Privacy Policy - Artroom

ART ROOM, a business for artistic services and trading, located at Našička 11, 10000 Zagreb, OIB: 05892001097 (hereinafter referred to as “ART ROOM”), respects privacy and protects the personal data of its users, business partners, or other individuals with whom it engages in business collaboration, whose personal data it collects and processes in its daily operations.

Data protection and privacy rules are fundamental documents that describe the purpose and objectives of collecting, processing, and managing personal data, as well as ensuring an adequate level of data protection (hereinafter referred to as “Rules”). In order to ensure fair and transparent processing, ART ROOM provides clear information about the processing and protection of personal data it collects and processes, enabling easy control and management of personal data and consents.

The Rules are established in accordance with applicable regulations, Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR and the Law on the Implementation of the General Data Protection Regulation (NN 42/18).

ART ROOM has appointed a data protection officer whom you can contact at the email address rominaperemin@gmail.com or by mail to the address ART ROOM, Našička 11, 10000 Zagreb.

DATA WE COLLECT

1.1. During visits to our website

You can visit our website without providing information about yourself. In this case, we will collect technical access data that your browser automatically transmits to our server when you visit our website. Access data includes the following information:

Time and date of access.
Website address you accessed and are accessing.
Request content (addresses and names of requested files).
Information about the browser and operating system used (versions, language settings).
Online identification data (e.g., IP address, device identification, session IDs).
Error messages, where applicable (if requested content cannot be displayed).
Last visited page from which you were redirected to our site via a link.

During your visit to our website, your access data will be automatically stored in log files (logs) on our server and subsequently anonymized by shortening or deleting your IP address. After this process, it will no longer be possible to draw conclusions about your person based on the server log files.

1.2. Cookie Policy

Our website uses cookies to improve your user experience. A cookie is a standardized text file that your web browser stores on your computer for a time determined by the cookie provider. Cookies allow the local storage of information, such as language settings and temporary identification features that can be called during subsequent visits to the website to restore the appropriate settings chosen by the user during the previous visit. This information can only be saved if you, as the user, enable it. Websites cannot access information without your permission and cannot access other files on your computer.

1.3. When you contact us

We will collect communication data that you provide when you contact us through the contact form on our website, via email, phone, or other means. Depending on the channel you use, this may include contact information (such as email address or phone number) and the content of your message. Telephone conversations with the ART ROOM customer service are not recorded, nor are any other conversations directed to ART ROOM telephone numbers.

If you check the box to receive newsletters, you will receive an automatic double opt-in email from the Mailchimp service for confirmation and the storage of that data in our contact database.

We also use offers provided by social media platforms such as Facebook and Instagram to interact with our clients. Please note that ART ROOM has no influence over the terms of service or data processing policies of social media platforms. Therefore, make sure to check the personal information you provide us through social media.

1.4. When you subscribe to the newsletter

If you have subscribed to the ART ROOM newsletter, we will store your data (email address) that you provided for sending newsletters.

You can unsubscribe from our newsletter at any time. To unsubscribe, use the unsubscribe link at the bottom of each newsletter.

USE OF COLLECTED DATA

2.1. Website visits

During the visit and browsing of the website, we will process access data, server log files, and cookies collected in this context to provide you with access to our website, its content, and the functionalities you use. This is done to ensure the stability and security of our IT system and databases.

The legal basis for the processing of data during website visits is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6, paragraph 1, subparagraph f – processing necessary for the purposes of legitimate interests – technical availability of the website.

2.2. Customer Support and Communication within Existing Customer Relationships

We process your data to provide customer support for the use of our website. This may include processing your requests directed to our customer service and non-commercial service communications (e.g., security information and technical support).

2.5. Internal Marketing Research, Optimization, and Improvement of Offerings

Before use, the data will be made anonymous by removing all personal data, such as replacing your name and other identifying data with random data. This way, we can measure which devices our users generally use and from which regions they access our website. The collected data help us continuously optimize the existing offering and develop new functionalities and services.

The legal basis for the processing of this type of data is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6, paragraph 1, subparagraph f – processing necessary for the purposes of legitimate interests – improvement of website functionality and quality of the offering.

WEB ANALYSIS

3.1. Google Analytics

Our website uses the “Google Analytics” web analysis function provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies that are valid for 14 months to collect your access data when you visit our website. Google combines access data for this purpose into pseudonymous user profiles and transmits them to Google servers located in the USA after first anonymizing your IP address.

Therefore, we cannot determine which user profiles are associated with specific users. This means that we cannot ascertain or determine how you use our website based on the data collected by Google. Additionally, Google uses privacy protection mechanisms for the EU-US Privacy Shield (LINK: https://www.privacyshield.gov/) in cases where personal data is transferred to the USA under exceptional circumstances. Thus, Google guarantees European data privacy principles during data processing in the USA.

Google will use the data collected by cookies on our behalf to analyze the use of our website and create reports on website activity and usage. For more information, please refer to the Google Analytics Privacy Policy (LINK: https://support.google.com/analytics/answer/6004245?hl=en).

You can opt out of Google web analysis at any time using one of the following options:

You can configure your browser to block Google Analytics cookies.
You can adjust your Google ad settings.
You can install the Google Analytics Opt-Out Browser Add-On (LINK: https://tools.google.com/dlpage/gaoptout/).

3.2. Facebook

For marketing purposes, our website uses conversion tracking and retargeting (Facebook pixels) from the social network Facebook, a service of Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook”). We use Facebook pixels to analyze the general usage of our website and the effectiveness of Facebook ads (conversions). We also use Facebook pixels to show you customized ads based on your interest in our products (retargeting). To achieve this, Facebook processes data collected on our website through cookies and similar technologies.

Facebook may transmit the data collected in this context for analysis to servers located in the USA, where the data is stored. Facebook uses privacy protection mechanisms for the EU-US Privacy Shield (LINK: https://www.privacyshield.gov/) when personal data is transferred to the USA.

If you are registered on Facebook and have configured your Facebook account’s privacy settings, Facebook may further link the data collected about your visit to our website to your Facebook account and use it to display targeted Facebook ads. You can review and change your Facebook profile’s privacy settings at any time.

If you opt out of data processing through Facebook, Facebook will only show you general Facebook ads that are not selected based on data collected about you. For more detailed information about the processing carried out by Facebook, please refer to the Facebook Privacy Policy (LINK: https://www.facebook.com/about/privacy/).

3.3. Google AdWords and AdWords Remarketing

Our website uses Google services “AdWords Conversion Tracking” and “AdWords Remarketing.” User actions defined by Rehappy (such as clicks on ads, page views, file downloads) are recorded and analyzed using “AdWords Conversion Tracking.” We use “AdWords Remarketing” to present customized ads for our products on Google partner websites. Both of these services use cookies and similar technologies for this purpose. Google may transmit the data collected in this context for analysis to servers located in the USA, where the data is then stored. Google uses privacy protection mechanisms for the EU-US Privacy Shield (LINK: https://www.privacyshield.gov/) when personal data is transferred to the USA and ensures European data privacy principles during data processing in the USA.

If you have a Google account, depending on your Google account’s settings, Google may associate your web and app browsing history with your Google account and use data from your Google account to customize ads. If you do not want this connection to your Google account, you must log out of your Google account before accessing our website.

At any time, you can opt out of the processing of personal data for personalized online ads on the Google advertising network using one of the following options:

Adjust your Google ad personalization settings (LINK: https://www.support.google.com/ads/answer/7029158).
Install the free Google browser add-on for opt-out (LINK: http://www.google.com/settings/ads/plugin) for Firefox, Internet Explorer, or Chrome (not functional for mobile device browsers).
Opt out of personalized Google ads and ads provided by numerous other service providers participating in the “Your Online Choices” initiative at http://www.youronlinechoices.eu.

It should be noted that if you opt out of personalized advertising, Google will only display general ads that are not selected based on your collected access data.

CASES IN WHICH WE WILL SHARE PERSONAL DATA

In principle, we will only share your data if:

You have explicitly consented in accordance with Article 6, paragraph 1, subparagraph a, Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR.
Sharing is necessary according to Article 6, paragraph 1, subparagraph f, to establish, exercise, or defend legal claims, and there is no reason to assume that you have an overriding legitimate interest in not sharing your data.
Sharing is necessary to comply with a legal obligation in accordance with Article 6, paragraph 1, subparagraph c or e, General Data Protection Regulation GDPR, especially if we are required to provide information to a public authority.
Sharing is permitted by law and necessary according to Article 6, paragraph 1, subparagraph b, General Data Protection Regulation, GDPR for the performance of a contract with you or for taking steps at your request before entering into a contract.

Some of the data processing described here may be carried out by external service providers acting on our behalf. Service providers mentioned in this document may include data centers that store and maintain our website and databases, IT service providers who maintain our business systems, and consulting firms.

If and to the extent that we share data with our service providers, such data may only be used for the purpose of performing their services. The processing of your data by contractual service providers will take place as part of the processing and execution of your order in accordance with Article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR. Contractual service providers are carefully selected business partners. They are contractually bound to our instructions, implement appropriate technical and organizational measures to protect the rights of data subjects, and are subject to regular supervision carried out by us.

HOW LONG WILL YOUR DATA BE STORED?

Unless otherwise stated here, your data will only be stored for as long as is necessary to fulfill our contractual or legal obligations or the purposes for which the data was originally collected, or as long as we have a legitimate interest in storing such data. In all other cases, your personal data will be deleted, except for data that must be retained in accordance with legal retention periods. However, in such cases, we will limit data processing, i.e., your data will only be used in accordance with legal obligations. Usually, your orders and payment data, and other applicable data, are subject to legal retention obligations, so we are obliged to retain such data for up to ten years. Even if data is not subject to legal retention obligations, we may refrain from deleting your data in cases permitted by law and instead restrict their processing. This may apply particularly in those cases where such data may be requested for further contract processing or for asserting rights or legal defense. The duration of the restriction of processing will depend on legal limitation periods.

YOUR RIGHT TO DATA PROTECTION

You can contact our Data Protection Officer at any time to exercise your legal rights to data protection described below (contacts provided in the introduction above). You always have the right to obtain information about our processing of your personal data. When providing such information, we will explain the data processing process and provide you with an overview of your personal data that we store. If any of the data we have stored is inaccurate or no longer up to date, you have the right to request a correction of the data. You can also request the deletion of data. If deletion is not possible in exceptional cases due to other legal provisions, the data will be blocked so that it is only available for the specified legal purpose. You can also restrict data processing, e.g., if you believe that the data we store is incorrect. You have the right to data portability, i.e., upon your request, we will provide you with a digital copy of personal data you have provided to us. You also have the right to file a complaint with the data protection authority. The competent data protection authority is the Croatian Personal Data Protection Agency, Martićeva 14, 10000 Zagreb, email: azop@azop.hr.

RIGHT TO WITHDRAW CONSENT AND RIGHT TO OBJECT

If you wish to exercise your right to withdraw consent or object as described below, send a notice to the Data Protection Officer at the contact information provided in the introductory section.

7.1. Withdrawal of Consent

Article 7, paragraph 3, General Data Protection Regulation GDPR (EU) 2016/679 gives you the right to withdraw any consent you have previously given. This means that in the future, we will no longer continue data processing based on your consent. The withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.

7.2. Objection to Data Processing

If we process your data based on legitimate interests according to Article 6, paragraph 1, subparagraph f, General Data Protection Regulation GDPR (EU) 2016/679, you have the right under Article 21 to object to the processing of your data if there are reasons arising from the specifics of your situation or if the objection is directed against direct advertising.

DATA SECURITY

We use all appropriate technical measures to ensure data security, especially to protect your data from risks during data transmission and from unauthorized access by third parties. These measures will be adjusted from time to time in line with the latest developments. To secure the personal data you enter on our website, we use secure transport protocol (SSL) that encrypts your data during transmission.

CHANGES TO DATA PROTECTION AND PRIVACY POLICY (GDPR)

We will update the data protection and privacy policy periodically, when adapting to new versions of the website or changes in legal regulations. Material changes will be documented in this document, and if necessary, we will ensure the consent of our users.

Last modified: August 8, 2023.