Gelato ASA is committed to protecting the Personal Data of the Users of our Services that are available through our Website. This policy describes our data protection practices and how we use and collect the Personal Data. Our processing of your Personal Data is needed for us to deliver the service to you. We may also process your Personal Data in order to comply with our legal obligations as explained below or due to our legitimate interests.
We will collect Personal Data from you in the following circumstances:
When you create an Account and/or place an Order; we will collect your first and last name, E-mail address, postal address, phone number, password, payment information, such as your credit card or PayPal Account information, drafts of product designs that you save under your Account, Content that you choose to save under your user Account, communications and correspondence sent to and from your Account, information about purchasing habits and preferences, Order histories, and/or Account histories.
When you invite others to use the Platform; we may collect the date and time of the invite and to what e-mail addresses the invite was sent.
When you invite others to share your design library and related Content; we may collect the e-mail addresses and other information that you provide about the invitees.
When you contact us regarding products or orders, or for Customer Support or other customer service purposes; we may collect your name, e-mail address, phone number, and any communications from you to us.
If you chose to save the names and postal or mailing addresses of any contacts under your Account; (where the feature is offered), we may collect such names and addresses.
When you create or design products: We may collect any images, text, logos or other Content that you upload or submit, including information related to or included within such Content, such as the names, phone numbers and positions of individuals to whom the Content is related.
We use your Personal Data, including your Content, for the following purposes:
To provide you with the Services and to evaluate, modify and enhance the Services
To enable you to set up your Account and to process and fulfill your Order
To process your payment, facilitate billing and issue invoices, as applicable
To communicate with you and to respond to your requests
To provide you with customer service and support
For corporate Account management purposes
To help keep our Website safe and secure and to improve the Website.
We use Automatic Information to administer the Website and track user activities on the Website. We will create anonymous data records from Personal Data by excluding information (such as your name) that makes the data personally identifiable to you. We use such Anonymous Data records to analyze request and usage patterns so that we may enhance the Content of the Services and improve Website navigation.
We disclose your Personal Data as described below. No Personal Data provided by you or that we may obtain automatically by your use of the Website, is not and will not be sold, rented, or shared by us with any third party without your prior consent.
Transfer and Storage of Personal Data
Your Personal Data will be transmitted, uploaded, transferred, stored, or backed up at Gelato’s servers with our GDPR compliant cloud providers in the United States and Europe.
Members of our group
We may share your Personal Data with any member of our group, which means our subsidiaries, our ultimate holding company and any of its subsidiaries in Order to perform our Services to you.
Third Party Service Providers
We will share your Personal Data with third party companies and individuals that perform Services on our behalf to help us provide the Platform and Services to you. In Order to fulfill your print Order in the most environmentally friendly way, we let the printer closest to the address of delivery print your products. This may mean a transfer of your personal data out of EU. Other examples of Services that may be provided by Third Party Service Providers may include, but are not limited to, processing credit card payments with our payment provider in EU, providing customer service by our suppliers in EU and the Philippines, and maintaining our customer lists by our service providers in EU. Third Party Service Providers acting on our behalf are only provided with such Personal Data reasonably required to provide the particular service for which they are retained. Our Third-Party Service Providers are obligated to keep all of your Personal Data confidential and to collect, use and disclose your Personal Data only to the extent necessary to provide the Services on our behalf. They are fully compliant to the EU GDPR regulation and have signed a Data Processing Agreement with Gelato.
Third Party Payment Processor
For online payments, we use the payment Services of Adyen B.V. Gelato does not process, record or maintain your credit card or bank Account information. Gelato records the payment method you have chosen.
Compliance with Law, Court Order, and Other Disclosures
Third Party Sites
The Website may contain links to third party Websites, e.g Dropbox, or third-party Websites may otherwise be associated with the Website. These companies are GDPR compliant and Gelato has signed a Data Processing Agreement with them, but is not responsible for the policies and practices employed by the owners of such third party Websites, including but not limited to their collection, use and disclosure of your Personal Data, nor does Gelato offer any (and expressly disclaims any) guarantee, representation, warranty, or covenant of any kind with respect to the collection, use or disclosure of your Personal Data by any third party Website that is linked from (or is otherwise associated with) the Website. Please consult the terms and conditions and privacy policies of any third-party Websites prior to use.
Security of Your Personal Data
We employ security safeguards to protect your Personal Data against loss or theft, as well as against unauthorized access, disclosure, copying, use, or modification. When we transmit highly confidential information over the Internet, we protect it through the use of encryption technology, such as the Secure Socket Layer (SSL) protocol. We also protect your stored password through the use of encryption technology.
International Data Transfers Privacy Shield and Contractual Terms
Gelato will transfer personal data to countries outside of EU due to our business model with printing locally and due to suppliers’ premises being outside of EU.
When Personal Data is transferred to the U.S, we can verify that our Printers or Third parties have signed our Data Processing Agreement and are certified under the EU-US Privacy Shield and Swiss-US Privacy Shield framework or, have signed the Standard Contractual Clauses.
When Personal Data is transferred to other countries outside of EU, we can verify that the Printers or Third parties have signed our Data Processing Agreement and the EU Standard Contractual Clauses.
By being an active and existing customer of Gelato, we have a legitimate interest of marketing our products for you. You can unsubscribe to this kind of communication in your customer Account or at any time by following the unsubscribe instructions in communication sent to you or by contacting us at [email protected]. Despite your indicated opt-out preferences, we may continue to send you administrative and transaction related communications.
Changing, Transferring or Deleting Your Personal Data
We delete Your Personal Data once no longer necessary in relation to the purposes for which they were collected or otherwise processed. You may access, review, update, correct or delete the Personal Data in your Account either by using the Account buttons or by contacting us directly using the contact information provided below. If you would like to have your personal data transferred to someone else, please e-mail us at [email protected] and we will provide you with a file of your data. If you completely delete all of your Personal Data, then your Account will become deactivated. If you rather want us to delete your data, please contact us and we will fulfill your request.
The EU GDPR regulation differentiates between the “Data Controller” and “Data Processor” of data. Our Gelato Globe customers are Data Controllers of their personal data. Gelato is also a Data Controller of your personal data. Our printers in our network and a few third-party suppliers, are Data Processors. This means they are processing the data on yours and Gelato’s behalf.
Dronning Eufemias gate 8, 0191 Oslo, Norway
If you believe that Gelato does not fulfill its obligations according to the EU GDPR regulation or other applicable privacy legislation, you also have the right to lodge a complaint with a supervisory authority.