Last updated 2018-07-15
SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our website, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
“Personal data” (or “personal information” in this Policy) means information we hold about you from which you can be or are identified. Personal data may be held in paper or electronic format or in another recorded form including photographs or video clips. It may include the following information: your name, contact details (personal and/or work details), next of kin details, sickness, health or disability information, race, religion or ethnicity, sexual orientation, trade union membership, marital status, criminal offences, political beliefs, expressions of opinion about you or indications of our management intentions towards you.
When you browse our website, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our company, new products and other updates.
SECTION 2 - CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will ask you directly for your expressed consent.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your personal information, at anytime, by contacting us at email@example.com or mailing us at: 1668 Langport Drive, Sunnyvale, CA 94087, United States.
SECTION 3 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 - HEROKU
Our website is hosted on Heroku Inc. They provide us with the resources to store data and display our products.
Your personal data is stored through Heroku’s data storage, databases and the VAWAA application. They store your data on a secure server.
If you choose a direct payment gateway to complete your purchase, then Stripe stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is never stored on our servers.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our website and its service providers.
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us and the jurisdiction may have a lower standard of data protection laws compared to your country of residence. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our website, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site. Under applicable European Data Privacy Laws (defined below), children between the age of 13 to 16 may provide valid consent to process their personal information. Where consent is required under such European Data Privacy Laws, you have the obligation to provide to us evidence of such consent or, as required under the European Data Privacy Laws, the authorisation of the holder of parental responsibility for the child. We may refuse to process, or continue to process, the child’s personal information until we receive this evidence of consent or authorisation.
If our website is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
SECTION 9 - NOTICE TO THOSE WHO ARE PROTECTED BY EU GENERAL DATA PROTECTION REGULATION
Although VAWAA will grant the following rights to any customers, users, and visitors regardless of nationality, this section is specifically to establish compliance with the European Union General Data Protection Regulation (“GDPR”) and other applicable European data protection laws (“European Data Privacy Laws”).
How we use your data
To accept credit card payments and send fees via wire transfer and automated clearing house (ACH) transactions.
To communicate with you, provide receipts, and keep you informed with the latest news.
For analytics purposes to better understand our customers.
To prepare a host or guest prior to meeting to ensure a quality experience.
To fulfill any other purpose for which you provide personal information.
We use your personal information for the following key purposes:
- to contact you: subject to applicable law, we or our third-party service and business providers may send you communications. Such communications are designed to make your experience of our Services more efficient and may include, but are not limited to: notifications about our Services and other communications (including important news that could affect your relationship with us), communications about promotions and our mobile application features. Where required under applicable data privacy laws, we will not send you marketing communications without your prior consent;
- for legal purposes: we may use and share personal information for legal purposes, including financial, regulatory, tax and other legal obligations and to respond to governmental or regulatory requests or subpoenas or for litigation purposes;
- for our legitimate business interests and those of a third party: we may use your personal information to manage our legal, regulatory, financial and business requirements, including obtaining legal advice, in the course of disputes and litigation, internal and/or regulatory investigations;
- for our business purposes: we may use your personal information to help us efficiently operate the Services, to count and recognise visitors to the website, to enable certain features on the website and for other purposes related to managing our business;
- for other purposes: subject to applicable law, we may use your personal information for additional purposes in connection with the Services, where you have provided your prior consent.
Data you provide to us directly
We collect and store this data when you provide it to us directly via forms, email, or other forms of communication.
Location data including Country, City, Continent, Address, Directions To Studio
Identification data including Name, Phone Number, Email, Personal Website, Languages Spoken, Emergency Phone, Social Profiles, Date Availability, Art Form, Provided Bio, Job Title
Reviews and photos submitted to us regarding your experiences with the product.
Payment data such as bank accounts and credit cards are not stored on our servers; however we do store references to this information where it is stored in various third parties.
Data automatically collected when you use our service
Log Information: We log information about your use of the Services, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to the Services.
Device Information: We collect information about the computer or mobile device you use to access the Services, including the hardware model, operating system and version, unique device identifiers and mobile network information.
We may also receive information about you from other sources, such as publicly available information, and link or combine that with information we collect about you.
Identification data including Name, Phone Number, Email, Personal Website, Languages Spoken, Emergency Contact, Social Profiles, Date Availability, Art Form, Provided Bio, Job Title
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any contractual or legal requirements.To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Categories of services used to process data include:
VAWAA partners with third-parties to help us monitor and analyze website traffic and can be used to keep track of User behavior, helping us to improve the services and experience of using them.
Performance and Logging
VAWAA partners with third-parties that assist us in monitoring the stability of the website and applications and resolving issues or errors with the service.
VAWAA partners with third-parties to manage receipt of consent to send marketing emails and sending those same emails.
VAWAA partners with third-parties who will process payments on behalf of the customer. VAWAA never sees, and thus cannot store your credit card information.
We may need to disclosure your personal information if required or requested to do so by law or regulatory authorities or in the course of litigation
Your right to request that we delete or restrict the processing of your personal data
You may delete your account by emailing us at firstname.lastname@example.org. This will delete or obfuscate all personal data with the exception of email correspondence. Note that the process to delete all data associated with your account will take up to thirty (30) days, with log files retained for up to eighteen (18) months. You can also ask that we delete the remainder of your personal data. You can also ask that we restrict the processing of your personal data by emailing us at email@example.com.
Your right to adjust notification settings
By clicking an unsubscribe link in any email, you will be removed from all non-transactional communication effective immediately.
Your right to correct information
You may correct, amend, or update your personal information by emailing us at firstname.lastname@example.org.
Your right to access and portability
You can access any personal information that we have by emailing us at email@example.com. You can also ask for a copy of the data you have shared with us to be provided to a new service provider.
Exemptions to rights of access, deletion, restriction and portability
There are certain exemptions and restrictions of all of these rights under the European Data Privacy Laws that enable personal information to be retained, processed or withheld from access and we will inform you of these if applicable.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend, restrict or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org or by mail at:
1668 Langport Drive, Sunnyvale, CA 94087, United States
VAWAA Re: Privacy Compliance Officer
If you wish to complain about the handling of your personal information outside of the organisation, you have the right to raise a complaint with the supervisory authority in your country of residence.