Last update: 15th of May 2023
I - DISCLOSURE OF YOUR PERSONAL DATA TO THIRD PARTIES
Before transferring any Personal Data to third party (processor, contractor, affiliate, partner, contractors, suppliers, vendors, etc.) we shall make reasonable check of such third party regarding its compliance with the law. We will make commercially reasonable efforts to store Personal Data of individuals in the regions where they live or operate in cases if we are required by law or regulation to do so (e.g. Personal Data of EU citizens in EU or countries acknowledged by relevant authority as having an appropriate level of data protection). If storing of Personal Data in such way is not commercially reasonable, we will ensure that third party processors are bound by an agreement which contains obligations of the processor to provide at least minimum necessary level of security and other provisions as required by law or regulation (e.g. as required by approved model data processing agreements adopted by relevant data protection authority). As well, we will ensure that such agreement contains the obligation of the processor to adopt necessary provisions into his agreements with sub-processors (if any). Herein you give us your free unambiguous consent to store your Personal Data (and data that does not identify you individually, if applicable) outside of your country of residence (registration, domicile, centre of vital interests, economic region, etc.).
You may request us to be provided with details concerning the safeguards employed by us to protect the Personal Data about you which is transferred to a third country, by contacting us via e-mail at firstname.lastname@example.org
II - PROCESSING YOUR PERSONAL DATA
If you are located in the European Economic Area, UK or Switzerland, we may process your Personal Data for the above mentioned purposes when:
- We need your Personal Data in order to provide you with services and products requested by you under our contractual relations, or to respond to your inquiries;
- We have a legal obligation to use your Personal Data;
- or We have a legitimate interest in using your Personal Data. In particular, we have a legitimate interest in using your Personal Data to ensure and improve the safety, security, to suppress illegal activity on our Website, Applications or with the use of our Services, to take precautions against liabilities, investigate and defend ourselves against any third-party claims or allegations, investigate and protect ourselves from fraud, protect the rights and property of our Company, its users and/or partners, etc.
We may also process certain information in a form that does not, own its own, permit direct association with you available to third parties for various purposes, including for business or marketing purposes or to assist third parties in understanding our users’ interest, habits, and usage patterns for certain programs, content, services, advertisements, promotions, the functionality available through the Service, statistics and other use. This is information is not associated with any Personal Data that can identify any individual person.
III - RETENTION OF YOUR PERSONAL DATA
We may retain your Personal Data for as long as is required to fulfill the purposes of the processing of the Personal Dat or for a longer period as required according to the relevant law or regulation. The retention period will be determined taking into account the type of Information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused Information at the earliest reasonable time. In general, we store your Personal Data for up to 3 years and make a revision of it after that period. During such revision, we may either delete all of your Personal Data or keep it collected for the next 10 years if: we are providing you Services; you use our Application(s) and our Website; we are in the middle of a dispute or you are our debtor; such information is still necessary for the purposes we collected it. We can delete your Personal Data any time and not wait for such period to end if the purpose we collected it for no longer applies. We make no warranties your Personal Data will be available for any specific period of time (3 years, 10 years, or less or more, etc.). Please consider that we have no obligations to notify you when deleting your Personal Data and can do it at our sole discretion.
IV - YOUR RIGHTS AND CHOICES
The GDPR provides data subject (European resident) with specific rights regarding their Personal Data. This section describes your GDPR rights and explains how to exercise those rights.
Regarding your Personal Data. You are entitled to:
А. The right to express and withdraw consents, including reading or registering cookies.
B. The right to objection, including:
- objection to the processing of your Data for direct marketing purposes;
- reasoned objection to the processing of your Personal Data within the legitimate interests of our Company, for reasons related to your particular situation; and
- objection to the processing of your Data for any other purpose. Please note that such objection may lead to the impossibility to use our Website, Services or Application and/or may lead to termination of our contractual relations with you (if any).
C. The right to know what Personal Data we have collected about you, the right to access your data, including obtaining a copy of the data to be processed (at our choice: in written, or by providing access to your Personal Data on our server (other types of storage), or sending it to you by e-mail or on CD/DVD/another device, or in another applicable way, etc.).
D. The right to rectify (correct) your Personal Data if your data in our possession is inaccurate or incomplete.
E. The right to delete your data if your data is no longer necessary for the purpose for which it was collected, and Company has no grounds for its processing, e.g. based on your consent or legal obligation. Moreover, you may ask to delete your Data at any time, but in such case, it may lead to the impossibility to use our Website, Services and/or the Application and/or may lead to termination of our contractual relations with you (if any).
F. The right to transfer your Data provided to us by you in a machine-readable format, e.g. if you want to share it with another service provider.
G. The right to restrict processing of your Personal Data by us.
H. The right to request transfer of your Personal Data directly to a third party where this is technically feasible.
Please note, however, that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.
In addition to the abovementioned rights, you also have the right to lodge a complaint with a competent supervisory authority subject to applicable law. You also have the right to express your concern regarding our data policies. In order to exercise this right, you should send relevant request via e-mail to us at email@example.com
Access/Deletion Request Rights. If you wish to exercise any of the aforementioned rights or receive more information, please contact us via e-mail pointed herein.
In order to fulfill your request, we are required to verify your identity so that your data does not go to an unauthorized person. In case if you send a relevant request on behalf of the company (in cases where Personal Data may be applicable to the company as pointed in law or regulation), we should be sure you are duly authorized to receive such data about such company. As a way of example, but not limited to: if you send request from the same e-mail you used during registration and with the same signature you usually use in your e-mails (if there were any between us), we reasonably consider that it is you, who asks for your Personal Data. In cases if you use other e-mail address, or company asks data about itself through other employee (not the one who registered it in the Service) we shall ask for additional verification (unless such additional e-mails/persons were pointed as trustworthy during registration).
We, within one month of receiving your request, shall provide you with information about the actions taken in connection with your request. If we require more time (up to 45 days), we will inform you of the reason and extension period in writing.
In cases, if you found out that someone illegally provided us with your Personal Data, let us immediately know about this via our contact e-mail pointed in this Privacy Notice. Upon your request, we will delete your Personal Data without undue delay, but in any case, within one month from the day of receipt of your request (or more due to the complex nature of the request or the number of requests). We will only retain such copies of the information as are necessary for us to comply with the Law and Regulation for such cases.
If your request turns out to be unreasonable or excessive, in particular, due to its repeated nature, we may request a reasonable fee for the fulfillment of the request or refuse to take action in connection with the request.
In cases of breach of security which lead to unauthorized access to your Personal Data, we: will let you and the relevant Data Protection Authority know about this incident without undue delay as soon as we become aware of such breach and make all reasonable efforts to minimize the harm and restore necessary safety measures. We can notify (inform) you about the breach of your Personal Data at our sole discretion in the following ways we consider most appropriate: via your contact e-mail, by phone, in your personal account, in national news, on our Website, in the Application or any other way which allows you to take necessary steps to minimize the possible harm without undue delay. Such notification will include general information about the breach, possible risks and our steps to minimize them – to the extent possible in relevant circumstances. You are solely responsible to notify your third parties if their Personal Data is part of such breach (if you are the one who provided such information to us). Our notifications shall not constitute our acknowledgment of any kind of fault (guilt, liability) for the breach.
V - QUESTIONS AND COMPLAINTS. CONTROLLER AND REPRESENTATIVE CONTACT INFORMATION
Controller. If you have any questions or comments about this notice, the ways in which AREZZO ATELIERS collects and uses your information described here, your choices and rights regarding such use, or wish to exercise your rights under the applicable law, please to not hesitate to contact us at: firstname.lastname@example.org
Article 27 Representative. We have appointed our representative according to Art 27 GDPR. If you want to make use of your GDPR data privacy rights, please contact us at email@example.com