1.0 PRIVACY AND DATA PROTECTION
- We have a duty of care for the individual protection for the people within our list of contacts
- Individual data is a liability, it is only collected and processed when necessary
- We do no sell, rent, distribute, or make your personal information public in any way
2.0 RELEVANT LEGISLATION
This website and our internal computer systems are designed to comply with the EU General Data Protection Regulation 2018 (GDPR) international legislation and the following US legislation that regards data protection and user privacy:
California Online Privacy Protection Act Compliance
Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent.
Children’s Online Privacy Protection Act Compliance
We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.
3.0 PERSONAL INFORMATION THAT THIS WEBSITE COLLECTS AND WHY WE COLLECT IT
Our website collects and uses personal information for the following reasons:
3.1 Site visitation tracking
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website so that we can continually improve the viewer experience.
Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website. If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, the website will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
3.2 Our blog
Should you choose to add a comment to any posts that we have published on our blog, the name and email address you enter with your comment will be saved to this website’s database, along with your computer’s IP address and the time and date that you submitted the comment. This information is only used to identify you as a contributor to the comment section of the respective blog post and is not passed on to any of the third-party data processors detailed below.
Only your name will be shown on the public-facing website although if the supplied email address is linked to a Gravatar account, your Gravatar photo will also be displayed.
Your comment and its associated personal data will remain on this site until we see fit to either
- remove the comment or
- remove the blog post.
Should you wish to have the comment and its associated personal data deleted, please email us using the email address that you commented with.
NOTE: You should avoid entering personally identifiable information to the actual comment field of any blog post comments that you submit on this website.
3.3 Contact forms and email links
Should you choose to contact us using the forms or e-mail links on our site, none of the data that you supply will be stored by this website or passed to / be processed by any of the third-party data processors defined in section 6.0. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP).
We would suggest that you always consider email as an insecure medium and not include personal, confidential, or otherwise sensitive information within an email.
3.4 Email newsletter
If you choose to join our email newsletter, the email address that you submit to us will be forwarded to an automated third-party email service called MailChimp, which provides us with email marketing services. The email address that you submit will not be stored within this website’s own database or in any of our internal computer systems.
Your email address will remain within this third-party database for as long as we continue to use its services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
While your email address remains within a third-party database, you will receive periodic newsletter-style emails from us.
4.0 HOW WE STORE YOUR PERSONAL INFORMATION
As detailed in section 3.0 above, if you submit a comment to a blog post published on this website, some personal information will be stored within this website’s database.
This data is currently stored in an identifiable fashion which is a function of the content management system that this website is built on (WordPress). In the near future we aim to change the storage of this data to a pseudonymous fashion meaning that the data would require additional processing using a separately stored ‘key’ before it could be used to identify an individual.
Pseudonymization is a recent requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to keeping it as a high priority and will implement it as we are able to.
5.0 ABOUT THIS WEBSITE’S SERVER
This website is hosted by Singlehop Hosting, with servers located in Chicago, Illinois.
How did SingleHop ready itself for the GDPR?
As both a controller of our own customer data and a partner to our customers, SingleHop’s compliance team has worked diligently to review current policies and procedures and implement changes in accordance with the new requirements, including as follows:
- SingleHop is EU-US Privacy Shield certified
- SingleHop’s Data Processing Agreement meets the requirements of the GDPR.
- Operational procedures are in place to handle data sovereignty restrictions.
- SingleHop’s vendors designated as a sub-processor vendor have been issued sub-processor agreements, ensuring proper handling of data.
- We will continue to adhere to rigid, best-practice security procedures across our global operations.
All traffic (transferal of files) between this website and your browser is encrypted and delivered over HTTPS via Secure Socket Layer (SSL).
6.0 OUR THIRD-PARTY DATA PROCESSORS
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in section 2.0. All 3 of these third parties are based in the USA and are EU-U.S Privacy Shield compliant.
7.0 THIRD PARTY LINKS
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
8.0 YOUR CONSENT
9.0 DATA BREACHES
We will report any unlawful data breach of this website’s database or the database(s) of any of our third-party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
10.0 DATA CONTROLLER
The data controller of this website is:
Vinyl Art, Inc.
15300 28th Avenue N.
Minneapolis MN 55447
11.0 DATA PROTECTION OFFICER