Privacy Policy – Art Novague

We are delighted by your interest in our company. Data protection is of utmost importance for the management of Maison Novague GmbH and its subsidiary Art Novague. Generally, the use of the Art Novague website is possible without providing personal data. However, if users wish to use specific services such as purchasing accessories, jewelry, vases, lamps, and lampshades, the processing of personal data may be required. In such cases, if processing is not legally permitted, Art Novague will first obtain the user’s consent.

The processing of personal data, such as name, address, email, or phone number, is always carried out in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws. This privacy policy informs users about the type, scope, and purpose of personal data collected, used, and processed, and explains their rights regarding personal data.

Art Novague, as part of Maison Novague GmbH, has implemented numerous technical and organizational measures to protect users’ personal data. Nevertheless, internet-based data transmissions may have security vulnerabilities, so absolute protection cannot be guaranteed. Therefore, users may provide personal data via alternative methods, such as telephone.

  1. Key Definitions
  • Personal Data: Any information relating to an identified or identifiable natural person, such as name, customer ID, email, or physical/social characteristics.
  • Data Subject: An individual whose personal data is processed by the data controller.
  • Processing: Any operation performed on personal data, such as collection, storage, organization, use, disclosure, or deletion.
  • Consent: A freely given, informed, and explicit indication of the data subject’s agreement to the processing of their personal data.
  1. Data Controller

Responsible under GDPR and national law:

Maison Novague GmbH – Subsidiary Art Novague
Address: Ernst-Boehme-Str. 27, 38112 Braunschweig, Germany
Phone: 03089750123
Email: info@maison-novague.com
Website: https://www.art-novague.com

  1. Cookies

The Art Novague website uses cookies to provide a better user experience. Cookies are text files stored in the browser that help identify the browser. They may be used for shopping cart storage, user login, or service personalization. Users can prevent cookies via browser settings, but some features may not function fully.

  1. Collection of General Data

Each visit to our website may collect general information, such as browser type, operating system, referring page, date/time, IP address, and Internet Service Provider. This data is stored anonymously and is used to:

  • Deliver content correctly,
  • Optimize the website and advertising,
  • Ensure system security,
  • Provide information to authorities in case of cyber attacks.
  1. Contact via the Website
    The Art Novague website contains information that, in accordance with legal requirements, enables quick electronic contact with our company and direct communication with our team, including a general email address.
    If a user contacts the data controller via email or a contact form, the personal data provided will be stored automatically. Such data, voluntarily provided by the user, will be stored solely for the purpose of processing requests or contacting the user. No transfer of this personal data to third parties takes place.
  2. Routine Deletion and Blocking of Personal Data
    The data controller processes and stores personal data of users only for the period necessary to achieve the storage purpose or as provided by the European legislator or other national legislation.

Once the storage purpose ceases or a statutory storage period expires, the personal data is routinely blocked or deleted in accordance with legal requirements.

  1. Rights of the Data Subject
  2. a) Right of Confirmation
    Every data subject has the right to obtain confirmation from the data controller as to whether personal data concerning them is being processed.
    If a data subject wishes to exercise this right, they may contact any member of the Art Novague team at any time.
  3. b) Right of Access
    Every data subject whose personal data is processed has the right to obtain free information at any time about the personal data stored concerning them and a copy of this information. Furthermore, the data subject is entitled to information regarding:
  • The purposes of processing
  • The categories of personal data processed
  • Recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly recipients in third countries or international organizations
  • Where possible, the intended storage period or, if not possible, the criteria for determining this period
  • The existence of the right to rectification or erasure of the personal data or to restriction of processing or to object to processing
  • The existence of a right to lodge a complaint with a supervisory authority
  • Where the personal data are not collected from the data subject: all available information as to their source
  • The existence of automated decision-making including profiling, and at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject

Furthermore, the data subject has the right to be informed whether personal data have been transferred to a third country or to an international organization. In such a case, the data subject is entitled to information about the appropriate safeguards related to the transfer.
To exercise the right of access, the data subject may contact any member of the Art Novague team at any time.

  1. c) Right to Rectification
    Any person whose personal data is processed has the right under EU law to request the immediate correction of inaccurate personal data concerning them. Furthermore, the person has the right to request the completion of incomplete personal data, taking into account the purposes of processing, including by means of a supplementary statement.
    If a person wishes to exercise this right to rectification, they can contact any employee of Art Novague at any time.
  2. d) Right to Erasure (Right to be Forgotten)
    Any person whose personal data is processed has the right under EU law to request that the data controller delete personal data concerning them without delay, provided that one of the following reasons applies and processing is not required:
  • The personal data were collected or otherwise processed for purposes that are no longer necessary.
  • The data subject withdraws consent on which the processing is based, and there is no other legal basis for processing.
  • The data subject objects to processing pursuant to EU law and there are no overriding legitimate grounds for processing.
  • The personal data have been unlawfully processed.
  • Deletion of personal data is necessary to comply with a legal obligation.
  • Personal data were collected in relation to services offered by the information society.

If one of the above reasons applies and a person wishes to request the deletion of personal data stored at Art Novague, they can contact any employee of the company at any time. The team at Art Novague will ensure that the deletion request is implemented promptly.
If the personal data have been made public and the company is obliged to delete them, Art Novague will take appropriate measures, including technical measures, to inform other data controllers processing the published personal data to delete any links, copies, or replications.

  1. e) Right to Restriction of Processing
    Any person whose personal data is processed has the right under EU law to request the restriction of processing if one of the following conditions is met:
  • The accuracy of the personal data is contested, for a period allowing the controller to verify accuracy.
  • The processing is unlawful, and the data subject opposes erasure and requests restriction instead.
  • The controller no longer needs the personal data for processing purposes, but the data subject requires them for the establishment, exercise, or defense of legal claims.
  • The data subject has objected to processing and it is not yet determined whether the legitimate grounds of the controller override those of the data subject.

If any of these conditions apply and a person wishes to request the restriction of personal data processing at Art Novague, they can contact any employee of the company at any time. The data processing team will implement the restriction as requested.

  1. f) Right to Data Portability
    Any person whose personal data is processed has the right under EU regulations to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used, and machine-readable format.
    Furthermore, they have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent under Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract under Art. 6(1)(b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
    In exercising the right to data portability under Art. 20(1) GDPR, the data subject also has the right to request that the personal data be transmitted directly from one controller to another, as far as technically feasible and provided that it does not adversely affect the rights and freedoms of others.
    To exercise this right, the data subject may contact any employee of Art Novague at any time.
  2. g) Right to Object
    Any person whose personal data is processed has the right under EU regulations to object, for reasons arising from their particular situation, at any time to the processing of personal data concerning them, which is carried out on the basis of Art. 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
    In the event of an objection, Art Novague will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defense of legal claims.
    If Art Novague processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such advertising. This also applies to profiling insofar as it is related to such direct marketing. Upon objection, Art Novague will cease processing the personal data for these purposes.
    Moreover, the data subject has the right to object, for reasons arising from their particular situation, to the processing of personal data concerning them carried out for scientific, historical research, or statistical purposes according to Art. 89(1) GDPR, unless such processing is necessary for the performance of a task in the public interest.
    To exercise the right to object, the data subject may contact any employee of Art Novague They may also exercise their right to object in connection with the use of information society services by automated means, notwithstanding Directive 2002/58/EC, provided technical specifications are used.
  3. h) Automated Individual Decisions, including Profiling
    Every person whose personal data is processed has the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning them or significantly affects them, unless the decision is necessary for the conclusion or performance of a contract, is legally permitted, or is made with the explicit consent of the data subject.
    If the decision is necessary for a contract or made with explicit consent, Art Novague takes appropriate measures to protect the rights, freedoms, and legitimate interests of the data subject, including the right to human intervention, to express their point of view, and to contest the decision.
    To exercise these rights, the data subject may contact any employee of Art Novague at any time.
  4. i) Right to Withdraw Data Protection Consent
    Every person whose personal data is processed has the right to withdraw their consent to the processing of personal data at any time.
    To exercise this right, the data subject may contact any employee of Art Novague at any time.

 

The data controller has integrated components of Facebook on this website. Facebook is a social network.

A social network is an online platform that generally allows users to communicate and interact in a virtual space. It can serve as a platform for exchanging opinions and experiences or allow the online community to provide personal or business-related information. Facebook enables users to create private profiles, upload photos, and connect through friend requests.

The operator of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For users outside the USA or Canada, the data controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Whenever a user visits a page on this website containing a Facebook component (Facebook plug-in), their browser automatically downloads the corresponding Facebook component from Facebook’s servers. A full list of all Facebook plug-ins is available at https://developers.facebook.com/docs/plugins/?locale=de_DE. In this process, Facebook learns which specific page of our website is visited.

If the user is logged into Facebook at the same time, Facebook recognizes which page is visited and links this information to the user’s Facebook account. When the user clicks a Facebook button (e.g., “Like”) or posts a comment, Facebook assigns this information to their account and stores the personal data.

This information is transmitted to Facebook whether or not the user interacts with the Facebook component. To prevent data transfer, the user can log out of their Facebook account before visiting the site.

Facebook’s published data policy, available at https://de-de.facebook.com/about/privacy/, explains the collection, processing, and use of personal data, privacy settings, and applications that can prevent data transfer to Facebook.

 

  1. Data Protection Policy Regarding the Use of Instagram

The data controller has integrated components of the Instagram service on this website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos, as well as distribute such data on other social networks.

The operating company of Instagram services is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Whenever a user visits a page on this website, which is operated by the data controller and on which an Instagram component (Insta-Button) is integrated, the user’s web browser is automatically instructed by the Instagram component to download a representation of this component from Instagram. Through this technical process, Instagram learns which specific page of our website the user is visiting.

If the user is simultaneously logged into Instagram, Instagram can recognize, with each visit to our website and during the entire duration of the visit, which specific page the user is viewing. These information are collected by the Instagram component and associated with the user’s Instagram account. If the user clicks on any Instagram button integrated on our website, the transmitted data and information are associated with their personal Instagram account and processed by Instagram.

Instagram receives information through the Instagram component whenever the user visits our website while logged into Instagram, regardless of whether the user clicks on the Instagram component. If the user does not wish to transmit this information to Instagram, they can prevent this by logging out of their Instagram account before visiting our website.

Further information and the applicable privacy policies of Instagram can be accessed at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

  1. Data Protection Regulations for the Use of Jetpack for WordPress

The data controller has integrated Jetpack on this website. Jetpack is a WordPress plugin that provides additional functionalities to the operator of a WordPress-based website. Among other things, Jetpack allows the website operator to get an overview of visitors. By displaying related posts and publications or enabling content sharing, it is also possible to increase visitor numbers. In addition, Jetpack includes security functions that better protect a website using Jetpack against brute-force attacks. Jetpack also optimizes and speeds up the loading of images integrated into the website.

The company operating the Jetpack plugin for WordPress is Automattic A8C Ireland Ltd., Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland.

Jetpack sets a cookie on the information technology system of the data subject. As explained above, cookies are small data files. Each time a user accesses a page of this website where a Jetpack component is integrated, the browser automatically transmits data to Automattic for analysis. In this technical process, Automattic receives data used to create an overview of website visits. These data are analyzed to understand the behavior of persons accessing the website and to optimize the website. The data collected via Jetpack is not used to identify the data subject without prior explicit consent. The data is also shared with Quantcast, which uses the data for the same purposes as Automattic.

The data subject can prevent cookies from being set by adjusting their browser settings at any time, thereby permanently objecting to the use of cookies. This setting also prevents Automattic/Quantcast from setting cookies on the data subject’s system. Previously set cookies can also be deleted at any time via the browser or other software.

Furthermore, the data subject has the option to object to the collection and processing of data related to the use of this website via Jetpack by pressing the Opt-Out button at https://www.quantcast.com/opt-out/, which sets an Opt-Out cookie on the system. If the cookies are deleted after an objection, the Opt-Out link must be visited again to set a new Opt-Out cookie.

However, placing the Opt-Out cookie may mean that the websites of the data controller are not fully usable for the data subject.

The applicable privacy policies of Automattic are available at https://automattic.com/privacy/ and of Quantcast at https://www.quantcast.com/privacy/.

 

  1. Legal Basis for Processing
    Article 6(1)(a) DS-GVO serves as the legal basis for our company for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfill a contract to which the data subject is a party, such as for the delivery of goods or the provision of services, the processing is based on Article 6(1)(b) DS-GVO. The same applies to processing necessary for pre-contractual measures, e.g., inquiries about our products or services.

If our company is legally obliged to process personal data, such as for tax obligations, the processing is based on Article 6(1)(c) DS-GVO. In rare cases, processing may be necessary to protect the vital interests of the data subject or another natural person, e.g., if a visitor is injured on our premises and their name, age, health insurance information, or other vital data must be shared with a doctor, hospital, or other third party. Then the processing would be based on Article 6(1)(d) DS-GVO.

Finally, some processing operations may be based on Article 6(1)(f) DS-GVO. This applies when processing is necessary to protect the legitimate interests of our company or a third party, provided the rights and freedoms of the data subject do not override. This is allowed because it is explicitly mentioned by the European legislator, who considered that a legitimate interest could exist, especially if the data subject is a customer of the controller (Recital 47 sentence 2 DS-GVO).

  1. Legitimate Interests Pursued by the Controller or a Third Party
    If processing is based on Article 6(1)(f) DS-GVO, our legitimate interest is the operation of our business for the welfare of all our employees and shareholders.
  2. Duration of Data Storage
    The duration of storing personal data is determined by the respective legal retention period. After this period, the data will be routinely deleted unless still required for contract fulfillment or initiation.
  3. Legal or Contractual Requirements for Providing Data; Necessity for Contract; Obligation of Data Subject; Consequences of Non-Disclosure
    We inform you that providing personal data may be partly legally required (e.g., tax laws) or based on contractual obligations (e.g., contract partner information). Sometimes, for concluding a contract, the data subject must provide personal data, which will then be processed by us. For example, a data subject must provide their personal data if our company enters into a contract with them. Failure to provide data could prevent the contract from being concluded. Before providing personal data, the data subject should contact one of our employees for case-by-case clarification on the legal or contractual necessity and the consequences of non-provision.
  4. Existence of Automated Decision-Making
    As a responsible company, we refrain from automated decision-making or profiling.

This privacy notice was prepared by DGD Deutsche Gesellschaft für Datenschutz GmbH, acting as an external data protection officer in Straubing, in cooperation with privacy lawyer Christian Solmecke.