This Privacy Policy explains how Anna Darasma website (“we”, “us”, or “our”) collects, uses, and protects your personal data when you visit or make a purchase from annadarasma.com (the “Website”).
We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable EU and national laws.
1. Data Controller
The data controller responsible for your personal data is:
Name: Anna Darasma
Email: contact(at)annadarasma.com
2. What Personal Data We Collect
We may collect and process the following categories of personal data:
a) Information You Provide Directly
- Name
- Email address
- Billing and shipping address
- Phone number (if provided)
- Payment details (processed securely by third-party payment providers)
- Messages sent through contact forms
b) Newsletter Subscription
- Email address
- Name (if provided)
- Preferences or interests (if indicated)
c) Automatically Collected Data
When you visit the Website, we may collect:
- IP address
- Browser type and version
- Device information
- Pages visited
- Date and time of access
This data may be collected via cookies and similar technologies.
3. Legal Basis for Processing
Under GDPR, we process your personal data on the following legal bases:
- Contractual necessity — to process and deliver your orders.
- Legal obligation — for accounting, invoicing, and tax compliance.
- Consent — for newsletter subscriptions and marketing communications.
- Legitimate interest — to improve website functionality, security, and user experience.
4. How We Use Your Data
We use your personal data to:
- Process and fulfill orders
- Provide digital downloads
- Send order confirmations and invoices
- Respond to inquiries
- Send newsletters (if you have subscribed)
- Improve website performance and user experience
- Comply with legal obligations
We do not sell or rent your personal data to third parties.
5. Newsletter and Marketing Communications
If you subscribe to our newsletter, we will use your email address to send:
- Studio updates
- New artwork releases
- Creative insights
- Exclusive downloadable content
You may withdraw your consent at any time by clicking the “unsubscribe” link in any email or by contacting us directly.
6. Payment Processing
Payments are processed securely through third-party payment providers (e.g., Stripe, PayPal, or similar). We do not store full payment card details on our servers.
These providers process your data in accordance with their own privacy policies and GDPR obligations.
7. Data Retention
We retain personal data only for as long as necessary:
- Order and invoicing data: as required by tax and accounting laws (typically 5–10 years, depending on national legislation).
- Newsletter data: until you withdraw consent.
- Contact inquiries: for a reasonable period necessary to resolve the request.
8. Your Rights Under GDPR
As an EU data subject, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data (“right to be forgotten”)
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent at any time
To exercise any of these rights, please contact us at contact(at)annadarasma.com
You also have the right to lodge a complaint with your national data protection authority.
9. Cookies
The Website may use cookies to:
- Ensure proper website functionality
- Analyze traffic and performance
- Improve user experience
You may control or disable cookies through your browser settings.
If required by law, a cookie consent banner will be displayed upon first visit.
10. Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.
However, no method of transmission over the Internet is 100% secure.
11. Third-Party Services
We may use trusted third-party providers for:
- Website hosting
- Email marketing services
- Payment processing
- Analytics tools (e.g., Google Analytics)
These providers process personal data only as necessary and in compliance with GDPR.
12. International Data Transfers
If personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
13. Changes to This Policy
We reserve the right to update this Privacy Policy at any time. Updates will be published on this page with a revised “Last updated” date.