The Optimalprint services (the “Services”) are provided by Gelato ASA or the Gelato legal entity mentioned in the Terms and Conditions applicable depending on the country where you are based (together referred to as “Gelato”). Gelato is committed to protecting the personal data of those individuals who visit our website and mobile application (“Websites”) and register to use our products and Services. This Policy describes our data protection practices and how we use and collect the Personal Data that you share with us when browsing our websites and/or registering for our products. Our processing of your Personal Data is needed for us to deliver the Services to you. We may also process your Personal Data in order to comply with our legal obligations, or due to our legitimate interests or based on your consent as outlined below.
1. PERSONAL DATA WE COLLECT
We will collect Personal Data from you in the following circumstances:
When you create an account and place an Order: We will collect your first and last name, e-mail address, postal address, phone number, password, payment information, such as your credit card or PayPal account information, drafts of product designs that you save under your Account, content that you choose to save under your Account, communications and correspondence sent to and from your Account, information about purchasing habits and preferences, order histories, and/or Account histories.
When you create or design Products: We may collect any images, text, logos or other content that you upload or submit, including information related to or included within such content, such as the names, birthdates, ages and gender of individuals to whom the content is related.
When interacting with Social media sites:
You may be able to register and create an Account to use the Services using your Facebook, Google or other social media accounts. If you choose to use this option, where available, we will access your social media account profile information, such as your name and e-mail address.
The Services may give you the option to upload a photo from your social media account, such as Facebook and Instagram, and from your account with cloud storage services, such as Google Photos. If you choose to use this functionality, we will access your social media account profile information, including your profile photo and all photos that you have saved within your social media account.
You can stop sharing your social media account profile information with us at any time by removing Gelato’s access to that account. Any information that we collect from your Facebook or other social media account may depend on the privacy settings you have with that social media, so please consult the social media’s own privacy and data practices.
2. PURPOSE AND USE OF PERSONAL DATA
We use your Personal Data, including your Content, for the following purposes:
|To provide you with the Services, including enabling you to set up your account, create and design Products, processing and fulfilling your order.||Performance of a contract|
|To process your payment, facilitate billing and issue invoices, as applicable.||Performance of a contract|
|To provide you with customer service and customer support.||Performance of a contract|
|To communicate with you and to respond to your requests.||Performance of a contract|
|To conduct internal research and generate aggregated statistical data to enable us to understand our customers and improve the Services, including via the use of image analysis technology.||Legitimate interest|
|To detect inappropriate content as per section 5 of our Terms and Conditions via the use of image analysis technology.||Legitimate interest|
|To save your abandoned cart and to remind you of the designs and product(s) left in your cart if you have started a purchase by entering your email address.||Legitimate interest|
|To create a personalized profile, based on your preferences, your order and browsing history and your Content in order to present you with a more customized communication and shopping experience.||Consent (for marketing communications) and legitimate interest|
|To help keep our website safe, secure and updated.||Legitimate interest|
|To detect breach of terms and conditions and fraud cases and prevent future similar cases.||Legitimate interest|
We will create anonymous data records from Personal Data by excluding information (such as your name) that makes the data personally identifiable to you. We use such Anonymous Data records to analyze request and usage patterns so that we may enhance the content of the Services and improve Website navigation.
3. HOW WE SHARE YOUR PERSONAL DATA
We disclose your Personal Data as described below. Personal Data provided by you or that we may obtain automatically by your use of the Website, is not and will not be sold, rented, or shared by us with any third party without your prior consent.
Transfer and Storage of Personal Data
Your Personal Data will be transmitted, uploaded, transferred, stored, or backed up at Gelato’s servers with our GDPR compliant cloud providers in the United States and Europe.
Third Party Service Providers
We will share your Personal Data with third party companies and individuals that perform Services on our behalf to help us provide the Website and Services to you. In Order to fulfill your print Order in the most environmentally friendly way, we let the printer closest to the address of delivery print your products. This may mean a transfer of your personal data out of the EU. Other examples of Services that may be provided by Third Party Service Providers may include, but are not limited to: processing credit card payments with our payment provider in EU, providing customer service by our suppliers in EU and the Philippines, and maintaining our customer lists by our service providers in EU. Third Party Service Providers acting on our behalf are only provided with such Personal Data reasonably required to provide the particular service for which they are retained. Our Third-Party Service Providers are obligated to keep all of your Personal Data confidential and to collect, use and disclose your Personal Data only to the extent necessary to provide the Services on our behalf. They are fully compliant to the EU GDPR regulation and have signed a Data Processing Agreement with Gelato.
Advertisers and Third-Party Marketing
We may use your Personal Data, such as your email address, for matching against information held by social media or other advertising platforms to target our advertisements and marketing messages to you.
Third Party Payment Processor
For online payments, we use the payment services of Adyen B. V. , who will record and store the applicable payment data provided by you. Gelato only records and stores the last 4 digits of your card and its expiration date and may retrieve these details via the services of Adyen Account Updater. These details are collected and stored to facilitate transactions, including recurring payments of Optimalprint Plus membership fees.
Compliance with Law, Court Order, and Other Disclosures
Third Party Sites
The Website may contain links to third party websites, or third party websites may otherwise be associated with the Website. These companies are GDPR compliant and Gelato has signed a Data Processing Agreement with them. Gelato is not responsible for the policies and practices employed by the owners of such third party websites, including but not limited to their collection, use and disclosure of your Personal Data, nor does Gelato offer any (and expressly disclaims any) guarantee, representation, warranty, or covenant of any kind with respect to the collection, use or disclosure of your Personal Data by any third party site that is linked from (or is otherwise associated with) the Website. Please consult the terms and conditions and privacy policies of any third party websites prior to use.
Security of Your Personal Data
We employ security safeguards to protect your Personal Data against loss or theft, as well as against unauthorized access, disclosure, copying, use, or modification. When we transmit highly confidential information over the Internet, we protect it through the use of encryption technology, such as the Secure Socket Layer (SSL) protocol. We also protect your stored password through the use of encryption technology.
4. YOUR RIGHTS REGARDING YOUR PERSONAL DATA
By being an active and existing customer of Gelato, we have a legitimate interest of marketing our products to you. You can unsubscribe to this kind of communication in your customer Account or at any time by following the unsubscribe instructions in communication sent to you or by contacting us. Despite your indicated opt-out preferences, we may continue to send you administrative and transaction related communications.
Changing, Transferring or Deleting Your Personal Data
We delete Your Personal Data once no longer necessary in relation to the purposes for which they were collected or otherwise processed. You may access, review, update, correct, delete or transfer your Personal Data by editing your Account via the Service. If you completely delete all of your Personal Data, then your Account may become deactivated.
6. DATA PROTECTION OFFICER AND CONTACT INFORMATION
Our contact details:
Dronning Eufemias gate 8
0191 Oslo, Norway
Our Data Protection Officer:
If you believe that Gelato does not fulfill its obligations according to the EU GDPR regulation or other applicable privacy legislation, you also have the right to lodge a complaint with a supervisory authority.