Privacy and Cookies Policy

1. Introduction to the website of Raffaella Cortese SRL

Introduction to the website of Raffaella Cortese SRL (hereinafter, “GRC”).
This Privacy Policy (hereinafter, the “Privacy Policy”) applies to data of each user (hereinafter, the “User”) which GRC processes after a User logs in to access the various sections of this website (hereinafter, the “Website”).
The privacy notice is provided exclusively for the Website and is not applicable to any different sites to which the User may be redirected by links inside the Website, which redirect to portals and computer systems managed by third parties whose ownership, methods and purposes GRC is not party to.
The Privacy Policy is regulated by Italian law and by EU Regulation 2016/679 (GDPR) which regulates the processing of personal data (hereinafter, the “Data”) by any person resident or based in the European Union, and guarantees that the relevant data processing operations are conducted in observance of the fundamental rights and freedoms and dignity of the Data Subject, particularly in relation to the rights of confidentiality, personal identity and data protection.
The Privacy Policy may be modified or simply updated, in whole or in part, to bring it into line with any legislative changes; amendments and updates to the Privacy Policy will be binding once they have been published on the Website.

2. Data Controller, External Data Processors and Data Processors

The Data Controller is Raffaella Cortese SRL, registered office in 20129 Milan, Via Alessandro Stradella 7, Tax Code and VAT No. 04036340968.
GRC independently determines the purposes and methods of the data processing operations, and also the data security procedures to be applied in order to guarantee the confidentiality, integrity and availability of Data.
The complete and updated list of Data Processors may be consulted by contacting GRC.
The following email address is available for any further information:

3. Persons/entities that can process the User’s Data

To process the User’s Data, GRC avails of third parties who are carefully selected, are trustworthy and reliable and have adequate experience and expertise for the assignment, and they are able to guarantee full compliance with applicable regulatory provisions on the processing of personal data, including provisions on personal data security. These third parties have been carefully selected and appointed based on the nature of the tasks that GRC assigns to them, and they act under the control of GRC and in accordance with the latter’s instructions.

4. Purposes of the data processing

Navigation inside the Website is free and requires no special access or authentication credentials.
GRC may request the User to insert his/her Data (for example: name, surname, and e-mail address) in the special registration field, to facilitate the provision of specific services (hereinafter, the “Services”), such as:
– the periodic transmission of newsletters containing news about GRC’s activities, such as e.g. exhibitions and events at GRC spaces, cultural and artistic events, GRC’s participation at art fairs, special initiatives, informations about GRC (hereinafter, “Newsletter”).
GRC provides a full privacy notice at the registration stage, which the User must accept in order to be able to access the aforementioned Services.

5. Data processing methods and duration of the Data Processing

Data will not be communicated to third parties unless such communication is required by law, or is necessary in order to achieve legally sanctioned purposes for which the Data Subject’s consent is not required.
The duration of the data processing is indicated in the privacy notice for the processing of Data, in each individual section thereof.

6. Data security

GRC puts in place adequate data security measures pursuant to EU Regulation 2016/679 in order to prevent the loss or unlawful or incorrect use of Data, as well as unauthorised access thereto.
GRC reserves the right to delete any accounts and all associated Data if they are found to contain material that is unlawful, detrimental to the image of GRC and/or of its products/services or of third parties, or that is considered offensive or promotes illegal or defamatory activities, or that has pornographic content, incites violence or promotes discrimination on grounds of race, gender, religion and sexual orientation.

7. The User’s rights

The User will, at any time and without charge, be entitled to access his/her own Data, to receive his/her own electronic Data and transmit such Data to another data controller (“data portability”), and also to have Data corrected, updated, modified or erased (subject to any legally applicable exemptions). The User will be entitled to update data which he/she supplies to GRC by contacting the latter at the address provided below. Requests for the erasure of data are regulated by applicable legal obligations including data/document retention obligations to which GRC is subject.
The User will be entitled to contact the Italian Data Protection Authority if he/she considers that the procedures for managing his/her Data are problematic or questionable.
In order to exercise these rights, the User may send a request to GRC by email to or send a letter by post to the following address: Galleria Raffaella Cortese, Via Alessandro Stradella 7, 20129 Milan. When contacting GRC, the User should include his/her name, e-mail address, postal address and/or telephone number(s) in order to facilitate GRC in properly managing your request.
The User is invited to regularly verify and update his/her Data in order to assist GRC in offering the Services to the User. The User may access and amend his/her Data by contacting GRC at the addresses indicated above, in order to receive support in such updating operations.
If a User, who has previously authorised the processing of his/her Data in order to make purchases in the Shop section of the Website and/or to facilitate the transmission of Newsletters, wishes to revoke his/her consent or to manage his/her preferences, he/she can transmit a simple request to GRC to this effect, as indicated above.

8. Cookie Policy

In compliance with the Official Provision of the Italian Data Protection Authority (“Identification of simplified procedures for the privacy notice and for the obtaining of consent to the use of cookies” of May 8, 2014, published in Official Gazette No. 126 of June 3, 2014), the Website’s home page banner refers to this document, which provides information on the procedures by which cookies may be used by GRC or by any third-party and managed by the User.
GRC does not use marketing or profiling cookies on the Website. However, GRC may receive “technical” cookies while the User is browsing the website, such as:
­- “Navigation or session” cookies i.e. text files of a technical nature which facilitate correct site functionality and enable User recognition (if the User so desires, by activating the relative functionality) when he/she next accesses the website;
­- “Analytical” cookies, used to collect information in anonymous and aggregate form for statistical purposes;
­- “Functionality” cookies, which can facilitate e.g. the use of the Services (such as access to the Viewing Room).

GRC uses the following cookies in particular:

vroom[ID]: first-party, technical cookies used to access the website’s Viewing Room.
cookielawinfo-checkbox-necessary: third-party, tecnical cookies to register consent to GRC’s cookie poliycy.
cookielawinfo-checkbox-non-necessary viewed_cookie_policy: third-party, tecnical cookies to register consent to GRC’s cookie policy.
_ga: third-party, analytical cookies used by Google Analytics for analysis of visits. Duration: 2 years.
_gat: third-party, analytical cookies used by Google Tag Manager for analysis of visits. Duration: 10 minutes.
_gid: third-party, analytical cookies used by Google Analytics for analysis of visits. Duration: 1 day.

Cookies may also be installed inside the Website by third parties or social networks: the parties understand that GRC, by law, has no control over these cookies and has no privacy notice obligations or consent obligations; the updated links to the privacy notices and the consent forms of said third parties are provided below:

­Twitter (link)
­Instagram (link)
­Linkedin (link)
­Facebook (link)
­Google Analytics (link)

Cookies may be enabled and disabled using one’s own browser settings. However, disabling functional cookies could cause malfunctions or Website and/or services restrictions. The procedures offered by the main browsers can be accessed below:

­Internet Explorer (link)
­Chrome (link)
­Firefox (link)
­Opera (link)
­Safari (link)

It is also possible to disable the use of cookies on one’s computer or to refer to individual providers using the Your Online Choices platform (link).
By continuing to browse the Website or by selecting an item (e.g. an image or a link) on that website, cookies will thereby be enabled and such continuation will be tantamount to consent to the use of cookies. Note, finally, that GRC will retain and store cookies only for as long as required in order to provide the Service and, in any case, for no longer than seven days.


Thank you for your interest in receiving our newsletter, please fill in the form below.

By sharing your details you agree to our Privacy Policy, and will receive gallery newsletters.