1. This Privacy Policy sets out the rules for the processing of personal data obtained through the website artteasan.be , hereinafter referred to as the “Website”).
2. The owner of the Website and at the same time the Data Administrator is www.artteasan.be, hereinafter referred to as the Administrator.
3. Personal data collected by the Administrator through the Website shall be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), also referred to as RODO.
4. The Administrator shall take special care to respect the privacy of Customers visiting the Website.

§ 1 Type of processed data, purposes and legal basis

1. The Administrator shall collect information concerning natural persons performing a legal action not directly related to their activity, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal persons or organizational units which are not legal persons, to which legal capacity is granted by law, conducting business or professional activity on their own behalf, hereinafter collectively referred to as Customers.
2. Personal data of Customers are collected in case of:
   use of the contact form service on the Website in order to perform the contract provided electronically. Legal basis: necessary for the performance of the contract for the provision of the contact form service (Article 6(1)(b) of the RODO).
3. When using the contact form service, the Customer shall provide the following data:
   – e-mail address
   – first name
   – phone number
4. When using the Website, additional information may be collected, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.
5. Navigation data may also be collected from Customers, including information about the links and references they choose to click on or other actions taken on the Website. Legal basis – legitimate interest (Article 6(1)(f) RODO) to facilitate the use of electronically provided services and to improve the functionality of such services.
6. Provision of personal data to the Administrator is voluntary.

§ 2 To whom are the data shared or entrusted and how long are they kept?

1. The Customer’s personal data are transferred to the service providers used by the Administrator in the operation of the Website. The service providers to whom the personal data are transferred, depending on the contractual arrangements and circumstances, are either subject to the Administrator’s instructions as to the purposes and methods of processing such data (processors) or they themselves determine the purposes and methods of processing (administrators).
   1.1 Processors. The Administrator uses suppliers who process personal data only at the direction of the Administrator. These include, but are not limited to, providers of hosting services, accounting services, providers of marketing systems, systems for analyzing Website traffic, systems for analyzing the effectiveness of marketing campaigns
   1.2 Administrators. The Administrator uses suppliers who do not act solely on instructions and determine themselves the purposes and uses of Customers’ personal data. They provide electronic payment and banking services.
2. Location. The service providers are mainly located in Poland and other countries of the European Economic Area (EEA).
3. personal data of Customers shall be stored:
   3.1 If the basis for the processing of personal data is consent then the Customer’s personal data is processed by the Administrator as long as the consent is not revoked, and after the revocation of consent for a period of time corresponding to the period of limitation of claims that the Administrator may raise and that may be raised against it. Unless a special provision provides otherwise, the statute of limitations is six years, and for claims for periodic benefits and claims related to the conduct of business – three years.
   3.2 If the basis of data processing is the performance of a contract, then the Customer’s personal data shall be processed by the Administrator for as long as it is necessary for the performance of the contract, and thereafter for a period corresponding to the period of limitation of claims. Unless a special provision provides otherwise, the statute of limitations is six years, and for claims for periodic benefits and claims related to the conduct of business – three years.
4. If a request is made, the Administrator shall make personal data available to authorized state authorities, in particular to organizational units of the Prosecutor’s Office, the Police, the President of the Office of Personal Data Protection, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.

§ 3 Cookies mechanism, IP address

1. The website uses small files, called cookies. They are stored by the Administrator on the final device of the person visiting the Website, if the Internet browser allows it. A cookie usually contains the name of the domain from which it originated, its “expiration time” and an individual random number identifying the cookie. Information collected through files of this type helps to customize the products offered by the Administrator to the individual preferences and real needs of visitors to the Website.
2. The Administrator uses two types of cookies:
   2.1 Session cookies: when the session of a particular browser ends or the computer is turned off, the stored information is deleted from the device’s memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from Customers’ computers.
   2.2 Persistent cookies: they are stored in the memory of the Customer’s terminal device and remain there until they are deleted or expire. The mechanism of persistent cookies does not allow downloading any personal data or any confidential information from the Clients’ computer.
3. The Administrator uses proprietary cookies for:
   3.1. analysis and research, as well as audience auditing, and in particular to create anonymous statistics that help to understand how Customers use the Website, which allows to improve its structure and content.
4. The Administrator uses external cookies to:
   4.1. presenting on the information pages of the Website, a map indicating the location of the Administrator’s office, using the maps.google.com website (administrator of external cookies: Google Inc. based in the USA)
5. the cookie mechanism is safe for the computers of Customers visiting the Website. In particular, it is not possible to get viruses or other unwanted software or malware into Customers’ computers through this route. Nevertheless, in their browsers, Customers have the option to limit or disable the access of cookies to their computers. If this option is used, the use of the Website will be possible, except for functions that by their nature require cookies.
6. The Administrator may collect IP addresses of Customers. An IP address is a number assigned to the computer of a person visiting the Website by an Internet service provider. The IP number allows access to the Internet. In most cases, it is assigned to a computer dynamically, i.e. it changes each time the computer connects to the Internet, and for this reason it is commonly treated as non-personal identifying information. The IP address is used by the Administrator to diagnose technical problems with the server, to create statistical analyses (e.g. to determine from which regions we record the most visits), as information useful in administering and improving the Website, as well as for security purposes and possible identification of server-loading, unwanted automatic programs for browsing the contents of the Website.

§ 4 Rights of data subjects

1. The right to withdraw consent – legal basis: Article 7(3) RODO.
   1.1 The Customer has the right to revoke any consent he/she has given
   1.2 Withdrawal of consent shall have effect from the moment of withdrawal of consent.
   1.3 Withdrawal of consent shall not affect the processing performed by the Administrator in accordance with the law before its withdrawal.
   1.4 Withdrawal of consent shall not entail any negative consequences for the Client, but may prevent further use of services or functionalities that the Administrator may lawfully provide only with consent.
2. The right to object to the processing of data – legal basis: Article 21 RODO.
   2.1 The Customer has the right to object at any time – for reasons related to his/her particular situation – to the processing of his/her personal data, including profiling, if the Administrator processes his/her data based on legitimate interests, such as marketing the Administrator’s products and services, keeping statistics on the use of particular functionalities of the Website and facilitating the use of the Website, as well as satisfaction surveys.
   2.2 Opting out in the form of an e-mail from receiving marketing communications regarding products or services shall imply the Customer’s objection to the processing of his/her personal data, including profiling for these purposes.
   2.3 If the Customer’s objection proves to be valid, the Administrator will have no other legal basis for processing personal data, the Customer’s personal data will be deleted, against the processing of which, the Customer has objected.
3. right to erasure of data (“right to be forgotten”) – legal basis: article 17 of RODO.
   3.1 The Customer has the right to request deletion of all or some of his/her personal data.
   3.2 The Customer has the right to request deletion of personal data if:
   3.2.1. the personal data are no longer necessary for the purposes for which they were collected or for which they were processed
   3.2.2. he/she has withdrawn a specific consent, to the extent that the personal data was processed based on his/her consent
   3.2.3. has objected to the use of his/her data for marketing purposes
   3.2.4. personal data is processed unlawfully
   3.2.5. the personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which the Administrator is subject
   3.2.6. the personal data was collected in connection with the offering of information society services
   3.3. despite a request for erasure of personal data, in connection with the filing of an objection or withdrawal of consent, the Administrator may retain certain personal data to the extent that the processing is necessary to establish, assert or defend claims, as well as to comply with a legal obligation requiring processing under Union law or the law of a Member State to which the Administrator is subject. This applies in particular to personal data including: first name, last name, e-mail address, which data are retained for the purpose of processing complaints and claims related to the use of the Administrator’s services, or, in addition, residence address / mailing address, order number, which data are retained for the purpose of processing complaints and claims related to the concluded sales contracts or provision of services.
4. The right to restrict data processing – legal basis: article 18 of RODO.
   4.1 The customer has the right to request restriction of processing of his personal data. Submitting a request, until it is considered, prevents the use of certain functionalities or services, the use of which will involve the processing of data covered by the request. The Administrator will also not send any communications, including marketing.
   4.2 The customer has the right to request restriction of the use of personal data in the following cases:
   4.2.1. when he or she questions the correctness of his or her personal data, in which case the Administrator shall limit the use of his or her personal data for the time necessary to verify the correctness of the data, but no longer than for 7 days
   4.2.2. when the processing of the data is unlawful, and instead of deleting the data, the Client requests a limitation of their use
   4.2.3. when the personal data are no longer necessary for the purposes for which they were collected or used but are needed by the Customer to establish, assert or defend claims
   4.2.4. when he or she has objected to the use of his or her data, in which case the restriction shall be for the time necessary to consider whether, due to the particular situation, the protection of the Client’s interests, rights and freedoms outweighs the interests pursued by the Administrator in processing the Client’s personal data.
5. right of access to data – legal basis: article 15 RODO.
   5.1 The Customer has the right to obtain confirmation from the Administrator as to whether it is processing personal data, and if this is the case, the Customer has the right:
   5.1.1. gain access to his/her personal data
   5.1.2. obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data, the planned period of storage of the Customer’s data or the criteria for determining this period (when it is not possible to determine the planned period of data processing), the Customer’s rights under the RODO and the right to lodge a complaint with a supervisory authority, the source of such data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Union
   5.1.3. obtain a copy of your personal data.
6. right to rectification of data – legal basis: article 16 of RODO.
   6.1 The Customer shall have the right to request from the Administrator the immediate rectification of personal data pertaining to him/her that is inaccurate. Taking into account the purposes of processing, the Customer to whom the data pertains has the right to request the completion of incomplete personal data, including by providing an additional statement, by addressing the request to the e-mail address in accordance with §6 of the Privacy Policy.
7. The right to data portability – legal basis: article 20 RODO.
   7.1 The Customer has the right to receive his/her personal data, which he/she has provided to the Administrator, and then send it to another personal data controller of his/her choice. The Customer also has the right to request that the personal data be sent by the Administrator directly to such administrator, if technically possible. In such a case, the Administrator will send the Customer’s personal data in the form of a file in csv format, which is a commonly used, machine-readable format that allows sending the received data to another personal data administrator.
8. In a situation where the Customer has asserted an entitlement under the above rights, the Administrator shall either comply with the request or refuse to comply with it immediately, but no later than within one month after receiving it. However, if – due to the complex nature of the request or the number of requests – the Administrator will not be able to fulfill the request within one month, he will fulfill it within another two months informing the Client in advance – within one month of receiving the request – about the intended extension of the deadline and the reasons for it.
9. The Customer may submit complaints, inquiries and requests to the Administrator regarding the processing of his personal data and the exercise of his rights.
10. The Customer shall have the right to lodge a complaint with the President of the Office for Personal Data Protection regarding violation of his/her rights to personal data protection or other rights granted under the RODO.

§ 5 Changes to the Privacy Policy

1. The Privacy Policy is subject to change, of which the Administrator is not obliged to inform.
2. For questions related to the Privacy Policy, please contact us at: jessicaschoepen@gmail.com
3. Date of last modification: 22.11.2024 r.