Zagreb Split Zadar Rijeka

Preamble

With the aim of protecting personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council, dated April 27, 2016, on the protection of individuals in connection with the processing of personal data and on the free movement of such data and on the repeal of the Directive 95/46/EC (further: General Data Protection Regulation) The data controller, as a company that without exception, timely and completely implements legal regulations in all areas of business, especially in those directly related to the interests and satisfaction of clients, adopts and publishes this Privacy Policy.

The controller is a company whose primary activity includes sales, consulting and distribution.

The processing manager makes sales in branches and through the web shop present on this website. The activity of the Data Controller is not focused on personal data nor does it involve extensive processing of personal data of natural persons. The personal data that the Data Controller encounters and processes in his regular business is data collected with consent, for the purpose of sales.

Purpose of the document

The protection of the rights and freedoms of individuals with regard to the processing of personal data requires the introduction of a Privacy Policy, which aims to familiarize respondents with the manner in which their personal data will be processed in the company of the Controller, as well as what their rights are and how they are exercised.

Therefore, this Privacy Policy ensures transparency regarding the functions and processing of personal data and enables the respondent to familiarize himself with the rights related to data processing.

The value of personal data and responsibility for its protection

Personal data is any data relating to an individual whose identity has been determined or can be determined (“the respondent”); an identifiable individual is a person who can be identified directly or indirectly, in particular with the help of identifiers such as name, identification number, location data, online identifier or with the help of one or more factors inherent to physical, physiological, genetic, mental , economic, cultural or social identity of that individual.

Personal data that the Data Controller collects and processes in the performance of its activities constitute a business secret. The data controller implements technical and organizational security measures that ensure the confidentiality of all personal data for the duration and which also includes the prevention of unauthorized access to personal data and the equipment used in data processing or their unauthorized use.

All user data is strictly kept and is available only to employees who need this data to perform their work. All employees of the Data Controller are responsible for respecting the principles of privacy protection.

Personal data must be handled with special care, and they may be used exclusively in accordance with the reason for which they were collected.

We collect only those personal data that have been submitted to us voluntarily or for which there is another legal basis for processing.

Collection and processing of personal data

Collection of personal data may be carried out exclusively in accordance with legal regulations and ethical principles. It is permitted to process personal data only when there is a clearly defined and documented legal basis or a basis based on a contractual relationship, while all other processing of personal data is permitted only with the clear documented consent of its owner or his authorized representative.

We collect personal data only when the subject gives us permission: when registering on the site or through various forms on the site.

The same data is used for the purpose of concluding a contract, and for the purpose of familiarizing the seller with the purchasing habits of customers, as well as for informational purposes and the purpose of promoting the seller’s services and products.

We primarily collect personal data for:

  • the most effective response to your inquiry;
  • execution of sales contracts;
  • promoting our services and expressing the intention to enter into a contract;
  • our internal statistical data processing;
  • possibilities of sending publications, brochures and other promotional materials;
  • execution of our legal and contractual obligations;
  • legitimate interest.

The controller processes personal data only to the extent necessary to provide the service and achieve the above-mentioned goals. When storing data, personal data is stored in the smallest possible number of places where it is adequately protected.

In the event that you pay with credit or debit cards on our site, our business partner WSPay, which enables the above service, provides the following Statement on the protection of personal data transfer.

WSPay, as an executor of credit card authorization and billing, handles personal data in the capacity of processor and personal data in accordance with the General Data Protection Regulation and the strict rules of the PCI DSS L1 regulation on data protection and data transfer.

WSPay uses an SSL certificate of 256-bit encryption and TLS 1.2 cryptographic protocol as the highest level of protection when entering and transferring data.

Personal data used for the purpose of authorization and billing, i.e. in the performance of obligations from the Agreement or based on the Agreement, are considered confidential data.

The following personal data of the customer are required for the execution of the Agreement (authorization and payment): Name and surname, E-mail, Telephone, Address, City, Postal code, Country, Type of card, Card number, Duration of the card, CVV code of the card.

WSPay does not process or use this personal data except for the purpose of executing the authorization contract and billing.

WSPay guarantees the fulfillment of all conditions specified by the current regulations on the protection of personal data for the executors of personal data processing, and in particular the taking of all necessary technical, organizational and security measures, and this is especially confirmed by the PCI DSS L1 certificate.

As a Data Controller, we always give you choices about the use of your data, including the ability to decide whether or not you want your name removed from lists used for marketing campaigns. We do not require you to send any information in order to give you access to our pages.

The data controller will not transfer your personal data to unauthorized third parties without your specific consent, will not send you e-mails that contradict the terms of use, and you can unsubscribe from the list of recipients of any e-mail at any time.

The data controller stores the collected personal data until the data subject revokes the storage of personal data. The respondent can at any time withdraw his consent to the further collection, processing and use of personal data, and he can request the revocation of the storage of personal data by writing to the company’s address or by e-mail to info@artbottega.hr.

When you visit our websites, our web server always saves the name of your Internet service provider, the website from which you visited us, the websites you viewed during your visit, and the date and time of your visit. Our cookies do not contain specific personal information, so your privacy remains protected, because it is not personal data, that is, we do not use the personal data collected in this way to identify you.

The IP address is transmitted with each request sent to the server, so that the server knows where the response must be sent. An Internet Service Provider (ISP) assigns everyone an IP address when connecting to the Internet. The ISP can track which IP address is assigned to individual users at which time. As long as the stored IP address is not deleted, the identity of the end user can theoretically be obtained through the ISP. For this reason, the Controller does not save the IP addresses of visitors, but only use them for the purpose of session recognition and defense against attacks. Accordingly, the IP address is deleted immediately afterwards, so that the collected data remains anonymous and that the identity of the end user cannot be known even through the mediation of the ISP.

This website uses cookies to enable or improve the functions offered and the user experience. In order to provide you with a better user experience and full functionality of the website, this site stores your cookies. However, if you do not want it, you can refuse them, but then there is a chance that the functionality of the site will be limited.

In addition, personal data is only stored if you voluntarily make it available to us, e.g. within the framework of registration, surveys, prize games or for the execution of contracts.

Rights of respondents

The processing manager enables the exercise of all the rights of the data subjects. Thus, at any time you have the right to request:

  • deletion of personal data (“right to be forgotten”) if the processing of your personal data is no longer necessary in relation to the purpose for which it was collected or if you withdraw your consent to the processing of personal data or if you object to the processing of your personal data and prove that your legitimate interests to delete personal data prevail over the legitimate interest of the Controller in processing your personal data;
  • correction of personal data if some of your personal data has changed or you have noticed an error in your collected personal data;
  • transfer of personal data, i.e. request personal data relating to you in electronic form and transfer them to a third party;
  • objection if you object to the purpose for which your personal data is processed;
  • restriction of personal data processing if you dispute the accuracy of personal data, if you object to the deletion of personal data and instead request a restriction of their use; if the Data Controller no longer needs your personal data for processing purposes, but you are requesting them in order to establish, exercise or defend legal claims; if you objected to the processing of personal data.


You can exercise your rights free of charge, electronically, by contacting the email address: info@artbottega.hr.

Exceptionally, if you request that a confirmation be issued in a form other than electronic for the purpose of transferring personal data, the Data Controller reserves the right to charge a reasonable fee for administrative costs for issuing an additional copy of personal data.

Incident management

In the event of a violation of the security of your personal data that could cause you significant damage, the Company Controller will notify you of the same without delay, and take all necessary measures to eliminate the damage, and limit or mitigate the harmful consequences caused by the violation of the security of personal data.

Transparency

If we decide to change this privacy policy, we will post the changes on this page so that you can see them continuously.