Logo Cantadora Logo Menu
Logo Cantadora Logo Menu

Privacy Policy

Last updated: November 10, 2025

1. Introduction

This Privacy Policy describes how personal data of users who visit the website https://cantadora.it/ (“the Website”) is collected and processed.

The policy is provided in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and the applicable Italian data protection laws.

2. Data Controller

The Data Controller is:
Cantadora
Registered address: Piazza Galeria 7, inferno 20, 00179 Roma
Contact e-mail for privacy matters: info@cantadora.it
(“the Controller”).

3. Types of Data Collected

When you browse or interact with this Website, the following categories of personal data may be collected:

a) Browsing data

The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
Such information is not collected to be associated with identified individuals but, by its very nature, could allow user identification through processing and association with data held by third parties (e.g., IP addresses, domain names, browser type, operating system, access times).

b) Data provided voluntarily by the user

When users voluntarily send emails, fill in contact forms, or interact through other channels, the data voluntarily provided (such as name, surname, email address, and message content) will be collected and used solely to respond to those requests.

c) Data collected via cookies or tracking technologies

The Website uses technical cookies and, only upon user consent, analytics and marketing cookies.
For more details, please refer to our Cookie Policy.

4. Purposes and Legal Basis for Processing

Personal data is processed for the following purposes:

PurposeLegal BasisRetention Period
a) To allow navigation and proper technical functioning of the WebsitePerformance of pre-contractual measures / legitimate interestSession duration
b) To handle user inquiries or contact requestsExplicit consentUntil the request is processed or consent is withdrawn
c) To analyze site traffic and performance (statistics)Legitimate interest / consent (for non-anonymized cookies)As defined by each service
d) To send newsletters or updates about exhibitions and eventsConsentUntil consent is withdrawn
e) To comply with legal obligations or authority requestsLegal obligationAs required by law

5. Methods of Processing

Data is processed using electronic and IT systems, in accordance with principles of lawfulness, fairness, transparency, purpose limitation, and data minimization.
No automated decision-making or profiling is carried out unless the user has explicitly consented to it (for example, for marketing purposes).

6. Data Communication and Disclosure

Personal data may be communicated to:

  • Data Processors (e.g., hosting providers, IT maintenance companies, analytics services, newsletter platforms);
  • Third-party service providers whose tools are integrated into the Website (e.g., Google, YouTube, Meta/Facebook);
  • Public authorities or institutions where required by law.

All third parties receive only the data strictly necessary to perform their duties and are bound by data protection obligations.

7. Data Transfers Outside the EU

Some third-party providers (e.g., Google LLC, Meta Platforms Inc.) may transfer data to countries outside the European Economic Area (EEA), particularly to the United States.
In such cases, data transfers are carried out under Standard Contractual Clauses approved by the European Commission or other adequate legal mechanisms (e.g., EU-U.S. Data Privacy Framework).

8. Data Retention

Data is stored only for as long as necessary to fulfill the purposes for which it was collected:

  • Browsing and technical data: for the duration of the session or as technically required;
  • Contact form data: for as long as necessary to respond to requests;
  • Marketing data: until consent is withdrawn;
  • In any case, within the limits set by applicable law.

9. Data Subject Rights

At any time, users have the rights established by Articles 15–22 of the GDPR, including:

  • the right of access to personal data,
  • the right to rectification or erasure,
  • the right to restriction of processing,
  • the right to data portability,
  • the right to object to processing,
  • and the right to withdraw consent at any time.

Requests can be sent to: [privacy contact email].

Users also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali – www.garanteprivacy.it).

10. Data Security

The Website adopts appropriate technical and organizational measures to ensure the security of personal data and protect it against loss, misuse, unauthorized access, or disclosure.
Hosting is provided by [name of hosting provider], located in [country], compliant with GDPR standards.

11. External Links

The Website may contain links to external websites or social media platforms.
The Controller is not responsible for the content or privacy practices of such third-party websites, which are governed by their own privacy policies.

12. Changes to This Policy

The Controller reserves the right to modify or update this Privacy Policy at any time, in accordance with applicable legislation.
Updates will be published on this page, indicating the latest revision date.

13. Contact Information

For any questions, information, or requests regarding personal data processing, please contact:

Data Controller: Cantadora
Address: Piazza Galeria 7, inferno 20, 00179 Roma
Email: info@cantadora.it