Privacy policy

This Privacy Policy is a document related to the Terms and Conditions available here https://desaigne.com/policies/terms-of-service (“Terms and Conditions”). Definitions of the terms used in the Privacy Policy were included in the Terms and Conditions. The provisions of the Terms and Conditions are applied accordingly.

The Policy is for information purposes and serves to satisfy the information obligations imposed on the data controller under the GDPR, i.e. Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

  1. PERSONAL DATA CONTROLLER
    1. The controller of the personal data of you and other persons visiting the Platform is Desaigne Creative Services, registered at ul. Borkowska 5A/4, 30-438 Kraków, Poland, NIP: 8733194748, REGON: 540146620 (“Service Provider,” “we,” “us,” “our”).
    2. Contact details of the data controller: rodo@desaigne.com
  2. DATA PROCESSING METHOD
    1. The scope, purposes, and legal grounds for the processing of your personal data are presented in the table below.
      2. Purpose Scope of data Legal ground Processing period
      providing access to the Platform IP address Article 6(1)(b) of the GDPR – processing is necessary for the performance of the Agreement or undertaking actions upon request of the data subject prior to concluding the Agreement until lapse of the period of limitation applicable to claims connected with access to the Platform and the User’s actions within the Platform, counted from the time of the User’s last visit on the Platform
      setting up an Account on the Platform first and last name, e-mail Article 6(1)(b) of the GDPR – processing is necessary for the performance of the Agreement or undertaking actions upon request of the data subject prior to concluding the Agreement until lapse of the period of limitation applicable to claims connected with access to the Platform and the User’s actions within the Platform
      enabling the purchase of the Licence to the Artwork, making the Artwork available User’s name, first and last name, payment details, e-mail address
      operating the User Account user’s name, first name, e-mail address, other personal data voluntarily provided by the User within the Account, in particular phone number and address Article 6(1)(b) of the GDPR – processing is necessary for the performance of the Agreement or undertaking actions upon request of the data subject prior to concluding the Agreement Until the User deletes the Account or until the lapse of the period of limitation of claims connected with the Account operating service
      providing technical support IP address, details of the User’s Account Article 6(1)(f) of the GDPR – legitimate interest of the controller that consists in providing technical support for the Platform Users for the duration of the support expected by the User
      contact with the Users, responding to queries first name, e-mail address, phone number, other personal data voluntarily provided by the User in the form Article 6(1)(f) of the GDPR – legitimate interest of the controller that consists in responding to queries and correspondence provided directly by the data subjects until correspondence ends or the User objects
      analysing traffic within the Platform IP address, Cookies Article 6(1)(a) of the GDPR – consent given by the User until the data cease to be useful or the User withdraws the consent
      displaying personalised advertising or other advertising messages IP address, Cookies
      sending Newsletter e-mail address Article 6(1)(f) of the GDPR – legitimate interest of the controller that consists in informing about the Platform and its functionalities, as well as the Artwork offer until data cease to be useful, the Account is deleted, or the User objects
      issuing and storing accounting documents first and last name, address, tax identification number, other data required by law necessary for issuing a bill or VAT invoice Article 6(1)(c) of the GDPR in connection with tax regulations – processing is necessary for compliance with a legal obligation to which the Service Provider is subject for the term for which accounting documents have to be kept as prescribed by legal provisions (5 years from the end of the year of issue of a relevant document)
      handling reports regarding illegal content first and last name, e-mail address, other data voluntarily provided by the data subject Article 6(1)(c) of the GDPR in connection with Article 16(2)(c) of the Act on digital services (Regulation 2022/2065) – processing is necessary for compliance with a legal obligation to which the Service Provider is subject until the lapse of the period of limitation of claims connected with the notification of illegal content
      protection against claims, raising claims e-mail address, first and last name, other data voluntarily provided by the data subject Article 6(1)(f) of the GDPR – legitimate interest of the controller that consists in protecting against claims and raising claims until lapse of the period of limitation applicable to claims connected with access to the Platform and the User’s actions within the Platform
    2. If we are advised that you use the Platform in violation of the Terms and Conditions or applicable provisions of law (unauthorised use), then we may process your personal data to the extent required for establishing the scope of your liability.
    3. The provision of personal data within the Platform is voluntary, but failure to provide them will prevent you from contacting us, creating the Account, and placing an Order.
    4. Your personal data may be transferred to third countries (beyond the European Economic Area) in particulat to states such as Canada, the U.S. and Singapore, where there are entities related to the provider of systems and solutions operating within our Platform. Any transfer of personal data outside the EEA will be based on standard contractual clauses or other legal instrument legalizing such transfer.
    5. We will not carry out automated decision-making based on your personal data.
    6. We may carry out profiling for the purpose of displaying personalised messages of an advertising or marketing nature, customised to your preferences and behaviour, to you.
    7. You may object to profiling at any time by using the e-mail address stated in clause 1.2. or by sending a letter to our correspondence address.
  3. RECIPIENTS OF DATA
    1. We may entrust the processing of personal data to third parties for the purpose of carrying out the activities indicated in the Terms of Conditions and servicing the User. In such a case, the recipients of your data may involve the provider of hosting, the e-mail operator, a law firm, an accounting firm, the entities providing solutions for researching traffic on the website and marketing activities.
    2. Personal data collected by us may also be disclosed to competent state authorities upon their request on the basis of relevant provisions of law or other persons and entities – in the cases prescribed in the provisions of law.
    3. Each entity to which we transfer your personal data for processing on the basis of a personal data transfer agreement guarantees an adequate level of security and confidentiality of the processing of personal data. The entity processing your personal data on the basis of the data transfer agreement may process such personal data through another entity only upon our prior consent.
    4. Disclosing personal data to unauthorised entities under this Privacy Policy may take place only upon your prior consent.
  4. RIGHTS OF DATA SUBJECT
    1. You have the right to:
      1. delete the collected personal data referring to you both from the system belonging to us as well as from bases of entities with which we have co-operated,
      2. restrict the processing of data,
      3. portability of your personal data, in this to receive them in a structured form,
      4. request us to enable you access to your personal data and to rectify them,
      5. object to processing,
      6. withdraw the consent at any time without affecting the legality of the processing carried out on the basis of the consent before it is withdrawn,
      7. lodge a complaint about us to the supervisory authority (President of the Personal Data Protection Office).
    2. In order to exercise your rights, you can contact us via the e-mail address indicated in clause 1.2. or via the form available on the Platform.
  5. OTHER DATA
    1. We may store http enquiries, therefore the files containing web server logs may store certain data, including the IP address of the computer sending the enquiry, the name of the station – identification through http protocol, if possible, date and system time of registration on the Platform and receipt of the enquiry, number of bytes sent by the server, the URL address of the site visited by the User before if the User has entered the service through a link, information concerning your browser, information concerning errors that occurred during the http transaction. Web server logs may be collected for the purpose of proper administration of the Platform. Only persons authorised to administer the IT system have access to data. Files containing web server logs may be analysed for the purposes of preparing statistics concerning traffic and occurring errors. A summary of such details does not identify a specific person, and hence they are not personal data.
  6. SECURITY
    1. We apply technological and organisational means in order to provide for the protection of the processed personal data corresponding to the threats and category of data to be secured, in particular, through technical and organisational means we secure data against being published to unauthorised persons, taken over by an unauthorised person, processed in violation of the law, and changed, lost, damaged, or destroyed; among others, we apply SSL certificates. The set of collected Users’ personal data is stored on a secured server. Data are also secured by our internal procedures related to the processing of personal data and information security policy.
    2. We have also implemented appropriate technical and organisational means, such as pseudonymisation, designed to effectively enforce the data protection principles, such as data minimisation, and for the purpose of providing the processing with necessary safeguards, so as to meet the GDPR requirements and protect the rights of data subjects.
    3. Please remember that using the Internet and services provided by electronic means may pose a threat of malware breaking into your ICT system and device, as well as any other unauthorised access to your data, including personal data, by third parties. In order to minimise such threats, you should use appropriate technical safeguards, e.g. use updated antivirus programs or programs securing the identification on the Internet. In order to obtain detailed and professional information related to security in the Internet, we recommend taking advice from entities specialising in such IT services.
  7. COOKIES
    1. In order to ensure the correct operation of the Platform, we use Cookie support technology. Cookies are packages of information stored on your device through us, usually containing information corresponding to the intended use of a particular file, by means of which you use the Platform – these are usually: address of the website, date of publishing, lifetime of a cookie, unique number, and additional information corresponding to the intended use of a particular file.
    2. We use two types of Cookies: (a) session cookies, which are permanently deleted upon closing the session of the browser; (b) permanent cookies, which remain on the device after closing the session until they are deleted.
    3. It is not possible to identify you on the basis of Cookie files, whether session or permanent. The Cookie mechanism prevents the collection of any personal data.
    4. The Cookies used by us are safe for your device, in particular, they prevent viruses or other software from breaking into the device.
    5. Files generated directly by us may not be read by other websites. Third-party Cookies (i.e. Cookies provided by entities co-operating with us) may be read by an external server.
    6. You may individually change the Cookie settings at any time, stating the conditions of their storage, through the Internet browser settings or configuration of the service, as well as by means of the functionalities of the website.
    7. First of all, you may disable storing Cookies on your device in accordance with the instructions of the browser producer, but this may disable certain parts of or the entire operation of our Platform.
    8. You may also individually remove Cookies stored on your device at any time in accordance with the instructions of the browser producer.
    9. We use own Cookies for the following purposes: authentication of the User and maintaining the User’s session; configuration of the website and adjustment of the page content to the preferences or conduct of the User; analysis and research of views, click number, and path taken on the website to improve the appearance and organisation of the content, time spent on the website, number and frequency of visits on our website.
    10. We use Third-party Cookies for the following purposes: preparing statistics (anonymous) for the purposes of optimising the functionality of the website by means of analytic tools.
    11. The scope of Cookies used by us depends on the consents given by the relevant person.
    12. Detailed information concerning Cookie support is available in your browser settings.
  8. FINAL PROVISIONS
    1. This Privacy Policy comes into effect on 1 November 2024.