1. General provisions
This personal data processing policy is drawn up in accordance with the requirements of the General Data Protection Regulation (hereinafter referred to as EU GDPR) and defines the procedure for processing personal data and the measures to ensure the security of personal data taken by Argument of Knowledge Lab Ltd. (hereinafter referred to as the Company).
1.1. The Company sets as its most important goal and condition for carrying out its activities the observance of the rights and freedoms of man and citizen when processing his personal data, including the protection of the rights to privacy, personal and family secrets.
1.2. This Company’s policy regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Company may receive about visitors to the website https://ateliercorleone.com.
1.3. Data controller
The data controller is: Argument of Knowledge Lab Ltd.
Agias Zanis & Thessalonikis, Nicolaou Pentadromos Center, Block B, Office 1001, 3026 Limassol, Cyprus
Email: legal@ateliercorleone.com
2. Definitions used in the Policy
2.1. Automated processing of personal data – processing of personal data using computer technology.
2.2. Blocking of personal data is a temporary cessation of processing of personal data (except for cases where processing is necessary to clarify personal data).
2.3. Website is a collection of graphic and information materials, as well as programs and databases that ensure their availability on the Internet at the network address https://ateliercorleone.com.
2.4. Personal data information system is a set of personal data contained in databases and information technologies and technical means that ensure their processing.
2.5. Depersonalization of personal data – actions as a result of which it is impossible to determine without the use of additional information the ownership of personal data to a specific User or other subject of personal data.
2.6. Processing of personal data – any action (operation) or set of actions (operations) performed using automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.7. Company – a legal entity, independently or jointly with other persons organizing and/or carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
2.8. Personal data – any information relating directly or indirectly to a specific or identifiable User of the website https://ateliercorleone.com.
2.9. Special categories of personal data
The Company does not intentionally collect or process special categories of personal data within the meaning of Article 9 GDPR (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data or biometric identifiers).
If a user voluntarily provides such information, it will be deleted unless processing is required by law or based on explicit consent.
2.10. User – any visitor to the website https://ateliercorleone.com.
2.11. Providing personal data – actions aimed at disclosing personal data to a certain person or a certain circle of persons.
2.12. Dissemination of personal data – any actions aimed at disclosing personal data to an unspecified number of persons (transfer of personal data) or at acquaintance with personal data of an unlimited number of persons, including the publication of personal data in the media, posting in information and telecommunication networks or providing access to personal data in any other way.
2.13. Cross-border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
2.14. Destruction of personal data – any actions as a result of which personal data is irretrievably destroyed with the impossibility of further restoration of the content of personal data in the personal data information system and/or material media of personal data are destroyed.
3. Basic rights and obligations
3.1. The Company has the right:
— receive from the subject of personal data reliable information and/or documents containing personal data;
— in the event that the subject of personal data withdraws consent to the processing of personal data, as well as sends a request to stop processing personal data, the Company has the right to continue processing personal data without the consent of the subject of personal data if there are grounds specified in EU GDPR;
— independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations provided for by EU GDPR and regulations adopted in accordance with it, unless otherwise provided by EU GDPR or other European laws.
3.2. The Company is obliged:
— provide the subject of personal data, at his or her request, with information regarding the processing of his or her personal data;
— organize the processing of personal data in the manner established by the applicable EU legislation;
— respond to requests and inquiries from personal data subjects and their legal representatives in accordance with the requirements of EU GDPR;
— cooperate with supervisory authorities and provide them with the information required under EU GDPR;
— publish or otherwise provide unrestricted access to this Policy in relation to the processing of personal data;
— take legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data;
— stop the transfer (distribution, provision, access) of personal data, stop processing and destroy personal data in the manner and cases provided for by EU GDPR;
— fulfill other duties provided for by EU GDPR.
4. Rights of data subjects
Users have the following rights under GDPR:
– access to their personal data (Art. 15)
– rectification (Art. 16)
– erasure (“right to be forgotten”) (Art. 17)
– restriction of processing (Art. 18)
– data portability (Art. 20)
– objection to processing based on legitimate interest or direct marketing (Art. 21)
– withdrawal of consent at any time (without affecting prior processing)
Users may exercise these rights by contacting: legal@ateliercorleone.com
Users also have the right to lodge a complaint with a supervisory authority.
5. Principles for processing personal data
5.1. The processing of personal data is carried out on a legal and fair basis.
5.2. The processing of personal data is limited to the achievement of specific, pre-defined and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not permitted.
5.3. It is not allowed to combine databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other.
5.4. Only personal data that meets the purposes of their processing are subject to processing.
5.5. The content and volume of personal data processed correspond to the stated purposes of processing. Redundancy of processed personal data in relation to the stated purposes of their processing is not allowed.
5.6. When processing personal data, the accuracy of personal data, their sufficiency, and, where necessary, relevance in relation to the purposes of processing personal data are ensured. The Company takes the necessary measures and/or ensures that they are taken to delete or clarify incomplete or inaccurate data.
5.7. The storage of personal data is carried out in a form that makes it possible to identify the subject of personal data, no longer than required by the purposes of processing personal data, unless the period for storing personal data is established by law, an agreement to which the subject of personal data is a party, beneficiary or guarantor. The processed personal data is destroyed or anonymized upon achievement of the processing goals or in the event of the loss of the need to achieve these goals, unless otherwise provided by law.
6. Purposes of processing personal data
6.1. Website operation and service provision
– Data: name, phone, email, order details
– Legal basis: performance of a contract
– Purpose: responding to inquiries, processing orders
6.2. Marketing communications (only with consent)
– Data: name, email, phone
– Legal basis: consent
– Purpose: sending offers, updates, promotional messages
– Right to withdraw consent at any time
6.3. Analytics and website improvement
– Data: online identifiers, device information, browsing behavior
– Tools: Google Analytics, Yandex Metrika
– Legal basis: consent (per ePrivacy + GDPR)
– Purpose: measuring traffic and user behavior
6.4. Personalized advertising and remarketing
– Data: online identifiers, browsing history, cookie-based data
– Tools: Google Ads, Meta Pixel
– Legal basis: consent
– Purpose: displaying personalized ads
– Users may disable personalized ads at any time (links below)
Users can disable personalized ads through:
– Google Ads Settings: https://www.google.com/settings/ads
– Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout
For information on how Meta processes data, visit:
https://www.facebook.com/privacy/policy/
6.5. Legal basis for processing
The Company processes personal data on the following legal bases under Article 6 GDPR:
– performance of a contract with the user (e.g., order placement, consultations);
– compliance with legal obligations (e.g., accounting and taxation);
– legitimate interests of the Company (e.g., website security, fraud prevention), provided such interests do not override user rights;
– user consent, where required for marketing communications, analytics, and personalized advertising.
6.6. Necessity of providing personal data
Providing personal data is partly necessary to enter into or perform a contract with the Company (for example, to process an order or respond to a request). If the user does not provide such data, the Company may be unable to provide the requested services.
Providing personal data for marketing communications, analytics and personalized advertising is optional and based on the user’s consent. Failure to provide or the withdrawal of consent for these purposes will not affect the performance of the contract but may limit the Company’s ability to send offers or display personalized content.
7. Conditions for processing personal data
7.1. Lawfulness of processing
The Company processes personal data only where one of the lawful bases under Article 6 GDPR applies, including:
— the performance of a contract or pre-contractual steps at the user’s request;
— compliance with legal obligations to which the Company is subject;
— the Company’s legitimate interests, provided such interests do not override the rights and freedoms of the data subject (e.g., website security, fraud prevention);
— the user’s consent, where required for marketing communications, analytics and personalized advertising.
7.2. Consent
Where processing is based on consent, such consent is:
— freely given, specific, informed and unambiguous;
— collected prior to processing;
— limited to the purposes stated in this Policy.
Users may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
7.3. Necessity of providing personal data
Providing personal data may be necessary to enter into or perform a contract with the Company (for example, to respond to a request or process an order). If the required data is not provided, the Company may be unable to deliver the requested services.
Providing personal data for marketing communications, analytics and personalized advertising is optional and based on consent. Failure to provide such data will not affect the performance of the contract.
7.4. Right to object
Users have the right to object at any time to:
— processing based on the Company’s legitimate interests;
— processing for direct marketing, including profiling.
Where an objection is made to direct marketing, the Company will cease such processing immediately.
7.5. No public disclosure
The Company does not make personal data publicly accessible and does not disclose personal data to an indefinite number of persons unless required by law or explicitly requested or consented to by the user.
7.6. Security measures
The Company implements appropriate technical and organizational measures to ensure a level of security appropriate to the risks associated with processing personal data, including protection against unauthorized access, alteration, disclosure or destruction.
8. The procedure for collecting, storing, transferring and other types of processing of personal data
The security of personal data processed by the Company is ensured by implementing legal, organizational and technical measures necessary to fully comply with the requirements of current legislation in the field of personal data protection.
8.1. The Company ensures the safety of personal data and takes all possible measures to prevent access to personal data by unauthorized persons.
8.2. The User’s personal data may be transferred to third parties only in the following cases:
— where such transfer is required by applicable law or by a competent authority;
— to service providers and processors acting on behalf of the Company (e.g., hosting, CRM, email delivery), under data processing agreements;
— to advertising and analytics partners, such as Google, Meta and Yandex, where the user has given consent for analytics and personalized advertising;
— where the subject of personal data has otherwise given explicit consent for such transfer.
In all cases, the Company ensures that appropriate safeguards are in place in accordance with EU GDPR.
8.3. If inaccuracies in personal data are identified, the User can update them independently by sending a notification to the Company to the Company’s e-mail address legal@ateliercorleone.com marked “Updating personal data.”
8.4. The period for processing personal data is determined by the achievement of the purposes for which the personal data were collected, unless a different period is provided for by the contract or current legislation. The User may at any time withdraw his consent to the processing of personal data by sending a notification to the Company via email to the Company’s email address legal@ateliercorleone.com marked “Withdrawal of consent to the processing of personal data.”
8.5. Sharing of personal data
The Company may share personal data with the following categories of recipients:
– service providers acting as data processors (e.g., hosting, CRM, email delivery)
– advertising and analytics partners (with consent), including:
– Google LLC (Google Analytics, Google Ads)
– Meta Platforms, Inc. (Meta Pixel)
– Yandex LLC (Yandex Metrika)
Sharing occurs only under data processing agreements and according to GDPR requirements.
Personal data is not sold to third parties.
8.6. Restrictions on disclosure
Personal data will not be disclosed to third parties except where required by law, necessary for the establishment, exercise or defense of legal claims, or where the user has provided explicit consent. The Company does not publish personal data or make it publicly accessible.
8.7. When processing personal data, the Company ensures the confidentiality of personal data.
8.8. The Company stores personal data in a form that makes it possible to identify the subject of personal data for no longer than required by the purposes of processing personal data, unless the period for storing personal data is established by law, an agreement to which the subject of personal data is a party, beneficiary or guarantor.
8.9. The condition for terminating the processing of personal data may be the achievement of the purposes of processing personal data, the expiration of the consent of the subject of personal data, the withdrawal of consent by the subject of personal data or a requirement to cease the processing of personal data, as well as the identification of unlawful processing of personal data.
8.10. Data retention
Personal data is stored only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required by law.
– contract and order data: up to 6 years (legal obligation)
– marketing data: until consent is withdrawn
– analytics and advertising identifiers: up to 12 months
After expiry, data is securely deleted or anonymized.
9. List of actions performed by the Company with received personal data
9.1. The Company collects, records, systematizes, accumulates, stores, refines (updates, changes), extracts, uses, transfers (distribute, provide, access), depersonalizes, blocks, deletes and destroys personal data.
9.2. The Company carries out automated processing of personal data with or without receiving and/or transmitting the received information via information and telecommunication networks.
9.3. Profiling and automated decision-making
The Company may use certain personal data (such as online identifiers, browsing history and interaction with our website) to create user segments and deliver personalized advertising (profiling for marketing purposes).
The Company does not use personal data for automated decision-making that produces legal effects concerning the user or similarly significantly affects the user within the meaning of Article 22 GDPR.
10. Cross-border transfer of personal data
Personal data may be transferred outside the European Economic Area when necessary for analytics or advertising services.
Transfers are carried out only when one of the following applies:
– the destination country is covered by an EU adequacy decision;
– Standard Contractual Clauses (SCCs) under Art. 46 GDPR are in place with Google, Meta, and Yandex;
– supplementary measures are applied where required.
Users may request a copy of the applicable safeguards at legal@ateliercorleone.com
11. Confidentiality of personal data
The Company and other persons who have access to personal data are obliged not to disclose to third parties or distribute personal data without the consent of the subject of personal data, unless otherwise provided by law.
12. Final provisions
12.1. The User can receive any clarification on issues of interest regarding the processing of his personal data by contacting the Company via email legal@ateliercorleone.com.
12.2. This document will reflect any changes to the Company’s personal data processing policy. The policy is valid indefinitely until it is replaced by a new version.
12.3. The current version of the Policy is freely available on the Internet at https://ateliercorleone.com/en/privacy-policy/