Artifact Privacy Notice

ABOUT THIS POLICY

Artifact Global Pte. Ltd.(we, us, our) complies with the provisions of applicable privacy and data protection laws when dealing with personal data, including the Singapore Personal Data Protection Act 2012 and the European Union (EU) General Data Protection Regulation (GDPR).

This policy explains how we will collect, use, disclose and protect your personal data.

If you are based in the EU and use our website and/or services, the additional terms in the GDPR addendum to this privacy policy (Addendum) apply to you.

CHANGES TO THIS POLICY

We may change this policy by uploading a revised policy to our website and/or notifying you by email. The change will apply from the date that we upload the revised policy and/or notify you by email.

This policy was last updated on [23 May 2018].

WHO DO WE COLLECT YOUR PERSONAL DATA FROM?

We collect personal data about you from:

If possible, we will collect personal data from you directly.

WHAT PERSONAL DATA DO WE COLLECT?

When you visit the website and/or use our services we collect the following information:

You may be asked to provide billing information when using the website or related services, including your billing address and credit card information. We use Stripe to process credit card transactions. We do not have access to your credit card information. You can view Stripe’s privacy policy at https://stripe.com/sg/privacy.

HOW WE USE YOUR PERSONAL DATA

We:

We do not use personal data to make any automated decisions or to profile you.

We may also use your personal data to:

DISCLOSING YOUR PERSONAL DATA

We will not sell your personal data to third parties or provide such data to direct marketing companies or other such organisations without your prior consent.

If you are an Artist, we may use your personal data, including screenshot images taken from your Artist profile or images of your artworks, to promote and market Artifact to non-Artifact users, including through our digital marketing channels.

We may disclose your personal data to:

We may disclose research and statistical analysis (on an anonymised basis) derived from your personal data to third parties.

A business that supports our services and products may be located outside Singapore. This may mean your personal data is held and processed outside Singapore. Please see the Addendum for further information about personal data transfers from the EU.

PROTECTING YOUR PERSONAL DATA

We will take reasonable steps to keep your personal data safe from loss, unauthorised activity, or other misuse. We implement appropriate technical and organisational measures to ensure a level of security appropriate to risks inherent in processing personal data.

You can play an important role in keeping your personal data secure by maintaining the confidentiality of any password and accounts used in relation to the website and related services. Please do not disclose your account password to third parties. Please notify us immediately if there is any unauthorised use of your account or any other breach of security.

ACCESSING AND CORRECTING YOUR PERSONAL DATA

You may access your readily retrievable personal data that we hold and request a correction to your personal data. Before we respond to your request, we will need evidence to confirm that you are the individual to whom the personal data relates.

In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal data, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal data that you requested the correction.

If you want to request any of the above, email us at support@artifact.global. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal data, or the correction, that you are requesting).

INTERNET USE

While we take reasonable steps to maintain secure internet connections, if you provide us with personal data over the internet, the provision of that information is at your own risk.

If you post your personal data on the website’s certain public pages (datasphere profiles), you acknowledge and agree that the information you post is publicly available.

If you follow a link on our website to another site, the owner of that site will have its own privacy policy relating to your personal data. We suggest you review that site’s privacy policy before you provide personal data.

CONTACT US

If you have any questions about this privacy policy, our privacy practices, or if you would like to request access to, or correction of, your personal data, you can contact us here: support@artifact.global.

GDPR addendum

If you are based in the European Union (EU) and use our website and/or our services, these additional terms ( GDPR Addendum) form part of our privacy policy.

The General Data Protection Regulation ( GDPR) regulates the collection, processing and transfer of EU individuals’ personal data (as defined in the GDPR). The personal information described in our privacy policy is personal data under the GDPR. We are committed to complying with the GDPR when dealing with personal data of our website visitors and service users based in the EU.

For the purposes of the GDPR, we are the data controller (as defined in the GDPR) when processing personal data collected by us through the website and/or when you use our services.

This GDPR Addendum was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal data. However, we are happy to provide any additional information or explanation needed. Any requests for further information should be sent to support@artifact.global.

PROCESSESING PERSONAL DATA

The personal data we may process consists of the personal data described in our privacy policy. This personal data may be processed for the purposes outlined in our privacy policy.

The legal basis for our processing of:

Despite the above, we may process any of your personal data where such processing is necessary for compliance with applicable laws.

You do not have to provide us your profile information to access and use the website. The consequence of not providing profile information is that other Artifact users will not be able to interact with you. However, you must provide us with your registration information, enquiry information and subscription information when using the relevant services such as setting up an account and profile, or submitting an enquiry to us.

YOUR RIGHTS

Your rights in relation to your personal data under the GDPR include:

Where personal data is processed for the purposes of direct marketing, you have the right to object to such processing.

If you would like to exercise any of your above rights, please contact us at support@artifact.global. If you are not satisfied by the way your query is dealt with by our data protection officer, you may refer your query to your local data protection supervisory authority e.g. in the United Kingdom, this is the Information Commissioner’s Office.

CHILDREN

We do not intend to collect personal data from children aged under 15. For children aged 15 years, we are require consent from someone with parental responsibility over the child. We make reasonable efforts to verify that the person providing consent for children aged 15 does indeed have parental responsibility over that child. If you have reason to believe that a child under the age of 15 has provided personal data to us through our website and/or by using our services, or that parental consent has not been properly provided for a child aged 15, please contact our data protection officer.

INTERNATIONAL TRANSFER OF DATA

The personal data we collect through our website and/or the provision of services may be transferred to, and stored in, a country operating outside the European Economic Area (EEA). Under the GDPR, the transfer of personal data to a country outside the EEA may take place where the European Commission has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer personal data provided appropriate safeguards are in place.

The personal data we collect is processed by the third-party processors set out in the table below.

For personal data processed in the United Sates, the European Commission has determined that the United States ensures an adequate level of protection for personal data transferred from the EU to organisations in the United States under the EU-U.S. Privacy Shield. We have verified that our United States-based data processors have self-certified under the EU-US Privacy Shield framework.

For data held outside the EU or the United States. we have entered into Standard Contractual Clauses as published by the European Commission with our third party processors. The Standard Contractual Clauses provide specific guarantees around transfers of personal data and we rely on the Standard Contractual Clauses in transferring personal data to these third party processors.

List of third party processors as at 1 st of May 2018.

Third party processor

Purpose

Location of processor

Policy pages

Microsoft Azure

Data storage

USA but may use servers based in [Singapore]

https://privacy.microsoft.com/en-us/privacystatement

Google, Inc.

Analytics

USA

https://policies.google.com/privacy?hl=en&gl=nz

Hotjar

Analytics

EU

https://www.hotjar.com/legal/policies/privacy

Stripe

Payment gateway

USA

https://stripe.com/sg/privacy

Firebase (by Google, Inc.)

User management tool

USA

https://policies.google.com/privacy

Calendly

Communication platform

USA

https://calendly.com/pages/privacy

MailChimp

Email service provider

USA

https://mailchimp.com/legal/privacy/

DATA RETENTION POLICY

Personal data that we collect and process will not be kept longer than necessary for the purposes for which it is collected, or for the duration required for compliance with applicable law, whichever is longer.

CONTACTING US

You can contact us as set out in our privacy policy.

The name and contact details of our European Representative are DotConnect LLC (dpo@dotconnect.vc).

Cookies policy

We use cookies (an alphanumeric identifier that we transfer to your computer’s hard drive so that we can recognise your browser) to monitor your use of the website. We use cookies for the following purposes:

Some cookies used on the website are served by Google Analytics and Hotjar to analyse your use of our website. If you would like to customise or opt out of these settings please visit: https://tools.google.com/dlpage/gaoptout and https://www.hotjar.com/legal/compliance/opt-out.

Information about Google’s and Hotjar’s cookies is available from: https://www.google.com.au/policies/technologies/types/ and https://www.hotjar.com/legal/policies/cookie-information.

Google’s privacy policy relating to its cookies is available at https://www.google.com/policies/privacy/partners/. Hotjar’s privacy policy is available at https://www.hotjar.com/legal/policies/privacy.

You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit our website and attempt use our services, you may not be able to access certain parts of our website or services, and some functionalities may not work. You can find out more information about how to change your browser cookie settings at http://www.aboutcookies.org.uk.