Preamble

In order to protect personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: General Data Protection Regulation), the Controller, as a company that implements legal regulations without exception, in a timely manner and in full in all areas of business, and especially in those that directly relate to the interests and satisfaction of clients, adopts and publishes this Privacy Policy.

The data controller is a company whose primary activity includes sales, consulting and distribution.

The Data Controller carries out sales in branches and through the web shop present on this website. The Data Controller's activities are not focused on personal data nor do they involve extensive processing of personal data of natural persons. The personal data that the Data Controller encounters and processes in its regular business operations are data collected with consent, and for the purpose of realizing the purchase and sale.

Purpose of the document

The protection of the rights and freedoms of individuals with regard to the processing of personal data requires the introduction of a Privacy Policy which aims to inform respondents about the way in which their personal data will be processed by the Data Controller, as well as what their rights are and how they are exercised.

Therefore, this Privacy Policy also ensures transparency regarding the functions and processing of personal data and allows the data subject to become familiar with the rights related to data processing.

The value of personal data and responsibility for its protection

Personal data is any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal data collected and processed by the Controller in the course of its activities are considered a trade secret. The Controller implements technical and organizational security measures that ensure the continued confidentiality of all personal data, including the prevention of unauthorized access to or use of personal data and equipment used for data processing.

All user data is strictly protected and is only accessible to employees who need the data to perform their jobs. All employees of the Data Controller are responsible for respecting the principles of privacy protection.

Personal data must be handled with special care and may only be used in accordance with the reason for which it was collected.

We only collect personal data that is voluntarily provided to us or for which there is another lawful basis for processing.

Collection and processing of personal data

The collection of personal data may only be carried out in accordance with legal regulations and ethical principles. Personal data may only be processed when there is a clearly defined and documented legal basis or a basis based on a contractual relationship, while all other processing of personal data is permitted only with the clear documented consent of the owner or his authorized representative.

We collect personal data only when the data subject gives us consent: when registering on the site or through various forms on the site.

The same data is used to conclude contracts, and to familiarize the seller with the purchasing habits of customers, as well as for informational purposes, and to promote the seller's services and products.

We primarily collect personal data to:

  • to respond to your inquiry as efficiently as possible;
  • execution of the purchase contract;
  • promoting our services and expressing the intention to conclude a contract;
  • our internal statistical data processing;
  • the possibility of sending publications, brochures and other promotional materials;
  • to fulfill our legal and contractual obligations;
  • legitimate interest.

The controller processes personal data only to the extent necessary to provide the service and achieve the above-mentioned objectives. When storing data, personal data is stored in the smallest possible number of places where it is adequately protected.

In case you make a payment on our website with a credit or debit card, our business partner WSPay, which provides the aforementioned service, provides the following Statement on the protection of the transfer of personal data.

WSPay, as the executive of credit card authorization and collection, processes personal data in its capacity as a processor and processes personal data in accordance with the General Data Protection Regulation and the strict rules of the PCI DSS L1 regulation on the protection of data entry and transmission.

WSPay uses an SSL certificate of 256-bit encryption and TLS 1.2 cryptographic protocol as the highest level of protection when entering and transferring data.

Personal data used for the purpose of authorization and billing, i.e. in the performance of obligations from the Agreement or based on the Agreement, are considered confidential data.

The following personal data of the customer are required for the execution of the Agreement (authorization and payment): Name and surname, E-mail, Telephone, Address, City, Postal code, Country, Card type, Card number, Duration of the card, CVV code of the card.

WSPay does not process or use this personal data except for the purpose of executing the authorization contract and billing.

WSPay guarantees compliance with all conditions set forth in applicable personal data protection regulations for processors of personal data, and in particular, taking all necessary technical, organizational and security measures, which is particularly confirmed by the PCI DSS L1 certificate.

As a Data Controller, we always give you choices about how your data is used, including whether or not you want your name removed from lists used for marketing campaigns. We do not require you to provide data in order to access our site.

The data controller will not transfer your personal data to unauthorized third parties without your specific consent, will not send you emails that are contrary to the terms of use, and you can unsubscribe from any email recipient list at any time.

The Data Controller stores the collected personal data until the data subject revokes the storage of personal data. The data subject may withdraw their consent to the further collection, processing and use of personal data at any time, and may request the revocation of the storage of personal data in writing to the company's address or by e-mail to info@artbottega.hr.

When you visit our websites, our web server always stores the name of your internet service provider, the website from which you visited us, the websites you viewed during your visit, and the date and time of your visit. Our cookies do not contain specific personal information, so your privacy remains protected, because it is not personal data, i.e. we do not use the personal data collected in this way to identify you.

The IP address is transmitted with every request sent to the server, so that the server knows where the response should be sent. The Internet Service Provider (ISP) assigns everyone an IP address when connecting to the Internet. The ISP can track which IP address is assigned to which individual users at which time. As long as the stored IP address is not deleted, it is theoretically possible, via the ISP, to obtain the identity of the end user. For this reason, the Controller does not store the IP addresses of visitors, but uses them only for the purpose of session recognition and defense against attacks. Accordingly, the IP address is deleted immediately afterwards, so that the collected data remains anonymous and the identity of the end user cannot be learned even through the mediation of the ISP.

This website uses cookies to enable or improve the functions offered and the user experience. In order to provide you with a better user experience and full functionality of the website, this website stores your cookies. However, if you do not want this, you can refuse them, but then there is a chance that the functionality of the website will be limited.

Furthermore, personal data is only stored if you make it available to us voluntarily, e.g. as part of registration, surveys, competitions or for the purpose of fulfilling a contract.

Rights of the respondent

The data controller enables the exercise of all data subjects' rights. Thus, you have the right to request at any time:

  • erasure of personal data ("right to be forgotten") if the processing of your personal data is no longer necessary in relation to the purpose for which they were collected or if you withdraw your consent to the processing of personal data or if you object to the processing of your personal data and prove that your legitimate interests in erasing your personal data override the legitimate interests of the Controller in processing your personal data;
  • correction of personal data if some of your personal data has changed or you have noticed an error in your collected personal data;
  • transfer of personal data, i.e. request personal data relating to you in electronic form and transfer it to a third party;
  • objection if you object to the purpose for which your personal data is processed;
  • restriction of processing of personal data if you contest the accuracy of the personal data, if you oppose the deletion of personal data and instead request the restriction of their use; if the Controller no longer needs your personal data for the purposes of processing, but you require them for the establishment, exercise or defense of legal claims; if you have lodged an objection to the processing of personal data.


You can exercise your rights free of charge, electronically, by contacting the email address: info@artbottega.hr.

Exceptionally, if you request that a certificate be issued to you for the purpose of transferring personal data in a form other than electronic form, the Controller reserves the right to charge a reasonable administrative fee for issuing an additional copy of your personal data.

Incident management

In the event of a breach of personal data security that could cause you significant damage, the Controller will notify you without delay and take all necessary measures to eliminate the damage and limit or mitigate the harmful consequences resulting from the breach of personal data security.

Transparency

If we decide to change this privacy policy, we will post the changes on this page so that you can always keep an eye on them.

© 2024 Art Bottega Studio - Pineli & Vino. All Rights Reserved