Privacy
Privacy Policy
Last updated: July 2026
1. Controllers
The joint controllers responsible for the processing of personal data on this website are:
Ivan Pogodin and Giulia Quaini
Roccia Art Gallery
Leebgasse 14/10
1100 Vienna
Austria
Email: [email protected]
Phone: +43 664 3485727
2. General information
We take the protection of personal data seriously. This Privacy Policy explains which personal data may be processed when you visit this website, contact us, or voluntarily submit information or materials to Roccia Art Gallery.
Personal data means any information relating to an identified or identifiable natural person, for example name, email address, phone number, IP address, message content, artist biography, portrait image, or other information connected to an identifiable person.
3. Website access and server log files
When you visit this website, technical data may be processed automatically, in particular:
- IP address
- date and time of access
- page or file requested
- browser type and browser version
- operating system used
- referrer URL
- amount of data transferred
- access status message
These data are processed to provide the website, ensure technical stability and security, detect abuse, and analyse technical errors.
The legal basis is our legitimate interest under Art. 6(1)(f) GDPR.
4. Hosting and technical infrastructure
This website is hosted using Cloudflare Pages, a service provided by Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA.
Cloudflare may process technical access data and security-related data to deliver the website, improve loading speed, ensure technical security, prevent abuse, and analyse errors.
Where personal data are transferred to the United States or other third countries, this takes place on the basis of appropriate safeguards under the GDPR, such as Cloudflare's Data Processing Addendum, applicable standard contractual clauses, or other legally recognised transfer mechanisms.
Further information can be found in Cloudflare's privacy documentation and Cloudflare's data processing terms.
5. Contact by email, phone, or contact form
If you contact us by email, phone, or through a contact function on the website, we process the data you provide, such as your name, email address, phone number, message content, time of contact, and any voluntary information.
These data are used to answer your request and communicate with you.
At present, the contact form does not use a configured secure backend endpoint. Instead, it opens the visitor's email application with a prepared message. In this case, the message is sent through the visitor's own email provider and received through our email provider.
The legal basis is our legitimate interest under Art. 6(1)(f) GDPR in responding to inquiries and maintaining communication. Where communication relates to a possible agreement or collaboration, the legal basis may also be Art. 6(1)(b) GDPR.
If a secure form endpoint, CRM system, newsletter tool, or other communication provider is added later, this Privacy Policy will be updated with the relevant provider and processing details.
6. Artists and submitted materials
If artists, photographers, authors, curators, or other persons voluntarily send us information, images, biographies, portfolios, statements, CVs, contact details, or other materials, we may process such data for review, communication, documentation, presentation, or possible collaboration within Roccia Art Gallery.
Publication of artist profiles, portraits, biographies, artworks, photographs, or other submitted materials takes place only where we have appropriate permission or another valid legal basis.
The legal basis may be consent under Art. 6(1)(a) GDPR, pre-contractual or contractual communication under Art. 6(1)(b) GDPR, or our legitimate interest under Art. 6(1)(f) GDPR in reviewing and documenting submitted materials.
Consent can be withdrawn with effect for the future.
7. Cookies, analytics, and external content
This website uses Cloudflare Web Analytics to measure basic traffic and page-performance data. Cloudflare Web Analytics is provided by Cloudflare, Inc. and uses a lightweight analytics beacon.
Cloudflare states that Web Analytics collects a minimum amount of information for performance metrics and does not track individual end users across customers' internet properties. Cloudflare also states that Web Analytics does not use cookies or localStorage to collect usage metrics and does not fingerprint individuals for analytics purposes.
The legal basis is our legitimate interest under Art. 6(1)(f) GDPR in understanding whether the website works reliably, loads correctly, and is useful to visitors, without using marketing tracking.
This website does not use Google Analytics, Meta Pixel, advertising trackers, retargeting pixels, or marketing-tracking cookies.
This website may link to external pages such as Instagram, YouTube, or other third-party websites. At present, no external content is automatically embedded in a way that transfers data to third-party providers when the page loads.
If embedded third-party content is added later, this Privacy Policy will be updated and, where legally required, consent controls will be added.
8. Disclosure, transfers, and retention
Personal data are not sold.
Personal data are not disclosed to third parties without a legal basis. Disclosure may occur where necessary for hosting, technical security, communication, legal obligations, rights protection, or legitimate interests.
Personal data are stored only for as long as necessary for the respective purposes.
Data from inquiries are generally deleted once communication has been completed, unless legal retention obligations, documentation needs, rights protection, or legitimate interests require longer storage.
Artist-related materials and permission records may be stored for as long as the relevant content is displayed on the website and, where necessary, for a reasonable period afterwards for documentation and rights-verification purposes.
9. Your rights
Subject to the GDPR, you have in particular the following rights:
- right of access to your stored personal data
- right to rectification of inaccurate data
- right to erasure
- right to restriction of processing
- right to data portability
- right to object to processing based on legitimate interests
- right to withdraw consent with effect for the future
To exercise your rights, contact us at:
If you believe that the processing of your personal data violates data protection law, you may lodge a complaint with a data protection supervisory authority.
In Austria, the competent authority is:
Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna
Austria
Email: [email protected]
10. Automated decision-making
No automated decision-making, including profiling, takes place on this website.
11. Updates
This Privacy Policy may be updated if the website, technical services, analytics setup, communication tools, project structure, or legal requirements change.