NAIVE.CO PRIVACY POLICY
INTRODUCTION
This Privacy Policy (this “Privacy Policy”) applies to you if you access or use http://www.naive.co (the “Site”) as a Customer, Creator, or visitor (collectively “users”) to either purchase our products or submit artworks to us in return for commission (our “Services”). This Privacy Policy describes how NAIVE processes or handles personal data about you when you access and use this Site, including the data collected and the method of collection, how data is secured, our data retention period, and other processing activities regarding your data.
You are required to read this Privacy Policy and consent to it. When you click the “I agree” or “I accept” box where applicable, you automatically consent to how we process your data as described in this Privacy Policy. If you do not agree to our practices, you may not use our Services.
DEFINITION OF KEY TERMS
Under this Privacy Policy, the following key terms shall have the meanings provided to them:
- “personal data” is defined under the GDPR and similar laws as any information that relates to an identified or identifiable individual. This may include, without limitation, your name, email address, payment method data, device IP address, location, and shipping details.
- “personal information” is another term for “personal data” as used in certain countries outside the EU.
- “CCPA” refers to the California Consumer Privacy Act that governs the rights and privacy of California users.
- ”GDPR” refers to the General Data Protection Regulation (EU) 2016/679 that regulates the protection of EU and EEA users’ data and their rights.
- “Creator” refers to any user that uses the Site to submit artworks for commission.
- “Customer” refers to any user that uses the Site to purchase phone accessories, such as phone cover and cases.
- “user” refers to anyone using the Site, including the Creators, Customers, or Site visitors.
- ”processing” refers to any activities carried on your data by NAIVE, including data collection, security, marketing, transfer, retention, storage, deletion, etc.
- “NAIVE” is the trademark name of Bjornberry AB in relation to the Site. Under this Privacy Policy, NAIVE represents Bjornberry AB, a company located at Box 99, 151 22 Södertälje, Sweden.
WE ARE YOUR DATA CONTROLLER
With regards to the GDPR, Bjornberry AB, a company located at Box 99, 151 22 Södertälje, Sweden with VAT Reg. Number SE559186935801 and company Reg. Number 559186-9358 (herein as NAIVE) is your Data Controller. This means that we decide and control how your data is processed in relation to the Services. For any questions or inquiries regarding your data or privacy, please reach out to us via our email address at hello@naive.co.
DATA COLLECTION AND HOW
When you access the Site or use the Services, we may collect the following categories of data depending on the type of user account you operate:
- The personal data you submit to us: We may ask you to submit certain data on the Site in order to use our Services (or you may submit them without us asking). Depending on the type of user account you run and the type of actions you take on the Site, we may request that you submit personal data such as your name, email address, PayPal email (for Creators), credit card or bank data (for Customers), password, shipping address, artworks, and other personal data you may submit to us via the Site.
We may collect the above data when you (i) opt-in to register a user account as a (Creator or Customer), (ii) submit order information on the checkout page as a Customer, (iii) contact us for inquiries, issues, or complaints, (iv) opt-in to participate in our surveys, promos, or sweepstakes, or (v) upload your artworks to us as a Creator in return for commission.
You are under no obligation to provide us with the above personal data; however, we may not be able to provide you with our Services if you do not provide some of this data. For example, it will be impossible to print a Creator’s artwork if they do not share the artwork image with us. Likewise, we will be unable to ship a Customer’s order to their shipping address if they do not provide us with the shipping address.
- The data we collect automatically: Like other websites and apps, we use certain third-party tools and cookies to collect data about you automatically. The data we collect automatically may include:
- details of your device, including device browser name, operating system, internet service provider, timezone, and other identifiers;
- usage and statistical data, including how you navigate around the Site, the features or link you click, the products you view, how long you stay on a particular part of the Site, the URL or app you came to the Site from, among other usage data.
- Data about your transaction, including the number of items purchased, the order amount, and other data displayed in the invoice.
- Geolocation data, which is the geographic location of your IP address.
The above data may be collected when you access the Site, open our newsletters or our adverts on other websites and social media platforms.
COOKIES AND OTHER TRACKING TECHNOLOGIES
We and third-party service providers, analytics, and marketing partners use cookies to obtain the data we collect automatically above. Cookies are text files that website owners download to your browser and device when you access a website. Cookies are used by NAIVE and third parties (i) to majorly remember your browser on subsequent visits to the Site, (ii) to obtain certain preferences stored on your device or actions across the web to learn about the effectiveness of our marketing, and (iii) to personalize the Site for better user experience. To learn more about cookies and other tracking technologies and how to stop cookies from tracking you, please read our Cookies Policy.
We and our analytics, marketing, and third-party service providers may also use other tracking technology such as Pixels/tags/web beacons to track the effectiveness of our marketing and tailor adverts to you. For example, our marketing partners (Facebook, Google Inc., Mailchimp, etc.) use web beacons and tags to identify if you have opened a marketing advert or email newsletter.
REASONS FOR DATA COLLECTION
We collect the data above for the following reasons:
- Service provision: We collect certain data to generally provide our Services to you depending on the type of account you operate.
- Contacting you: We collect your contact data in order to contact you regarding your order, your artworks, refunds and shipping, administrative messages (such as updates to our Services), and respond to your inquiries, complaints, or queries.
- Improving marketing: We automatically collect certain data to identify how effective our marketing is and to tailor adverts to you on the Site and other websites based on your preferences.
- Providing the Site: We use certain data to provide the Site and make your use of certain content or pages function properly.
- Remembering you: When we use cookies, it may also be to remember your device and make your experience on the Site smooth.
- Complying with the law: We collect certain data, such as the details of transactions to comply with applicable law, including to conduct an investigation or keep records, or protect our rights and properties and other users or third parties, or to protect any activity we believe to be fraudulent, illegal, or unethical, or to enforce our terms and conditions (for Creators and Customers).
OUR LEGAL BASES FOR PROCESSING YOUR DATA
Under the GDPR and similar privacy laws, we are required to process personal data about you based on one or more of 6 principles. In relation to the Site, we will only process your data:
- To fulfill a contract with you: We majorly process personal data to fulfill the contract we have with you. We process most data in order to process your orders and deliver them to you or print your artworks and pay your commissions, as the case may be.
- To satisfy our Legitimate Interest: We may process some of the data above to satisfy our interest in the form of analyzing the effectiveness of our advertising and marketing and identifying how to improve your user experience. Some of this data (especially automatically-collected data) help us to provide the Site, analyze and improve our Services, protect your data, and manage legal issues.
- To comply with the law: We may collect certain data to comply with our legal obligations, for example, where we are required to keep records for a certain period.
- When you give verifiable consent: Where you expressly consent to us processing your data, we will process it. For example, when you tick the newsletter box in order to receive our newsletters, we will market to you via your email address.
THE DISCLOSURES OF YOUR DATA
NAIVE is not in the business of buying, selling, or renting personal data. We only disclose data on a need-to-know basis and to provide our Services. We will only disclose data as described below:
- Disclosures within the NAIVE group of companies: We may disclose personal data with employees and subsidiaries of NAIVE in certain situations. For example, we have employees who help us in providing our Services to you, including responding to your queries and complaints, and they may have access to your data to provide our Services. However, employees and people within the company have obligations to keep NAIVE’s proprietary information confidential, including our user list.
- Disclosures to Service Providers, advertising, and analytics partners: We employ certain third parties to help us handle advertising, marketing, analytics, and other third-party services. We will disclose automatically-collected data to our advertising partners to help us personalize adverts to you on other websites and apps. We will also share data with third-party service providers, such as our payment processors, printers, and shipping companies, to help us handle services such as payment processing, shipping and delivery, design and printing, etc. These third-party service providers may not be able to provide their services without having access to the relevant data about you. For example, to process your payments or pay your commissions, our payment processors (Klarna and PayPal) require your credit cards, bank data, or PayPal email address, as the case may be.
- Disclosures under legal requirements: We will disclose data about you to law enforcement to the extent permitted by applicable law. We may, in response to a court order or subpoena, share data with any court or law agency in the event of an investigation, claim, or legal issue. We will disclose personal data if we believe such disclosure will save a life or property or reasonably necessary to prevent fraudulent, illegal, or unethical activity.
- Disclosures in a Business Transfer action: We may disclose data about you to a third-party organization or company in the emergence of any business transfer action, including, without limitation, a merger, sale of assets, consolidation, or acquisition, or in the event of bankruptcy.
- Disclosure to another company in relation to sweepstakes and promotions: If we invite you to promotions or sweepstakes organized by another company, which requires you to register before you participate, we may share personal data with the company when you submit your data in the registration form.
THE RETENTION PERIOD OF DATA
We will retain personal data in our database for as long as you have a user account with us unless you request the deletion. We will retain the data you provided as a guest using the guest checkout as soon as the purposes for collecting such data has been achieved. Otherwise, we will retain data, such as transaction data, with us for up to 7 years in order to comply with our bookkeeping obligations.
When we share personal data with third parties, we will not have any control over such data thereon. Even if we delete your data from our database, we are not responsible for how long our third-party service providers retain such data on their database.
OUR DATA PROTECTION PRACTICES
NAIVE takes your data and privacy seriously. Because we care about you, we ensure adequate data protection practices are in place to safeguard your data from unauthorized access, use, or alteration. We employ both physical and technical methods of data protection. We do not disclose data about you except as described above and other parts of this Privacy Policy. We do not share data with third-party service providers unless they also follow strict privacy practices.
NAIVE uses Secure Socket Layer (SSL) and Cloudflare to protect the Site from phishing scams, data breaches, and other threats to your data. We use trusted payment processors (Klarna and PayPal) to process your payments and payouts. Moreover, other third parties or we do not have access to any payment method information you share on the Site. Only our payment processors have access to your payment method data, and they do not use it for any other purpose other than for payment processing.
INTERNATIONAL TRANSFER OF DATA
NAIVE processes your data from our base of operation in Sweden and in accordance with the GDPR and other applicable privacy laws. By submitting personal data to us from your location outside the EU or EEA, you agree that your data will be processed in accordance with the GDPR, as described under this Privacy Policy. Likewise, if you are using our Services within the EU or EEA, we engage third-party service providers in other countries outside the EU and EEA, who may have data laws that are not as adequate as the GDPR. However, when we transfer personal data outside of the EU or EEA, we will rely on this Privacy Policy, including using the approved data transfer mechanisms approved by the European Commission.
ANALYTICS PROVIDERS AND ADS SERVERS
NAIVE works with advert servers/agencies and analytics providers to gather analytics about how users use the Site and serve our adverts across other websites and apps. We use Google Inc. (Google Ads) and Facebook Inc. (Facebook Ads) to serve our adverts across their platforms. Likewise, we use tools such as Google Analytics and Hotjar to gather information about how users use the Site and other usage and analytics data, as well as information about the effectiveness of our marketing. These advert servers/agencies, analytics providers, and similar agencies may gather data about your use on the Site and other websites and platforms as well. They may obtain this data through the use of cookies and Pixels/tags/web beacons and may use the data obtained to target you with adverts based on your preferences.
We may also share certain anonymous or hashed data with these third parties in order to help them provide these services for us. If you wish to opt-out of interest-based advertising (personalized ads), you may do so via this link if you are based in the EU. If you are based outside the EU, click here to opt-out of interest-based ads. Please, note that opting out of personalized ads does not stop generics ads.
YOUR DATA RIGHTS AND CHOICES
In relation to your data, you have certain rights and choices in addition to the rights and choices already established in this Privacy Policy.
Your rights and choices include:
- The ability to withdraw your consent where you explicitly gave them. For example, you may unsubscribe from receiving newsletters by clicking the “unsubscribe” link at the bottom of any email newsletter sent to you by NAIVE, and you can withdraw from personalized ads as described above.
- The right to request to know about the personal data we process about you, as well as requesting to have it corrected where you believe the data is inaccurate, incomplete, or not up-to-date. You can access and update your data via your user account settings, or where relevant, by reaching out to us via our email address at hello@naive.co.
- The right to request that we delete certain data about you, especially where you have a user account with us. However, the deletion of data is possible to the extent permissible by applicable law. Also, even when you request the deletion of your data, we may not be able to delete any data that exists on the databases of our third parties. If you would like to request the deletion of your data, you may do so via your user account settings area (if you have an account with us) or by reaching out to us via our email address at hello@naive.co.
- The right to request that we restrict processing certain data. For example, where you ask us to delete or correct your data, and we are considering it based on applicable laws, you may ask us to restrict such data pending the time we make a decision. You may also ask us to restrict processing if you believe we are unlawfully processing your data, but you do not want us to delete it. You may reach out to us via hello@naive.co to exercise this right.
- The right to data portability, which means that you can request that we transfer the data we hold about you to another website or service without affecting the usefulness of your data. You may reach out to us via hello@naive.co to exercise this right.
If you believe that we are unlawfully processing your data as described under this Privacy Policy, you may reach out to us or report us to any data authority in your location.
CALIFORNIA CONSUMERS
This paragraph applies to California consumers (Creators and Customers using the Site from California, United States). In addition to certain choices and rights under this Privacy Policy, you have the below rights in accordance with the CCPA that came into effect on January 1, 2020.
You have the right:
- To opt-out of NAIVE selling or renting out personal information (personal information is a term for personal data as used under the CCPA) about you to third-party companies in order to market to you directly about their services. However, NAIVE is not in the business of selling, renting, or buying personal information for direct marketing. We do not share information unless as described above.
- To know and access the categories of personal information we shared or collected about you in the past 12 calendar months. You may reach out to us via hello@naive.co to exercise this right.
- To request the deletion of personal information about you to the extent permitted by applicable law. This means that we will not delete personal information where we are required by law to keep records of transactions for 7 years. You may reach out to us via hello@naive.co to exercise this right.
- Not be discriminated against when you exercise any of the above rights.
CHILDREN POLICY
The Site is targeted at people who are 18 years of age or older. We do not knowingly or welcome minors to submit personal data to us. If you submit personal data to us, you warrant that you are at least 18 years of age.
DO NOT TRACK
Do Not Track (“DNT”) is a browser preference that website users can set to signal website owners not to track their online behavior and preferences. NAIVE, like most websites, does not, at this time, respond to DNT signals from browsers. To learn more about DNT, please click here.
THIRD-PARTY LINKS
Certain pages and areas on the Site may contain links that lead to third-party platforms. Wherever you see a third-party link on the Site, they are included for reference purposes only, and NAIVE does not control the practices of the companies these links lead. If you access any third-party link through the Site, you do so at your own volition and will bear any risk of data loss. We advise that you review the privacy policies of the companies these links lead to before submitting personal information to them.
CHANGES TO THIS PRIVACY POLICY
This Privacy Policy or portions of it may be reviewed, updated, or changed without liability. We may change portions of this Privacy Policy for reasons such as changes in the Site features, third-party tools, applicable privacy laws, and other practices. When we change portions of this Privacy Policy, we may or may not notify you via your email address or any area on the Site. Nevertheless, we will post the changes on this page and indicated by changing the Effective Date above. You are required to review this page frequently to be updated about this Privacy Policy. When you keep using the Site and our Services after any changes to this Privacy Policy, you represent to us that you agree to such changes.
CONTACT US FOR QUESTIONS
If you have any questions, concerns, issues, complaints, feedback, or suggestion regarding this Privacy Policy and how we handle or process your data, please reach out to us via our email address at hello@naive.co.
Effective Date: 22 February 2021.