Privacy Policy

Last updated: May 17, 2025

ArtDestan (“us”, “we”, or “our”) operates the ArtDestan website (the “Service”).

This page informs you of our policies regarding the collection, use and disclosure of Personal Information when you use our Service.

We use your Personal Information for providing and improving the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

1.Information Collection and Use

While using our Service, we may ask you to provide personally identifiable information including but not limited to:

Name
Email address
Telephone number
Address

Performance of Contract: Processing of name, address, email, and payment data is necessary to fulfill orders, deliver digital content, and issue invoices.

Legitimate Interests: Analysis of log data and site security measures are carried out to optimize our service, prevent fraud, and improve user experience.

Consent: We obtain your explicit consent before sending marketing communications; you may withdraw consent at any time by contacting us or clicking “Unsubscribe.”

When we collect your personal data, we inform you of your rights under GDPR Article 13. These rights include accessing your personal data, rectifying inaccurate data, requesting deletion of your data, restricting data processing, objecting to processing, transferring your data to another service, and lodging a complaint with a supervisory authority (e.g., the Hungarian NAIH). For details on these rights and how to exercise them, please refer to Section Your GDPR Rights.

2.Log Data

We collect Log Data including IP address, browser type/version, pages visited, time and date of visit, and time spent on pages.

3.Cookies

We use cookies to collect information. You can refuse cookies via browser settings. Without cookies, some parts of the Service may not function.

4.Service Providers

Third-party providers may access your data to support Service operations. They are prohibited from using it for other purposes.

We share data with third parties such as payment processors (e.g., PayPal, Stripe), hosting providers, and analytics services, solely for providing the Service. All third parties are bound by Data Processing Agreements compliant with GDPR Article 28.

5.Security

We use commercially acceptable means to protect your data, but no method is 100% secure.

6.Links to Other Sites

We share data with third parties such as payment processors (e.g., PayPal, Stripe), hosting providers, and analytics services, solely for the purpose of providing the Service.

We are not responsible for third-party site content or privacy practices.

7.Children’s Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from anyone under the age of 18. If we learn that we have collected personal information from a minor without verification of parental consent, we will take steps to delete that information.

During registration, users must confirm they are 18 or older. If we discover that we have collected data from a minor without parental consent, we will promptly delete it.

8.Compliance with Laws

We disclose Personal Information when required to by law or subpoena.

9.Changes to This Privacy Policy

We may update our policy by posting a new version on this page. Your GDPR Rights:

Access, correction, deletion
Data portability
Restriction and objection to processing
Lodge complaints with the NAIH (Hungarian DPA

10.Data Retention

Data retained as long as needed for its purpose, or as legally required.
Order & Invoice Data: Retained for up to ten (10) years in compliance with tax and accounting laws.
Marketing Consents Stored until you withdraw your consent.
Cookie Preferences: Stored for a maximum of two (2) years.
In the event of a personal data breach, we will notify affected users and the NAIH within 72 hours, per GDPR Article 33, via email or website announcement, and implement corrective measures immediately.

After the retention period, personal data is securely deleted or anonymized using industry-standard methods, except where longer retention is required by law.

Backup Caveat: Encrypted backup copies may persist for up to ninety (90) days for disaster‑recovery purposes but are not used for active data processing and will be overwritten in the normal course.

11.International Data Transfers

Where personal data is transferred outside the European Economic Area (e.g., to our payment service providers), such transfers are safeguarded by Standard Contractual Clauses approved by the European Commission.

12.Data Subject Access Requests:

You may request access, correction, or deletion of your personal data by emailing dpo@artdestan.com. We will respond within 30 days, per GDPR Article 15, providing data in a structured, commonly used format if requested.