Privacy Policy

Last Updated: August 23, 2024

Notice on Personal Data Processing by DLightful Services

This Privacy Policy outlines how DLightful Services manages your personal data in accordance with applicable data protection laws, including the Croatian Law on Personal Data Protect (Zakon o zaÅ¡titi osobnih podataka – NN 106/2012-2300ViÅ¡e) and the European General Data Protection Regulation (GDPR).

We kindly request that you review this policy carefully before sharing any personal information with DLightful Services. If you provide the personal data of others (such as family members or colleagues), please ensure they are aware of this policy and that you have permission to share their information.

In this policy, “personal data” refers to any information that can identify or reasonably be used to identify an individual. “Processing” encompasses any operation performed on personal data, including collection, storage, use, modification, transmission, archiving, or deletion, whether in physical or electronic form.

1. Who We Are – Data Controller

The Data Controller for your personal information is DLightful Services, OIB/ID number: 64405922764, PDV/VAT number: HR64405922764, MBO/Company number: 98298658, Tijardovićeva 4, 21000 Split, Croatia, phone: 00385 91 250 5866, email: dora@dlightfulservices.com. You may direct any inquiries about your personal data processing or protection to this contact.

A current list of Data Processors (those who process personal data on behalf of DLightful Services) is maintained at our registered office.

2. Data Collection and Processing Purposes

We collect and process different categories of personal data depending on your interaction with DLightful Services:

For Website Visitors:

When you visit our website, we automatically collect:

  • Technical Data: IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website
  • Usage Data: Information about how you use our website, including pages visited and time spent on each page

If you use our contact form, we collect:

  • Identification Information: Full name
  • Contact Information: Email address, phone number (optional)
  • Message Content: Any information you provide in your message to us

For Clients and Customers:

To provide our art management, project management, translation services, exhibition curation, and graphic design services and any other services we are registered to provide, we collect and process:

  • Identification Information: Full name, date of birth, nationality, government-issued ID numbers (where required for legal or contractual purposes)
  • Contact Information: Email address, phone number, postal address
  • Professional Information: Job title, company name (for business clients), professional qualifications (if relevant to the service)
  • Financial Information: Bank account details, payment history
  • Project-Specific Data: Information related to the specific project or service we’re providing, which may include artistic preferences, project requirements, or other relevant details
  • Communication Data: Content and metadata of emails, messages, or calls between us related to our services

For Business Clients, we may also collect:

  • Company Information: Business registration details, VAT number
  • Representative Information: Names and contact details of shareholders, directors, managers, beneficial owners, and relevant employees

We use this information solely for executing our services, maintaining client relationships, and complying with applicable regulations and professional confidentiality obligations. The specific data collected will depend on the nature of our engagement and the services provided.

For Marketing Communications:

If you’ve opted in to receive our newsletter or marketing communications, we collect:

  • Identification Information: First name and possibly Full name depending on the purpose and form used
  • Contact Information: Email address
  • Marketing Preferences: Your preferences for receiving different types of communications from us

We process this data to send you updates, event invitations, and other information you’ve expressed interest in receiving.

Remember, you’re not required to provide personal information to merely browse our website. The collection of more detailed personal data occurs when you engage our services or explicitly choose to share information with us.

3. Legal Basis for Processing

We process personal data as necessary for contract performance, pre-contractual measures, or to fulfill legal obligations. Your consent is not required for these purposes.

4. Explicit Consent

In certain situations where we are not relying on contract performance or legal obligations as the basis for processing your personal data, we may seek your explicit consent. This could include, but is not limited to, processing sensitive personal data or using your data for purposes beyond our core services. When we request your consent, we will clearly explain what data we’re collecting and how we intend to use it. You have the right to withdraw this consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.

5. Newsletter and Marketing Communications

DLightful Services may use your name and email to send you updates, event invitations, and other information. We’ll seek your prior consent unless we’ve received your contact information as part of our service provision and you haven’t opted out of such communications. You can unsubscribe from these communications at any time.

6. Website & Cookies

When you use our contact form, we collect your name and email to respond to your inquiries.

We also automatically collect log data and device information when you visit our website, including usage data, IP address, access times, and hardware/software information. This data helps us operate, maintain, and improve our website.

Our website uses analytics services that may place cookies on your device. You can refuse cookies through your browser settings or our cookie banner, though this may affect website functionality.

7. Data Recipients

To provide our services, we may share your data with trusted service providers or outsourced support services, such as IT providers. Data transfers occur only with your consent or to comply with legal requirements. All recipients are contractually bound to maintain our security standards.

8. International Data Transfers

As we operate internationally, your data may be transferred to countries with different data protection standards. We ensure adequate protection through contractual agreements with recipients.

9. Data Storage Locations

Your personal data is primarily stored and processed within the European Economic Area (EEA). However, some data may be stored or processed in the United Kingdom by our service providers. Regardless of location, we ensure that appropriate safeguards are in place to protect your personal data as outlined in our International Data Transfers section.

10. Data Retention

We retain personal data as long as necessary for the purposes collected or as required by legitimate interests or legal obligations, but no longer than 10 years after the end of our contractual relationship.

11. Your Rights

You have the right to:

  • Access your personal data
  • Request updates or corrections
  • Restrict processing or request deletion (where applicable)
  • File a complaint with the relevant supervisory authority
  • Request data portability
  • Withdraw your consent at any time, where we are relying on consent to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data from loss, unauthorized access, or misuse.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay. This notification will include the nature of the breach, the likely consequences, the measures we’re taking to address the breach, and recommendations for you to mitigate potential adverse effects. We maintain internal procedures to detect and respond to data breaches promptly and effectively.

14. Third-Party Websites

Our website may contain links to other sites. We are not responsible for the privacy practices of these external sites.

15. Policy Updates and Notification

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make material changes to this policy, we will notify you by:

  • Posting a notice on our website’s homepage
  • Sending an email to the address we have on file for you
  • Displaying a prominent notice when you next log in to our services

The date of the most recent update will be clearly indicated at the top of the policy. We encourage you to review this policy periodically to stay informed about how we protect your personal information.

16. Contact Us

For any questions about this Privacy Policy, please contact us at dora@dlightfulservices.com.