§ 1 Glossary
1. Administrator of Personal Data - All That Art Foundation, Kolberga Street 6, 51-607 Wrocław, NIP: 8982197823, KRS: 0000401595.
2. Personal Data Protection Supervisor - a person employed or cooperating with the Personal Data Administrator responsible for monitoring and supervising the implementation of the principles of personal data protection at the Administrator's foundation, with appropriate professional qualifications, including knowledge of data protection law and practices, and the ability to fulfill the personal data protection tasks set forth in Article 39 of the RODO.
(3) Personal Data - any information relating to an identified or identifiable natural person, including the IP address of persons using the functionality of the Website maintained by the Data Controller, information collected through cookies or other similar technologies.
4. Policy - this Information Protection Policy.
5. RODO - Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC.
6. Website - the website maintained by the Personal Data Controller at https://miaartgallery.com/ , where Customers can learn about the services offered.
7. Customer - any natural person visiting the Website or using one or more services or functionalities described in the Policy.
§ 2 Data processing in connection with use of the Website
In connection with the Customer's use of the Website, the Personal Data Administrator collects data to the extent necessary to provide the particular services offered, as well as information about the Customer's activity on the principles and for the purposes specified below.
§ 3 Principles of personal data processing
(1) The pillars of personal data protection in connection with the operation of the Website are:
(a) Legality - the Data Controller is concerned with the protection of privacy and processes data in accordance with the law;
(b) Security - the Data Controller shall ensure an adequate level of data security appropriate to the type of data, the manner of processing, while taking continuous measures in this regard;
(c) Rights of the individual - the Data Controller shall enable individuals whose personal data it processes to exercise their rights and shall exercise those rights;
(d) Accountability - the Data Controller shall document how it fulfills the obligations arising from its function as a Personal Data Controller in order to be able to demonstrate, at any time, the compliance of the activities undertaken with generally applicable laws.
(2) The Personal Data Administrator, in the course of operating the Website, is authorized to collect the following categories of Customers' personal data:
(a) IP address or other identifiers and information collected through cookies or other similar technologies;
(b) first and last name;
(c) e-mail address;
(d) residential or delivery address;
(e) telephone number.
(3) The Customer may voluntarily provide additional data, other than those specified in paragraph 2 above, which may facilitate communication and the provision of services by the Administrator. Such data may be deleted at any time. If the Administrator has indicated that specific data are mandatory, it means that they are required for the proper provision of services by the Personal Data Administrator in the course of its business. Provision of other data is voluntary.
(4) Customers' personal data collected on the Website are processed by the Data Administrator in order to:
a) providing services electronically in the scope of providing Customers with access to content collected on the Website, providing contact forms - where the basis for the processing of personal data is the necessity of processing for the performance of the contract (Article 6.1.b RODO);
b) conducting analysis and statistics - where the basis for processing personal data is the legitimate interest of the Personal Data Administrator (Article 6(1)(f) RODO) consisting in conducting analysis of Users' activity, as well as their preferences in order to improve applied functionalities and provided services;
c) possible establishment and investigation of claims or defense against them - where the basis for the processing of personal data is the legitimate interest of the Personal Data Administrator (Article 6(1)(f) RODO) consisting in the protection of their rights;
d) undertaking activity on social networks - where the basis for the processing of personal data is the legitimate interest of the Personal Data Controller (Article 6(1)(f) RODO) consisting in promoting its own brand and building and maintaining a community related to the brand.
(6) The Personal Data Administrator processes personal data of Customers visiting its profiles conducted on social media. The Customer's personal data obtained in this manner is processed solely in connection with the operation of the profile in question, including for the purpose of informing Customers about the Personal Data Administrator's activities and promoting various types of events and services, as well as for the purpose of communicating with Customers through the functionalities available within these profiles. The legal basis for the Administrator's processing of personal data for this purpose is its legitimate interest.
§ 4 Period of Personal Data Processing
(1) The period of data processing by the Personal Data Administrator depends on the type of service provided and the purpose of personal data processing. The collected Personal Data shall be processed for the duration of the service, until the withdrawal of the consent given or until an effective objection is made to the processing of the data in cases where the legal basis of the data processing is the legitimate interest of the Administrator.
(2) The period of data processing may be extended if the processing proves necessary to establish and assert or defend against possible claims, and thereafter only in the case and to the extent that it will be required by generally applicable law.
(3) After the expiration of the processing period, Customers' Personal Data shall be irreversibly deleted or anonymized.
§ 5 User's Rights
(1) Customers have the right of access to the content of data and the right to rectify, delete, limit processing, the right to data portability, the right to object to the processing of data, the right to withdraw consent at any time without giving any reason, without affecting the legality of processing carried out on the basis of consent before its withdrawal;
(2) The Client shall be entitled to lodge a complaint with the President of the Office for Personal Data Protection if he/she considers that the processing of personal data concerning you violates the provisions of the RODO;
3. the Client is entitled at any time to object to the processing of his/her personal data on the basis of the legitimate interest described above. The Personal Data Administrator shall immediately cease processing the Customer's Personal Data for these purposes, unless the Personal Data Administrator demonstrates that there are valid legitimate grounds for further processing of such data, and in particular it is necessary for the protection of the Customer's interests, rights and freedoms, or the data will be necessary for possible establishment, investigation or defense of claims by the Personal Data Administrator.
(4) In the case of the processing of personal data on the basis of consents, at any time the Customer has the right to withdraw his consent by directly contacting the Personal Data Administrator in writing to his registered address with the annotation "Personal data", without giving any reason, and without affecting the legality of the processing carried out on the basis of consent before its withdrawal. If you exercise this right, we will stop processing your data for the purpose covered by your previously given consent.
§ 6 Recipients of Data
(1) In connection with the provision of services using the Website, as well as in the course of business, the Personal Data Administrator is entitled to disclose the collected personal data to external entities, including in particular:
a. Suppliers responsible for the operation of information systems,
b. entities providing accounting, legal, auditing, consulting services,
c. and entities affiliated with the Administrator.
(2) If the Customer's consent is obtained, his/her data may also be made available to other entities for their own purposes, including marketing purposes.
(3) The Administrator reserves the right to disclose selected information concerning the User to the competent authorities or third parties who make a request for such information, based on the relevant legal basis and in accordance with the provisions of the applicable law.
§ 7 Final provisions
(1) The Personal Data Administrator shall on an ongoing basis conduct a risk analysis for the protection of personal data in order to ensure that personal data is processed by him in a secure manner. The Administrator shall endeavor to ensure first and foremost that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks they perform. The Administrator shall ensure that all operations on personal data are recorded and performed only by his authorized employees and associates.
(2) The Personal Data Controller shall take all necessary measures to ensure that also its subcontractors and other cooperating entities provide a guarantee of the application of appropriate security measures whenever they process personal data on behalf of the Personal Data Controller.
(3) In connection with its risk analysis, the Administrator shall endeavor to keep the Policy under constant review and update it as necessary to ensure the highest standards of security of Customers' personal data.
No results. Try to enter a different phrase.