IRENA TONE is the controller and responsible for your personal data (collectively referred to as "we", "us" or "our" in this privacy notice). We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact our data privacy manager using the details set out below.Our full contact details are:
IRENA TONE, https://irenatone.art, Ros Kozhman is our data privacy manager, email address: admin(at)irenatone.art.
You have the right to make a complaint at any time, welcome the opportunity to address your concerns and please contact us in the first instance.2. Changes to the privacy notice
The main principles we follow are:
1. Security, confidentiality, and data safety. The data you share with us is processed via a safe, encrypted connection by using HTTPS protocol. By using a secure connection, the privacy and integrity of data are maintained and authentication of websites is also validated.
4.1. Key terms
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include 'anonymous data', namely data where the identity has been removed. We may collect, use, and store different kinds of personal data about you.
We do not collect any Special Categories of Personal Data about you (for example details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Upon making an order and checkout, the User provides the Administration with personal data including name, surname, e-mail address, phone number, and delivery address. When using the Website the Website may automatically or with the participation of a User collect additional personal information, including IP address, browser type, and version, time zone setting, country, language, operating system, UTM parameters, partner's tags, address of a page's referrer, and other technical data, which can be used for identification of the User without taking additional measures.
4.2. Payment Policy
4.2.1. Order form, checkout, and payment
When making an order before checkout, you will be asked to fill the form with your contact details (full name, email address, telephone number) as well as the delivery address which is necessary for processing orders and the delivery process. Your IP address and date and time of order are also collected. We collect and store your details securely. For certain services, such as purchasing or paying the invoice for commissioned artworks, we also request credit card or other payment account information, which we maintain in the secure form provided by the secure integrated payment system Stripe
Upon confirmation of the transaction, you will be directed to Stripe's secure payment window of the amount that will be charged immediately from the credit or debit card issued in any country. The sum will include both the artwork price and the delivery costs (if appreciated). Your purchase will start upon receipt of payment. You will get the order confirmation via email with the Stripe invoice.
The Administration does not store full card details. It does not act as a Payment Controller, and only receives notifications about successful payments.
It is understood, however, that when receiving payment, the Administration may collect additional information including, inter alia, transaction number, transaction time, type and expiration date of the card used for payments as well as the last four digits of the card number, the cardholder's name, country, and city where the card has been charged. This information is needed for order and payment confirmation, payment status proof and refund in case of return after purchase is delivered.5. The Personal Data Collection Procedure
The main ways of receiving personal information from Users are as follows:
a) the User provides personal information directly (e.g., when filing the forms or using a payment system).
The Administration may use Personal Data provided to it by the User to:
a) Manage an order
b) Provide client support
c) Send notices by email, such as confirmation of order and payment, a reminder or a notice about an order, payment, delivery process, notices about significant changes in client service
d) Collect and analyze the statistical data7. Storage of Data
The Administration takes all necessary technical and organizational precautions to protect the User's personal data against unauthorized or accidental access, deletion or alteration, blocking, copying, disclosure, or other unauthorized actions of third parties.
In case of loss or disclosure of the User's personal data, the Administration notifies the User about the fact of their personal data loss or disclosure.
7.1. Managing data retention period
By default, all user data sent via data capture forms on a website is available in our system for 30 days. If you don't want to store data in our account and want to delete it before the 30-day period ends, you can request us to delete it by sending a relevant query to email admin(at)irenatone.art.
7.2. Right to be forgotten. Deleting personal data on your request
If you have a request to delete your personal data you sent via a data capture form, for example, when you shared it with us completing your order form and then checkout, you can request to remove it by email admin(at)irenatone.art.
Cookies are small text files sent by the server to the User's device. Cookies perform many functions, for example, they allow to save the settings made by the user, allow the user to move between pages after signing in, and, on the whole, make working on a website easier.
to know more about the cookie collection process.9. Managing Personal Data
The User can change or delete Personal data that was provided by the User by sending a relevant query to admin(at)irenatone.art.
For technical reasons, the information may not be deleted straight away, but with a delay. Please note that we may retain some of the information to the extent that is necessary for fulfilling legal obligations, resolving disputes, preventing fraud, and protecting the legitimate interests of the Administration.10. Administration Obligations
The Administration undertakes to:
b) Keep personal information confidential; not to disclose the User's personal information without prior written permission obtained from the User; not to sell, exchange, publish or disclose it by any other means
c) Take measures to protect the confidentiality of the User's personal information according to standard procedures.
d) Block the User's personal information immediately after receiving a request from the User or their legal representative or a relevant authority for the protection of the User's personal data while it is being checked in case invalid data or unauthorized activities are detected.
The Administration may share the User's personal data with the authorities in the relevant jurisdiction solely on the grounds and in accordance with the legislation of Spain.11. Contacts