Privacy Policy
Privacy Policy
OVERVIEW
SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products, and other updates.
SECTION 2 - CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
Let's ask for your personal information for a secondary reason, like marketing. We will either ask you directly for your expressed consent or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at support@toart.org
SECTION 3 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases, and the general Shopify application. They store your data on a secure server behind a firewall.
Payment:
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.
Links
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 – GDPR
To provide our services, sell goods and operate the website, we process some of your personal data.
If you make an enquiry about our products and services, we will work with the contact details you provide, mainly via the enquiry form. This includes your name, surname, email, telephone number, your requirements regarding our products and services, or any other information you fill in the enquiry form or provide to us as part of a further arrangement. Why?
- We contact you through them for further arrangement
- if you opt for our products or services, we will communicate with you through them
- we will use them to evidence our compliance with our obligations under the law or contracts.
If you purchase in our e-shop, we will work with the data you fill in. These are mainly first name, last name, email, phone number and details of your purchase. What will we do with them?
- We will let you know through them the status of your order
- use them to communicate with you
- send the joy you ordered to them
- we need to use some of this information to comply with our legal obligations (mainly for accounting and tax purposes)
If you sign up for our newsletter or are a purchasing customer and have not opted out, we will use your email address to send you, our newsletter.
Who will get access to the data?
Your data stays with us. However, there are some companies that work for us that get access to your data because they help us run our company. These are:
- companies involved in the shipping of goods for example (DPD, DHL, UPS...)
- companies involved in shipping payments (Paypal, GoPay, Shop Pay)
- companies involved in the operation of the e-shop (Shopify)
- a third-party service, such as:
Track123 (shipment tracking service)
Judge.me (supporting services with respect to member management.)
How long have we been working with the data and on what basis?
If we establish cooperation, we will process your data for a period of 10 years from the last provision of our products and services, as this will meet legal requirements (mainly in the field of tax and accounting), so such processing is required by law.
If we do not establish cooperation, we will process your data for a maximum of 6 months from our last communication. GDPR allows us to work with data in this way - because we are negotiating a contract.
If you subscribe to our products and services and you do not prevent us from doing so when you provide your contact details (opt-out), we will use your email address to notify you of our newsletters. The Information Society Services Act and the so-called legitimate interest allow us to do this. If you subscribe to our newsletter yourself, we will process your e-mail based on your consent (double opt-in). However, you can of course unsubscribe from the newsletter at any time. We will include your contact details in the newsletter database for 3 years from the last time you provided us with products or services unless you allow us a longer period.
If you create an account, we will process your data based on your consent - you can read more about this below.
Have you registered for a user account with us?
To set one up, we process the personal data that you fill in the registration form - name, email address and billing information, if applicable. These details are voluntary, just like the registration itself - it's up to you.
We will use the data to maintain your account and provide services for as long as you use the account. We will deactivate your account and delete the data if you do not use the account for more than 10 years after your last purchase. You can also deactivate your account at any time (i.e., withdraw your consent to the processing of personal data).
We will keep details of your orders in your account, which you will have access to at all times, and, most importantly, we will include you in our loyalty programme - we keep a record of your purchases and link discounts to them.
Interaction with external social networks and platforms
The Site allows for direct interaction with external social networks or other external platform that are outside our control. The interaction and information obtained by this Application are always subject to the user’s privacy settings for each social network. We are not responsible for the security or privacy of any information collected by other websites or other services. Information collected by third parties, which may include such aspects as location data or contact details, is governed by their privacy practices. You should exercise caution, and review the privacy statements applicable to the third-party websites and services you use. If a service enabling interaction with social networks is installed it may still collect traffic data for the pages where the service is installed, even when customers do not use it.
The Facebook Like button and social widgets are services allowing interaction with the Facebook social network provided by Facebook, Inc.
Personal Data collected: Cookie and Usage Data.
To opt-out of activity-based ads on Facebook, visit your Facebook Ad Settings.
The Instagram Like button and social widgets are services that allow interaction with the Instagram social network provided by Instagram, Inc.
Personal Data collected: Cookie and Usage Data.
To opt-out of activity-based ads on Instagram, visit your Instagram Ad Settings.
SECTION 8 – COOKIES
- What are cookies?
Cookies are text files that our website sends to the browser or the device from which you view our website (e.g., phone, tablet, computer). They allow us to recognise you and adapt our website, accordingly, analyse your behaviour, show you certain content, etc. We write more about each cookie below.
- What types of cookies do we use?
Technical, functional - these are necessary to show you our website and make it work as it should for you.
Analytical - these help us analyse how our website works in terms of visitor behaviour and adapt and change the website accordingly.
Security - cookies that are designed to prevent fraud and fix security vulnerabilities where appropriate.
- Can we process such cookies?
We may handle technical, functional cookies based on legal regulations. Without them, we would not be able to provide our services to you.
Analytical, security and preference cookies allow us to process so-called legitimate interests. However, we may not force you to process such data in any way and you can object to such processing. Please contact us using the details we provide above or stop this processing by adjusting your browser settings or by browsing in anonymous mode.
We process cookies for as long as necessary, no longer than 13 months after the last use of cookies.
How can I prevent the use of cookies?
First of all, we would like to point out that the cookies that we collect for the purpose of measuring website traffic and generating statistics on visitor traffic and behaviour on our website are considered in the form of a collective whole and therefore in a form that does not allow the identification of an individual.
The cookies necessary for the functionality of the website are always stored only for the time necessary for its functioning.
The easiest way to prevent cookies from working is through your browser settings.
We would like to add that the settings need to be made for each of your devices (phone, tablet, computer.)
Who processes cookies for us?
- Google Analytics, Ads and Doubleclick provider Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland., in accordance with its terms and conditions.
- Facebook, operated by Facebook Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, in accordance with its terms and conditions.
Here is a list of cookies that we use. We’ve listed them here so that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
SECTION 9 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence.
Privacy for Children
If you are under the age of 18, you must obtain the written consent of your parents or legal guardians to use the Application and other services we provide. The Application is not available to minors and if we become aware that a minor has provided any information to us, we will delete or destroy that information. You can contact us and provide information to enable us to deal with the matter promptly.
SECTION 10 - CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
SECTION 11 - TEXT MARKETING
Text Marketing and notifications (if applicable): By entering your phone number in the checkout and initializing a purchase, you agree that we may send you text notifications (for your order, including abandoned cart reminders) and text marketing offers. Text marketing messages will not exceed 5 per month. You can unsubscribe from further text messages by replying STOP. Message and data rates may apply.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information. contact us at support@toart.org