Your Privacy Rights
Last Updated: March 27, 2020
Artopiatogo LLC(“Entity,” “us”, “we” or “our”) values your privacy, and we are committed to protecting your personal information. We want all customers who have direct contact with us and our services to feel confident and comfortable with how we collect and hold personal information about them. We will collect, look after and use your personal information in accordance with the requirements of Children’s Online Privacy Protection (COPPA), General Data Protection Regulations (GDPR), and the California Consumer’s Protection Act (CCPA).
Please note the following:
• All the information set out in this Policy may not apply to you. Below is an overview of the possible circumstances in which we could interact together. Our interactions with you will determine which of the following applies to you and your personal information.
WHAT PERSONAL INFORMATION WE COLLECT AND WHEN AND WHY WE USE IT
The information we collect from you allows you to register for classes, login to our Webex meetings, use our Services (collectively, “Events”).
Individuals (and agents of individuals) may provide us information directly or indirectly by registering for an Event or by otherwise using our Services (these individuals are referred to as “Consumers”). For example, you may enter your information in order to register for an Event, or someone who has organized a group even may enter your information on your behalf to register your entire group.
We will only collect, use, and share your personal information where we are satisfied that we have an appropriate legal basis to do this. The chart below summarizes when we collect personal information, the sources from which that information was collected, the types and categories of personal information we collect, how we use the personal information, and the legal basis for our use of such personal information.
we may also use your information for the following purposes which we consider to be everyday business purposes:
• For identity and credential management, including identity verification and authentication, system and technology administration
• To protect the security and integrity of systems, networks, applications and data, including detecting, analyzing and resolving security threats, and collaborating with law enforcement or other groups about imminent threats
• For fraud detection and prevention
• For legal and regulatory compliance, including all uses and disclosures of personal information that are required by law or for reasonably needed for compliance with company policies and procedures, such as: anti-money laundering programs, security and incident response programs, intellectual property protection programs, and corporate ethics and compliance hotlines,
• For audits, including financial, security, or compliance audits, and analysis and reporting,
• To enforce our contracts and to protect against injury, theft, legal liability, fraud or abuse, to protect people or property, including physical security programs,
• To de-identify the data or create aggregated datasets, such as for consolidating reporting, research or analytics,
• To make back-up copies for business continuity and disaster recovery purposes, and
• For corporate governance, including mergers, acquisitions and divestitures.
HOW WE PROTECT AND STORE PERSONAL INFORMATION
We have implemented and maintain appropriate technical and organizational security measures, policies and procedures designed to reduce the risk of accidental destruction, or loss, or unauthorised disclosure or access to such information appropriate to the nature of the information concerned, including:
• (where appropriate) password protection, encryption, and use of secure communication transmission software (known as "transport layer security" or "TLS") to protect our Sites;
• placing confidentiality requirements on our employees and service providers;
• destroying or permanently anonymizing personal information if it is no longer needed for the purposes for which it was collected; and
• following strict security procedures in the storage and disclosure of your personal information to prevent unauthorised access to it. Whilst we take appropriate technical and organisational measures to safeguard your personal information, no transmission over the Internet can ever be guaranteed to be secure. Therefore, we cannot guarantee the security of any personal information that you transfer over the Internet to us and any such transmission is at your own risk.
As the security of personal information depends in part on the security of the computer you use to communicate with us and the security you use to protect usernames and passwords, you should take steps to protect against unauthorized access to your password, computer, and web-enabled devices, among other things, by signing off after using a shared computer, inserting a password on your web-enabled device, choosing a password that nobody else knows or can easily guess, keeping your password private, and periodically changing your password. You should never share your log-in information with others. We are not responsible for any lost, stolen or compromised passwords, or for any activity on your account via unauthorized password activity.
Storing your personal information
We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this Policy. Where your information is no longer needed, we will ensure that it is disposed of in a secure manner. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements.
In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
EXPLAINING MORE ABOUT DIRECT MARKETING
How we use personal information you keep you up to date with our Services
We may use personal information to let you know about our Services that we believe will be of interest to you. We may contact you by email, post, social media, telephone, or through other communications channels that we think you may find helpful. In all cases, we will respect your preferences for how you would like us to manage marketing activities with you.
When and how we undertake profiling and analytics
We aggregate personal information and remove any identifying elements in order to better understand how users access and use our Sites and Services for other research purposes.
We undertake profiling and analytics to improve our Sites and Services by providing personalized experiences, personalized help, and instructions.
This means that we may automatically process personal information to evaluate certain personal aspects about an individual, in particular to analyze or predict aspects concerning personal preferences, interests, behavior, location or movements. When we send or display personalized communications or content, we use some profiling techniques. This means we may collect personal data about you in the different scenarios mentioned above (in the why we collect your data section), and use this data to analyze, evaluate, or predict your personal preferences, interests, behavior and/or location.
You may have the right to object at any time to the use of your personal data for “profiling”. Please contact us directly at firstname.lastname@example.org.
Some of the legitimate purposes for which we profile personal information include:
• to obtain a better understanding of what you would like to see from us and how we can continue to improve our services for you;
• to personalize the service and offers you receive from us;
• to provide you with tailored content online and optimize your experience of our Sites and Services;
• to help us operate our services more efficiently;
• to authenticate log-ins on our Sites and detect and prevent fraud.
Where required under applicable privacy laws:
• we will take steps to ensure that prior to profiling your personal information for a legitimate interest that our legitimate interest is not overridden by your own interests or fundamental rights and freedoms;
When and how we carry out automated decision making
We undertake automated decision making to improve our Sites and Services by providing personalized experiences, location customization, personalized help, and instructions.
This means that we may automatically process personal information to evaluate certain personal aspects about an individual, in particular to analyse or predict aspects concerning personal preferences, interests, behavior, location or movements. When we send or display personalized communications or content, we may use automated decision making. This means we may collect personal data about you in the different scenarios mentioned above (in the why we collect your data section), and use this data to analyse, evaluate, or predict your personal preferences, interests, behavior and/or location.
LEGAL RIGHTS AVAILABLE TO EU DATA SUBJECTS HELP MANAGE YOUR PRIVACY
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, if you are an EU data subject, you may have certain rights in relation to your personal information. Please contact us directly at email@example.com and I will make every effort to honor your request for privacy.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to access personal information
You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
• for compliance with a legal obligation; or
• for the establishment, exercise or defence of legal claims.
Right to restrict the processing of your personal information
You can ask us to restrict your personal information, but only where:
• its accuracy is contested, to allow us to verify its accuracy; or
• the processing is unlawful, but you do not want it erased; or
• it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
• you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal information following a request for restriction, where:
• we have your consent; or
• to establish, exercise or defend legal claims; or
• to protect the rights of another natural or legal person.
Right to object to the processing of your personal information
You can object to any processing of your personal information which has our legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to object to how we use your personal information for direct marketing purposes
You can request that we change the manner in which we contact you for marketing purposes by emailing firstname.lastname@example.org.
You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
LEGAL RIGHTS AVAILABLE TO CALIFORNIA RESIDENTS TO HELP MANAGE YOUR PRIVACY
California residents have specific rights regarding their personal information. We do not distribute any personal information (for any purposes) to third-party companies.
Right to Know About Personal Information Collected, Disclosed, or Sold:
You have the right to request, subject to verification of your identity, that we disclose to you what personal information we have collected, used, disclosed, or sold over the past 12 months. Email us directly at email@example.com.
Right to Request Deletion of Personal Information:
You have the right to request, subject to our verification of your identity, that we delete the personal information that we have collected or maintain about you, subject to certain exceptions. Please email us at firstname.lastname@example.org
Right to Non-Discrimination:
You have the right not to receive discriminatory treatment from us for the exercise of your rights described in this section. We will not discriminate against you (for example, by denying you services or charging you a different rate) for exercising any of your rights.
How to Exercise Your Rights to Access and Deletion:
To exercise your right to access or your right to delete, please submit a notarized written request with your signature and the date to email@example.com.
In order for us to honor your access or deletion request, you must provide us with enough information to reasonably verify you are the person about whom we collected personal information or an authorized representative. We may ask you for information associated with your account, which might include your name, email, address, and phone number. We will confirm receipt of your request within 10 days and respond to requests for access and deletion within 45 days. We will also let you know if we are not able to verify your identify based on the information you have provided. If you submit a request for deletion, we will send you a confirmation email to validate the request before deleting your personal information. After we have responded to two requests from you within a 12-month period, we may choose not to respond to any additional requests from you during such period.
CHILDREN UNDER 16
In some countries, parents have the right to consent to the collection and use of personal information from children under the age of 16 (collectively, “Children,” and individually, a “Child”) without also consenting to the disclosure of such information to outside third parties, except in order to provide the Services. Artopiatogo does not share personal information collected from or Children with third parties for any purpose other than to provide the Services.
What information do we collect from children under the age of 16?
• Personal information such as first and last name, parent’s email address;
• Information about a Child’s activities and interests;
• Other profile data, such as contact information, gender, and photo (collected from the parent);
How we use the information collected from Children?
• To provide a notice to parents regarding your Child’s interest in registering to use the Sites;
• To obtain verifiable parental consent;
• To provide our Services, to communicate with parents about your Child’s use of our Services and for other customer service purposes;
• To provide information that a parent or Child has requested to receive from us in response to an opt-in request;
• To provide our Services at the request of our Clients
• To administer Events;
• To provide results of Events; and
• To improve our Sites and Services by providing personalized experiences, location customization, personalized help, and instructions.
Can I access and modify my Child’s personal information?
If your Child’s personal information changes, if you no longer wish to allow your Child to participate on the Sites, or if you wish to delete your Child’s information and refuse further collection and use of the information, please email us at firstname.lastname@example.org.
How long is my Child’s information retained?
We will retain the information we collect for as long as your or your Child is registered for Services. Please note that even if we delete your or your Child’s information, it may persist on backup or archival media and other information systems.
Artopiatogo regularly reviews its policies, procedures and practices regarding personal information and this Policy.
The primary point of contact for all issues arising from this Policy is our Data Protection Officer. Our Data Protection Officer can be contacted in the following ways:
If you have any questions, concerns or complaints regarding our compliance with this Policy, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.
We may update this Policy from time to time. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.