As the controller, these are some of the things we have put together for people who visit our website to know.
For the purpose of clarity and compliance, the following terms would be clearly defined as they relate to the modus operandi on data protection policy of our website.
- Personal Data
Personal data entails every single information about the individual who uses the website. They include all forms of bio-data including name, sex, location, height, skin color, etc. that is particular to a particular individual. Sometimes, they may go beyond biodata to other areas of the individual, including health status, race, social and financial status, among others. All of these data are used to identify an individual, and they are what make each individual user unique.
- Data Subject
A data subject simply means the distinct individual who has all the personal data gathered above. A data subject is an individual who uses the website or controller.
Processing is the means by which the controller gathers and makes use of the personal data of the data subject. After the controller has garnered all the personal data, it begins a process of separating, analyzing, structuring and utilizing the personal data for the use of each data subject. The controller can process the personal data as it pleases at any particular point in time, so long it is still acting in accordance with the laws and stipulations of the General Data Protection Regulations.
Profiling is the process through which the processed personal data of a data subject is used in determining his or her behavioral instincts, preferences, reliability, performance, movement, location and other aspects of living of such subject. Remember all the data has been collected and processed in the past, profiling would now allow the controller to use such data for predictive purposes in determining what could be expected from such a subject in the present and future.
The next stage after profiling is Pseudonymisation, and it is a very important step in data protection policy. The truth is, data profiling allows for the controller to predict a data subject in some ways, but the process of pseudonymization kind of take that power away. This process ensures that a particular set of personal data cannot be narrowed down to a subject data except further input are made. This process protects the data subject in some way and prevents it from being easily narrowed down by the controller.
- Controller Responsible for the Processing
The controller responsible for the processing is a natural body or bodies who are in charge of operating the website at a particular point in time. Such an individual (s) is/are able to profile the personal data of each subject data and use the result to take decisions on behalf of the controller.
As the name implies, a processor may be an individual, body, agency or group which has been given the power to process personal data on behalf of the controller.
A recipient is simply the individual, body, agency or group which receives the data which has been processed by the controller. Sometimes, a recipient can also be a third party with the legal jurisdiction to receive such processed data.
- Third Party
As mentioned above, a third party is also a recipient of processed personal data. However, before such a data can be sent to such individual, body, agency or group, they must have a legal jurisdiction which permits them to receive such data.
Consent talks about the express or implied permission of a subject data for their data to be profiled and processed by the controller.
- It allows the controller to identify individual persons on the site.
- Individual data are stored on the site and this would prevent against entering your data each time you wish to visit the site.
- It makes the website more user-friendly.
Collection of General Data and Information
Our website is built to collect the general data of each individual that uses our website in a bid to serve you better. These data that are collected are primarily used for the enhancement of the best individual user experiences and they are stored on the server. Some of the data we are interested in may include:
- Browser types used by an individual
- The internet service provider of the accessing system.
- Sub websites
- Date and time in which the website was accessed
- The operating system used by the individual
These data and a few others are what we are interested in collating in order to have enough backing in case of any form of attack on our system.
Rights of the Subject Data
As an individual, body or agency that directly access our website (subject data), there are some rights that are inherent to you by the law. They include:
- Right of Confirmation
As a subject body, it is expressly stated by the law that you have the right to confirm from the controller whether your data are being processed or profiled. This is a right most people have not seen any reason to pursue, but should you decide to do, you can simply contact the controller through writing and you would be provided with an explanation on the situation of your personal data and how they are being treated.
- Right of Access
As a data subject, you have every right (as stipulated by the European legislator) to have access to every one of your personal data that have been stored at one point or the other. After getting access to said data, you have every right to ask them for what purpose is the stored data for. Is it for profiling, processing, or any other reasons as they might arise? For more information about the subject matter’s right to access, you can refer to the subject matter on the General Data Protection Regulation (GDPR).
- Right to Rectification
Mistakes in filling in personal data are quite common and this could give rise to a different view of the subject data at some point, especially when it comes to data profiling and processing. As such, the European legislator has granted every subject data the right to obtain inaccurate data about them from the controller and rectify it. Also, data subject have the right to update incomplete data so as to give room for proper and accurate information about the subject data.
- Right to Erasure
Each subject data has been empowered by the law according to the European legislator to request the controller to erase any data that concern them without any delay. Once the subject data makes this request, the controller is expected to comply instantly, except in some few cases where erasure of such data might be contradictory with the demands of the law of the land. For more information about the subject data’s right to erasure, you can check out the subject matter on the General Data Processing Regulations (GDPR).
- Right of Restriction of Processing
The European legislator has given the subject data the right to restrict the processing of their data when they think it might not be in their best interest for such processing to take place. While this law does not hold under every circumstance, especially when the restriction is not in the interest of the government of the land, it holds sway in a lot of other circumstances, including:
- When the subject data thinks such data is not accurate.
- When the processing is unlawful and may paint the subject data in a bad light.
- When such data are no longer useful to the controller for the purpose of processing but are requested by the subject matter in pursuance of a legal claim.
- Right to Data Portability
According to the European legislator, each data subject right has been given the right to receive every single information about them from the controller in a structured, commonly used and machine-readable format. This means all information regarding such individual, body, agency or group should be sent in a simple format that would allow for easy reading and storage. In fact, the law also recommends that the data apart from being easily readable must also be sent in a format that is easily transferable. For more information about the above subject matter, you can read about it in section 6 of the General Data Processing Regulation (GDPR).
- Right to Object
According to the European legislator, each subject data has the right to object the controller from processing or profiling their data. This means, if a subject data decides to stop a controller from processing their personal data on any ground, the controller has to adhere to such directive, except such objections is not in the interest of the government of the country in which the controller operates.
- Automated Individual Decision Making
The automated individual decision making right prevents the subject data from being subjected to a decision made by the automated processing. In other words, a subject data would not be held responsible solely by an automated processing decision, especially when it comes to profiling and other decisions that might have a legal implication on the subject data. For more information about this right, you can find more leads by reading up on the General Data Processing Regulations (GDPR).
- Right to Withdraw Data Protection Consent
The European legislator has further empowered subject data by granting them the right to withdraw their consent if they desire to stop the controller from processing their personal data. This means, regardless of what has been agreed upon earlier, if a subject data decides to stop the controller from processing his or her personal data, then the controller has no other choice than to adhere to such instruction as given by the subject data.
Legal Basis for the Processing
According to the European legislator, the processing of personal data is legally guided by Article 6 (1) of the General Data Processing Regulation (GDPR). This means everything that has to do with the legal basis for the processing of subject data must follow this set down rule. Any controller that goes against these set legislations is not acting in the interest of the law. For more information about this stipulation, read up on Article 6 (1) of the General Data Processing Regulation.
Routine Erasure and Blocking of Personal Data
According to the stipulations of the European legislators and other relevant bodies, a controller is only allowed to store the personal data of the subject data for only the period of time necessary to achieve storage purpose. After this has been achieved, the law demands the controller to erase such data. Invariably, this means no controller is allowed to hold on to the subject data more than the period of storage, which has been stipulated by the various laws guiding the activities of the controllers’ operations.
Period for Which the Personal Data Will Be Stored
Ideally, the personal data of subject data are required to be stored for a wide range of reasons. It is not just in the interest of the controller to have the data, but also in the interest of various government agencies, including the tax authorities, legal agencies and members of the government’s armed forces. However, there is also a period of time during which the subject data’s personal data can be stored. Once the stipulated period has expired, then, the data should be deleted by the controller.
The period for which these data can be stored is always determined by the regulatory authorities, such as the GDPR and other relevant bodies in the various countries.
As one of the ingenious websites use in keeping track of users and engaging in conversations around the world, we have developed a newsletter for our users. The newsletter was built to collate users’ information, needs, views, and to also serve as a means of giving input to the website.
Our newsletters would be sent out to clients regularly, and you can subscribe to it if you would like to hear from us about the latest offers and promotions regarding our brand. We would also be passing out other vital information to users through the newsletters.
To subscribe to our newsletter, make sure you have a functional e-mail address as that is the medium through which we shall be used to send the newsletters to you from time to time. During registration, we shall be collating relevant data, including your email address, the IP address of the computer you use, date and time of registration among other data in order to serve you better.
We may also track the newsletter we send to you in order to understand your preferences and develop a way to serve you better.
Contact Possibility Via the Website
Our website is enhanced with various means through which you can contact us. You can easily contact any of our representatives through filling a contact form, sending a mail or even calling our contact numbers.
What you should know is, when you contact us, we would likely store your data, and this is because we wish to serve you better. We believe storing your data would allow us to recognize you when next you reach out to us, and we would also be able to contact you when we have an offer that we think would be beneficial to you.
Company responsible for managing the privacy of every visitor to our website for all our services.
Below, we will explain the data we require from our users and why we need these pieces of information from them.
What data do we need and why do we need them?
- Your name and contact information
-To post your orders.
-To send you information, notices, and updates via email or as a text message. Getting this information across to you is necessary to help us inform you of when your order has been delivered as well as to keep you informed about our offers and promotions.
-To enable us to detect and prevent potentially fraudulent cases to protect you from being a victim of fraudulent acts.
-To help us determine what our customers like, which is essential if we must offer the products and services you want.
- Your date of birth
-To check that you are up to the legal age.
-To detect and prevent fraudulent acts.
- Information on your gender
-To redirect you to sections of our website which offers products and services you are likely to be more interested in.
- Your payment information
-To process your transactions (may include but is not limited to collecting payments and making refunds).
-As an e-commerce company, this is essential if we must comply with our contract with you.
-To detect and prevent fraudulent acts.
- Your contact history with us
-To deliver better customer service.
-To train our members of staff to allow them to offer a better and more helpful service when we are contacted by customers.
- Your purchase history and saved products
-To suggest products that may be of interest to you.
-To improve customer services in handling returns.
-To find what you and other customers like.
- Information on accounts linked to us
-To improve your access to the website without having to create an account as you can easily use a direct link via social networks.
-To offer recommendations on products to enable you to find what you like.
- Your responses, quizzes, and promotions
-To conduct surveys, quizzes or promotions
- Your IP address, browser and Operating System
- To promote marketing campaigns by e-mail
You are not obligated to provide us with any personal data. However, if you do not, your shopping experience with us will be greatly limited as you will be unable to make any purchase from the store. Nonetheless, the decision to share personal information is solely up to you and we will respect whatever decision you make. We are committed to offering you the products you like but without your data, it will be impossible for us to receive your order, process your payments and deliver the goods to you. Conclusively, we can not give you personal attention if we do not have your personal information.
The security of your data is of utmost importance to us and we will never compromise your privacy. Your data is anonymized and grouped to make it more difficult for an external party to monitor or identify you. Your information is used for a variety of purposes including research and data analysis tasks and testing computer systems to improve our website and develop new products and services. We may also share your personal information with affiliated third parties.
Use of Payment Platforms
As an e-commerce store, it is necessary for us to work with payment platforms to help us efficiently process and handle your orders. We use the best payment platform available in the market whose security values are well aligned with that of Swimsuits Now to ensure that we can offer you the best service while keeping your private data safe and secure.
Social Networks and Advertising
Cool Portraits have accounts on the following social media platforms: Facebook, Twitter, Instagram, YouTube, LinkedIn, Pinterest and Google+. These accounts were created primarily for the purpose of marketing the products and services.
Our customers may follow Cool Portraits on these social networks. However, it is imperative to note that our users who follow
You agree that Cool Portraits may have access to your public information especially your contact name on the social network when you follow the account. Nonetheless, the user can configure the privacy pertinent on their profiles on the pertinent social network whenever they please.
Use of Profile
Regarding the use of your profile, Cool Portraits may carry out any of the following actions;
- Access the public information on the user's profile.
- Post information on the user's profile (information previously published on the website) if requested by the user.
- Send private messages via the channels of the pertinent social network with permission from the user.
- Update the page status which can be viewed on the user’s timeline.
The user will have control over his/her profile at all times and may delete any content they are not interested in. The user may also modify their privacy settings to check and regulate whom they share their connections with. We work together with Google Analytics which provides us with information regarding your age, sex, and location to help us tailor your feed to show you what might be of interest to you.
Promotions, Quizzes and Raffles – Website and Social Networks
Cool Portraits reserves the right to organize promotions, quizzes, and raffles. If these events are organized on social networks, users following the page may choose to participate. Cool Portraits shall also publish the regulations binding these events, in compliance with currently applicable law.
- Facebook: https://www.facebook.com/privacy/explanation
- Twitter: https://twitter.com/privacy?lang=en
- Instagram: https://instagram.com/about/legal/privacy/
- YouTube: https://www.google.com/intl/en/policies/privacy/
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- Pinterest: https://about.pinterest.com/en/privacy-policy
- Google+: http://www.google.com/intl/en/policies/privacy/
In the event that any of the clauses of this Conditions of Use becomes invalid, the remaining provisions shall remain valid and interpreted with consideration to the intentions of the parties and the essence of such Conditions of Use.
Should Cool Portraits fail to comply with any of the rights mentioned in these Conditions of Use, this shall not be considered a waiver of such rights. However, a specific waiver in written form by Cool Portraits shall be considered. Also, if the pertinent action becomes time-barred, then such noncompliance may also be interpreted as a waiver.
Amendments to the Conditions of Use
These Conditions of Use shall be available to be accessed by our customers here on this webpage at all times. Customers must thoroughly review this Conditions of Use as accepting this agreement is a necessity if you are to contract any product or service from us, either via the website or apps.
Communication between Cool Portraits and Customer
Every communication between Cool Portraits and our customers regarding these Conditions of Use, shall be processed via the available online communications channel or by email firstname.lastname@example.org.
The mailing system must allow for the verification of the content and receipt of the communications by Cool Portraits. Communications between Cool Portraits regarding the purchase of products and services on the website may also be processed via e-mail, WhatsApp and social networks on which we have accounts.
Providing our customers with the best service possible is our top priority a Cool Portraits. To enable us to achieve this goal, we have an expert team in place whose members will see to the protection your personal information, in conformity with EU Regulation 2016/679, on the protection of individuals in connection with the processing of personal information and the free movement of the pertinent data. This legislation was officially implemented on the 25th of May 2018. You can read up more information on the legislation here: https://ec.europa.eu/info/law/law-topic/data-protection_en