Privacy policy

This Privacy Policy outlines how L’Art du Maître – Lissette Alexandra Palma Vásquez collects, stores, and uses information when you interact with our website, www.lart-du-maitre.com, or otherwise provide information to us.

Content

- Our Details

- Information Collected When You Visit Our Website

- Information Collected When You Contact Us

- Information Collected Through Your Interaction with Our Website

- Information we collect when you place an order on our website

- Information Obtained from Third Parties

- Disclosure of Information to Service Providers

- Data Retention

- Data Security

- International Data Transfers

- Your Rights

- Sensitive Personal Information

- Changes to Our Privacy Policy

- Children’s Policy

Our Details

  • Data Controller: L’Art du Maître – Lissette Alexandra Palma Vásquez, Breitenleer Strasse 256A/09, 1220, Vienna, Austria.

  • Data Protection Officer: Lissette Alexandra Palma Vasquez, reachable by post or email at office@lart-du-maitre.com.

Information Collected When You Visit Our Website

Our third-party server automatically logs data, such as your IP address, pages visited, and browser version, to ensure IT security and improve our website.

  • IT Security Purposes: Collected data is used to detect and prevent unauthorized access, cyber-attacks, or unusual activity, unless investigating potential criminal activity.

  • Analysis: Data is analyzed to improve website content and structure based on user engagement and preferences.

  • Legal Basis for Processing: Compliance with legal obligations and our legitimate interests under Article 6(1)(c) and Article 6(1)(f) of the GDPR.

Cookies: We use cookies and similar technologies for essential, functional, analytical, and targeting purposes. You may manage cookies through your browser settings, though doing so may impact website functionality.

Information Collected When You Contact Us

  1. Email: We collect your email address and any additional information provided.

  2. Contact Forms: We collect the information you provide, including your name, email address, phone number, and IP address.

  3. Phone: When you contact us by phone, we collect your phone number and details of the call but do not record conversations.

  4. Post: We collect any information you provide by post.

Legal Basis for Processing: Legitimate interests (responding to and keeping records of correspondence) and necessary steps to perform a contract under Article 6(1)(b) and Article 6(1)(f) of the GDPR.

Transfer and Storage: Messages and email communications are stored by our third-party provider, Google, whose servers are located in the United States. For additional safeguards, please see our full privacy policy on data transfers outside the European Economic Area.

Information Collected Through Your Interaction with Our Website

Account Registration: When you register an account on our website, we collect certain mandatory information, including your name, email address, postal address, and postcode, along with any additional optional details you may choose to provide, such as a phone number, date of birth, or company name.

  • Mandatory Information: Required fields in the registration form must be completed to create an account on our website; failure to do so will prevent registration.

  • Optional Information: If optional details like a phone number are not provided, we may be unable to contact you by phone for inquiries or follow-up.

Legal Basis for Processing: The collection and processing of this information are necessary to fulfill a contract or to take pre-contractual steps at your request (Article 6(1)(b) GDPR).
Purpose: This information is essential for account creation and to enable access to services or products purchased through our site.

Transfer and Storage of Information: Information provided during registration is stored on servers both within the European Economic Area (EEA) and outside the EEA, including on third-party servers in the United States. For further details on international transfers and safeguards, refer to the "Transfers of Your Information Outside the EEA" section in this policy.

Information we collect when you place an order on our website

Order Placement When placing an order, we collect and process information in line with our service requirements.

  • Mandatory Information: For order completion, we collect your name, email, billing and shipping addresses, company name (if applicable), and details of any alternate recipient if different from the purchaser.

    • Legal Basis for Processing: This information is required to fulfill the contract for your order (Article 6(1)(b) GDPR).

    • Purpose: To execute and manage the order and issue invoices if required by law.

  • Optional Information: We may also collect additional information, such as your phone number, referral source, and other notes you choose to provide.

    • Legal Basis for Processing: With your consent (Article 6(1)(a) GDPR), we process any optional information submitted.

    • Purpose: Optional information assists with personalized service and provides insights into customer preferences.

Payment Processing
For order payments, we use third-party payment processors, such as Stripe and PayPal, each operating under their own privacy policies:

Transfer and Storage of Payment Information
Our payment processors, such as PayPal and Stripe, store transaction-related information outside the EEA in the United States.
Legal Basis for Processing: Necessary to fulfill contractual obligations for your purchase (Article 6(1)(b) GDPR).

Marketing Communications

During checkout, you may choose to receive marketing communications about similar products or services, as well as other offers.

  • Products and Services Related to Your Purchase:

    • Opt-out Option: You can opt-out of receiving communications by unchecking the relevant box.

    • Legal Basis for Processing: Our legitimate interests (Article 6(1)(f) GDPR) in providing direct marketing of related goods and services.

    • Purpose: To inform you of similar offerings and related services.

  • Marketing Opt-in for Our Full Range of Products and Services:

    • Opt-in Option: You may subscribe to receive full marketing communications by selecting the opt-in box.

    • Legal Basis for Processing: With your consent (Article 6(1)(a) GDPR).

    • Purpose: To provide updates and offers for our entire range of products and services.

Transfer and Storage of Marketing Information
Marketing subscription data is stored on servers located outside the EEA, managed by our third-party hosting providers in the United States.

Use of Web Beacons in Email Marketing

We utilize web beacons (small graphic files) in marketing emails to assess engagement by measuring delivery rates, open rates, bounce rates, and click-through rates. For more on how we use web beacons, refer to our Cookies Policy.

Each aspect of this policy aligns with relevant data protection regulations to protect and manage your data responsibly.

Marketing Communications for Third-Party Goods and Services

Along with updates about our own products and services, you can choose to receive marketing communications from us regarding third-party goods and services. To opt-in, select your preferred methods of contact—email, text message, phone, or post—by ticking the relevant box.

  • Legal Basis for Processing: Consent (Article 6(1)(a) GDPR).

  • Purpose of Consent: By selecting this option, you consent to receiving information about third-party products and services as per your chosen contact methods.

Transfer and Storage of Your Information
The information provided to subscribe to our e-newsletter is stored on third-party servers located in the United States, outside the European Economic Area (EEA).

Automated Decision-Making and Profiling

We use automated decision-making and profiling technologies on our website for purposes such as analytics and improving our marketing efforts. This processing does not have any legal or significant impact on you. You have the right to opt-out by disabling cookies or using a Virtual Private Network (VPN) to avoid IP-based tracking. Please see our Cookies Policy for additional details.

  • Automated Decision-Making: Decisions made by automated systems without human involvement.

  • Profiling: Processing of personal data to analyze aspects like interests, behavior, and preferences.

Use of Profiling for Web Analytics
Our web analytics service (e.g., Google Analytics) uses profiling to collect information such as location (via IP address) and website behavior (via cookies). This processing helps us understand visitor preferences, improve our site, and market services more effectively. For more information, refer to our Cookies Policy.

  • Legal Basis for Processing: Consent (Article 6(1)(a) GDPR).

  • Logic Involved: Automatic analysis of behavior, device, and location data to improve user experience and service delivery.

Use of Profiling in Marketing Emails
Web beacons in our marketing emails allow us to analyze engagement levels, including open and click rates. This processing helps us improve content and identify user interest. Tracking occurs only if you have opted into our emails and agreed to our use of web beacons.

  • Legal Basis for Processing: Legitimate interests (Article 6(1)(f) GDPR).

  • Purpose: Evaluate engagement with marketing content.

Information Obtained from Third Parties

Third-Party Data Sharing
We may receive information about you from third parties with whom we have had no prior contact. This information generally includes your name and contact details and is typically shared to facilitate services requested by you.

  • Legal Basis for Processing: Necessary to perform a contract (Article 6(1)(b) GDPR).

  • Purpose: To provide services requested by you or on behalf of third parties.

Third-Party Data Shared with Consent
In cases where a third party shares your data based on your explicit consent, we process that data accordingly.

  • Legal Basis for Processing: Consent (Article 6(1)(a) GDPR).

  • Purpose: Processing is based on your request to share information with us.

Public Data Sources
In certain cases, we may verify or obtain additional information from public sources (e.g., Companies House, directories, or social media) to ensure accuracy in providing our services.

  • Legal Basis for Processing: Legitimate interests (Article 6(1)(f) GDPR).

  • Purpose: Protecting our legal interests or verifying data when needed.

Data Received in Error
If we receive your data from a third party in error or without a legal basis for processing, we will delete the information.

Disclosure of Information to Service Providers

To support our business functions, we may share your information with select service providers, such as:

  • Providers: Includes telecommunication providers, email services (e.g., Google), and IT service providers.

  • Purpose of Sharing: To deliver services requested by you, support website operations, and assist in fulfilling your orders.

  • Legal Basis for Processing: Legitimate interests (Article 6(1)(f) GDPR) and contract performance (Article 6(1)(b) GDPR).

  • Additional Information: Contact us for more details on specific providers if you have a legitimate reason to inquire.

Disclosure to Other Third Parties

We may also disclose information to third parties, such as Google Inc., which provides our web analytics and email services. Google collects data (e.g., IP addresses and cookies) for service improvements and analytics. For more information, refer to Google’s Privacy Policy and Analytics Terms of Service.

To opt out of Google Analytics tracking, you may install Google’s opt-out browser plugin: Opt-Out Plugin.

Transfer and Storage of Your Information
Information collected via Google Analytics is stored on servers located outside the European Economic Area (EEA) in the United States. For further details on safeguards for data transfers outside the EEA, please see the section titled Transfers of Your Information Outside the EEA in this Privacy Policy.

Sharing Your Information with Essential Third Parties
We may share your information with third parties essential to our business operations, including accountants, advisors, independent contractors, and insurers, where necessary. Below is an overview of these third-party relationships.

  • Legal Basis for Processing: Legitimate interests (Article 6(1)(f) GDPR).

  • Legitimate Interest: Effective business management.

  • Accountants
    Your information, such as invoices, is shared with our accountants for tax and financial reporting purposes.

  • Advisors
    We may share information with advisors (e.g., financial advisors, lawyers) when necessary to obtain their professional guidance.

  • Independent Contractors
    Occasionally, we engage independent contractors (based in Austria) to perform specific tasks. Information is shared only as needed for them to fulfill their role.

  • Insurers
    We may share information with insurers, particularly when dealing with claims or as part of our disclosure obligations under insurance contracts. Our insurers are located in Austria.

For security and competitive reasons, we do not publicly list the names of other third parties with whom we may share information. If you have a legitimate reason, you may contact us via email to obtain more information.

Information Sharing in Business Transactions
In the event of a business sale, acquisition, merger, or similar transaction, we may share your information with a prospective buyer or seller to facilitate the transaction.

  • Legal Basis for Processing: Legitimate interests (Article 6(1)(f) GDPR).

  • Legitimate Interest: Supporting necessary due diligence in transactions.

Disclosure and Use of Your Information for Legal Reasons

  1. Reporting Criminal Activity or Security Threats
    If we suspect criminal activity, we may contact relevant authorities (e.g., police) for matters such as fraud, cybercrime, or malicious threats.

    • Legal Basis for Processing: Legitimate interests (Article 6(1)(f) GDPR).

    • Legitimate Interest: Preventing crime or criminal activities.

  2. Enforcement of Our Legal Rights
    We may share your information to enforce our legal rights, including with debt collection agencies if amounts owed remain unpaid.

    • Legal Basis for Processing: Legitimate interests (Article 6(1)(f) GDPR).

    • Legitimate Interest: Upholding and enforcing contractual and legal rights.

  3. Dispute Resolution and Legal Proceedings
    We may use your information in connection with dispute resolution processes, including court proceedings or mediation.

    • Legal Basis for Processing: Legitimate interests (Article 6(1)(f) GDPR).

    • Legitimate Interest: Resolving disputes effectively.

  4. Compliance with Legal Requirements
    We may need to process and disclose information to comply with legal obligations, including court orders or subpoenas.

    • Legal Basis for Processing: Compliance with a legal obligation (Article 6(1)(c) GDPR) and, where applicable, legitimate interests (Article 6(1)(f) GDPR).

    • Legal Obligation: Complying with Austrian legal obligations, or international laws to which Austria is bound.

    • Legitimate Interest: For legal obligations outside the Austrian framework, our legitimate interest supports compliance.

Data Retention

We retain your information based on specific timeframes or criteria where possible:

  • Server Logs: Stored for 12 months.

  • Order Information: Retained for seven years following the financial year in which the order was placed, per tax record requirements.

  • Correspondence and Enquiries: Retained until resolved, plus 12 additional months, after which it is deleted.

  • E-Newsletter Data: Retained as long as you remain subscribed or until the service is discontinued.

Criteria for Retention
In circumstances where specific periods are not set, we retain information no longer than necessary, considering:

  • Purpose(s) of retaining information for current and future use

  • Legal obligations or requirements

  • Basis for processing, such as consent or contract

  • Information value over time

  • Industry standards for data retention

  • Associated risk, cost, and liability

  • Ability to maintain data accuracy and relevance

Data Security

We implement technical and organizational measures to protect your information from unauthorized access and accidental loss. This includes:

  • Limiting data access to necessary parties and anonymizing data where possible

  • Storing information on secure servers

  • Verifying identity for information access requests

  • Encrypting data via SSL for website forms and transactions

  • Using secure or encrypted transfer methods

Transmission Risks
Transmission over the internet carries inherent risks. Submitting information via email or online is done at your discretion, and we cannot be responsible for any resulting costs or losses.

International Data Transfers

Your information may be transferred outside the European Economic Area (EEA) in specific instances, for example, for legal obligations such as compliance with court orders. We ensure necessary protections are in place, such as:

  • Server Logs and E-Newsletter Data: Stored on U.S.-based servers by our third-party hosting provider, compliant with EU-U.S. Privacy Shield.

  • Email Data: Stored on servers in the U.S. by Google, compliant with the EU-U.S. Privacy Shield.

  • Google Analytics: Data is stored on U.S. servers by Google. While the U.S. is not recognized as providing adequacy under European Commission standards, Google is EU-U.S. Privacy Shield certified.

  • Payments: If using PayPal, payment data is stored on U.S. servers by PayPal, certified under the EU-U.S. Privacy Shield.

Your Rights

You have several rights regarding your personal data, including the right to:

  • Access your information and details on how it is processed

  • Request corrections or deletion of your information

  • Restrict or object to processing

  • Receive data in a structured, machine-readable format and transfer it to another controller

  • Withdraw consent at any time where applicable

If you wish to exercise any rights, please contact us by mail at L’Art du Maître – Lissette Alexandra Palma Vásquez, Breitenleer Strasse 256A/09, 1220, Vienna, Austria, or by email at office@lart-du-maitre.com.

Complaint Handling
In Austria, complaints may be directed to the Austrian Data Protection Authority (DSB). Additional Information on Your Rights Regarding Personal Data

The rights summarized above come with certain limitations. For comprehensive details about your rights and any applicable limitations, please visit the following pages on the Data Protection Authority (DSB) website:

You can also refer to Articles 12 to 22 and 34 of the General Data Protection Regulation for further information, available here: General Data Protection Regulation.

Identity Verification for Access Requests

When you request access to your information, we are legally obligated to verify your identity using reasonable measures. This is to safeguard your information and mitigate the risks of identity fraud, theft, or unauthorized access.

How We Verify Your Identity

If we have sufficient information about you in our records, we will use that information for verification. If we cannot identify you or if the information is inadequate, we may require original or certified copies of specific documents to verify your identity before granting access to your information. We will inform you of the exact documentation needed based on your specific request.

Your Right to Object to Processing

You have the right to object to the processing of your information, which you can exercise by contacting us at:

L’Art du Maître
Lissette Alexandra Palma Vásquez
Breitenleer Strasse 256A/09
1220, Vienna, Austria
Email: office@lart-du-maitre.com

Specific Rights to Object

  • You can object to our use or processing of your information if it is for tasks carried out in the public interest or based on our legitimate interests, including profiling (i.e., analyzing or predicting your behavior).

  • You can also object to our use of your information for direct marketing purposes, which includes related profiling.

To opt out of direct marketing:

  • Click the unsubscribe link at the bottom of any marketing email and follow the instructions.

  • Send an email to office@lart-du-maitre.com with the word “UNSUBSCRIBE” in the subject line.

For further details on how to manage information collected from cookies and similar technologies, please refer to our Cookies Policy.

Sensitive Personal Information

Definition of Sensitive Information
Sensitive personal information refers to data that reveals an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health information, or details about an individual’s sex life or sexual orientation.

Our Policy on Sensitive Information
We do not intentionally collect sensitive personal information. You should not submit such information to us. If you do, either knowingly or unknowingly, it will be considered as explicit consent for us to process this sensitive information under Article 9(2)(a) of the General Data Protection Regulation. In this case, we will process your sensitive personal information solely for the purpose of deleting it.

Changes to Our Privacy Policy

We may update our Privacy Policy from time to time.

Minor Changes
For minor updates, our processing practices will follow the new Privacy Policy from its effective date onward.

Major Changes
For significant changes to our Privacy Policy or if we plan to use your information for a new or different purpose than originally intended, we will notify you via email (if possible) or by posting a notice on our website. We will provide details about the changes, their purposes, and any other relevant information before using your information for those new purposes. Where required, we will seek your consent before using your information in a way that differs from its original purpose.

Children’s Policy

We prioritize the safety and privacy of children online and comply with the Children’s Online Privacy Protection Act of 1998 (COPPA). This law and its regulations safeguard the privacy of minors using the internet. We do not intentionally contact or collect information from individuals under the age of 18. Our website is not designed to solicit any information from persons under 18.

In the event that we inadvertently receive information about individuals under 18 due to fraud or deception by a third party, we will take immediate action. Once we verify the information, we will seek appropriate parental consent if required by law. If we cannot obtain such consent, we will delete the information from our servers. If you believe we have received information about a minor, please notify us by emailing office@lart-du-maitre.com.