Privacy Policy
This policy explains the what, how, and why of the information we collect when you visit thatsArte.com or when you purchase our products and use our services. It also explains the specific ways we use and disclose that information. We take your privacy extremely seriously, and we never sell lists or email addresses.
By using our website or sharing your contact information with us, you are accepting and consenting to the practices described in this privacy policy.
This what this policy explains:
- Definitions
- Explaining the legal bases we rely on
- How we collect your personal information
- What kind of data we collect
- Why we collect your data and how we use them
- How we protect your personal data
- How long do we keep your information for
- Who do we share your personal data with
- Where your personal data may be processed
- Your rights in connection with personal information
- Contacting the Regulator
- International transfer of personal data
- Changes to this Privacy Policy
We know that there’s a lot of information here but we want you to be fully informed about your rights, and how thatsArte.com uses your data.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.
When you are using thatsArte.com, thatsArte.com Srl is the data controller.
Please take a moment to familiarize yourself with our privacy practices and if you have any questions or concerns in relation to this privacy policy, you can contact our Data Protection Manager by email at infoDOTthatsarte.com or by post at thatsArte.com Srl, Via Monfalcone 22/E, Viterbo, Italy.
When we say “we,” “us,” “our,” and “thatsArte.com”, we are referring to - thatsArte.com Srl, an Italian limited liability company.
When we say “you”, we are referring to a Customer or a Subscriber to our distribution list.
When we say “Personal Information”, we mean any information that identifies or can be used to identify you, directly or indirectly, including, but not limited to, first and last name, email address or other demographic information.
We rely on the European Union General Data Protection Regulation (GDPR). This law, in effect in all EU countries, sets out a number of different reasons for which a company may collect and process your personal data, including:
Consent
In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.
Contractual obligations
In certain circumstances, we need your personal data to comply with our contractual obligations.
For example, if you order an item from us for home delivery, we’ll collect your address details and phone number to deliver your purchase, and pass them to our artisan to label the parcel and to our courier.
Legal compliance
If the law requires us to, we may need to collect and process your data.
For example, we can pass on details of people involved in fraud or other criminal activity affecting thatsArte.com to law enforcement.
Legitimate interest
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
For example, we will use your purchase history to send you or make available personalized offers.
We also combine the shopping history of many customers to identify trends and add to our online store new products or offer new services.
Information You Give Us
You may give us your data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- subscribe to our newsletter
- shop on our website
- create an account on our website
- use your account to buy products, or redeem gift certificates
- make an online purchase and check out as a guest (in which case we just collect transaction-based data)
- purchase a product by phone but don’t have (or don’t use) an account
- contact us by any means with queries, complaints, etc.
For example when you send us e-mail messages or leave your information in our answering machine - add posts, reviews and other comments to our website or our blog
- communicate with us in any way
- give us some feedback
- interact with us on social media platforms such as Facebook, Instagram, Pinterest, Google+, etc
- choose to complete any surveys we send you
- comment on or review our products and services.
Automatic Information:
When you browse our website, we may collect information about your visit. That information may include your IP address, your operating system, your browser ID. This allows us to provide you with a personalized experience at thatsArte.com. To learn more read our Cookies policy.
We may collect, store, and use the following categories of personal information about you:
- when you order with us: your name and title, company name, your billing address, phone number, shipping address, email address. If you request us to deliver to a different person, we’ll collect and store the name, shipping address, phone number and email address of the recipient
- if you have a web account with us we collect your name, billing/delivery address, orders and invoices, email and telephone number;
- details of your interactions with us through phone calls, emails
- details of your shopping preferences
- details of your visits to our website, and which site you came from to ours
- your comments and product reviews
- information gathered by the use of cookies in your web browser. To learn more read our Cookies policy.
To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country where your computer is located, the web pages viewed during your visit and any search terms you entered.
We do not collect nor store your credit card data, except for the company issuing the card (Visa, Mastercard, etc) and the country where the card was issued. Your payment card details are safely collected and stored by STRIPE and Paypal.
thatsArte.com is an e-commerce website selling handmade Italian goods and we will use your data to give you the best products, great service and assistance and the most secure experience.
One way to achieve that is to collect your data and then use them to offer you promotions, products, and services that are most likely to interest you. The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service.
Of course, if you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
Here’s how we’ll use your personal data and why:
- to process and deliver your order which will include having the product made and safely delivered to you; to manage payments, refunds, fees.
Your details may need to be passed to a third party to supply or deliver the product that you ordered and we may keep your details for a reasonable period afterwards in order to fulfill any contractual obligations such as refunds, guarantees and so on. - to manage our relationship with you which will include:
a) responding to your queries and comments, social media posts and questions
b) notifying you about changes to our terms or privacy policy
c) asking you to leave a review or take a survey
We may also keep a record of all this to inform any future communication with us and to demonstrate how we communicated with you throughout. - to keep you informed and make suggestions and recommendations to you about goods or services that may be of interest to you, including tailored special offers, discounts, promotions, events, competitions and so on.
Of course, you are free to opt out of hearing from us at any time. - to send you communications required by law or which are necessary to inform you about our changes to the services we provide you.
For example, updates to this Privacy Notice and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email. - to display the most interesting content to you on our website we’ll use data we hold about your favorite products and so on. We do so on the basis of your consent for our website to place cookies or similar technology on your device.
For example, we might display a list of items you’ve recently looked at, or offer you recommendations based on your purchase history and any other data you’ve shared with us. - to develop, test and improve the systems, services and products we provide to you.
For example, we’ll record your browser’s Session ID to help us understand more when you leave us online feedback about any problems you’re having. - to comply with our contractual or legal obligations to share data with law enforcement.
For example, when a court order is submitted to share data with law enforcement agencies or a court of law. - to send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products or services more relevant to you.
- to protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We’ll do all of this as part of our legitimate interest.
- to build a rich picture of who you are and what you like, and to inform our business decisions, we’ll combine data captured from third parties and data from publicly-available lists as we have described in the section What Sort of Personal Data do we collect? We’ll do this on the basis of our legitimate business interest.
For example, by combining this data, this will help us personalize your experience and decide which inspiration or content to share with you. We also use anonymized data from customer purchase histories to identify trends in different areas of the world.
We know how much data security matters to all our customers. With this in mind, we will treat your data with the utmost care and take appropriate steps to protect it.
Our customers' data security is very important to us. We treat your data with the utmost care and take all appropriate steps to protect it. We have put in place appropriate security measures to prevent your personal data from being altered, disclosed, accidentally lost, used or accessed in an unauthorized way.
We secure access to all transactional areas of our website using ‘https’ technology.
Access to your personal data is password-protected and we secure your transaction with a SSL Web Server with EV certificate, which is an internationally recognized security standard, providing robust authentication and data encryption. We do not collect nor store your payment information.
To make sure we meet our legal data protection and privacy obligations, we only hold on to your information for as long as we actually need it for the purposes we acquired it for in the first place.
In most cases, this means we will keep your information for as long as you continue to shop with us or use our services, and for a period of time afterwards if you stop doing so just in case you begin shopping with us again. After that, we will delete it.
Most of our business is conducted in-house but there are times when we share your personal data with trusted third parties. For example, with our artisans, so that they can label your parcels, with delivery couriers, that we pay to deliver our products and deal with the export formalities, when appropriate.
We make sure to provide third parties only with the information they need to perform their specific services in accordance with our instructions and we require these third parties to respect the security of your data.
Examples of the kind of third parties we work with are:
- IT companies who support our website and other business systems
- professional advisers including accountants and lawyers
- Italian and US authorities, including revenue and customs authorities
- banks and payment service providers
- social media companies such as Facebook and Instagram and our advertising partners to enable us to run targeted promotions for you on their platforms
- direct marketing companies who help us manage our electronic communications with you, such as Mailchimp
- Google/Facebook to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites. See our Cookies Policy for details
- for fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
We may also disclose your personal information to law enforcement, regulatory and other government agencies and to professional bodies and other third parties upon a valid request to do so, as required by and/or in accordance with applicable law or regulation.
Sometimes we will need to share your personal data with third parties. For example, if you are based outside the EEA and place an order with us.
We may transfer personal data that we collect from you to third-parties and suppliers outside the European Economic Area (EEA) such as Australia, Canada or the USA. For example, this might be required in order to fulfill your order, process your payment details.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
This is an overview of your different rights.
You have the right to request:
- access to the personal data we hold about you
- the correction of your personal data when incorrect, out of date or incomplete
- withdraw consent or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end;
- that we stop using your personal data for direct marketing (either through specific channels, or all channels)
- that your data be erased, in specific circumstances
- the transfer of your personal data
- that we stop any consent-based processing of your personal data after you withdraw that consent
- that decisions are not taken by wholly automated means (i.e. where no human has yet reviewed the outcome and criteria for the decision).
We will not charge a fee for dealing with your request, in most cases. If you wish to receive a copy of your personal data or exercise these rights, please contact The Data Controller, thatsArte.com Srl, Via Monfalcone 22/E, 01100 Viterbo, Italy or email infoDOTthatsarte.com.
If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Direct marketing
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
If you have authorized a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
How can you stop the use of your personal data for direct marketing
Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails.
If you have an account, login into your account, visit the ‘My Account’ area and change your preferences.
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the “Garante per la protezione dei dati personali”, the Italian authority that oversees the Privacy regulations. You can contact them by calling +39.06.69677.2917.
Or go online to http://www.garanteprivacy.it (opens in a new window; please note we can't be responsible for the content of external websites)
If you are based outside Italy, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
thatsArte.com is an Italian company selling worldwide.
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
In the ordinary course of business, we’ll need to transfer your personal data across countries to ourselves and/or to third parties outside the EEA (European Economic Area) to enable us to supply the services you’ve requested. For example, this may occur because our information technology storage facilities and servers are located outside your country of residence or outside the EAA. By dealing with us, you are giving your consent to the use, transfer and disclosure of your personal data outside your country of residence and outside the EEA for our ordinary business purposes.
We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that’s not set out in this Privacy Notice. We’ll also make sure we adequately protect the confidentiality and privacy of your personal data.
We’ll ensure that any third parties process your personal data only in accordance with their legitimate interests. These third parties may be subject to different laws from those which apply in your country of residence. Please note that we do not take active steps to ensure that any overseas recipient of your personal data complies with the laws which apply in your country.
We may change this Privacy Policy at any time and from time to time. The most recent version of the Privacy Policy is reflected by the version date located at the bottom of this Privacy Policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Privacy Policy or other notice on our website. We encourage you to review this Privacy Policy often to stay informed of changes that may affect you, as your continued use of the website signifies your continuing consent to be bound by this Privacy Policy.
Last updated, January 2022