Privacy Policy

PRIVACY POLICY

Last updated October 30, 2024.

This Privacy Notice for Karmell Atelier (doing business as Karmell) (“we”, “us” or “our”) describes how and why we may access, collect, store, use and/or share (“process”) your personal information when you use our services (“Services”), including when:

• You are visiting our website at https://karmellatelier.hr/, or any of our websites linked to this Privacy Notice;
• You interact with us in other related ways, including sales, marketing or events.

Questions or concerns? Reading this Privacy Notice will help you understand your rights and choices regarding privacy. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have questions or concerns, please contact us at karmellatelier@gmail.com.

SUMMARY OF KEY POINTS

This summary provides key points from our Privacy Notice, but you can learn more about any of these topics by clicking on the link after each key point or using the table of contents below to find the section you are looking for.

• What personal data do we process? When you visit, use, or navigate our Services, we may process personal information based on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about the personal information you disclose to us.

• Do we process sensitive personal data? Some information may be considered “special” or “sensitive” in certain jurisdictions, for example your race or ethnicity, sexual orientation and religious beliefs. We do not process sensitive personal data.

• Do we collect data from third parties? We do not collect data from third parties.

• How do we process your data? We process your information to provide, improve and administer our Services, to communicate with you, for security and fraud prevention, and to comply with laws. We may also process your information for other purposes with your consent. We only process your information when we have a valid legal reason to do so. Learn more about how we process your information.

• With whom and in what situations do we share personal data? We may share information in specific situations and with certain categories of third parties. Learn more about when and with whom we share your personal information.

• How do we keep your data secure? We have appropriate organizational and technical processes and procedures in place to protect your personal information. However, no data transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals or other unauthorized third parties will not be able to overcome our security and improperly collect, access, steal or modify your information. Learn more about how we keep your information secure.

• What are your rights? Depending on your geographic location, applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.

• How can you exercise your rights? The easiest way to exercise your rights is by submitting a data access request or by contacting us. We will review and take any necessary action in accordance with applicable data protection laws.

Want to learn more about what we do with the data we collect? Review the full Privacy Notice.

CONTENT

1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE PROCESS YOUR DATA?
3. WHAT LEGAL BASIS DO WE USE TO PROCESS YOUR PERSONAL DATA?
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
6. HOW DO WE HANDLE YOUR SOCIAL MEDIA APPLICATIONS?
7. HOW LONG DO WE KEEP YOUR DATA?
8. HOW DO WE KEEP YOUR DATA SECURE?
9. DO WE COLLECT DATA FROM MINORS?
10. WHAT ARE YOUR PRIVACY RIGHTS?
11. DO NOT TRACK CONTROLS
12. ARE WE UPDATED THIS NOTICE?
13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
14. HOW CAN YOU REVIEW, UPDATE OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

Briefly: We collect the personal information you provide to us.

We collect personal data that you voluntarily submit to us when you register to use the Services, express interest in receiving information about us or our products and Services, when you participate in activities on the Services or contact us.

Personal information you provide: The personal information we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The information collected may include:

• names
• phone numbers
• e-mail addresses
• usernames
• passwords
• billing addresses
• debit/credit card numbers

Sensitive data: We do not process sensitive data.

Social media login information: We may allow you to log in using your existing social media account, such as Facebook or X. If you choose to log in this way, we will collect certain profile information from the social media, as described in the section titled “HOW DO WE HANDLE YOUR SOCIAL MEDIA LOGIN?” below.

All personal information you provide to us must be true, complete and accurate, and you must notify us of any changes to that information.

Data collected automatically

Briefly: Some information — such as your IP address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or browse the Services. This information does not identify you specifically (such as your name or contact information), but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, the URL you came from, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily necessary to maintain the security and functionality of our Services and for our internal analysis and reporting.

Like many companies, we collect information through cookies and similar technologies.

The data collected includes:

• Log and usage data: This is service-related, diagnostic, usage and performance data that our servers automatically collect when you access or use our Services and that we record in log files.
• Device information: We collect device information, such as information about your computer, phone, tablet, or other device that you use to access the Services.
• Location information: We collect device location data, which may be precise or imprecise. The data collection depends on the type and settings of the device you use to access the Services.

Google APIs

Our use of data obtained through Google APIs will be in accordance with the User Data Policy for Google API Services, including any limited use requirements.

2. HOW DO WE PROCESS YOUR DATA?

Briefly: We process your information to provide, improve and administer our Services, to communicate with you, for security and fraud prevention, and to comply with laws. We may also process your information for other purposes with your consent.

We process your personal data for various reasons, depending on how you interact with our Services, including:

• To facilitate account creation and authentication, and to manage user accounts: We may process your data to enable you to create and log in to your account, as well as to maintain the operation of your account.
• To deliver and facilitate the delivery of services to the user: We may process your data to provide you with the service you have requested.
• To respond to user inquiries/offer user support: We may process your data to respond to your inquiries and resolve possible service issues.
• To request feedback: We may process your information when necessary to solicit feedback and contact you about your use of our Services.
• To send marketing and promotional communications: We may process the personal information you submit to us for our marketing purposes, in accordance with your marketing preferences. You can opt out of our marketing emails at any time.
• To deliver targeted advertising: We may process your information to develop and display personalized content and advertisements tailored to your interests, location, and more.
• To identify usage trends: We may process information about how you use our Services to better understand how they are used and how we can improve them.
• To protect the vital interests of an individual: We may process your data when necessary to protect the vital interests of an individual, such as preventing injury.

3. WHAT LEGAL BASIS DO WE USE TO PROCESS YOUR PERSONAL DATA?

Briefly: We process your personal data only when we believe it is necessary and when we have a valid legal reason to do so under applicable law, such as your consent, compliance with the law, provision of services, fulfillment of contractual obligations, protection of your rights or pursuit of our legitimate business interests.

General Data Protection Regulation (GDPR) and UK GDPR require us to explain the legal bases we rely on to process your personal data. Accordingly, we can rely on the following legal bases:

• Consent: We may process your data if you have given us permission (consent) to use your personal data for a specific purpose. You can withdraw your consent at any time.
• Contract execution: We may process your personal data when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services.
• Legitimate interests: We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests.
• Legal obligation: We may process your information when we believe it is necessary to comply with our legal obligations.
• Protection of vital interests: We may process your data when we believe it is necessary to protect your vital interests or the vital interests of a third party.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

Briefly: We may share information in the specific situations described in this section and/or with certain categories of third parties.

Suppliers, consultants and other third-party service providers: We may share your information with third parties who perform services for us or on our behalf and who need access to such information in order to perform that work. We have agreements with third parties that are designed to protect your personal information.

The categories of third parties with whom we may share personal information include:

• Cloud computing services
• Data analytics services
• Payment processors
• Sales and marketing tools
• Social networks
• User account registration and authentication services

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

Briefly: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (such as web beacons and pixels) to collect information when you interact with our Services. Some of these tracking technologies help us maintain the security of our Services and your account, prevent crashes, correct errors, store your preferences, and assist with basic website functionality.

We also allow third parties and service providers to use online tracking technologies on our Services for analytics and advertising purposes, including to help manage and display advertisements, tailor ads to your interests, or send you abandoned cart reminders (depending on your communication settings).

Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

Google Analytics

We may share your information with Google Analytics to track and analyze usage of the Services. The Google Analytics advertising options we may use include: Demographic and Interest Reporting and Google Display Network Impression Reporting.

6. HOW DO WE HANDLE YOUR APPLICATIONS VIA SOCIAL NETWORKS?

Briefly: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.

Our Services allow you to sign in and register using your social media login credentials (such as Facebook or Xa). When you choose to sign in in this way, we will receive certain information about your profile from the social media provider. The information we receive may include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such social media platform.

We will only use the information we receive for the purposes described in this Privacy Notice or made clear to you on the relevant Services.

7. HOW LONG DO WE KEEP YOUR DATA?

Briefly: We retain your information for as long as necessary to fulfill the purposes set out in this Privacy Notice, unless a longer retention period is required by law.

We will retain your personal information only for as long as necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (e.g. for tax, accounting or other legal requirements). None of the purposes set out in this Notice will require us to retain your personal information for longer than three (3) months after your account has been deactivated.

When we no longer have a legitimate business need to process your personal data, we will delete or anonymize that data, or, if this is not possible (e.g. because your personal data is stored in backup copies), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

8. HOW DO WE KEEP YOUR DATA SECURE?

Briefly: We strive to protect your personal data through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our measures and efforts to protect your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, and we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to overcome our security and improperly collect, access, steal, or modify your information. While we will do everything in our power to protect your personal information, you transfer personal information to and from our Services at your own risk. We recommend that you only access the Services in a secure environment.

9. DO WE COLLECT DATA FROM MINORS?

Briefly: We do not knowingly collect information from or advertise to children under the age of 18.

We do not knowingly collect information from or contact children under the age of 18 for marketing purposes, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 years of age or that you are the parent or guardian of such minor and consent to the use of the Services. If we learn that personal information from a user under the age of 18 has been collected, we will deactivate the account and take reasonable steps to promptly delete such information from our records. If you become aware of any information we may have collected from children under the age of 18, please contact us at karmellatelier@gmail.com.

10. WHAT ARE YOUR PRIVACY RIGHTS?

Briefly: In some regions, such as the European Economic Area (EEA), the United Kingdom (UK), and Switzerland, you have rights that give you greater access and control over your personal information. Depending on your location, you may be able to review, change, or terminate your account at any time.

In some regions (such as the EEA, the UK and Switzerland), you have certain rights under applicable data protection laws. These may include the right to (i) request access to and obtain a copy of your personal data, (ii) the right to rectification or erasure; (iii) restriction of processing of your personal data; (iv) the right to data portability; and (v) the right to object to the processing of your personal data. You may make such a request by contacting us using the details provided in the “HOW CAN YOU CONTACT US REGARDING THIS NOTICE?” section.

We will consider and act on all requests in accordance with applicable data protection laws.

11. DO-NOT-TRACK CONTROLS

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting that you can activate to signal that you do not want your online browsing activities to be tracked. There is currently no single technology standard for recognizing and implementing DNT signals. We do not respond to browser DNT signals at this time.

12. ARE WE UPDATED THIS NOTICE?

Briefly: Yes, we will update this notice as necessary to remain compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by the updated “Last Updated” date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by posting a notice of such changes or by sending you a notice directly. We encourage you to frequently review this Privacy Notice to stay informed about how we are protecting your information.

13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have any questions or comments regarding this notice, you can contact us by email at karmellatelier@gmail.com or by mail to:

Carmel
Tomasiceva 6
Zagreb, Zagrebacka 10000
Croatia

14. HOW CAN YOU REVIEW, UPDATE OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, details of how we have processed it, to have inaccuracies corrected, or to have your personal information erased. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in certain circumstances under applicable law. To request to review, update, or delete your personal information, please complete and submit a data access request.