Original.  Buy uniqueness.
Online Gallery

Principles of Personal Data Protection


1. Who processes your data
The Controller of personal data according to the Article 4 paragraph 7 of EU General Data Protection Regulation 2016/679 relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data (hereinafter referred to as "GDPR") is the Company Art of All s.r.o., ID No.: 46991654, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File 172028, with registered office at: Roháčova 188/37, 130 00 Prague 3, Czech Republic (hereinafter referred to as: "Controller") and as Controller we will process your personal data in compliance with the following principles.
Controller did not authorize any processor to act on behalf of Controller in terms of personal data protection.

2. What kind of personal data we process
We process only personal data provided by you in relation with use of our services on Online-Gallery.shop. The data concerned:
Artist (exhibitor, author, seller) and Visitor (buyer, collector)
• e-mail address
• full name
• street name and No.
• city and city code
• state
• password in encrypted form

3. Why we process personal data
The legitimate interest for personal data protection processing is embodied in performance of a contract between you and Controller in compliance with Art. 6 par. 1 letter b) of GDPR as well as 1 in legitimate interest of Controller for providing direct marketing (especially for sending commercial messages and newsletters) in compliance with Art. 6 par. 1 letter f) of GDPR. The aim is execution of your order.

4. Who has access to your data
Controller declares that he has adopted all appropriate technical and organizational measures to secure your personal data. Only authorized persons have access to your personal data.
Third parties who can have access to your personal data in absolutely necessary extent are:
• persons who are in charge of our technical operation and administration of our services;
• persons to whom we provide data for analysis of attendance of our website;
• payment gateways.
All data are stored in the territory of the Czech Republic.
Controller stores personal data for the period necessary for performance of rights and duties resulting from the contractual relationship between you and Controller and executing claims resulting from these contracts (in case of prepaid subscription), and subsequently for the period of 10 years after termination of the contract. You can use any of your rights presented below at any time.

5. What rights you have in relation with personal data protection
You provide us with your personal data voluntarily. We cannot provide you with our services without your personal data.
According to GDPR you are authorized towards our organization to:
a) to require access to your personal data that we process and you are authorized to gain access to your personal data and other information stated in Art. 15 of GDPR,
b) to require correction of your personal data that we are processing, if they are incorrect,
c) to require deletion of your personal data (the right to be "forgotten") in certain cases,
d) to require limitation of your personal data,
e) to acquire personal data that concern you in a structured, currently used and machine-readable form, and you are authorized to hand those data over to other controller,
f) to make a claim or complaint against data processing in certain cases,
g) to be informed about a breach of personal data security in certain cases,
h) you have other rights stated in Law on personal data protection and in General Data Protection Regulation No. 2016/679 after it comes into force.
Any of these rights can be applied for on contact details stated below. As soon as we obtain your request we will inform you about adopted measures without undue delay and in every case within one month after receiving the request. This time limit can be extended to another two months in case of need due to complexity and number of requests.
In case of not approving of your request we are obliged to inform you without any delay within one month after receiving the request about reasons of not taking measures. In certain cases when your request is disproportionate or unreasonable (especially in case of excessive repeating of the request), we are not obliged, in accordance with GDPR, to fully or partially fulfill your request. In such cases we can impose on you an adequate fee reflecting administrative costs related to submission of requested information or communication or performance of requested action. As a subject of data you have a right in any case to turn directly to a supervising body, which is the Office for Personal Data Protection.
If after receiving your request we have a reasonable doubt regarding your identity, we can ask you to provide additional information necessary to confirm your identity.
In case you may assume that our organization is processing your personal data without authorization or it is otherwise violating your rights, you are entitled to make complaint at a supervising body, which is the Office for Personal Data Protection or ask for judicial protection.

6. How can you contact us?
In case you have any questions or want to exercise your legitimate rights or express your disapproval with further receiving of our commercial messages, you can contact us on our e-mail address: in-fo@online-gallery.shop. You can also submit your request by post to our address: Art of All s.r.o., Roháčova 188/37, Praha 3, PSČ 130 00
If you wish to cancel taking of our newsletter, you can do so easily through a link that is always attached to the end of it.
To verify your identity, we may ask you to prove your identity in an adequate way. This is a precautionary measure to restrain access to your personal data to unauthorized persons.