The growing body of legal requirements on privacy and data protection are placing increased demands on the way we handle personal data. Your privacy is extremely important to us, and we are committed to seek compliance with data privacy requirements when processing your personal data.
Who is responsible for your personal data?
PlanetArt is responsible for your personal data. PlanetArt comprises PlanetArt LLC, 23801 Calabasas Rd, Calabasas, CA 91302, USA and PlanetArt UK Ltd., Gateway House, Tollgate, Chandler’s Ford, Eastleigh, Southampton, S053 3TG, Great Britain (“PlanetArt”). Specifically, your data will be controlled by:
23801 Calabasas Rd
Calabasas, CA 91302
You can reach the PlanetArt EU representative at:
PlanetArt UK Ltd.
S053 3TG, Great Britain
You may also contact us via the Contact Us link in the drawer of the mobile app or the Contact Us page on the website you are using.
Where does PlanetArt collect your personal data from?
We process personal data which we receive from you when you place an order on our website or by using our services and mobile device apps. We also collect personal data from customers who communicate with us via e-mail and those who provide their e-mail address when joining our mailing list. In addition, we collect personal data that is provided to us by visitors to our website and mobile device apps or who use our services in connection with contest participations, survey information and member account registrations.
Moreover, we process personal data legitimately obtained from commercially available sources or which have been legitimately transmitted to us from other companies of the group or third parties.
Which personal data does PlanetArt collect?
Relevant personal data we process are contact information (such as your name, postal address (for shipping and billing), e-mail address, telephone number and other contact data), photos, IP addresses, financial information (such as data necessary for processing payments, including credit/debit card numbers and bank account information) and other unique information such as transaction information, product and service preferences, passwords for our password-protected platforms and services and other data comparable with the above-mentioned categories of personal data or personal data voluntarily provided by you.
We do not collect or process special categories of personal data, and we do not knowingly collect personal data from children under the age of 18. We do not target our Services to children under the age of 18.
We may collect aggregate or non-identifiable (anonymous) information from all users of our Services, regardless of whether they place an order with us, volunteer such information, communicate with us, join our mailing list or otherwise (such as language, postal code, unique device identifier and location).
What is the purpose of processing your personal data?
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and any other relevant data protection laws for the following purposes:
- Fulfilling your orders and purchases that you make through our Services, managing your customer relationship with us and supporting marketing purposes;
- Supporting website and mobile device app management, service, support, authentication and authorization;
- Supporting software and IT management as well as IT security;
- Supporting compliance with our legal obligations (such as record keeping obligations);
- Supporting corporate reorganizations, joint ventures, sales, transfers or other dispositions of all or any portion of our businesses; and
- For any purpose related to the foregoing purposes or any other purpose for which your personal data were provided to us.
In addition, we use aggregate or non-identifiable (anonymous) information and pool it with other information to track, for example, the total number of visitors to and users of our Services, the number of visitors to each page of our Services, the domain names of our visitors' Internet service providers, and how our users use and interact with our Services.
One of the special features of the Services is that they allow you to enable various online third-party services, such as social media and social networking services, to be directly integrated into your experience with our Services. To take advantage of these features, we may ask you to provide us your username and password for the relevant third party services. By enabling such third-party services, you are allowing us to pass your log-in information to these service providers for this purpose. When you add a third-party service account to our Services, we will collect your login information and other relevant information necessary to enable such Services to access that third-party service and your data contained within that third-party service.
On which legal basis does PlanetArt process your personal data?
Depending on the specific purpose or purposes for the processing of your personal data above, we rely on one or more of the following legal grounds:
- Because processing is necessary for the performance of your customer contract or other contractual obligations or in order to take steps prior to entering into such contracts with you;
- Because processing is necessary for compliance with a legal obligation (such as record obligations for commercial or tax purposes or other regulatory obligations);
- Because processing is necessary in order to protect your vital interests or the vital interests of another natural person; or
- Because processing is necessary for the purposes of our legitimate interests or those of any third party recipients that receive your personal data, provided that such interests are not overridden by your interests or fundamental rights and freedoms.
Legitimate interests comprise, for example, developing and improving our internal administration or business and service processes, marketing and reputation activities, keeping our records up to date, handling and managing our contractual obligations, handling of our legal and contractual duties and obligations and compliance with internal and legal regulations that apply to us.
In addition, we process your personal data on the basis of your consent where you have expressly given that to us for certain purposes such as direct marketing.
Who will receive your personal data?
Within the group, affiliated group companies and departments may be provided with your personal data in order to comply with our internal, contractual and statutory obligations. In addition, third-party service providers and agents engaged by us may also receive your personal data for these purposes.
Categories of external recipients of your personal data are, for example:
- Public, governmental or regulatory authorities and institutions (such as tax authorities and including to meet national security or law enforcement requirements);
- Service providers for services such as IT services, logistics, manufacturing services, delivery services, communication services and audit services;
- Third parties to whom we assign or novate any of our rights or obligations and cooperation and business partners;
- Potential cooperation partners, buyers, investment banks or financial institutions in connection with corporate reorganizations or transactions; and
- Courts, law enforcement authorities, regulators or attorneys or other third parties in connection with the establishment, exercise or defence of legal claims.
In addition, we may share non-identifiable and aggregate data with our affiliates, agents and business partners, or disclose aggregated user statistics in order to describe our Services to current and prospective business partners, and to other third parties for other lawful purposes.
Will your personal data be transferred to a third country?
Our headquarters and operations are located in the United States. Accordingly, we may transfer your personal data to departments and affiliated group companies and third parties in the United States and other countries outside the European Union (so-called third countries) if required for our business.
Any such international transfers of your personal data will be protected by appropriate and suitable safeguards as required by the EU General Data Protection Regulation (GDPR) or other relevant data privacy laws, which include:
- EU standard data protection clauses adopted by the European Commission for transfers of your personal data to a group company or a third party in the United States or any other third country, which are available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en, and
- the EU-US Privacy Shield framework adopted by the European Commission for transfers of your personal data to a group company or a third party in the United States, which is available at http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%3AOJ.L_.2016.207.01.0001.01.ENG&toc=OJ%3AL%3A2016%3A207%3AFULL.
Moreover, where a transfer of your personal data can not be based on the safeguards listed above, such transfer to a third country may also be necessary in order to perform a contract with you or in individual cases for the purposes of our compelling legitimate business interests and in order to comply with our internal, contractual and statutory obligations, provided that such business interests are not overridden by your interests or rights and freedoms.
For how long will your personal data be processed and stored?
We process and store your personal data only as long as is necessary for our relationship with you or as is required to meet our contractual and statutory obligations in accordance with applicable laws (such as obligations of retention under commercial or tax laws). As a rule, the time limit for retention or documentation specified in applicable law is 2 to 10 years. After the lapse of the relevant retention periods, your personal data may either be erased (on a regular basis), anonymized, or transferred to an archive. In such archive, your personal data may be used for historical, scientific or statistical purposes, dispute resolution and investigations.
How does PlanetArt protect your personal data?
PlanetArt has implemented a data protection policy and various technical and organizational measures in order to keep your personal data confidential and secure in accordance with our internal procedures and the EU General Data Protection Regulation (GDPR) and other applicable data privacy laws. Our technical and organizational security measures are designed to prevent accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
These include inter alia as appropriate, pseudonymization and encryption of personal data, the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident and a process for regularly testing the effectiveness of our technical and organisational measures for ensuring the security of the processing.
How can I change my personal data?
If you believe that you have provided us with personal data that are incorrect or that need to be updated you may contact us via the Contact Us link in the drawer of the mobile app or the Contact Us page on the website you are using.
Am I obliged to provide personal data?
As a general principle, you will provide us with your personal data entirely voluntarily, and there are in principle no detrimental effects for you if you choose not to provide your personal data. However, there are circumstances in which Planet cannot take action without certain of your personal data, for example because this personal data is required to process your orders or to provide you with access to a Services offering or email communications. In these cases, it will unfortunately not be possible for us to provide you with what you request without the relevant personal data.
What are my rights with respect to my personal data?
If you are an EU citizen or non-EU national residing in the EU, subject to certain conditions, you may have a right of access to your personal data which we hold (Article 15 GDPR subject to the restrictions of applicable local law), a right to rectification of inaccurate personal data which we hold (Article 16 GDPR), a right to erasure of your personal data in certain circumstances (Article 17 GDPR subject to the restrictions of applicable local law), a right to restriction and to object to the processing of your personal data which we hold (Article 18 and 21 GDPR) and a right to data portability (Article 20 GDPR). Further, you have a right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR in conjunction with applicable local law) or to to invoke binding arbitration under Privacy Shield Principles.
23801 Calabasas Rd
Calabasas, CA 91302
You may also contact us via the Contact Us link in the drawer of the mobile app or the Contact Us page on the website you are using. Complaints under the Privacy Shield Framework can be addressed to the panel established by the EU Data Protection Authorities.
We may request that you provide such information which we may reasonably require in order to confirm your identity and in order to locate the information that you seek. Where we have reasonable doubts concerning your identity, we may request the provision of additional information in order to prevent unauthorized disclosure of personal data. Where requests are manifestly unfounded or excessive, we reserve the right to either charge a reasonable fee taking into account the administrative costs of providing the information or communication of taking the action requested or refuse to act on the request.
Information about your right to withdraw your consent pursuant to Article 7 (3) GDPR
Where you have granted your consent to us for the processing of your personal data, your consent may be withdrawn at any time. This also applies to consents given to us before the GDPR enters into force, i.e. before 25 May 2018. The withdrawal of your consent has an effect only for the future and does not affect the lawfulness of the processing of your personal data based on your consent before its withdrawal.
Information about your right to object pursuant to Article 21 GDPR
If you are an EU citizen or non-EU national residing in the EU, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on point (e) of Article 6 (1) (processing in the public interest) and point (f) of Article 6 (1) GDPR (processing based on legitimate interests), including profiling based on those provisions. If you object to the processing of your personal data, we will no longer process your personal data unless we have compelling legitimate grounds for such processing which override your interests, rights and freedom or, alternatively, such processing serves to assert, exercise or defend legal claims.
We may also process your personal data for direct marketing purposes. If you are an EU citizen or non-EU national residing in the EU, you have the right to object at any time to processing of your personal data for such marketing; this also applies for profiling to the extent it is related to such direct marketing. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
Any withdrawal of consent or objection to the processing of your personal data should be submitted informally, indicating your name, your address and your date of birth and should be addressed to:
23801 Calabasas Rd
Calabasas, CA 91302
You may contact us via the Contact Us link in the drawer of the mobile app or the Contact Us page on the website you are using.