1.1. For the purposes of this Policy, the terms set out below have the following meaning:
1.1.1. “Personal Data Controller” means ATANA DESIGNS LTD., the owner of the www.houseofatana.com domain (hereinafter referred to as the “Website”). The owner of the Website determines the purpose of the processing of personal data of the Website users (hereinafter referred to as User and/or Users) on any of the grounds provided for by law, as well as the means for this processing.
1.1.2. “Personal Data” means any information relating to an identified or an identifiable individual (natural person). An identifiable individual is one who can be identified, directly or indirectly, by reference such as name, identification number, address, online identifier or one or more features specific to the physical, physiological, genetic, mental, economic, cultural or social identity of named individual.
1.1.3. “Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.1.4. “Processor" means a third party which processes personal data of a Personal Data Subject on behalf of the Personal Data Controller, where the Personal Data Controller has strictly determined the purpose of the processing and the means for data processing and has verified that the party complies with GDPR requirements.
1.1.5. “GDPR” means Regulation (EU) 2016/679 of the European parliament and of the Council of 27 April 2016 which introduces and strengthens the protection of natural persons with regard to the processing of personal data and free movement of such data.
1.1.6. “Subject" means the individual, whose personal data are processed.
1.1.7. "Cookies" mean small text files stored in the directories of the browser that the Users utilize, which support the efficient use of the Website by the Users. Deleting or blocking of the cookies might result in limiting the access to the Website or some of its functionalities.
- RIGHTS OF PERSONAL DATA SUBJECTS.
2.1. The Data Subject and Website User has the below rights which they can exercise with regard to the processing of their personal data. The Controller is obliged to reply without undue delay and in all cases within one month of receipt of the request. This timeline can be extended further by two months should the complexity and number of requests by the Website User require it:
2.1.1. Right to information;
2.1.2. Right to access all personal data under processing;
2.1.3. Right to rectification;
2.1.4. Right of the Data Subject to be “forgotten”;
2.1.5. Right to restriction of processing;
2.1.6. Right to object;
2.1.7. Right to file a complaint with the competent authority for personal data protection.
2.1.8. Right to data portability, where the Data Subject has the right to receive the personal data concerning them, which they have provided to a Controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the Controller to which the personal data have been provided.
- PURPOSES OF PERSONAL DATA PROCESSING.
3.1. The personal data of the Website Users will be processed by the Controller in compliance with the applicable data protection legislation.
3.2. The Controller collects personal data via the Website in the following ways:
3.2.1. Creation of a User Account by the Website User;
3.2.2. Placing a Product Delivery Order to the Controller in their capacity as Seller via the Website.
3.2.3. Contact form;
3.2.4. Subscription for an electronic newsletter;
3.2.5. Cookies and/or other similar means.
3.3. The Website collects the following categories of personal data which are processed for the following purposes:
3.3.1. Names of the Website User. These are required for: as a form of address; to connect with the Website User; to reply to a query addressed to the Controller by the Website User; in relation to an offer and/or an order, the provision and delivery of the Products of the Controller; to create the User Account of the User;
3.3.2. Email address of the Website User. This is required: to establish contact with the Website User; to send a reply to a query addressed to the Controller by the Website User; in relation to an offer and/or an order, the provision and delivery of the Products of the Controller; to create the User Account of the User;
3.3.3. Telephone number of the Website User. This is required: to establish contact with the Website User; to send a reply to a query addressed to the Controller by the Website User; in relation to an offer and/or an order, the provision and delivery of the Products of the Controller;
3.3.4. Delivery address of the Website User. This is required: in relation to an offer and/or an order, the provision and delivery of the Products of the Controller; to create the User Account of the Website User;
3.3.5. Bank card details of the Website User. These are required for the provision and delivery of the Products of the Controller;
3.3.6. Data related to the behaviour of the Website User. These are required: in relation to the offering of services by the Controller; to acquire knowledge of the interests and behaviour of the Website User in order to improve and tailor the services of the Controller.
3.4. The Website User is to provide accurate, correct and up-to-date information to the Controller.
3.5. The Website is hosted on Shopify Inc. They provide www.houseofatana.com with the online e-commerce platform that allows the sale of products and services to the Users. The Personal Data is stored through Shopify’s data storage, databases and the general Shopify application on a secure server behind a firewall. For further details, please refer to Shopify’s Terms of Service and/or Privacy Statement.
- GROUNDS FOR PERSONAL DATA PROCESSING.
4.1. The Controller processes personal data on the grounds set forth in Article 6 of the GDPR.
4.2. The Controller processes the personal data of the Website User on grounds of their consent given for the purposes of rendering the service that the latter has requested through the functionalities of www.houseofatana.com.
4.3. If the consent of the User has not been requested and given for the purposes of a specific processing, or if this processing is not directly linked to the rendering of the service that they have requested, it is stipulated that the Controller is processing the data on the grounds of their legitimate interest, or the legitimate interest of a third party, which they have assessed as unlikely to affect the Website User’s personal data privacy. Such assessment will always be documented by the Controller and will be based on pre-specified criteria and solid reasoning. The Website User is entitled to get acquainted with these key elements upon request, as well as to object to them, in relation to the specificities of their personal situation and circumstance. In such cases, the Controller needs to review the objection of the Website User and reply with a reasoned opinion on their acceptance or rejection of the objection within 10 business days. By objecting to the processing, the Website User is entitled to also exercise their right to object as specified hereinabove. The objection can be sent via email on: firstname.lastname@example.org
4.4. Apart from the cases set forth in points 4.2 and 4.3 hereinabove, the Controller processes personal data of the Website User on the grounds of a contract. These would be the cases of acceptance and processing of a Product Delivery Order made by the Website User via the Website.
- MEANS FOR PERSONAL DATA PROTECTION.
5.1. The Controller takes all technical and organizational measures for the protection of the Website User’s personal data from any illegal actions, including, but not limited to: restricting access to the personal data, suitable training of the persons in charge of the personal data processing, guidelines and instructions for personal data protection by the competent supervisory authorities. All such measures are reviewed and updated by the Controller regularly.
- TIMELINE FOR STORAGE AND DESTRUCTION OF THE PERSONAL DATA.
6.1. The personal data are stored for a period of time required to achieve the purposes, for which they have been collected. The Controller takes all necessary technical and organizational measures for the destruction of the data that are no longer necessary, except for cases, where there are legal grounds for their processing for a longer period of time; if the Website User submits a request to restrict this processing in accordance with their rights detailed hereinabove; or for a purpose that is related to the original purpose of the processing, which needs to be communicated to the Website User in due time.
- PROVIDING OF PERSONAL DATA TO THIRD PARTIES.
7.1. The Controller will not disclose personal data to Third Parties, apart from the cases when this is required to protect the vital interests of the Website User/another individual, or to comply with a legal obligation of the Personal Data Controller.
7.2. The Controller will not provide any personal data collected via www.houseofatana.com to third countries or international organizations outside of the European Union.
7.3. The Website User has been informed and agrees that the business model of the Controller requires using subcontractors for the execution of deliveries of the products ordered by the Website User through the Website. Therefore, the Controller has the right to include subcontractors in personal data processing activities, subject to this contract, and so named subcontractors also constitute Personal Data Processors.
- LIMITATION OF LIABILITY.
8.1. This Policy is valid for www.houseofatana.com only, and not for individual pages or websites of third parties, which the Website User can access via a link, a shortcut or another analogical means from the Website. In such cases, data processing by third parties is beyond the control of the Controller and the Controller cannot guarantee the protection of the Website User’s personal data and privacy.
- AMENDMENTS AND SUPPLEMENTS TO THE POLICY.