Privacy Policy

Last updated: January 3, 2026

Introduction

This Privacy Policy explains how FRANCESCA POLIZZI ("we," "us," or "our") collects, uses, and protects your personal information when you visit and interact with this website.

We are committed to protecting your privacy and handling your data in an open and transparent manner.

Data Controller

The data controller responsible for your personal information is:

Francesca Polizzi
Contact: rizzutogallery@gmail.com

What Information We Collect

Information You Provide

When you use the inquiry form on this website, we collect:

  • Your name – to address you properly in our response
  • Your email address – to send you a reply
  • Your message – to understand your inquiry
  • Artwork reference (if applicable) – to provide context for your inquiry

Automatically Collected Information

When you visit our website, our server may automatically log:

  • IP address – for security and rate limiting purposes
  • Browser type and version – for technical compatibility
  • Pages visited and time spent – for basic usage statistics

This information is collected in server logs and is used solely for security, troubleshooting, and improving the website.

How We Use Your Information

We use the information you provide through the inquiry form to:

  • Respond to your inquiries about artworks, exhibitions, or commissions
  • Provide information you have requested
  • Communicate with you about professional opportunities

We use automatically collected information to:

  • Maintain the security and stability of the website
  • Prevent abuse and spam
  • Improve the website's functionality

Legal Basis for Processing

Under GDPR, we process your personal data on the following legal bases:

  • Consent – When you submit the inquiry form, you consent to us processing your data to respond to your inquiry
  • Legitimate interests – We have a legitimate interest in maintaining website security and preventing abuse

Data Retention

We retain your personal information for the following periods:

  • Inquiry form data – We retain your contact information and message for up to 2 years from the date of your inquiry, unless you request earlier deletion
  • Server logs – Automatically collected information is retained for up to 90 days for security purposes

Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes.

We may share your information only in the following circumstances:

  • With your consent – If you explicitly agree to share your information
  • Legal requirements – If required by law, court order, or legal process
  • Service providers – With trusted service providers who assist in operating the website (e.g., email delivery services), under strict confidentiality agreements

Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access – You can request a copy of the personal data we hold about you
  • Right to rectification – You can request that we correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") – You can request that we delete your personal data
  • Right to restrict processing – You can request that we limit how we use your data
  • Right to data portability – You can request your data in a structured, commonly used format
  • Right to object – You can object to our processing of your data
  • Right to withdraw consent – You can withdraw consent at any time where we rely on consent to process your data

To exercise any of these rights, please contact us at: rizzutogallery@gmail.com

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

These measures include:

  • Secure server infrastructure with SSH hardening
  • CSRF (Cross-Site Request Forgery) protection on all forms
  • Rate limiting to prevent abuse
  • Regular security logging and monitoring

However, no method of transmission over the internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Cookies

This website currently uses minimal cookies:

  • Session cookies – Used only for admin authentication (if you are an admin user)
  • CSRF tokens – Used to protect forms from security attacks

We do not use tracking cookies, analytics cookies, or advertising cookies.

External Links

This website may contain links to external websites (e.g., social media, exhibitions, galleries). We are not responsible for the privacy practices or content of these external sites. Please review their privacy policies separately.

Children's Privacy

This website is not directed at children under 16 years of age. We do not knowingly collect personal information from children under 16.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates when the policy was last revised.

We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Email: rizzutogallery@gmail.com

Supervisory Authority

If you are located in the European Economic Area (EEA), you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with data protection laws.