Couture

Privacy Policy

1. This Privacy Policy governs the processing of personal data collected through the website michelleschuster.at, hereinafter referred to as: „the Website”.

2. The owner of the Website and the personal data administrator is Michelle Schuster, 1050 Wien, Pilgramgasse, 6\14, hereinafter referred to as the Administrator.

3. The Administrator processes personal data collected through the Website in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as RODO.

4. The Administrator makes every effort to respect the privacy of customers visiting the Website.

§ 1 Type of data processed, purposes and legal basis

1. The Administrator collects information about natural persons performing legal acts not directly related to their business or professional activity, natural persons conducting sole proprietorships within the meaning of the Act, and natural persons representing legal persons or organisational units not having legal personality, conducting sole proprietorships within the meaning of the Act, conducting business or professional activity, hereinafter referred to collectively as Clients.

2. The personal data of clients are processed in the following cases:

  • use of the contact form service on the Website for the performance of an electronic service contract.
    Legal basis: necessary for the performance of the contract for the contact form service (Article 6 (1) point b GDPR).

3. In the case of using the contact form service, the Customer provides the following data:

  • e-mail address
  • first name
  • phone number

4. When using the Website, additional information may be collected, in particular:

  • the IP address assigned to the Customer’s computer or the external IP address of the Internet service provider,
  • domain name,
  • browser type,
  • access time,
  • operating system type.

5. Information about the Customers may also be collected, including information about links and hyperlinks that the Customer decides to click or other activities performed on the Website.
Legal basis: justified legitimate interest (Article 6 (1) point f GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.

6. Personal data provided to the Administrator is voluntary.

§ 2 To whom are the data disclosed or entrusted to and how long are they stored?

1. The Customer’s personal data is disclosed to providers of services used by the Administrator when operating the Website. Such service providers process personal data either on the Administrator’s instructions, i.e. as processors, or independently determine the purposes and methods of processing personal data, i.e. as administrators.

1.1. Processors. The Administrator uses processors who process personal data solely on the Administrator’s instructions. These include providers of the following services:

  • hosting services,
  • bookkeeping services,
  • marketing systems,
  • web analytics systems,
  • systems for analysing the effectiveness of marketing campaigns.

1.2. Administrators. The Administrator uses providers who do not act solely on instructions and who independently determine the purposes and methods of processing personal data. These include providers of the following services:

  • electronic payment services,
  • banking services.

2. Location. The service providers are based mainly in Poland and in other European Economic Area (EEA) countries.

3. The Customer’s personal data is stored:

  • 3.1. In the case where the processing of personal data is based on consent, the Customer’s personal data is processed by the Administrator until the consent is withdrawn, and after withdrawal for a period corresponding to the limitation period of claims that may be brought by the Administrator and that may be brought against him. Unless a special provision provides otherwise, the limitation period is 6 years, and for claims for periodical performance and claims related to conducting business activity – 3 years.
  • 3.2. In the case where the processing of personal data is based on the performance of a contract, the Customer’s personal data is processed by the Administrator for a period necessary for the performance of the contract, and after that period for a period corresponding to the limitation period of claims. Unless a special provision provides otherwise, the limitation period is 6 years, and for claims for periodical performance and claims related to conducting business activity – 3 years.

4. Upon request, the Administrator discloses personal data to authorised public authorities, in particular to the following units:

  • Prosecutor’s Office,
  • Police,
  • Personal Data Protection Office,
  • Competition and Consumer Protection Office,
  • Electronic Communications Office.

§ 3 Cookie mechanism, IP address

1. The Website uses small files called cookies. They are stored on the end device of a person visiting the Website, if the web browser allows for it. A cookie usually contains the domain name from which it originates, its expiration date, and a randomly selected number identifying this file. Information collected using this type of files helps to adjust the products offered by the Administrator to the individual preferences and actual needs of persons visiting the Website.

2. The Administrator uses two types of cookies:

  • 2.1. Session cookies: after the end of a web browser session or turning off the computer, the stored information is removed from the device’s memory. The session cookies mechanism does not allow any personal data or any confidential information to be collected from the Customers’ computers.
  • 2.2. Persistent cookies: remain stored in the end device’s memory until the time of their deletion or expiration. The mechanism of persistent cookies does not allow any personal data or any confidential information to be collected from the Customers’ computers.

§ 3 Cookies and IP addresses

3. The Administrator uses its own cookies for the following purposes:

  • analyses and research and audits of website traffic, and in particular to create anonymous statistics that help understand how Customers use the Website, which allows the Website to be improved in structure and content.

4. The Administrator uses external cookies for the following purposes:

  • to present a map indicating the location of the Administrator’s office on the information pages of the Website using the maps.google.com internet service (administrator of external cookies: Google Inc. with its registered office in the USA).

5. The cookies mechanism is safe for the Customers’ computers visiting the Website. In particular, it is not possible to transfer viruses or other unwanted software or malware to the Customers’ computers via this route. However, in their browsers, Customers have the option of restricting or disabling access by cookies to their computers. If this option is used, using the Website will be possible, except for functions that, by their nature, require cookies.

6. The Administrator may collect IP addresses of Customers. An IP address is a number assigned to a Customer’s computer by an Internet service provider to enable access to the Internet. An IP address allows you to diagnose technical problems with the server, create statistical analyses (for example, determine which regions we have the most visits from), administer and improve the Website, and identify and prevent unwanted automatic programs from browsing the Website content.

7. The Administrator uses the IP address for the following purposes:

  • diagnosing technical problems with the server,
  • creating statistical analyses (for example, determining which regions we have the most visits from),
  • administering and improving the Website,
  • ensuring security and, if necessary, identifying users who burden the server with unwanted automatic programs for browsing the Website content.

§ 4 Rights of data subjects

1. The right to withdraw consent – legal basis: art. 7(3) GDPR.

  • 1.1. The Customer has the right to withdraw any consent he or she has given to the Administrator.
  • 1.2. Withdrawal of consent is effective from the moment of withdrawal of consent.
  • 1.3. Withdrawal of consent does not affect the processing carried out by the Administrator in accordance with the law prior to its withdrawal.
  • 1.4. Withdrawal of consent will not entail any negative consequences for the Customer, but may make it impossible to continue using services or functionalities that, by law, can only be provided with the Customer’s consent.

2. The right to object to the processing of data – legal basis: art. 21 GDPR.

  • 2.1. The Customer has the right to object at any time, for reasons related to his or her particular situation, to the processing of his or her personal data, including profiling, if the Administrator processes his or her data on the basis of a legitimate interest.
  • 2.2. Opting out of receiving marketing messages about products or services by e-mail will mean that the Customer has objected to the processing of his or her personal data for marketing purposes.
  • 2.3. If the Customer’s objection is found to be justified, the Administrator will have no other legal basis for processing the Customer’s personal data and the data will be deleted.

3. The right to erasure of data („right to be forgotten”) – legal basis: art. 17 GDPR.

  • 3.1. The Customer has the right to request erasure of all or some of his or her personal data.
  • 3.2. The Customer has the right to request erasure of personal data if:
    • personal data are no longer necessary for the purposes for which they were collected,
    • the Customer has withdrawn a specific consent,
    • the Customer has objected to the use of his or her data for marketing purposes,
    • personal data are processed unlawfully,
    • personal data must be erased in order to comply with a legal obligation.
  • 3.3. The Administrator may retain certain personal data to the extent that processing is necessary to establish, assert or defend legal claims.

4. The right to restriction of processing – legal basis: art. 18 GDPR.

  • 4.1. The Customer has the right to request restriction of processing of his or her personal data.
  • 4.2. The Customer has the right to request restriction of use of personal data in the following cases:
    • if the Customer disputes the accuracy of his or her personal data – for the period of time necessary to verify their accuracy,
    • if the processing of data is unlawful, and instead of erasure the Customer requests restriction of processing,
    • if personal data are no longer necessary for the purposes of processing, but are needed by the Customer to establish, assert or defend legal claims,
    • if the Customer has objected to the use of his or her data – for the period of time necessary to consider whether the Administrator’s legitimate grounds override the Customer’s rights.

5. The right of access to data – legal basis: art. 15 GDPR.

  • 5.1. The Customer has the right to obtain confirmation from the Administrator as to whether personal data are processed, and if so, the Customer has the right to:
    • obtain access to his or her personal data,
    • obtain information about the purposes of processing, the categories of personal data, the recipients, the planned retention period,
    • obtain a copy of his or her personal data.

6. The right to rectification of data – legal basis: art. 16 GDPR.

  • The Customer has the right to request immediate rectification of his or her personal data if they are incorrect.

7. The right to data portability – legal basis: art. 20 GDPR.

  • 7.1. The Customer has the right to receive his or her personal data that he or she has provided to the Administrator, and to transfer them to another controller of personal data.

8. Where the Customer exercises a right under the above provisions, the Administrator shall comply with the request or refuse to comply with it without undue delay, no later than within a month.

9. The Customer may submit complaints, queries and requests regarding the processing of his or her personal data to the Administrator.

10. The Customer has the right to lodge a complaint with the President of the Personal Data Protection Office regarding the violation of his or her rights to the protection of personal data or other rights granted under the GDPR.

§ 5 Changes to the Privacy Policy

1. The Privacy Policy may change, and the Administrator is not obliged to inform about it.

2. Questions related to the Privacy Policy should be directed to the e-mail address: michellesch.couture@gmail.com

3. Last modification date: 28.02.2025