This policy applies to Dreamy Fox.
2.Who we are
Here are the details that the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, known as General Data Protection Regulation (GDPR) says we have to give you as a ‘data controller’:
- Our site address is http://www.dreamyfox.art
- Silvia Volpe, owner of Dreamy Fox, has its registered office at Via Cineto Romano 31, 00012 Guidonia Montecelio (RM), Italy
- Our Data Protection contact is Silvia Volpe and she can be contacted at firstname.lastname@example.org or PEC address email@example.com.
3.What information we collect
We may collect and process the following data about you:
- Identity data, including name, username, gender, date of birth or similar identifier.
- Contact data, including email address, postal address and telephone numbers.
- Financial data, including bank account and payment details.
- Transaction data, including details about payments to and from you and other details of products / services you have purchased from us or products / services we have purchased from you.
- Technical data, including IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology you use to access our site.
- Profile data, including your username and password, your interests, preferences, feedback and survey responses.
- Usage data, including information about how you use our website and products and services that you purchase from us.
- Marketing and comunication data, including your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated data such as statistical or demographic data. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage data to calculate the percentage of users accessing a specific website feature.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). We do not collect any information about criminal convictions and offences.
Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:
a) you have given consent to the processing of your personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which we are subject;
d) processing is necessary to protect the vital interests of you or of another natural person;
e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
f) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our credit card payment processing, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data.
We use different methods to collect data from and about you, including:
- Direct interactions when you purchase our products or services or we purchase your products or services, create an account on our site, subscribe to our service of publications, including our newsletter, request marketing to be sent to you, enter a promotion or survey, or give us feedback or contact us.
- Third parties or publicly available sources, including analytics providers such as Google, MailChimp and Hootsuite analytics, advertising networks such as Facebook and Instagram and search engines providers such as Google and others, as well as contact data from publicly available sources such as Companies House and the Electoral Register based inside the EU.
5.How we use what we collect
We use information about you to:
- Present site content effectively to you.
- Provide information and products and services that you request, or (with your consent or if we have another lawful basis) which we think may interest you.
- Carry out our contracts with you.
- Tell you our charges.
If you are already our customer, we will only contact you electronically about things similar to what was previously sold to you.
If you don’t want us to use your personal data for any of the reasons set out in this section 5, you can let us know at any time by contacting us at firstname.lastname@example.org, and we will delete your data from our systems. However, you acknowledge this may limit our ability to provide our products and services to you.
In some cases, the collection of personal data may be a statutory or contractual requirement, and we will be limited in the products and services we can provide you if you don’t provide your personal data in these cases.
|Type(s) of data subject||Categories of personal data||Purpose of processing||Lawful basis|
|Customers, their employees and contractors||Identity data, including name, username, gender, date of birth or similar identifier.
Contact data, including address, telephone number and e-mail address
Communication data including e-mail communication, text and other messaging services
Financial data, including bank account and payment details.
Transaction data, including details about payments to and from customers
|Process orders, including invoices, payments and refunds Send products when orders are placed and provide services, where applicable||Necessary for the performance of a contract.|
|Suppliers, partners, subcontractors and their employees||Identity and contact data, including address, telephone number and e-mail address; bank details.||To enable compliance with obligations under relevant contracts, including processing order, refunds, logging and payment of invoices.||Necessary for the performance of a contract.|
|Business contacts||Identity and contact data, including name, company name, job position, address, telephone number and e-mail address, including those available via business networking websites, such as LinkedIn.||Business networking||Legitimate interests of all parties The legitimate interests of both Dreamy Fox and our business contacts is to network in the context of business. It is necessary to exchange, keep and otherwise process contact information in order to network in the context of business. There is normally a positive action taken by all parties to provide their contact details during networking with the expectation that such contact details, including personal data, may be used by the recipient for business networking.|
6. Where we store your data and how long we keep your data
We may transfer your collected data to storage outside the European Economic Area (EEA). It may be processed outside the EEA as may be necessary to provide our products and services to you, to fulfil your order and deal with payment, or if we have your consent.
We will only transfer your data to countries that are deemed to have an adequate level of protection of personal data by the European commission; or we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe; or we may transfer data to US based providers that are part of the Privacy Shield.
By giving us your personal data, you agree to this arrangement. We will do what we reasonably can to keep your data secure.
If we give you a password, you must keep it confidential. Please don’t share it. Although we try to provide protection, we cannot guarantee complete security for your data, and you take the risk that any sending of that data turns out to be not secure despite our efforts.
We only keep your personal data for as long as we need to in order to use it as described above in section 5, and/or for as long as we have your permission to keep it. If you make a data deletion request please allow 30 days from our receipt of your request to process your request.
In any event, we will conduct regular reviews to ascertain whether we need to keep your personal data. Your personal data will be deleted if we no longer need it.
7. Disclosing your information and third parties
We are allowed to disclose your information in the following cases:
- If we want to sell our business, we can disclose it to the potential buyer.
- We can disclose it if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights.
- We can exchange information with others to protect against fraud or credit risks.
We may contract with third parties to supply our products or services to you on our behalf. These may include payment processing, search engine facilities, web hosting, advertising and marketing. In some cases, the third parties may require access to some or all of your data. These are the third parties that have access to your information:
- MailChimp / marketing communications – your contact details for newsletters, information about your device and interactions with an email and product usage data. For more information see https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts
- Poste Italiane or an alternative courier service (name, postal address, telephone number, email) – as may be necessary for the provision of delivery of our orders. For more information see Porte Italiane website.
Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under GDPR and the law.
We use online statistics and marketing services provided by the following third parties. We do not share any personal data with these third parties and we do not have access to any personal data that they collect from you (apart from anonymized aggregated data that does not constitute personal data):
- Facebook, Instagram and Pinterest (advertising / interacting behaviour). For more information see Facebook, Instagram and Pinterest websites and related privacy policies.
- Hootsuite / social analytics (information about follower and following lists, media and profile info of public users, behaviour and interaction with our social media accounts). For more information on how Hootsuite collect, process and retain data see Hootsuite website.
- YouTube Studio (analytics) – information about interactions with videos, viewers activity, watch time, subscribers to the channel, traffic source types, languages, gender and age. For more information see YouTube website.
We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. The advertising services we use are provided by the following third parties:
- Facebook Pixel:
- It's an analytics tool that allows us to measure the effectiveness of our advertising by understanding the actions people take on our website. It consists in a code placed on our website that collects data to help us track conversions from Facebook ads, build targeted audiences for future ads, optimize ads and remarket to people who have already taken some kind of action on our website. It works by placing and triggering cookies to track users as they interact with our websitr and our Facebook ads.
- If you don't want Facebook to use information based on your activities on websites or apps off Facebook for the purpose of showing you ads, you can opt-out in your ads settings. Please see Facebook's Data Policy and How ads work on Facebook for more information about data practices.
- Uses tracking codes on our website and emails to track sales, create targeted e-commerce automations, generate custom Product Recommendations, send Abandoned Cart emails. For more information see https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts and https://mailchimp.com/legal/cookies/
8. Your rights
You can ask us not to use your data for marketing. You can do this by ticking the relevant boxes on our forms, or by contacting us at any time at email@example.com.
Under the GDPR, you have the right to:
- request access to, deletion of or correction of, your personal data held by us at no cost to you;
- request that your personal data be transferred to another person (data portability);
- be informed of what data processing is taking place;
- restrict processing;
- to object to processing of your personal data; and
- complain to a supervisory authority.
You also have rights with respect to automated decision-making and profiling.
9. Links to other sites
Please note that our terms and conditions and our policies will not apply to other websites that you get to via a link from our site. We have no control over how your data is collected, stored or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
11. Automated Decision-Making and Profiling
We do not undertake any automated decision-making, including profiling.