DEFINITION OF KEY TERMS
- “personal data” is defined under the GDPR and similar laws as any information that relates to an identified or identifiable individual. This may include, without limitation, your name, email address, payment method data, device IP address, location, and shipping details.
- “personal information” is another term for “personal data” as used in certain countries outside the EU.
- “CCPA” refers to the California Consumer Privacy Act that governs the rights and privacy of California users.
- ”GDPR” refers to the General Data Protection Regulation (EU) 2016/679 that regulates the protection of EU and EEA users’ data and their rights.
- “Creator” refers to any user that uses the Site to submit artworks for commission.
- “Customer” refers to any user that uses the Site to purchase phone accessories, such as phone cover and cases.
- “user” refers to anyone using the Site, including the Creators, Customers, or Site visitors.
- ”processing” refers to any activities carried on your data by NAIVE, including data collection, security, marketing, transfer, retention, storage, deletion, etc.
WE ARE YOUR DATA CONTROLLER
With regards to the GDPR, Bjornberry AB, a company located at Box 99, 151 22 Södertälje, Sweden with VAT Reg. Number SE559186935801 and company Reg. Number 559186-9358 (herein as NAIVE) is your Data Controller. This means that we decide and control how your data is processed in relation to the Services. For any questions or inquiries regarding your data or privacy, please reach out to us via our email address at email@example.com.
DATA COLLECTION AND HOW
When you access the Site or use the Services, we may collect the following categories of data depending on the type of user account you operate:
- The personal data you submit to us: We may ask you to submit certain data on the Site in order to use our Services (or you may submit them without us asking). Depending on the type of user account you run and the type of actions you take on the Site, we may request that you submit personal data such as your name, email address, PayPal email (for Creators), credit card or bank data (for Customers), password, shipping address, artworks, and other personal data you may submit to us via the Site.
We may collect the above data when you (i) opt-in to register a user account as a (Creator or Customer), (ii) submit order information on the checkout page as a Customer, (iii) contact us for inquiries, issues, or complaints, (iv) opt-in to participate in our surveys, promos, or sweepstakes, or (v) upload your artworks to us as a Creator in return for commission.
You are under no obligation to provide us with the above personal data; however, we may not be able to provide you with our Services if you do not provide some of this data. For example, it will be impossible to print a Creator’s artwork if they do not share the artwork image with us. Likewise, we will be unable to ship a Customer’s order to their shipping address if they do not provide us with the shipping address.
- The data we collect automatically: Like other websites and apps, we use certain third-party tools and cookies to collect data about you automatically. The data we collect automatically may include:
- details of your device, including device browser name, operating system, internet service provider, timezone, and other identifiers;
- usage and statistical data, including how you navigate around the Site, the features or link you click, the products you view, how long you stay on a particular part of the Site, the URL or app you came to the Site from, among other usage data.
- Data about your transaction, including the number of items purchased, the order amount, and other data displayed in the invoice.
- Geolocation data, which is the geographic location of your IP address.
The above data may be collected when you access the Site, open our newsletters or our adverts on other websites and social media platforms.
COOKIES AND OTHER TRACKING TECHNOLOGIES
We and our analytics, marketing, and third-party service providers may also use other tracking technology such as Pixels/tags/web beacons to track the effectiveness of our marketing and tailor adverts to you. For example, our marketing partners (Facebook, Google Inc., Mailchimp, etc.) use web beacons and tags to identify if you have opened a marketing advert or email newsletter.
REASONS FOR DATA COLLECTION
We collect the data above for the following reasons:
- Service provision: We collect certain data to generally provide our Services to you depending on the type of account you operate.
- Contacting you: We collect your contact data in order to contact you regarding your order, your artworks, refunds and shipping, administrative messages (such as updates to our Services), and respond to your inquiries, complaints, or queries.
- Improving marketing: We automatically collect certain data to identify how effective our marketing is and to tailor adverts to you on the Site and other websites based on your preferences.
- Providing the Site: We use certain data to provide the Site and make your use of certain content or pages function properly.
- Complying with the law: We collect certain data, such as the details of transactions to comply with applicable law, including to conduct an investigation or keep records, or protect our rights and properties and other users or third parties, or to protect any activity we believe to be fraudulent, illegal, or unethical, or to enforce our terms and conditions (for Creators and Customers).
OUR LEGAL BASES FOR PROCESSING YOUR DATA
Under the GDPR and similar privacy laws, we are required to process personal data about you based on one or more of 6 principles. In relation to the Site, we will only process your data:
- To fulfill a contract with you: We majorly process personal data to fulfill the contract we have with you. We process most data in order to process your orders and deliver them to you or print your artworks and pay your commissions, as the case may be.
- To satisfy our Legitimate Interest: We may process some of the data above to satisfy our interest in the form of analyzing the effectiveness of our advertising and marketing and identifying how to improve your user experience. Some of this data (especially automatically-collected data) help us to provide the Site, analyze and improve our Services, protect your data, and manage legal issues.
- To comply with the law: We may collect certain data to comply with our legal obligations, for example, where we are required to keep records for a certain period.
- When you give verifiable consent: Where you expressly consent to us processing your data, we will process it. For example, when you tick the newsletter box in order to receive our newsletters, we will market to you via your email address.
THE DISCLOSURES OF YOUR DATA
NAIVE is not in the business of buying, selling, or renting personal data. We only disclose data on a need-to-know basis and to provide our Services. We will only disclose data as described below:
- Disclosures within the NAIVE group of companies: We may disclose personal data with employees and subsidiaries of NAIVE in certain situations. For example, we have employees who help us in providing our Services to you, including responding to your queries and complaints, and they may have access to your data to provide our Services. However, employees and people within the company have obligations to keep NAIVE’s proprietary information confidential, including our user list.
- Disclosures to Service Providers, advertising, and analytics partners: We employ certain third parties to help us handle advertising, marketing, analytics, and other third-party services. We will disclose automatically-collected data to our advertising partners to help us personalize adverts to you on other websites and apps. We will also share data with third-party service providers, such as our payment processors, printers, and shipping companies, to help us handle services such as payment processing, shipping and delivery, design and printing, etc. These third-party service providers may not be able to provide their services without having access to the relevant data about you. For example, to process your payments or pay your commissions, our payment processors (Klarna and PayPal) require your credit cards, bank data, or PayPal email address, as the case may be.
- Disclosures under legal requirements: We will disclose data about you to law enforcement to the extent permitted by applicable law. We may, in response to a court order or subpoena, share data with any court or law agency in the event of an investigation, claim, or legal issue. We will disclose personal data if we believe such disclosure will save a life or property or reasonably necessary to prevent fraudulent, illegal, or unethical activity.
- Disclosures in a Business Transfer action: We may disclose data about you to a third-party organization or company in the emergence of any business transfer action, including, without limitation, a merger, sale of assets, consolidation, or acquisition, or in the event of bankruptcy.
- Disclosure to another company in relation to sweepstakes and promotions: If we invite you to promotions or sweepstakes organized by another company, which requires you to register before you participate, we may share personal data with the company when you submit your data in the registration form.
THE RETENTION PERIOD OF DATA
We will retain personal data in our database for as long as you have a user account with us unless you request the deletion. We will retain the data you provided as a guest using the guest checkout as soon as the purposes for collecting such data has been achieved. Otherwise, we will retain data, such as transaction data, with us for up to 7 years in order to comply with our bookkeeping obligations.
When we share personal data with third parties, we will not have any control over such data thereon. Even if we delete your data from our database, we are not responsible for how long our third-party service providers retain such data on their database.
OUR DATA PROTECTION PRACTICES
NAIVE uses Secure Socket Layer (SSL) and Cloudflare to protect the Site from phishing scams, data breaches, and other threats to your data. We use trusted payment processors (Klarna and PayPal) to process your payments and payouts. Moreover, other third parties or we do not have access to any payment method information you share on the Site. Only our payment processors have access to your payment method data, and they do not use it for any other purpose other than for payment processing.
INTERNATIONAL TRANSFER OF DATA
ANALYTICS PROVIDERS AND ADS SERVERS
We may also share certain anonymous or hashed data with these third parties in order to help them provide these services for us. If you wish to opt-out of interest-based advertising (personalized ads), you may do so via this link if you are based in the EU. If you are based outside the EU, click here to opt-out of interest-based ads. Please, note that opting out of personalized ads does not stop generics ads.
YOUR DATA RIGHTS AND CHOICES
Your rights and choices include:
- The ability to withdraw your consent where you explicitly gave them. For example, you may unsubscribe from receiving newsletters by clicking the “unsubscribe” link at the bottom of any email newsletter sent to you by NAIVE, and you can withdraw from personalized ads as described above.
- The right to request to know about the personal data we process about you, as well as requesting to have it corrected where you believe the data is inaccurate, incomplete, or not up-to-date. You can access and update your data via your user account settings, or where relevant, by reaching out to us via our email address at firstname.lastname@example.org.
- The right to request that we delete certain data about you, especially where you have a user account with us. However, the deletion of data is possible to the extent permissible by applicable law. Also, even when you request the deletion of your data, we may not be able to delete any data that exists on the databases of our third parties. If you would like to request the deletion of your data, you may do so via your user account settings area (if you have an account with us) or by reaching out to us via our email address at email@example.com.
- The right to request that we restrict processing certain data. For example, where you ask us to delete or correct your data, and we are considering it based on applicable laws, you may ask us to restrict such data pending the time we make a decision. You may also ask us to restrict processing if you believe we are unlawfully processing your data, but you do not want us to delete it. You may reach out to us via firstname.lastname@example.org to exercise this right.
- The right to data portability, which means that you can request that we transfer the data we hold about you to another website or service without affecting the usefulness of your data. You may reach out to us via email@example.com to exercise this right.
You have the right:
- To opt-out of NAIVE selling or renting out personal information (personal information is a term for personal data as used under the CCPA) about you to third-party companies in order to market to you directly about their services. However, NAIVE is not in the business of selling, renting, or buying personal information for direct marketing. We do not share information unless as described above.
- To know and access the categories of personal information we shared or collected about you in the past 12 calendar months. You may reach out to us via firstname.lastname@example.org to exercise this right.
- To request the deletion of personal information about you to the extent permitted by applicable law. This means that we will not delete personal information where we are required by law to keep records of transactions for 7 years. You may reach out to us via email@example.com to exercise this right.
- Not be discriminated against when you exercise any of the above rights.
The Site is targeted at people who are 18 years of age or older. We do not knowingly or welcome minors to submit personal data to us. If you submit personal data to us, you warrant that you are at least 18 years of age.
DO NOT TRACK
Do Not Track (“DNT”) is a browser preference that website users can set to signal website owners not to track their online behavior and preferences. NAIVE, like most websites, does not, at this time, respond to DNT signals from browsers. To learn more about DNT, please click here.
Certain pages and areas on the Site may contain links that lead to third-party platforms. Wherever you see a third-party link on the Site, they are included for reference purposes only, and NAIVE does not control the practices of the companies these links lead. If you access any third-party link through the Site, you do so at your own volition and will bear any risk of data loss. We advise that you review the privacy policies of the companies these links lead to before submitting personal information to them.
CONTACT US FOR QUESTIONS
Effective Date: 22 February 2021.