Privacy

I take the protection of data privacy very seriously. Here you can find my privacy policy.

This privacy policy provides information about how I handle personal data that is collected when using my website www.paintwithanapaz.com and the associated subdomains. By using my website, you agree to the processing of your data in accordance with this privacy policy.

§1 Who is responsible for this website?

Responsible for this website:

Ana Maria Fociuc/Ana Paz
Sägholzstrasse 35
9038 Rehetobel
Switzerland
mail(at)paintwithanapaz.com / anapazartist@gmail.com

If you have questions, concerns, requests or comments about this privacy policy, you can contact me at the above address.

§2 What information do I record and process and for what purpose?

By providing information that is either required or optional, if applicable, you consent to the recording, processing, use and disclosure of personal data for the purposes described in this privacy policy.

Visiting the website

My website can be visited without providing personal data. When you visit my website, technically necessary information about your access is automatically stored in server log files:

Host name of the accessing terminal device (IP address)
Date and time of the server request
Name of the retrieved file
Notification of successful retrieval
Reference URL (the previously visited web page)
Browser and operating system used
Amount of data transmitted

It is impossible for me to assign these data to specific persons. This data is not merged with other data sources. The recording of this data is necessary for technical reasons to enable you to access the website and display your content. The basis of the data processing is Art. 6 para. 1 lit. b GDPR (EU General Data Protection Regulation, GDPR), which allows the processing of data for the fulfillment of a contract or pre-contractual measures.

Comment function

If you use the comment function on my website, the following information is recorded and stored:

Your e-mail address (required)
Your comment (required)
The username/full name you have chosen if you are not posting anonymously (required)
Time and date of the comment creation (automatic)

My comment function does not store IP addresses of users who post comments. Since I review comments on my site before they are published, I don’t need your IP address to take action against the author in case of legal violations like insults or propaganda. Comments remain on my website until they are completely deleted or have been deleted for legal reasons. The storage of comments is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke any consent you have given at any time. For this purpose, an informal notification by e-mail to the above-mentioned e-mail address (§1) is sufficient. The legitimacy of the data processing operations already carried out remains unaffected by the revocation.

Reviews

If you use the review function on my website, the following information is recorded and stored:

Your review (required)
Your E-Mail (required)
Review stars (required)
The name you have chosen if you are not posting anonymously (required)
Time and date of the review creation (automatic)

My review function does not store IP addresses of users who post reviews. Since I review reviews on my site before they are published, I don’t need your IP address to take action against the author in case of legal violations like insults or propaganda. Reviews remain on my website until they are completely deleted or have been deleted for legal reasons. The storage of reviews is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke any consent you have given at any time. For this purpose, an informal notification by e-mail to the above-mentioned e-mail address (§1) is sufficient. The legitimacy of the data processing operations already carried out remains unaffected by the revocation.

Online shop and customer account

When you purchase products, downloads or access to online courses from my online shop, the following information is collected from you, which is necessary for processing and fulfilling your order:

Your first and last name (required)
Your e-mail address (required)
Your postal address (required)
Time and date of the order (automatic)
Your phone number (optional)
Company name (optional)
Comments (optional)
Payment details (required)

In my online shop I use exclusively the payment methods Revolut (§3) and Stripe (§3). For the payment processing your personal data will be transmitted via an encrypted connection to Revolut or Stripe.

For the use of certain services (for example online courses) a customer account is registered. The mandatory information requested during registration must be provided in full. Otherwise I will refuse the registration. Your registration is necessary for the fulfilment of the contract or for the implementation of pre-contractual measures or for the provision of the requested services. The information is stored in the customer account and can be modified by you at any time via the settings in the customer account. The basis for data processing is Art. 6 para. 1 lit. b GDPR.

For important modifications, for example in the scope of the offer or in case of technically necessary modifications, I will use the e-mail address provided during registration to inform you accordingly.

You can withdraw your consent at any time during registration. For this purpose, an informal notification by e-mail to the above-mentioned e-mail address (§1) is sufficient. The legitimacy of the data processing operations already carried out remains unaffected by the revocation.

The personal information you provide during registration will be stored by me as long as you are registered on my website and will be deleted afterwards. Legal retention periods remain unaffected.

§3 How do I share data?

The personal data you have provided will only be passed on to third parties if this is necessary for the execution of the contract. Third parties can be for example Donorbox, PayPal, Stripe or logistics providers. A further transmission of the data does not take place or only if you have expressly agreed to it. Transmission of data is encrypted through a SSL connection. The basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the fulfilment of a contract or pre-contractual measures.

External payment service providers

I use external payment service providers to carry out payment transactions between you and me via their platforms:

Revolut Ltd., located at 7 Westferry Circus, Canary Wharf, London, England, E14 4HD (https://www.revolut.com/legal/privacy)
Stripe Payments Europe, Ltd., a private limited company organized under the laws of Ireland with company number 513174 and offices at The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland (https://stripe.com/de-ch/privacy)
PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
Visa (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)
Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
American Express (https://www.americanexpress.com/us/legal-disclosures/privacy-center.html)
Discover (https://www.discover.com/privacy-statement/credit-cards-privacy-policy.html)
JCB (http://www.jcbeurope.eu/privacy/)
Diners Club (https://www.dinersclub.com/privacy-policy)

Within the scope of the fulfillment of contracts, I use the payment service providers on the basis of the Swiss Data Protection Ordinance and, where necessary, Art. 6 para. 1 lit. b GDPR. Furthermore, I use external payment service providers on the basis of my legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR to offer you effective and secure payment options.

The information processed by the payment service providers includes inventory data, such as first and last name, address, bank data, such as, inter alia, account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, sum and beneficiary-related information. These details are required to carry out the transactions. However, the information entered is only processed by the payment service providers and stored by them. I do not receive any information on (bank) account or credit card, but only information confirming (accepting) or rejecting the payment. Under certain circumstances, the payment service providers may transmit the information to credit reference agencies. The purpose of this transmission is to check identity and creditworthiness. For this purpose I refer to the general terms and conditions and privacy policies of the payment service providers.

For payment transactions, the terms and conditions and the privacy policy of the respective payment service providers apply, which are available on the respective website or transaction application. I also refer to these for the purpose of further information and assertion of rights of revocation, information and other rights affected.

§4 For how long do I store data?

I store personal data only as long as necessary. For example, in order to execute offers and services (§2) listed in this privacy policy for which you have given your consent or to comply with my legal obligations.

Contract data will be stored by me for a longer period of time, as this is required by legal storage obligations. Retention obligations, which oblige me to store data, result from accounting and tax regulations. According to these regulations, business communication, concluded contracts and accounting records must be stored for up to 10 years. To the extent that I no longer require this data to perform services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

§5 How do I use cookies?

For the usage of my website I use cookies. Cookies are small text blocks that are transferred and stored by me on your computer when you use my website. Cookies and similar techniques are also used to enable certain procedures, services and transactions. Most browsers accept cookies by default. If you do not wish to use cookies, you can block or restrict their use in your browser. If you deactivate cookies, certain functions and services on my website may not be available to you and some pages may not be displayed correctly. Cookies, which are required for the electronic communication process or for the provision of certain functions you have requested (e.g. shopping basket function), are stored on the basis of Art. 6 Para. 1 lit. f GDPR. I have a legitimate interest in the storage of cookies for the technically faultless and optimized provision of my services.

§6 Which services from other third party providers do I integrate on my website?

On my website I use content or service offerings from third party providers to integrate their content and services. On my website I use functions of the following third party providers:

PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (§3)
Revolut Ltd., 7 Westferry Circus, Canary Wharf, London, England, E14 4HD (§3)
Stripe Payments Europe, Ltd., The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland (§3)
Rebel Idealist LLC, located at 5 3rd St, Suite 900, San Francisco, CA 94103 (Donorbox) (§2)
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA
YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA

My website uses social buttons from social networks like Facebook, Twitter and Instagram. These are used to maintain my prevailing legitimate interests in an optimal marketing of my services in accordance with Art. 6 para. 1 s. 1 lit. f GDPR. For a better protection I have not integrated the buttons with a plugin, but as HTML code. This means that a connection to the respective servers of the social media service is only established when you click on the button. The selected service will be opened in a new window where you can share the content. This means that the request is made from the server. If you do not click the button, no connection will be established and no data will be collected from you.

The listed social media services are certified with the Privacy Shield Agreement. The privacy policy of the individual services can be found here:

Facebook: https://de-de.facebook.com/policy.php
Twitter: https://twitter.com/privacy
Instagram: https://help.instagram.com/519522125107875
Google: https://www.google.com/policies/privacy
YouTube: https://www.google.com/policies/privacy/

Web analysis

I deliberately refrain from using web analysis tools like Google Analytics or Matomo (formerly Piwik). For such analyses and data I have neither time nor resources and they are not required for my services.

Google Fonts

My website uses so-called web fonts, which are provided by Google, for the uniform display of fonts. The Google Fonts are provided locally by the server. There is no connection to Google servers.

YouTube and Vimeo

On my website I integrate videos from YouTube and Vimeo by means of a so-called “iFrames”. When a page with such an iFrame is opened, a connection to the servers of YouTube or Vimeo is established. YouTube or Vimeo is thus informed which of my pages you have visited. YouTube can also directly assign your surfing behavior to your personal profile if you are logged in to your YouTube account. By logging out you have the possibility to prevent this. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. My legitimate interest lies in the great benefit that YouTube offers. By integrating external videos, I reduce the load on my server. YouTube or Google also has a legitimate interest in the collected (personal) data in order to improve their own services.

External links and websites

My website contains links to third party websites. As soon as you click on them, you leave my website. I have no influence on the current and future design, content or compliance with privacy and security regulations by other providers. I do not take any responsibility for the content or legal aspects of third party websites linked to my website. Please also inform yourself on the websites of the other providers about the privacy policies provided there.

§7 What are your rights?

You have the right to free information (Art. 15 GDPR)
You have the right of rectification (art. 16 GDPR)
You have the right of deletion (Art. 17 GDPR)
You have the right of restriction (Art. 18 GDPR)
You have the right to be notified (Art. 19 GDPR)
You have the right to data transferability (Art. 20 GDPR)
You have the right to appeal (Art. 21 GDPR)
You have the right to appeal to the supervisory authority (Art. 77 GDPR)
You have the right to revoke consents granted (Art. 7 para. 3 GDPR)

If you have further questions regarding the recording, processing or use of your personal data, please contact me at the address mentioned in §1. The same applies to the above mentioned rights regarding your personal data.

§ 8 Data security

It is important for me that you understand how information about you is used and shared. I appreciate your trust in me. I treat personal data confidentially and in accordance with the data protection regulations of Switzerland (DSG) and any applicable foreign data protection laws of the EU (GDPR).

All personal data that you provide to me on this website will be transmitted via a secure connection in encrypted form. My website uses SSL encryption. You can recognize the encrypted connection by the prefix https:// in the page link in the address line of your browser. Unencrypted pages are identified by http://. All data that you transmit via this website cannot be read by third parties with SSL encryption.

§9 Modifications of my privacy policy

I reserve the right to revise, modify or otherwise amend this privacy policy. The respective new version will be made available to you on this website. The current privacy policy published by me applies in each case. By continuing to use this website, you agree to the respective valid privacy policy.

End of the privacy policy

ANA PAZ