1. Introduction
This document has come to existence in accordance with and with the purpose of the implementation of the European Union Regulation 2016/679 (“the Regulation”, “GDPR”) norms on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
This policy has the purpose to inform you on the processing of your personal data which is being done by Luxury Design Dosei., in conformity with the legal provisions.
2. Clearness of terms
-
- ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’), such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
- ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
- ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
- ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3. Controller’s name and contact details
This policy applies to data processed by the controller Luxury Design Dosei, contact details, data protection responsible person contact details.
4. Data retrieved from accessing our website
We process personal data of our users only insofar as this is necessary to provide a functioning website for our content and services. The processing of personal data of our users takes place only with the consent of the user, in compliance with art.6 (1)(a) GDPR .
An exception applies to the cases in which prior consent cannot be obtained for reasons of fact and the data processing is permitted by law. Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 (1) (c) GDPR as legal basis applies.
4.1. Log files and Cookies
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. Also, we are using technologies such as cookies in order to make the visit to our website enable the use of certain functions and to statistically record the use within our website. Cookies are small text files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not harm your device, do not contain viruses or other malicious software. In each cookie information is stored, each resulting in connection with the specific terminal used.
In conformity with Art. 6(1)(a) GDPR, your consent is required at the initial phase of entering the website.
The following data is collected here:
- Information about the browser type and version used
- The operating system of the user
- The Internet service provider of the user
- The IP address of the user
- Date and time of access
- Websites from which the system of the user comes to our website
- Websites that are accessed by the user’s system through our website
We cannot identify your identity based on this identification only.
4.2 Purpose of data processing
The legal basis for the processing the above temporary data storage in our legitimate interest is Article 6 (1) (f) GDPR and is materialized in:
- Ensuring a smooth connection setup,
- Ensuring comfortable use of our website,
- Evaluation of system security and stability.
Profiling or any other such measures are out of our scope.
4.3 Geo-localization
If you have consented to the so-called geolocation in your browser or in the operating system or other settings of your respective device, we use this function to offer you individualized services in relation to your current location. We process your processed location data exclusively for this function. If you stop using it, the data will be deleted.
4.4 Duration of data storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of storing data enounced in point 4.1, than the data will be kept no more than 14 days.
5. Data security
We process your personal data in accordance with our Company code of conduct with regard to the protection of data. For this purpose, we have instituted strict security measures in order assure the physical and technological data protection.
According to Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
- the pseudonymisation and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing an d evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
This personal data can be accessed by the entitled personnel and processors only, under their contractual obligations and have provided enough evidence regarding their security standard. Our personnel which can access this data have been trained and the internal processes are conforming to the security norms, in accordance with the Code of conduct. Nonetheless, we will transmit your personal data to the authorities, under a legal requirement. Shall a high risk security violation to your data happen, we will urgently inform you and we shall take all measures possible to minimize its effect on your rights and liberties.
6. Where are we storing your data?
Personal data that we are collecting from you will be stored in the European Economic Area (EEA). Any transfer of such data will be performed in strict conformity with the legal demands.
7. The person’s rights over their data
In relationship to their data, each person can request the entity which has collected it to take certain measures, in principle without any cost, according to their rights:
- The right to be informed (Art. 13 GDPR)
Data subjects must be made available any pieces of information about the data processing activities carried out for their data in a concise, transparent, intelligible and easily accessible manner. - The right of access (Art. 15 GDPR)
Data subjects have the right to receive confirmation that their data is being processed and to have access to their personal data. - The right to rectification (Art. 16 GDPR)
Data subjects can request that their personal data is modified, if it is inaccurate or incomplete, within one month of receipt. - The right to be forgotten (Art. 17 GDPR)
Data subjects have the right for their data to be erased where if not needed anymore or if there is no consent of the person. - The right to restrict processing (Art. 18 GDPR)
Data subjects have the right to restrict the processing of personal data where they have contested its accuracy or have observed any unconformity. - The right to data portability (Art. 20 GDPR)
The right to data portability allows data subjects to move, copy or transfer personal data easily from one IT environment of one controller to another. - The right to object (Art. 21 GDPR)
Data subjects have the right to object to stand against processing based on legitimate interests. - Rights relating to automated decision making and profiling (Art. 22 GDPR)
Data subjects have the right not to be subject to a decision when it is based on automated processing.