I, Bianca State, am happy to have you as a customer and colorist. Along the way from visiting my website to purchasing an item online, your personal data protection plays a very important role. This data protection policy declares which data I collect from you, when I do that and the purpose I do it for, how I share your data when you purchase a product from me or otherwise use my services through my website, my Online Shop on the platform Etsy.com or its related sites and services.
PERSONAL INFORMATION I COLLECT FROM YOU
Personal data is all data which make personal reference to you, such as your name, address, e-mail addresses, user behaviour. I process your personal data with respect to the applicable data protection regulations, particularly the European General Data Protection Regulation (EU-GDPR) as well as all other pertinent international and national regulations concerning the processing of personal data. I only collect data that are legally or contractually required or necessary for conclusion of contracts or to provide services and honour my contractual obligations. Optional information is marked as such.
To fulfil an order you place in my Etsy shop, you must provide me with certain information (which you also authorized Etsy to provide to me), such as your name, e-mail address, postal address (not relevant for digital products orders), payment information, and the details of the product that you’re ordering. You may also choose to provide me with additional personal information, if you contact me directly.
LEGAL BASE FOR COLLECTING YOUR DATA
I rely on a number of legal bases to collect, use, and share your information, including:
- as needed to provide my services, such as when I use your information to fulfil your order, to settle disputes, or to provide customer support;
- when you have provided your affirmative consent, which you may revoke at any time, such as by signing up for a mailing list;
- if necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by tax law; and
- as necessary for the purpose of my legitimate interests, if those legitimate interests are not overridden by your rights or interests:
- Providing and improving my services
I use your information to provide the services you requested and in my legitimate interest to improve my services
INFORMATION SHARING AND DISCLOSURE
I commit myself to handle your personal data with utmost care and respect. I only share your personal information for very limited reasons and in limited circumstances, as follows:
- I engage certain trusted third parties to perform functions and provide services to my shop, such as my website hosting platform Wix. I reserve the right to share your personal information with these third parties, but only to the extent necessary to perform these services, such as enable you to send a contact form via e-mail.
- If I shall sell or merge my business, I may disclose your information as part of that transaction, however only to the extent permitted by Swiss law.
- I may collect, use, retain, and share your information if I have a good faith belief that it is reasonably necessary to:
(a) respond to legal process or to government requests;
(b) enforce my agreements, terms and policies;
(c) prevent, investigate, and address fraud and other illegal activity, security, or
technical issues; or
(d) protect the rights, property, and safety of my customers, or others.
When you purchase one of my products on Etsy, Etsy encrypts certain transaction information (such as your credit card numbers) using Secure Socket Layer (SSL) technology. Etsy follows generally accepted industry standards for the protection of personal information transmitted to them, both during transmission and after reception. Etsy offers optional advanced security settings for members, such as two-step verification to log in to the site, SSL for the entire site, and a login history. You can enable these options in your account settings.
DATA RETENTION (HOW LONG I KEEP/STORE YOUR DATA)
TRANSFERS OF PERSONAL INFORMATION OUTSIDE THE EU
I am running this website in Switzerland, which is not part of the EU. Thus, I may store and process your information through third-party hosting services in other jurisdictions outside the EU. As a result, I may transfer your personal information to a jurisdiction with different data protection and government surveillance laws than your jurisdiction.
In order to ensure a good user experience, my website is using so called cookies. Cookies are small pieces of data stored on a site visitor's browser, usually used to keep track of their movements and actions on a site. This website is using the following cookies:
svSession - Identifies unique visitors and tracks a visitor’s sessions on a site
XSRF-TOKEN - Security
TSxxxxxxxx (where x is replaced with a random series of numbers and letters) - Security
TSxxxxxxxx_d (where x is replaced with a random series of numbers and letters) - Security
These cookies are used mainly for security reasons, but also to collect identifying information about the user, such as user preferences for a specific site.
YOUR CUSTOMER RIGHTS REGARDING USE OF PERSONAL DATA AND CONTACT DETAILS
As a customer, you have the following rights with respect to your personal data pursuant to GDPR:
- Right to information - You have the right to access and receive a copy of the personal information I hold about you by contacting me using the contact information provided at the bottom of the page.
- Right to deletion ("right to be forgotten") – According to the current GDPR privacy rules for EU, you have the right to request the deletion of your data. Excepting the case of exceptional circumstances (like where I am required to store data for legal reasons), I will generally delete your personal information upon request.
- Right to rectification and restriction of data processing - You have the right to change or restrict my use or processing of your personal information.
- Right to object - You can object to (i) my processing of some of your information based on my legitimate interests and (ii) receiving marketing messages from me after providing your express consent to receive them. In such cases, I will delete your personal information, unless I have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
- Right to complain - If you reside in the EU and wish to raise a concern about my use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.
DATA PROTECTION OFFICER
For any questions regarding your personal data collection, processing and sharing you can contact:
Data protection officer
Last updated: August 2018