PRIVACY POLICY

GENERAL INFORMATION

Data Controller

 

The accreditation system you are accessing (hereinafter referred to as the "System") is managed by Artefice di Angela Di Modica, VAT number IT01377780885, with its registered office at Via delle Madonie, 25, 97100, Ragusa – Italy, acting as the Data Controller.

As the Data Controller, Artefice Atelier determines the purposes and means of processing personal data collected within the Site.

​

For any privacy-related requests, you may contact the Data Controller at the following email address: info@arteficeatelier.com

​

​

Types of Data Collected

 

Among the Personal Data collected by this Website, either independently or through third parties, are: name, surname, telephone number, address, email, city, geographical location, Cookies, and Usage Data.

 

Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or by specific explanatory texts displayed prior to data collection.

 

Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this Website.

 

Unless otherwise specified, all Data requested by this Website is mandatory. If the User refuses to provide it, this Website may be unable to provide the Service. In cases where this Website specifically indicates some Data as optional, Users are free to refrain from communicating such Data without any consequences on the availability or functioning of the Service.

 

Users who have doubts about which Data are mandatory are encouraged to contact the Data Controller.

 

The use of Cookies - or other tracking tools - by this Website or third-party service providers used by this Website, unless otherwise specified, is intended to provide the Service requested by the User, as well as for other purposes described in this document and in the Cookie Policy, if available.

 

The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through this Website and guarantees that they have the right to communicate or disclose them, releasing the Data Controller from any liability to third parties.

​

​

Methods and Place of Processing the Collected Data

​

Processing Methods

​

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.

 

Processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Data Controller. The updated list of these parties may be requested from the Data Controller at any time.

​

​

Legal Basis of Processing

​

Artefice Atelier adopts appropriate technical and organisational measures to ensure the security of personal data, including but not limited to:

· Controlled and restricted access to data through unique credentials
· Use of encryption protocols for data transmission (e.g. HTTPS)
· Regular backups of data on secure systems
· Procedures for managing personal data breaches (data breach response protocols)

 

These measures are designed to safeguard confidentiality, integrity, availability, and resilience of data processing systems, in compliance with GDPR Article 32 and prevailing best practices. Regular reviews and updates of these security measures are conducted to address evolving risks and ensure continued effectiveness.

​

It is always possible to request the Data Controller to clarify the concrete legal basis of each processing and, in particular, to specify whether the processing is based on the law, provided for by a contract, or necessary to conclude a contract.

​

​

Place

​

The Data is processed at the Data Controller's operating offices and in any other places where the parties involved in the processing are located. For further information, please contact the Data Controller.

 

Personal Data of the User may be transferred to a country other than the one in which the User is located. To obtain further information about the place of processing, the User can refer to the section concerning the details about the processing of Personal Data.

 

The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization governed by public international law or set up by two or more countries, such as the UN, as well as regarding the security measures taken by the Data Controller to safeguard the Data.

 

If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Data Controller using the information provided in the contact section.

 

​

Retention Period

​

Data is processed and stored for as long as required for the purposes for which it was collected.

 

Personal data are retained no longer than necessary to achieve the purposes for which they were collected, and in any case as follows:

· Contact and inquiry data submitted via forms: retained for up to 24 months from the last interaction, unless otherwise required by law.
· Newsletter and mailing list subscription data: retained until consent is withdrawn or for a maximum of 24 months from the last interaction.
· Data related to the execution of a contract: retained for the duration of the contract and subsequently for the statutory limitation period applicable by law (e.g., 10 years for tax and accounting obligations).
· System logs and browsing data: retained for a maximum of 30 days, except where longer retention is necessary for resolving security or legal issues.

​

​Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after expiration of the retention period.

 

 

Purpose of Processing the Collected Data

​

User Data is collected to allow the Data Controller to provide its Services, as well as for the following purposes: Contacting the User, Managing contacts and sending messages, Location-based interactions, Managing payments, and Statistics.

​

For detailed information on the purposes of processing and the Personal Data relevant to each purpose, the User can refer to the relevant sections of this document.

 

 

Details on the Processing of Personal Data

​

Personal Data is collected for the following purposes and using the following services:

​

Contacting the User

​

Contact Form (this Website)

By filling in the contact form with their Data, the User consents to their use to respond to requests for information, quotes, or any other kind of request as indicated by the form's header.

​

Personal Data collected: city, last name, email address, address, first name, and phone number.

​

​

International Transfers of Personal Data

​

The User's personal data may be transferred to countries outside the European Economic Area (EEA) only when appropriate safeguards are in place to protect their rights, in accordance with Article 46 of the GDPR. Such safeguards include the use of Standard Contractual Clauses approved by the European Commission or other recognised security measures.

Following the invalidation of the Privacy Shield by the Court of Justice of the European Union, Artefice Atelier is committed to implementing all necessary measures to protect personal data during these transfers, including periodic reviews and data protection impact assessments where required.

​

​

Mailing List or Newsletter (this Website)

By registering for the mailing list or newsletter, the User's email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning this Website. Your email address might also be added to this list as a result of signing up to this Website or after making a purchase.

Personal Data collected: city, email address, and name.

​

 

Payment Management

​

Payment processing services enable this Website to process payments by credit card, bank transfer, or other means. To ensure greater security, this Website shares only the information necessary to execute the transaction with the financial intermediaries handling the transaction.

​

Some of these services may also allow the sending of timed messages to the User, such as emails containing invoices or notifications concerning the payment.

​

PayPal (Paypal)​

​

PayPal is a payment service provided by PayPal Inc., which allows Users to make online payments.

Personal Data collected: various types of Data as specified in the privacy policy of the service.

Place of processing: Consult the PayPal privacy policy – Privacy Policy.

​

​

Statistics​

​

The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.

​

​

​

Google Analytics with IP Anonymization (Google Inc.)

​

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities, and share them with other Google services.

Google may use the Data collected to contextualize and personalize the ads of its own advertising network.

This integration of Google Analytics makes your IP address anonymous. Anonymization works by shortening the IP address of the Users within the borders of the member states of the European Union or in other countries party to the agreement on the European Economic Area. Only in exceptional cases, the IP address will be sent to Google's servers and shortened within the United States.

​

Personal Data collected: Cookies and Usage Data

​

Place of processing: United States – Privacy Policy – Opt Out. Subject to Privacy Shield.

​

​​

​

Managing Contacts and Sending Mail

​

This type of service enables the Data Controller to manage a database of email contacts, phone contacts, or any other contact information to communicate with the User. These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.

 

Wix ShoutOut Email Marketing Services (Wix.com LTD)

Wix Shoutout is an email messaging service for marketing purposes provided by Wix.com LTD.

​

Personal Data collected: email address and name

Place of processing: United States – Privacy Policy. Subject to Privacy Shield.

​

​

Sale of Goods and Services Online

​

The Personal Data collected is used to provide the User with services or to sell goods, including payment and possible delivery. Personal Data collected to complete the payment may include the credit card, the bank account used for the transfer, or any other means of payment provided. The kind of Data collected by this Website depends on the payment system used.

​

​

User Rights

​​​

Users may exercise certain rights regarding their Data processed by the Data Controller.

​

In particular, Users have the right to:

​

• Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.

​

• Object to the processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.

​

• Access their Data. Users have the right to learn if Data is being processed by the Data Controller, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the Data undergoing processing.

​

• Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.

​

• Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Data Controller will not process their Data for any purpose other than storing it.

​

• Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Data Controller.

​

• Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used, and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User's consent, on a contract which the User is part of, or on pre-contractual obligations thereof.

​

• Lodge a complaint. Users have the right to bring a claim before their competent data protection authority or in court.

​​

 

Details about the right to object to processing​

​

Where Personal Data is processed for the public interest, in the exercise of an official authority vested in the Data Controller, or for the purposes of the legitimate interests pursued by the Data Controller, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

 

Users are reminded that, if their Personal Data is processed for direct marketing purposes, they can object to that processing without providing any justification. To learn, whether the Data Controller is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.

​

​

How to exercise these rights​

​

The User may exercise their rights by submitting a written request to the Data Controller via:

· Email: info@arteficeatelier.com
· Postal address: Via delle Madonie, 25, 97100 Ragusa (RG), Italy

​

Requests will be processed within one month of receipt, with a possible extension to two months in complex cases, subject to prior notice to the data subject.

​

​

Right to lodge a complaint with the Supervisory Authority

​

The User has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) at https://www.garanteprivacy.it/ if they believe that the processing of their personal data violates current legislation.

​

Complaints can be submitted via:

​

• Certified email (PEC) to: protocollo@pec.gpdp.it

• Registered letter to: Garante per la protezione dei dati personali, Piazza Venezia, 11, 00187 Rome, Italy

• Hand delivery to the Authority’s office at the same address

​

Further information and support are available on the Authority’s website.

​

​

​

Cookie Policy

​

This Website uses Cookies. To learn more and for a detailed view, the User can consult the Cookie Policy.

​

​

​

Additional Information about Data Processing

​

Legal Defense

​

The User's Personal Data may be used for legal purposes by the Data Controller, in Court, or in the stages leading to possible legal action arising from improper use of this Website or the related Services.

 

The User declares to be aware that the Data Controller may be required to reveal Personal Data upon request of public authorities.

 

​

Specific Information

​

Upon User's request, in addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data.

 

​

System Logs, Specific Purposes and Maintenance

​

System logs record information such as IP addresses, access times, and activities performed on the website solely for security purposes, fraud prevention, or troubleshooting. These data are processed based on the legitimate interests of the Data Controller pursuant to Article 6(1)(f) of the GDPR and are retained for up to 30 days, unless longer retention is required for legal or security reasons.

​

For operation and maintenance purposes, this Website and any third-party services may collect files that record interaction with this Website (System logs) use other Personal Data (such as the IP Address) for this purpose.

​

 

Consent Management for Cookies and Marketing

The website employs a consent management system for the use of non-essential cookies, allowing users to accept or refuse them granularly. Collected consent can be revoked at any time via a dedicated link or the cookie section accessible on the site’s pages.

The sending of newsletters or marketing communications occurs only with the user’s explicit consent obtained through a double opt-in process.

​

​

Additional Information on Third-Party Services

For payment services (e.g., PayPal), Google Analytics, and Wix ShoutOut, personal data are processed according to the updated privacy policies of these third-party providers, to which users are referred for further details. Artefice Atelier ensures the selection of providers that offer adequate GDPR safeguards and reserves the right to periodically update privacy disclosures in case of contractual or regulatory changes.

​

Information not contained in this policy

​

More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time.