PRIVACY POLICY (GDPR)
Last update: 12 January 2026
1. Who we are (Data Controller)
Cristian Mitrani (“we”, “us”) is the controller for the processing of personal data carried out via this Website.
GDPR contact point (also for exercising your rights):
The Muisca Gallery (webmaster/support) – Privacy contact for Cristian Mitrani
13 rue d’Ormesson, 75004 Paris, France
Email: art@themuisca.com
2. Scope
This Privacy Policy explains how we collect and use personal data when you:
- browse this Website;
- contact us via forms;
- subscribe to updates / newsletters (if available);
- interact with embedded third-party content (e.g., Instagram).
3. Personal data we collect
Depending on how you use the Website, we may collect:
A) Data you provide
- Contact form: first name, last name, email, phone (optional), message content.
- Newsletter / updates form (if enabled): email address and consent status.
B) Technical and usage data
- IP address, approximate location (city/country), device type, browser, operating system, pages viewed, timestamps, referring URLs, and similar logs.
C) Cookies and similar trackers
- Cookies necessary for the Website to function and remain secure.
- Optional cookies (e.g., audience measurement/analytics or marketing) only if you consent, depending on your choices in the cookie banner.
See our Cookie Policy for details.
4. Why we process your data (purposes) and legal bases
We process personal data for the following purposes:
Purpose 1 — Responding to your requests (contact forms, inquiries, commissions, exhibitions)
Data: identity/contact details and message content.
Legal basis: (i) steps prior to entering into a contract or performance of a contract, where applicable; and/or (ii) our legitimate interest in responding to requests and managing our professional communications.
Purpose 2 — Sending news and updates (only if you opt-in)
Data: email address, consent proof, and preference/opt-out status.
Legal basis: your consent. You can withdraw consent at any time by using the unsubscribe mechanism (if provided) or by emailing us.
Purpose 3 — Website security, fraud prevention, and technical administration
Data: technical identifiers, logs, security-related cookies.
Legal basis: our legitimate interest in maintaining the security and performance of the Website.
Purpose 4 — Audience measurement and improvement (only if enabled and if consent is required)
Data: online identifiers, browsing events, cookie identifiers.
Legal basis: your consent where required; otherwise our legitimate interest when lawful and configured to comply with applicable guidance.
5. Who receives your data (recipients)
We only share personal data when necessary, including with:
- Cristian Mitrani and authorized persons handling requests.
- The Muisca Gallery, acting as webmaster/support (processor).
- Wix.com and its group companies / technical subcontractors providing the website platform, forms, and related services (processor/sub-processors).
- OVH SAS, as applicable for domain/email/infrastructure services (processor), depending on the configuration.
- Service providers strictly necessary for operations (e.g., security monitoring, delivery/payment providers if you purchase artwork), acting under contractual safeguards.
- Public authorities or courts, only where required by law.
We do not sell your personal data.
6. International data transfers
Because this Website is built on Wix infrastructure, personal data may be processed in the European Union, Israel, and potentially other countries (including the United States) depending on the service providers used.
Where transfers occur outside the EEA, we rely on an adequacy decision (when applicable) and/or appropriate safeguards such as Standard Contractual Clauses and additional measures where required.
7. How long we keep your data (retention)
- Contact/inquiry messages: up to 3 years after our last contact, unless a longer period is required to manage a contract, legal claim, or accounting obligation.
- Newsletter/update subscriptions: until you unsubscribe/withdraw consent, or up to 3 years after last interaction.
- Technical logs: generally up to 12 months (may vary depending on security needs and platform settings).
- Cookie data: see Cookie Policy (cookie durations vary).
8. Your rights
Subject to conditions set by law, you have the right to:
- Access your personal data;
- Rectify inaccurate or incomplete data;
- Erase your data (“right to be forgotten”);
- Restrict processing;
- Object to processing based on legitimate interests;
- Data portability (when applicable);
- Withdraw consent at any time (where processing is based on consent);
- Lodge a complaint with a supervisory authority.
To exercise your rights, email: art@themuisca.com
Please include “GDPR Request – cristianmitrani.com” and enough information to identify you. We may request proof of identity if needed to protect you against fraud.
9. Supervisory authority (France)
If you consider that your rights are not respected, you may lodge a complaint with the French Data Protection Authority (CNIL).
10. Security
We implement reasonable technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. No online service can be guaranteed 100% secure.
11. Third-party content and social networks
This Website may include links or embedded content from third parties (e.g., Instagram). Those providers may collect data and set cookies under their own policies. We recommend reviewing their privacy information and using the cookie banner options to manage trackers.
12. Photos, artistic content, and requests
This Website publishes photographic works and artistic projects. If you believe a photograph on this Website unlawfully affects your privacy or rights, you may contact us at art@themuisca.com with the relevant URL and details so we can review your request.
13. Changes to this policy
We may update this Privacy Policy to reflect legal or technical changes. The “Last update” date indicates the latest version.