privacy Code") and art. 13, EU Regulation n. 2016/679 (hereinafter, "GDPR") that your data will be treated in the following ways and for the following purposes;

1. Object of the treatment

Patty's Art Gallery srls takes care of the protection of your personal data and respects the current legislation on the protection of personal data (Privacy Code and GDPR 12016/679). Your personal data is treated confidentially. We process the personal data you provide us while using the website and/or after registering on the website.

In particular, we process: personal, identification and non-sensitive data (in particular, name, surname, tax code, VAT number, email, telephone number - hereinafter, "personal data" or "data") directly provided by you, with the registration to the site; data not directly provided by you - and in any case acquired within the limits of the provisions of art. 14, paragraph 5, GDPR - the transmission of which is connected to the use of Internet communication protocols (by way of example only, access to the page, quantity of data transferred, status message when access has taken place, session ID numbers, IP addresses, URL addresses, etc.). This data makes it possible to reconstruct the path of your visits to the site.

2. Purpose of treatment

Your personal data are processed:

A) without your express consent (art. 24, lett. a), b), c), Privacy Code and art. 6, lett. b), e), GDPR), for the following Service Purposes:

  • process a contract request;

  • to execute pre-contractual measures taken at your request;

  • develop internal statistics;

  • fulfill pre-contractual, contractual and fiscal obligations arising from existing relationships;

  • to fulfil the obligations provided for by the law, by a regulation, by Community legislation or by an order of the Authority;

  • safeguarding the vital interests of the data subject or of another individual;

  • prevent or detect fraudulent activity or abuse that is harmful to the website;

  • pursuing a legitimate interest of the Data Controller or of third parties, within the limits and under the conditions set out in Article 6, letter f), GDPR;

  • to exercise the rights of the Data Controller (by way of example, the right to defence in court);

B) Exercise the rights of the Owner, (by way of example, the rightOnly after your specific and unequivocal consent (Articles 23 and 130, Privacy Code and Article 7, GDPR), for the following purposes of Marketing of defense in court):

  • send email newsletters, commercial communications and/or advertising material on products and/or services, different and/or dissimilar from those already purchased, offered by the Owner.

3. Nature of the conferment of personal data

The provision of your data for the purposes described in paragraph 2, letter A), n. i and ii) is necessary. If you do not provide it, we cannot guarantee that you will register with the Site or that we will be able to process your requests.

The provision of Data for the purposes described in point 2, letter b), is instead optional. You can therefore decide not to provide any data or revoke the possibility of processing by us of data previously provided. In this case, you will no longer receive our newsletters, while you will continue to receive our services and will retain the right to register on the site.

4. Treatment modalities

The processing of your personal data is carried out by means of the operations indicated in art. 4, Privacy Code and art. 4, n. 2), GDPR and precisely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The processing of your data will be based on the principles of correctness, lawfulness and transparency and can also be carried out through automated methods designed to store, manage and transmit them and will be done through instruments that are suitable, for what concerns the reason and the state of the art, to ensure the security and confidentiality through the use of appropriate procedures that avoid the risk of loss, unauthorized access, illegal use and dissemination.

5. Data retention period
The Data Controller will process personal data for the time necessary to fulfill the above purposes and in any case for no longer than 10 years from the termination of the relationship for Service Purposes and for no longer than 2 years from the collection of data for Marketing Purposes. Once this retention period has expired, the data will be destroyed or made anonymous.

6. Data access
The personal data processed by the Owner will not be disclosed, or will not be given to undetermined subjects, in any possible form, including that of their availability or simple consultation. They may, however, be communicated to employees of the Owner and to some external subjects who collaborate with them. In particular, your data may be made accessible to:

  • employees and collaborators of the Owner, consultants authorized to manage the site and the provision of related services (by way of example: customer services, IT department, etc..), in their capacity as internal managers and / or in charge of the processing of personal data and / or system administrators;

  • third party companies or other subjects (by way of example only: credit institutions, professional firms, consultants, insurance companies, etc.) which carry out activities in outsourcing on behalf of the Data Controller, in their capacity as external managers and/or persons in charge of the processing of personal data.

Your data may also be disclosed, to the extent strictly necessary, to persons entitled to access them under the provisions of the law, regulations, Community legislation.

7. Data communication
Without your express consent (ex art. 24 lett. a), b), d), Privacy Code and art. 6 lett. b), c), GDPR), the Owner may communicate your data for the purposes indicated to supervisory bodies, judicial authorities and to all other subjects to whom the communication is mandatory by law for the fulfillment of the purposes mentioned..

8. Data Transfer
The management and storage of personal data will take place on the servers of the Owner and/or third party companies in charge and duly appointed as Data Processors, located within the European Union, or in accordance with the provisions of Art. 45 et seq. GDPR. Currently the servers are located in San Giovanni al Natisone (UD). The data will not be transferred outside the European Union. It remains in any case understood that, should it become necessary to transfer the location of the servers, in Italy and/or European Union and/or non-EU countries, such a transfer will always take place in compliance with art. 45 and following, GDPR. In this case, however, the Owner assures as of now that the transfer of data outside the EU will take place in accordance with the applicable provisions of law by entering into, if necessary, agreements that ensure an adequate level of protection and / or adopting the standard contractual clauses provided by the European Commission.

9. Navigation data

The computer systems and software procedures used to operate the site may acquire, during their normal activity, some personal data whose transmission is implicit in the communication protocols of the Internet. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified (i.e. parameters relating to the user's operating system and computer environment). These data are used by the Owner for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing. Such data may also be used to ascertain responsibility in case of hypothetical computer crimes against the Site.

10. Cookies
When you use our website, cookies are stored on your computer. Cookies are small text files that are stored on your computer and provide us with certain information. They are widely used in order to make websites work or function more efficiently to improve the user experience, as well as to provide certain information to the owners of the site. Our site uses Cookies that remain on your computer for different lengths of time. Some expire at the end of each session and some stay longer so that when you return to our Site, you can enjoy a better user experience. Web browsers allow you to exercise some control over Cookies through your browser settings. Most browsers allow you to block Cookies or block Cookies from certain sites. Browsers can also help you delete Cookies when you close the browser. However, you should keep in mind that this may mean that any opt-outs or preferences you have set on the site will be lost. Please consult the technical information for your browser for instructions. If you choose to disable the Cookies setting or if you refuse to accept a cookie, some parts of the service may not function properly or may be significantly slower.

11. Rights of the data subject
In your capacity as a data subject, you have the rights under Art. 7, Privacy Code and Art. 15, GDPR and specifically the rights to:

  • obtain confirmation of the existence or not of personal data concerning him, even if not yet recorded, and their communication in intelligible form;

  • obtain indication of: a) the origin of personal data; b) the purposes and methods of treatment; c) the logic applied in case of treatment with the aid of electronic instruments; d) the identity of the owner, manager and the representative appointed under Article 5, paragraph 2 Privacy Code and Article 3, paragraph 1, GDPR; e) subjects or categories of persons to whom the data may be communicated or who can learn about them as appointed representative in the State, managers or agents;

  • obtain: a) the updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;

  • oppose, in whole or in part: a) for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection; b) the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by email and / or through traditional marketing methods by phone and / or mail. It should be noted that the right of the interested party to object, as set out in point b) above, for the purposes of direct marketing using automated methods is extended to traditional methods and that, in any case, the interested party may exercise the right to object even partially. Therefore, the interested party may decide to receive only communications by traditional means or only automated communications or neither of the two types of communication.

Where applicable, you also have the rights under Articles 16 - 21, GDPR (Right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to object), as well as the right to complain to the Supervisory Authority.

12. How to exercise your rights
You have the right to ask the Data Controller for access to the Data concerning you, their rectification or cancellation, the integration of incomplete Data, the limitation of their processing; to receive the Data in a structured, commonly used and machine-readable format; to revoke any consent you may have given with regard to the processing of your sensitive data at any time and to object, in whole or in part, to the use of the Data; to lodge a complaint with the Authority, as well as to exercise the other rights recognised to you by the applicable legislation.

You can exercise your rights at any time by sending

  • a registered letter A/R to: Patty's Art Gallery with registered office in VIA RIVAROTTA 4, BASSANO DEL GRAPPA (VI) 36061

  • an e-mail at the address: info@pattys.it

13. Minors
Where the person giving the data is under 16 years of age, such processing is lawful only if, and to the extent that, such consent is given or authorized by the holder of parental responsibility for whom the identification data and copies of identification documents are acquired.

14. Owner, manager and appointees
The data controller is Patty's Art Gallery srls with registered office in VIA RIVAROTTA 4, BASSANO DEL GRAPPA (VI) 36061 P.Iva and C.F. 04288920244.

The updated list of those responsible for and in charge of the processing is kept at the headquarters of the Data Controller.

Changes to this Policy

This Policy may be subject to change. We therefore recommend that you check this Policy regularly and refer to the most up-to-date version.



Copyright: The trademarks, images and all content on this site are the property of Patty's Art Gallery srls.


Pursuant to the new web disclosure requirements introduced by the above article of law, we are disclosing the following corporate data:

Patty's Art Gallery srls.

registered office - VIA RIVAROTTA 4, BASSANO DEL GRAPPA (VI) 36061


VAT and tax code. IT 04288920244




QR code