PRIVACY POLICY
 
At Chromatica we respect your privacy and we are committed to protecting your personal data.
 
This Policy describes how and when we collect, use and share information when you contact us or use our services. This policy is related to all our commercial activities, not only with this website. To know the privacy policy when buying an article of ours through the Etsy.com platform, you can consult it here (for our store of CHROMATICAprintshop) and here (for our store CHROMATICAhome).
 
We must have a legal basis to process your personal data and this policy explains how we act legally with respect to each of the purposes for which your information is maintained and used. In general, we are authorized to process your personal information where necessary in connection with a contract between us (such as a contract to supply our products or services), to comply with our legal obligations or if we have a legitimate interest, prevailing interests of the client.
 
Please bear in mind that some links in our website may lead you to access external websites that are not covered by this Policy. We recommend that you read the third party Privacy Policies before submitting personal information. Chromatica will not be responsible for the content, function or collection of information by external websites, including Etsy or the third party services accessed through Etsy. You can check the Etsy Privacy Policy for more information about their privacy practices.
 
WHO ARE WE?
 
We are Chromatica and we offer photography services, such as architecture and interior photography, fashion, product and documentary photography. We also sell our products through the Etsy platform to customers in Spain, the US, Europe and other countries around the world.
Chromatica (“we”, “us” or “our”) operates the website https://www.chromatica.es/ (the “Service”).
 
HOW DO WE COLLECT INFORMATION?
 
– We obtain information when you ask for our services.
– We obtain information when you make a purchase through Etsy.
– We obtain information when you subscribe to our mailing list.
– We obtain information when you browse our website.
 
WHAT INFORMATION DO WE COLLECT?
 
We collect information that allows us to fulfill our obligations to our customers, and respond to business inquiries. The table below describes what information we collect and for what purpose.
 
Personal data: By using our service, we may request that you provide us with certain personally identifiable information that may be used to contact you or identify you. Personally identifiable information may include, but is not limited to:
– Email address.
– Name and surname. 
 
If you give us permission to do so (for example, by subscribing to our mailing list), we may use your personal information to contact you with newsletters, promotional or marketing materials and other information that may be of interest to you.
 
You may opt-out of receiving any or all of these communications from us by following the unsubscribe link or the instructions provided in any email we send you.
 
Sensitive data: We do not gather sensitive personal data (for example, health, genetic, biometric data, racial or ethnic origin, political opinions, religious or philosophical beliefs, union affiliation, sexual orientation and criminal convictions). We expressly request that you not provide us with any sensitive information.
 
Children’s data: Our service does not address anyone under 13 years of age. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you know that your child or children have provided us with personal information, contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.
 
Tracking data and cookies: We obtain information through cookies and similar technologies that help us identify and differentiate you from other users of our website. These resources will optimize your online experience, not having to fill in new information that has already been requested and allow us to make improvements on our website. For more information on this subject as well as for the use of cookies, please access our cookie policy.
 
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our Service
 
Usage data: Our servers can also collect information about how the Service is accessed and used. This data may include information such as the Internet Protocol address of your computer (IP address), browser type, browser version, the pages you visit, the time and date of your visit, the time spent on those pages, device identifiers and other diagnostic data. All this information is recorded in a server activity file that allows the subsequent processing of the data in order to obtain statistical measurements that allow knowing the number of page impressions, the number of visits made to web services, etc.  
 
HOW DO WE USE THE DATA COLLECTED?
 
We guarantee that the use made of your personal data is covered by the GDPR (General Data Protection Regulation). The legal bases and the different uses of your personal data may be, but are not limited to the following:
 
Execution of a contract established with you:
– To provide and maintain our Service.
– To notify you about changes to our Service.
– To provide customer support.
 
When you have provided your affirmative consent, which you can revoke at any time:
– By registering on our mailing list.
– To allow you to participate in interactive features of our Service when you choose to do so. 
 
Compliance with our legal obligations:
– To comply with our Terms and Conditions and other Policies.
– Management and logistics planning, including accounting and auditing.
– Management of legal disputes.
– Detection and prevention of fraud, money laundering and other crimes.
– Protection of the user and others from possible damages. 
 
Achievement of our legitimate interests or those of third parties:
– To improve our services.
– To detect, prevent and address technical problems.
– To provide you with news, special offers and general information about other goods, services and events that we offer that are similar to those you have already purchased or enquired about, unless you have chosen not to receive such information.
– Interact and respond to the requests you have sent us or on any publication or social networks where you have tagged us.
– Answer the communications you send us, including calls, emails, real-time chats, publications and messages through social networks.
 
Please note that we may process your personal data without your knowledge or consent, protected by the above-described rules, provided they are within the legal framework.
 
WITH WHOM DO WE SHARE THE PERSONAL DATA?
 
 We will not sell or rent your information to third parties.
 
 We will not share your information with third parties for marketing purposes.
 
 We will share your personal information with these third parties, but only to the extent necessary to perform these services in the following manner:
 
Etsy: If you complete any purchase of our products through the Etsy platform, we share information with Etsy as necessary to provide our services and comply with our obligations under the Etsy Seller Policy and the Etsy Terms of Use.
 
Commercial transfers: If we sell or merge our business, we may disclose your information as part of that transaction, only to the extent permitted by law.
 
In accordance with the laws: We may collect, use, retain and share your information if we believe in good faith that it is reasonably necessary to:
– Respond to a legal process or to government requests.
– Enforce our agreements, terms and policies.
– Protect and defend our rights, our property or public property.
– Prevent, investigate and address fraud and other illegal activities, security or technical problems.
– Protect the rights, property and safety of our clients or others.
 
Under certain circumstances, we may be required to disclose your Personal Data if required by law or in response to valid requests from public authorities such as the State Security Forces, in compliance with investigations and judicial processes.
 
Service providers: We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform services related to our Service, or to help us analyze the use of our Service. Such providers may include, but are not limited to:
– Shipping companies and / or carriers to provide freight transport services.
– Internet Hosting Providers with whom we work to maintain our website, infrastructures, services and applications.
– Contact management systems, for sending emails, instant messaging, messages through social networks and SMS.
– Web analysis services to inform about the traffic of our website.
 
We also use a series of third-party services to help us meet our contractual obligations and provide the services we offer, as detailed in the table below. 
 
We have verified that these third-party services comply with GDPR (or are working to comply with GDPR) and are certified under the EU-US Privacy Protection Framework. (Or they are working to obtain certification) where these organizations are based outside the EU. 
 
 
  NAME  WHAT  LEGAL BASIS  PURPOSE  THIRD PARTIES  DATA RETENTION

Email

Prospect, client, customer and supplier contact information.

Contract

To allow ongoing contact with potentials and existing clients, customers and suppliers.

Raiola Networks

Until request for deletion.

Payments

Compiled by the Etsy platform and never seen or stored by Chromatica. For more information, visit the Etsy Privacy Policy and Terms of Use.

Contract

Required to fulfill our obligations to you when you purchase a product or service.

Etsy

Indefinitely, for ongoing accounting and record-keeping.

Invoicing

Client, customer and supplier purchase history and contact details.

Legal Obligation

For invoicing.

None (at the moment)

Indefinitely, for ongoing accounting and record-keeping.

Analytics

Website visitor behavior (anonymized – full IP address is not stored)

Legitimate Interests

To analyze popular content and website performance so we can improve our service and offerings.

Google Analytics

No personal data stored, behavior data retained indefinitely by Google Analytics.

Shipments

Name, shipping address and email address of the client.

Contract

To be able to send our products to their proper destination.

Packlink, Metrópoli Cuatro, Correos España

Indefinitely, for ongoing accounting and record-keeping.

 

 
 
HOW LONG DO WE KEEP PERSONAL DATA?
 
We keep your personal information only for as long as it is necessary to provide our services and as described in our Privacy Policy. However, it is also possible that we may be required to retain this information to comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements and legal policies.
 
HOW DO WE PROTECT THE SECURITY OF PERSONAL DATA?
 
We will take all reasonably necessary measures to ensure that your data is treated securely and in accordance with this Privacy Policy.
 
The security of your data is important to us, but remember that no method of transmission over the Internet or electronic storage method is 100% secure. Although all our resources are aimed at protecting your personal data, we can not guarantee your absolute security; therefore, any transmission you make will be under your responsibility. Once we have received your information, it will be treated under the strictest security procedures and protocols to avoid accesses that are not authorized. 
 
The information will be stored and processed whenever possible within the EU. In the event that it is not possible for third parties, they agree that the information will be treated according to the Privacy Shield Framework (Treaty between the US and EU on Data Protection) or the Model Clauses of the EU (Standard contractual clauses used in the agreements between service providers and their customers to ensure that all data leaving the European Economic Area are transferred in accordance with the EU Data Protection Act).
 
All the information you provide us is hosted on security servers managed by third parties. Please keep in mind that you are responsible for the password that we have provided you or that you have created to access certain areas of our website. We ask you not to share the password with anyone.
 
Your information, including personal data, may be transferred and maintained on computers located outside of your state, province, country or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction.
 
If you are outside of Spain and you decide to provide us with information, please note that we transfer the data, including Personal Data, to Spain and process it there.
Your consent to this Privacy Policy followed by your sending of such information represents your acceptance of such transfer.
 
WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL DATA?
 
We aim to take reasonable measures to allow you to correct, modify, eliminate or limit the use of your personal data.
 
If you reside in certain territories, including the European Union, you have several rights in relation to your personal information. While some of these rights apply in general, certain rights apply only in certain limited cases. We describe these rights below:

Access: You may have the right to access and receive a copy of the personal information we have about you by contacting us using the contact information below.

In order to maintain the security of your data, we will have to verify your identity before providing you with a copy of the information we keep.
The first copy you request will be free. If you require more copies, we could charge you an administrative fee to cover our costs.

Correct, restrict, delete: You may also have the right to change, restrict our use or delete your personal information. In the absence of exceptional circumstances (such as when we are required to store data for legal reasons) we will generally remove your personal information upon request.

Object: You can object (i) to processing some of your information based on our legitimate interests and (ii) receiving our marketing messages after providing your express consent to receive them. In such cases, we will delete your personal information unless we have compelling and legitimate reasons to continue using that information or if it is necessary for legal reasons.

Complaints: If you reside in the European Union and wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.

LINKS TO OTHER SITES
 
Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly recommend that you review the privacy policy of each site you visit.
 
We do not control or assume any responsibility for the content, privacy policies or practices of third-party sites or services.
 
CHANGES TO THIS PRIVACY POLICY
 
We may modify this Policy from time to time, so check this page periodically to make sure you are up to date with the changes. By using our services, you agree to the collection and use of information in accordance with this policy.
 
Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from https://www.chromatica.es/
 
CONTACT
 
Any questions related to this policy should be sent by email to:
 
 
 
Effective date: May 25, 2018.