1. WHO ARE WE
1.2. Our website, https://paintingwithlight.com/, is owned and operated by us. Our website is hosted by SiteGround Hosting Ltd., 3rd Floor, 11-12 St. James's Square, London SW1Y 4LB.
- (a) By post, using the aforementioned address, to the attention of our Privacy Officer;
- (b) By sending an e-mail to our e-mail address firstname.lastname@example.org, to the attention of our Privacy Officer.
2. HOW WE USE AND COLLECT YOUR PERSONAL DATA
2.1. Personal data is defined as any information relating to an identified or identifiable natural person. Identifiable refers to identifiers (such as name, identification number, location data, etc.), that can be used to directly or indirectly identify you (as a natural person).
2.2. The personal data we collect, is collected and used for the purposes as listed hereunder:
- (a) You may be an existing or past client or supplier of ours. In such case, we will use your personal data to communicate with you regarding (the status of), respectively, our services or your services. We may also use your personal data for the purpose as set out in (b) or (c).
- (b) You may be interested in our services. Therefore, we use your personal data for direct marketing purposes to send you communications and newsletters relating to our services and our company, and upcoming events.
- (c) You may be interested in working for or with us. Therefore, we use your personal data for direct marketing purposes or to communicate with you regarding possible opportunities and to request offers.
- (d) You may use the contact form of our website to pose a specific question relating to our services or our website or relating to any opportunities we have for you to collaborate with us. You may also use our website to subscribe to our newsletter. In such case, we will use your personal data to respond to your enquiry and we may use your personal data for purpose (b) or (c).
- (e) We collect and process your personal data for the purpose of supporting the website and enhancing your user experience, which includes ensuring the security, availability, performance, capacity and health of the website.
- (f) We may use your personal data to enforce or exercise any rights that are available to us based on the applicable law, such as use for the establishment, exercise or defense of legal claims. We may also use your personal data to fulfil our obligations as set out by the applicable law.
2.3. You can opt out of the communications as set out in purpose 2.2. (b) or 2.2.(c) (for direct marketing) at any time by following the procedure as set out in our communications.
2.4. The following categories of personal data can be distinguished:
- (a) Contact data (provided directly by you): We may receive your personal data directly through you when (i) you request information to look at the possibility to engage our services, other than through our contact form, (ii) engage us for our services, (iii) we request your information for the possibility of engaging your services or, (iv) when we engage you for your services. In such case, the personal data we receive and process is: your name, phone number, e-mail address, address and other personal data we have requested. This personal data will be processed for the purposes as set out in articles 2.2.(a), 2.2.(b), and/or 2.2.(c). Processing such personal data is necessary in order for us to comply with our obligations originating from our potential or effective working relationship and/or contract.
- (c) Enquiry data: If you use (i) the contact form on our website to contact us regarding our company and our services or (ii) you subscribe to our newsletter, we will collect personal data: (i) your name, phone number, e-mail address, and any personal data you fill in in the message box (please do not share any bank account or credit card data or any sensitive data, such as health data, with us via the message box), or (ii) your e-mail address. This is personal data provided directly by you to us and is personal data that will be used for the purposes as set out in articles 2.2.(b), 2.2.(c) and/or 2.2.(d). The legal basis for the processing of such personal data is your consent.
- (d) Business cards: If you provide us with a business card at an event or a meeting, we may process your personal information: your name, phone number, e-mail address, address, and any other personal information you have included on your business card. In such case, your personal data will be used for the purposes as set out in articles 2.2.(b), and/or 2.2.(c). The legal basis for such processing is our legitimate interest, namely furthering your interest in us and our business relationship by keeping you up to date with relevant information regarding our services and our company.
2.5. We may also use your personal data for the purpose as set out in article 2(f), which may be necessary for compliance with a legal obligation or our legitimate interest.
3. RETENTION OF YOUR DATA AND DELETION
3.1. Your personal information will not be kept for longer than is necessary for a specific purpose. However, considering it is not possible for us in advance to specify a period, the period of retention will be determined as follows:
- (a) Personal data used by us in the performance of services to you or your services to us as set out in article 2.2(a) will be stored, retained and used for as long as is necessary to provide the services and will be stored and used for direct marketing purposes.
- (b) Personal data used by us for direct marketing purposes as set out in article 2.2.(b) or 2.2.(c) will be stored, retained and used for as long as we think you may benefit from our communications.
- (c) Personal data provided via the contact form will be retained, stored and used for as long as is necessary to answer to your query and will be stored and used for direct marketing purposes.
- (d) Usage data will be stored and retained for as long as such data is useful purpose of supporting the website.
3.2. In the event you withdraw your consent or you object to our use of your personal data, and such objection is successful, we will remove your personal data from our databases. Please note that we will retain the personal data necessary to ensure your preferences are respected in the future and only in order to ensure that you do not receive further communications from us.
3.3. The foregoing will, however, not prevent us from retaining any information and content for lawful purposes such as, but not limited to the exercise or defence of a legal claim, evidential purposes, back-up, accounting and the fulfilment of other legal rights and obligations that we may have.
4. YOUR RIGHTS
4.1. This article lists your principal rights under data protection law. We have tried to summarize them in a clear and legible way.
The right to access
4.4. You have the right to receive from us a copy of your personal data we have in our possession, provided that this does not adversely affect the rights and freedoms of others. The first copy will be provided free of charge, but we reserve the right to charge a reasonable fee if you request further copies.
The right to rectification
4.5. If the personal data we hold about you is inaccurate or incomplete, you have the right to have this information rectified or, taking into account the purposes of the processing, completed.
The right to erasure (right to be forgotten)
4.6. In some circumstances, you have the right to the erasure of your personal data without undue delay. Those circumstances include:
- (a) The personal data are no longer needed in relation to the purposes for which they were collected or otherwise processed;
- (b) You withdraw your consent, and no other lawful ground exists;
- (c) The processing is for direct marketing purposes;
- (d) The personal data have been unlawfully processed; or,
- (e) Erasure is necessary for compliance with EU law or Belgian law.
4.7. There are certain exclusions to the right to erasure. Those exclusions include where processing is necessary,
- (a) for exercising the right of freedom of expression and information;
- (b) for compliance with a legal obligation; or,
- (c) for the establishment, exercise or defense of legal claims.
The right to restrict processing;
4.8. You have the right to restrict the processing of your personal data (meaning that the personal data may only be stored by us and may only be used for limited purposes), if:
- (a) You contest the accuracy of the personal data (and only for as long as it takes to verify that accuracy);
- (b) The processing is unlawful and you request restriction (as opposed to exercising the right to erasure);
- (c) We no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; or,
- (d) You have objected to processing, pending the verification of that objection.
4.9. In addition to our right to store your personal data, we may still otherwise process it but only:
- (a) with your consent;
- (b) for the establishment, exercise or defense of legal claims;
- (c) for the protection of the rights of another natural or legal person; or,
- (d) for reasons of important public interest.
4.10. We will inform you before we lift the restriction of processing.
The right to data portability
4.11. To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
4.12. You also have the right to have your personal data transferred directly to another company, if this is technically possible, and/or to store your personal data for further personal use on a private device.
The right to object to processing
4.13. You have the right to object to the processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for:
- (a) The performance of a task carried out in the public interest or in the exercise of any official authority vested in us;
- (b) The purposes of the legitimate interests pursued by us or by a third party.
4.14. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
4.15. You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
The right to complain to a supervisory authority
4.16. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. In Belgium, you can submit a complaint to the Privacy Commission, Drukpersstraat 35, 1000 Brussels (email@example.com), https://www.privacycommission.be/en/contact-us.
5. PROVIDING YOUR PERSONAL DATA TO OTHERS
5.1. In order to provide you with our services and in order for us to maintain a database with your contact information, we work with intermediary service provider to process and store your personal information. We use the following intermediary service providers:
- (a) databases/hosting: Mailchimp (MailChimp Head Office, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308, USA)
- (b) cloud platform: Dropbox (Dropbox Inc, 185 Berry St. Ste. 400 San Francisco, CA 94107, USA) and OneDrive (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA).
- (c) website host: Wix (Wix.com Ltd; PO box 40190 San Francisco, CA United States)
- (d) marketing and communication partner: KROZ (KROZ BVBA, Kapelseweg 62, 2811 Hombeek, Belgium)
5.2. If you are a client of ours, we may provide your personal data to the suppliers we have contracted or intend to contract in order to provide you with our services. If you are a supplier of ours, we may provide your personal data to our clients for the purpose of suggesting you as a supplier or in the course of delivering the services.
5.3. We may also disclose your personal data in the event such disclosure is required or necessary in order to fulfil a legal obligation. We may also disclose personal data in order to protect your vital interests or the vital interest of another natural person.
5.4. As such, we do not disclose your personal data to our social media partners. We do, however, make use of social media plugins to direct you to our social media channels and to allow you to interact with our content. These social media channels are Facebook, Instagram, LinkedIn, Twitter, Google+, Vimeo and Pinterest. When you share an article via Twitter, LinkedIn or Google+, like an article by using the Facebook “like” plug in, view an embedded video on our website via Vimeo, or click on a link to our profile on a social media channel, such social media service provider may collect personal data about you and may link this information to your existing profile on such social media. In such case, the social media service provider will act as controller.
5.5. We are not responsible for the use of your personal data by such social media service provider. Please take a moment to familiarize yourself with the privacy practices of the aforementioned companies. For your information only, we have included the relevant links (these may be changed from time to time by the relevant service provider):
- (a) Facebook: http://facebook.com/about/privacy;
- (b) Instagram: https://help.instagram.com/155833707900388;
- (c) LinkedIn: http://linkedin.com/legal/privacy-policy;
- (d) Twitter: http://twitter.com/privacy;
- (e) Google+: https://www.google.com/intl/en/policies/privacy/;
- (f) Vimeo: https://vimeo.com/privacy;
- (g) Pinterest: http://policy.pinterest.com/en/privacy-policy.
6. INTERNATIONAL TRANSFERS
6.1. We will ensure that any transfer of personal data to countries outside of the European Economic Area will take place pursuant to the appropriate safeguards. As we make use of Google Services, your personal data may be transferred outside of the European Economic Area.
6.3. You hereby authorize us to transfer your personal data outside the European Economic Area.