PRIVACY NOTICE
These Privacy Notice were last updated on February 17th, 2023.
The Privacy Notice outlines the privacy policies governing the use of locateperso.com (also referred to as the "Website" or "Site") by Backlight Digital Solutions SLU (also known as "we", "us", "our", or the "Company"), as well as how Company collects and utilizes the personal data you supply to access Art-fy.art (hereafter called "Artfy"). Additionally, it explains the options open to you with regard to how we handle your personal information and provides instructions on how you can access, modify, or delete this data.
Personal data is not required for the use of the Website; however, in order to access Artfy, the collection and processing of personal information may become necessary. Whenever personal data processing is necessary, we typically obtain the consent of the user as the data subject, unless such processing is permitted under other legal bases (such as legitimate interests or contract performance).
All personal data processing, including but not limited to data such as address, email address, phone number, or billing information of a data subject, is carried out in compliance with the General Data Protection Regulation (GDPR) and the country-specific data protection laws applicable to Company. Through this Privacy Notice, we aim to provide the general public with information about the type, extent, and purpose of the personal data we collect, use, and process. Additionally, this Privacy Notice informs data subjects (users) of their entitlements to various rights.
This Privacy Notice constitutes an essential component of the Terms of Use. Backlight Digital Solutions SLU , NRT/CIF (TAX ID) : L-715622-K , Address: C/Mirador Encamp 16 Bloc 4 4-3 , Country: Andorra acts as the Controller of personal data in this Privacy Notice. As the Controller, Company has put in place a variety of technical and organizational measures to guarantee the utmost protection of personal data that is processed through this Website.
- CONTENT
- DEFINITIONS
- PERSONAL DATA COLLECTION AND USE
- SCOPE AND CATEGORIES OF PERSONAL DATA, LAWFUL BASIS FOR PERSONAL DATA PROCESSING AND DATA SUBJECT CATEGORIES
- ENCRYPTED DATA
- LEGAL MATTERS
- WHERE DATA SUBJECT’S PERSONAL DATA ARE STORED
- YOUR RIGHTS AS THE DATA SUBJECT
- CHILDREN’S PRIVACY
- TARGET DEVICE DATA PROCESSING
- DATA STORAGE AND DATA REMOVAL
- MISCELLANEOUS
- DEFINITIONS
Personal data The term "personal data" refers to any information that pertains to an identified or identifiable natural person (also referred to as a "data subject" or "user"). An identifiable natural person is someone who can be identified, either directly or indirectly, by reference to an identifier such as a name, an ID number, location data, an online identifier, or one or more specific factors related to their physical, physiological, genetic, mental, economic, cultural, or social identity.
Controller The Company is subject to the General Data Protection Regulation (GDPR), as well as other data protection laws that are relevant in European Union Member states, along with any other regulations pertaining to data protection, for the specific purposes outlined.
Processing The term "processing" refers to any activity or series of activities carried out on personal data, whether through automated means or not. This includes but is not limited to activities such as collecting, recording, organizing, structuring, storing, modifying, retrieving, consulting, using, transmitting, disseminating, aligning, combining, restricting, erasing, or destroying such data.
Data subject/user A data subject refers to a natural person who is either identified or identifiable, and whose personal data is being processed by the controller who is responsible for such processing. In this case, the data subject is a user of Artfy.
Pseudonymization Refers to the process of handling personal data in a way that makes it impossible to link the data to a specific data subject/user, except through the use of additional information. The additional information must be kept separately and must be subject to technical and organizational measures that guarantee that the personal data cannot be attributed to an identified or identifiable natural person.
Encryption Encryption is a security measure used to protect personal data. It involves using encryption algorithms and an encryption key to convert personal data into an encoded and unintelligible version. This process is a form of cryptography. To decode the encrypted data, a decryption key or code is required, which allows authorized users to access the original data. Consent of the data subject/user Consent refers to a clear, voluntary, specific, and informed indication of the data subject/user's desires. This indication can be expressed through a statement or a positive action that unambiguously signifies the individual's agreement to the processing of personal data that pertains to them.
PERSONAL DATA COLLECTION AND USE
It is not mandatory for individuals to provide their personal data in order to access our website. The Company processes your personal data and collects information about you for the following purposes, which are referred to as the "Purpose":
The following is a list of reasons for which we collect and process your personal information when you indicate your interest in using Artfy;
To perform a contract in which you are a party, as permitted under Article 6.1.b of the GDPR, and the information collected is necessary for Artfy to identify you, bill you, and charge your credit or debit card;
To verify your identity and provide customer support and assistance.;
To analyze your use of Artfy and our website, and gain insights into how our services and website are being used so that we can improve our services and the user experience, and engage and retain users.
Your personal data may be utilized by us for the following purposes: (a) customize the Website and enhance Artfy to optimize your browsing experience; (b) send you emails related to registration status, password verification, and payment confirmation; (c) communicate with you regarding your use of Artfy; (d) provide our partners with secured and statistical data about our users under data processing agreements (DPA); and (e) deliver marketing and promotional materials to you.
In order to use Artfy, it is necessary for you to provide your personal data to register an account and make a purchase. By doing so, you will become a user of Artfy.
Please note that providing your personal data is not mandatory. Nevertheless, without your email address and payment details, you may not be able to register an account, access and use Artfy services or purchase our products.
SCOPE AND CATEGORIES OF PERSONAL DATA, LAWFUL BASIS FOR PERSONAL DATA PROCESSING AND DATA SUBJECT CATEGORIES
We strive to be compliant with GDPR and implemented data minimization principles.
No. Scope and categories of personal data Data subject categories Processing purpose
Lawful basis for personal data processing
1 e-mail address and phone number Artfy users to provide Artfy;
to
communicate information about our services; performance of a contract
2 e-mail address Artfy users; to send marketing communications consent
3 IP address website users to provide the features of the Website Legitimate interest
4 location data – for statistics of user’s areas involvementwebsite users to provide the features of the Website Legitimate interest
5 Automatically collected data (cookies and similar technologies, device and connection data) website users to provide the features of the Website consent
6 Phone numbers of target device users Target device users To provide Artfy consent
7 Location data Target device users To provide Artfy consent
We store this data to prevent any unauthorized use or abuse of Artfy and, if required, to facilitate investigations of any potential criminal activity.
We do not share your personal data with any third parties unless it is necessary for us to provide Artfy, or we have a legal obligation to do so, such as a government request or as required by law enforcement in the context of criminal proceedings.
We do not permit any third party to use your personal data, except under specific circumstances outlined in the "Legal Matters" section below. We employ a range of online security measures to protect and maintain the privacy and security of your personal information.
When acquiring Artfy, you will be required to complete the User's Information form, which includes personal details such as your email address. This information is processed and securely stored by our company.
You are also required to provide Payment Information which includes your personal data, and is partly processed by us and partly processed by the payment providers.
Upon registration of an account and the provision of personal data, we may send you a confirmation email to validate your login credentials and password.
To access your account on our website, you will need to enter your login credentials that were sent to your email. Once you are logged in, your account will be password-protected and it is your responsibility to ensure that you take all necessary measures to maintain the confidentiality of your password.
We will also respond to your inquiries and provide information or services that you request.
With your explicit permission, we may send you marketing emails containing the following information:
Product Updates: Information about new releases, features, or issues, or requests to complete a survey to help improve our product;
Artfy Tips and Tricks: Getting started emails, educational content, and ways to get the most out of Artfy;
Exclusive Deals: Promotions, discounts, upsells, and cross-sells such as Black Friday or New Year deals;
Newsletters: Announcements about news in our industry or things that might be important to know for our customers;
Artfy Digest: A monthly email to our user base that includes information about the company, popular blog posts, customer reviews, and more;
Activation Reminders: Welcome email schemes for users who registered but did not make a purchase
You can choose to unsubscribe from all communications in your account at any time, except for essential and/or non-marketing messages such as payment confirmations, payment notifications, updates, and refund notifications.
Artfy servers utilize the latest encryption and protection technologies and standards to securely store all Personal Data in an encrypted manner.
When using a public computer or sharing one with others, be sure to log out/sign out and close your browser window after finishing your session on Artfy to avoid unauthorized access to your personal information. It is your responsibility to manage and use each password you create. Individuals who use target devices are not considered data subjects, as they cannot be identified or identified as natural persons based on information that may be collected or collected from their target devices in an encrypted form.
Payment details
At Artfy, we have taken all necessary steps and implemented the required standards to ensure the security of payment transactions. We collaborate with various payment service providers and verify their licenses and permits to process transactions in accordance with our policies. When making a payment, you will be required to provide the following details to the payment service provider: (i) credit/debit card number, (ii) credit/debit card expiration date, (iii) your full name, and (iv) your email address. The payment service provider will collect and store this information, and we do not collect or store any bank card data.
Automatically collected data
To improve your experience on our website, we use tracking technologies like cookies, log files, and pixel tags to collect and store information that is generated automatically as you navigate through our website(s).
As you browse through our website(s), we automatically collect information about your device's internet connection and the pages accessed during each visit. This information is stored in "log files". We use this data to analyze trends, manage the website(s), track user activity, and compile broad statistical information for overall use.
Use of cookies on our website
Our website utilizes cookies, which are small text files that are stored in a computer system through an Internet browser. Cookies help us track user trends and patterns by showing when and how visitors use our website. They also remember your preferences in certain areas of the website where you may have entered preference information before, so you don't have to reenter them again.
A cookie ID is a unique identifier assigned to each cookie. It consists of a character string that allows internet pages and servers to distinguish the specific internet browser where the cookie was stored from other browsers containing different cookies. This unique ID helps visited sites and servers differentiate your browser from others and recognize it when you visit again.
The use of cookies enables us to offer users of this website more user-friendly services that would be impossible without them. With the help of cookies, we can optimize the information and offers on our website to better suit the user's needs.
The data subject has the right to prevent the setting of cookies on our website at any time by adjusting the settings of their Internet browser accordingly, and thus permanently denying the use of cookies. In addition, previously set cookies can be deleted at any time through the user's
Internet browser or other software programs. This can be done in all popular internet browsers. However, if the data subject deactivates the use of cookies in their internet browser, certain functions of our website may not be entirely usable.
If you choose not to receive cookies, you can adjust your browser settings to reject them. However, by doing so, you may not be able to access some of our functionalities, services or support. If you have previously visited our website, you may need to delete any existing cookies from your browser as well.
In addition, we may use pixel tags, which are single-pixel image files (also known as transparent GIFs, clear GIFs or web beacons), to access cookies and to count users who visit our website or open our HTML-formatted email messages.
To learn more about cookies and how we use them, we invite you to read our Cookie Policy by clicking on this link: Cookie Policy..
ENCRYPTED DATA
We take the security of your information, including personal data, very seriously. To ensure its protection, we have implemented security hardware, software, and regular software updates.
We also perform network scanning procedures to detect and address potential vulnerabilities.
In addition, we work with third-party service providers and vendors who also use encryption and authentication to maintain the confidentiality of your personal data. Any personal information we store is kept on systems located behind firewalls that are only accessible to a limited number of authorized personnel. These personnel are trained to handle personal data in accordance with data protection regulations.
We employ advanced security measures to protect the personal data of our users, which is stored in an encrypted format. Our encryption techniques include the use of the RSA asymmetric public-private key cryptosystem with a key size of 4096 bits and the AES symmetric-key algorithm with a key size of 256 bits.
The RSA cryptosystem uses a pair of keys, one for encryption (public key) and one for decryption (private key). The public key is stored in the database in plain text, while the private key is encrypted using AES 256 with a key derived from the user's password and secret key.
Without the user's password and secret key, the private key cannot be decrypted.
The user's login information, also known as their credentials, is stored in a database. However, their password is not stored in plain text format. Instead, we only store a hashed version of the password.
When a user signs up, we create a unique public-private key pair for the RSA cryptosystem. This key pair is specific to the user and is generated during the sign-up process.
To ensure security, we encrypt the public-private key pair using AES 256 and store it in the database in an encrypted format.
During the login process, we utilize the user's password entered into the login form to decrypt the user's original private key.
To encrypt data, we first obtain the unencrypted data from devices using the secure HTTPS protocol. Once the data is received on the server, we promptly initiate the encryption process in the server's volatile memory without storing any of the data on the server's physical disks.
To ensure secure encryption, we utilize the RSA encryption method and the user's public encryption key.
The encrypted data is stored on our servers.
To decrypt data, we first obtain the user's decrypted private key. Using this key, we decrypt the user's text data, which was previously encrypted using the user's original private decryption key. Finally, we display this information to the user.
LEGAL MATTERS
At Artfy, we respect your privacy and take it seriously. Nevertheless, there may be circumstances where we are compelled to disclose your personal information, which is stored on our servers and databases. These circumstances include:
We may disclose your personal information if we are required to do so by law or if we are served with a legal process;
We may investigate and enforce potential violations of our Privacy Notice and Terms of Use, including any use of our service that is in violation of the law;
We may investigate potential fraudulent activities that are related to your use of our service; or
We may disclose your personal information in order to protect the rights, property, or safety of our company, our employees, our customers, or the general public.
If there is a change of control of Artfy, such as through a merger, sale, assignment, or liquidation of the business entity or any of its properties, assets, or equity, or if any of its publishing properties and/or website(s) are directly or indirectly sold, the personal data we possess will be transferred to the new owner or successor. In the event of such a transaction, we will notify you and provide you with the opportunity to exercise your legal rights under GDPR. If you wish to change or delete your personal data, or opt-out of future communications, you may contact us using the information provided below. Additionally, if the new owner or successor posts a new Privacy Notice with new contact information, you may change or delete your personal data or opt-out by following any new instructions that are posted.
As a data controller, we may transfer personal data of a data subject to one or more data processors (such as a payment provider under DPA). These transfers may occur for the following purposes: (a) Payment processing, which is necessary for the completion of a purchase on Artfy and cannot be completed without such processing. (b) Telecommunication purposes, which are necessary for the use of Artfy and without which users would not be able to utilize the service.
As we rely on third-party technological services to provide our services, it may be necessary to transfer your personal data internationally. Providers of these technological services may process personal data collected during the provision of their services as sub-processors under DPA in compliance with GDPR.
If there is a risk of unauthorized disclosure of personal data, the controller must notify the data subject of the personal data breach without undue delay. However, if the controller has implemented appropriate technical and organizational protection measures, such as encryption, and such measures have been applied to the personal data affected by the breach, the controller may not be required to notify the data subject.
However, if the access password or other credentials are weakly protected and stored by the data subject, the encryption may be rendered ineffective. In such cases, the controller may not be held responsible for any personal data breach that occurs. It is the responsibility of the data subject to ensure that their access credentials are sufficiently protected to prevent unauthorized access to their personal data.
If a personal data breach occurs, we, as the controller, are obligated to report the breach to the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.
WHERE DATA SUBJECT’S PERSONAL DATA ARE STORED
Typically, user-provided personal data and information collected from target devices are stored on servers located inside the EU. However, in some cases, this data may be stored outside of the EU. Rest assured that we have implemented the necessary security measures to protect your personal data in accordance with best practices for security, protection, and confidentiality. If we transfer your personal data to third-party service providers, we ensure that they adopt the necessary security measures to protect your personal data by requiring them to enter into a data protection agreement with us.
YOUR RIGHTS AS THE DATA SUBJECT
Access.
You have the right to request an explanation of the personal data we process about you. Additionally, you can request a copy of your personal data that is currently being processed.
Data portability.
You have the right to receive the personal data concerning you, which you provided to us. You can request to transmit this data directly to another data controller in a structured, commonly used, and machine-readable format. If technically feasible, we will transmit your data directly to another controller.
Restrict processing.
You have the right to request that we temporarily or permanently stop processing all or some of your personal data.
Rectification.
You have the right to request that we correct any inaccurate data about you. Erasure.
You have the right to be forgotten, which means that we will delete all personal data that you have provided to us. Please note that we may retain certain information as required by law and for legitimate business purposes permitted by law.
Object processing.
You can object to the processing of your personal data on grounds relating to your particular situation. You also have the right to object to your personal data being processed for direct marketing purposes.
Right to lodge complaints.
You have the right to lodge complaints with the competent data protection authorities in relation to the data processing activities carried out by us.
Right not to be subject to automated decision-making.
You have the right not to be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.
Right of confirmation.
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you is being processed.
Right to withdraw data protection consent.
You have the right to withdraw your consent to the processing of your personal data at any time.
If any of the above reasons apply to you, you may contact us at any time using the contact information provided at the end of this Privacy Notice. We will promptly ensure that your request is complied with immediately.
CHILDREN’S PRIVACY
The Artfy platform is primarily designed for use by individuals who are not children. We do not intend to collect personal information from children under the age of 16, and we comply with the Children's Online Privacy Protection Act (COPPA). We strongly advise parents and legal guardians to supervise their children's online activities and teach them to never provide personal information on our platform without their consent. We do not knowingly collect personal information from children under the age of 13, and if we become aware that we have inadvertently collected such information, we will promptly delete it, unless we are required by law to retain it.
TARGET DEVICE DATA PROCESSING
Artfy Responsibilities.
We will (a) implement appropriate technical and organizational measures to protect Target Device Data from unauthorized or illegal access, loss, destruction, theft, use, or disclosure; (b) restrict access to Target Device Data to only those employees who require it to enable the Processor to perform the Services; (c) only process Target Device Data as specified in this Privacy Notice and in accordance with your instructions, and (d) not use Target Device Data for any purpose other than those related to the performance of the Services or in accordance with your written instructions. Upon termination of this Agreement through de-registration, or at your request, we will discontinue all use of third-party Data and destroy or return it to you, except as provided above concerning backed-up data and termination.
Warranties.
You are solely accountable for the use of the Account and User Data. We automatically use the configuration and instructions provided by you, and you are solely responsible for configuring your Account.
Indemnity. You consent to compensate us and hold us free from all claims, damages, and losses that we may incur concerning or arising out of the processing of Target Device Data and other thirdparty personal data submitted to our systems during the use and provision of Artfy.
DATA STORAGE AND DATA REMOVAL
Storage Period of Personal Data.
The duration of storage of personal data is determined by the relevant legal retention period. Once that period has elapsed and we no longer require the personal data, we regularly and securely delete or destroy it, provided it is no longer necessary for the Purpose. As the data controller, we shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of Artfy provision, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject.
However, in the event of ongoing conflict situations, we may store personal data for a period of 180 days or more if processing is required for the establishment, exercise, or defense of legal claims and for compliance with a legal obligation that requires processing by Union or Member State law, to which the controller is subject, in the case of an expired account or in the event the data subject has requested the deletion of their personal data. Upon the expiration of this period or earlier, if the conflict situation is resolved, all personal data and information collected from the target device will be deleted. To stop receiving further email communications from us, simply click the opt-out button in the email or follow the instructions provided at the end of this Privacy Notice. We may require up to 30 (thirty) calendar days to ensure compliance with your request. To update the personal data that you have provided to us, please contact us as instructed at the end of this Privacy Notice.
MISCELLANEOUS
We reserve the right to amend this Privacy Notice at any time, and any modifications will be posted on the Website. We encourage you to check the Privacy Notice frequently. The date of the current version of this Privacy Notice is provided below, so you can see when it was last updated.
Any changes to this Privacy Notice will not affect any personal data we have collected from you prior to such changes.
If you disagree with the changes, please contact us using the information provided below.
This Privacy Notice is subject to the laws of Andorra and shall be interpreted accordingly.
Any claim or dispute arising out of or related to this Privacy Notice shall be exclusively resolved by the courts of Andorra.
If you have any questions or suggestions, please contact us at info@art-fy.art.