Effective as of: July 20, 2018
As described in further detail below, ARTBNK complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information (as defined below) transferred from the European Union and Switzerland, respectively, to the United States.
WHAT INFORMATION ABOUT ME IS COLLECTED?
Depending on your use of the Service, we may collect two types of information: personally identifiable information and non-personally identifiable information.
Personally Identifiable Information
Personally identifiable information is information that identifies you or can be used to identify or contact you. Such information may include your name, password, and email address.
Non-Personally Identifiable Information
Non-personally identifiable information is information, any single item of which, by itself, cannot be used to identify or contact you, IP addresses, browser types, unique device identifiers, device types, requested URL, referring URL, browser language, the pages you view, the date and time of your visit, domain names, and other statistical data involving the use of the Service. Certain non-personally identifiable information may be considered a part of your personally identifiable information if it were combined with other non-personally identifiable information (for example, combining name and your IP address) in a way that enables you to be identified. However, the same pieces of information are considered non-personally identifiable information when they are taken alone or combined only with other non-personally identifiable information (for example, your viewing preferences).
Information Provided by You
We will collect personally identifiable and non-personally identifiable information that you submit to us.
You may be required to establish an account in order to take advantage of certain features of the Service. If you establish an account, you may be required to provide us with information (including personally identifiable information and non-personally identifiable information) such as your name, username, password, and email address. We may also receive personally identifiable information about you from third parties providing credit and debit card authorization and fraud screening services as part of the registration process. In addition, we may obtain your personally identifiable information from you if you identify yourself to us by sending us an e-mail with questions or comments. Also, we will have access to any personally identifiable information that you choose to share through the Service.
Cookies and Action Tags
We may collect non-personally identifiable information passively using “cookies” and “action tags.”
“Cookies” are small text files that can be placed on your computer or mobile device in order to identify your Web browser and the activities of your computer on the Service and other websites. Cookies can be used to personalize your experience on the Service (such as dynamically generating content on webpages specifically designed for you), to assist you in using the Service (such as saving time by not having to reenter your name each time you use the Service), to allow us to statistically monitor how you are using the Service to help us improve our offerings, and to target certain advertisements to your browser which may be of interest to you or to determine the popularity of certain content.
You do not have to accept cookies to use the Service. Although most browsers are initially set to accept cookies, you may reset your browser to notify you when you receive a cookie or to reject cookies generally. Most browsers offer instructions on how to do so in the "Help" section of the toolbar. However, if you reject cookies, certain features or resources of the Service may not work properly or at all and you may experience some loss of convenience.
"Action tags", also known as web beacons or gif tags, are a web technology used to help track website usage information, such as how many times a specific page has been viewed. Action tags are invisible to you, and any portion of the Service, including advertisements, or e-mail sent on our behalf, may contain action tags.
By using cookies and action tags together, we are able to gain valuable information to improve the Service and measure the effectiveness of our advertising and marketing efforts.
We also collect non-personally identifiable information through our Internet log files, which record data such as user IP addresses, browser types, domain names, and other anonymous statistical data involving the use of the Service. This information may be used to analyze trends, to administer the Service, to monitor the use of the Service, and to gather general demographic information. We may link this information to personally identifiable information for these and other purposes such as personalizing your experience on the Service and evaluating the Service in general.
IS INFORMATION SUBMITTED TO THE PUBLIC AREAS OF THE SERVICE PRIVATE?
NOTWITHSTANDING THE FOREGOING, WE HAVE NO RESPONSIBILITY OR LIABILITY IF A USER’S INFORMATION OR IDENTITY IS MISUSED OR STOLEN, OR IF A USER SUFFERS HARM AS A RESULT OF VOLUNTARY DISCLOSURES.
IS A USERNAME PRIVATE?
No. A user’s username is available to the public, including to all users, when a user shares or posts information in the Public Areas of the Service. When prompted to create a username, we advise users to use non-personally identifiable information – i.e., select a screen name that is not similar to a user’s actual name – because such information can be publicly available to all users.
DOES ARTBNK COLLECT INFORMATION FROM CHILDREN UNDER 13 YEARS OF AGE?
We are committed to protecting the privacy of children. The Service is not designed for or directed to children under the age of 13. We do not collect personally identifiable information from any person we actually know is under the age of 13. As currently operated persons under the age of 21 may not use the Service. By using the Service, you represent that you are 21 years of age or older.
WHAT DOES ARTBNK DO WITH THE INFORMATION IT COLLECTS?
We will only use your personally identifiable information to the extent that the law allows us to do so. Under the GDPR, we rely on the following legal bases for processing your personally identifiable information:
where you have given consent to the processing;
where it is necessary to perform the contract we have entered into or are about to enter into with you (whether in relation to the provision of the Service or otherwise); and/or
where it is necessary for the purposes of our legitimate interests (or those of a third party) and your interests or fundamental rights and freedoms do not override those legitimate interests.
We use the information collected to provide the Service to you and process your transactions, to help us understand who uses the Service, for internal operations such as operating and improving the Service, to contact you for customer service and billing purposes, to facilitate the delivery of advertising, and, unless you “opt out”, so that we can contact you about products and services that may be of interest to you and deliver relevant content to you.
We may use your information to send you an e-mail that may confirm your user name and password. Unless you opt out, we may send you electronic newsletters, contact you about the Service, products, services, information and news that may be of interest to you, and provide you with targeted feedback. If you no longer desire to receive these communications, we will provide you with the option to change your preferences in each communication we send you. Also see “WHAT CHOICES DO I HAVE REGARDING THE COLLECTION, DISCLOSURE AND DISTRIBUTION OF PERSONALLY IDENTIFIABLE INFORMATION?” below for instructions on how to opt out.
If you identify yourself to us by sending us an e-mail with questions or comments, we may use your information (including personally identifiable information) to respond to your questions or comments, and we may file your questions or comments (with your information) for future reference.
We may also use the information collected to send announcements and updates regarding the Service or, if applicable, about your billing account status. You will not be able to unsubscribe from these Service announcements and updates as they contain important information relevant to your use of the Service, and are necessary for the performance of our contract with you.
We may also use the information gathered to perform statistical analysis of user behavior or to evaluate and improve the Service. We may link some of this information to personally identifiable information for internal purposes or to improve your experience with the Service.
WHEN DOES ARTBNK DISCLOSE INFORMATION TO THIRD PARTIES?
Laws and Legal Rights
We may disclose your information (including personally identifiable information) if we believe in good faith that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a search warrant, a court or regulatory order, lawful requests by public authorities, including to meet national security or law enforcement requirements, or other valid legal process. We may disclose personally identifiable information in special circumstances when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating the Subscription Terms to detect fraud, for assistance with a delinquent account, or to protect our rights or property or the safety and/or security of our users, the Service or the general public.
Third Parties Generally
ArtBnk may decide to disclose your personally-identifiable information to third parties for the purpose of sending you select marketing offers and communications that we believe may be of interest to you. You will have the option to out-out of such disclosure by following the opt-out procedure set forth below. Your non-personally identifiable information may be provided to third parties, including where such information is combined with similar information of other users of the Site. In addition to the above, when individuals use the Site, third parties (including without limitation third-party analytics and other service providers, and advertisers) may directly collect information about our Site visitors, including about our visitors’ online activities over time and across different websites.
We may employ independent contractors, vendors and suppliers (collectively, "Outside Contractors") to provide specific services and products related to the Service, such as hosting and maintaining the Service, providing credit card processing and fraud screening, and developing applications for the Service. In the course of providing products or services to us, these Outside Contractors may have access to information collected through the Service, including your personally identifiable information. We will ensure that these Outside Contractors protect the privacy of your personally identifiable information and act only on our documented instructions.
Sale of Business/Bankruptcy
Transborder Hosting and Transfer of Information
Personally identifiable information collected on the Site or through the provision of the Service may be transferred from time to time to ARTBNK offices or personnel, or to third parties, located throughout the world, including offices located outside the European Economic Area and/or the United Kingdom, and the Site may be viewed and hosted anywhere in the world, including countries (such as the United States) that may not have laws of general applicability regulating the use and transfer of such data. By using the Site and submitting such information on it, you voluntarily consent to such transborder transfer and hosting of such information.
To the extent that we process personally identifiable information of individuals located in the European Economic Area and/or the United Kingdom, we are bound by and act in compliance with the GDPR.
For specific information regarding how we handle personal information transferred to the United States from the European Union and the European Economic Area, please see the section below titled “ADDITIONAL PROVISIONS FOR PERSONAL INFORMATION RECEIVED FROM THE EUROPEAN UNION (INCLUDING SWITZERLAND)”.
FOR HOW LONG WILL MY PERSONALLY IDENTIFIABLE INFORMATION BE KEPT?
We will only store your personally identifiable information for as long as is necessary to fulfill the purposes for which we collected it.
To determine the appropriate retention period for personally identifiable information, we consider the amount, nature and sensitivity of that information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personally identifiable information and whether we can achieve those purposes through other means, and any applicable legal requirements.
IS THE INFORMATION COLLECTED THROUGH THE SERVICE SECURE?
We want your information (including personally identifiable information) to remain secure. We strive to provide transmission of your information from your computer or mobile device to our servers through techniques that are consistent with industry standards and to employ administrative, physical, and electronic measures designed to protect your information from loss, misuse, unauthorized access, disclosures, alteration, and destruction, taking into account the risks involved and the nature of the information.
The information we receive through your use of the Service is stored in the cloud through Amazon Web Services (AWS). You can learn more about the security and privacy practices of AWS here: https://aws.amazon.com/security/
Notwithstanding the above, you should be aware that there is always some risk involved in transmitting information over the Internet. There is also some risk that others could find a way to thwart the security systems. As a result, while we strive to protect your information, we cannot ensure or warrant the security or privacy of any information you transmit to us, and, by using the Service, you do so at your own risk.
WHAT CHOICES DO I HAVE REGARDING THE COLLECTION, DISCLOSURE AND DISTRIBUTION OF PERSONALLY IDENTIFIABLE INFORMATION?
Under certain circumstances and in compliance with the GDPR, you have the right to:
Request access to your personally identifiable information (commonly known as a ‘subject access request’). This enables you to receive a copy of the personally identifiable information we hold about you and to check that we are lawfully processing it;
Request correction of the personally identifiable information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
Request erasure of your personally identifiable information. This enables you to ask us to delete or remove personally identifiable information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove all of your personally identifiable information in certain circumstances;
Object to processing of your personally identifiable information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground;
Request the restriction of processing of your personally identifiable information. This enables you to ask us to suspend the processing of personally identifiable information, for example if you want us to establish its accuracy or the reason for processing it;
Request the transfer of your personally identifiable information to another party; and
Lodge a complaint with the relevant supervisory authority (as defined in the GDPR). If you have any complaints about the way we process your personally identifiable information please do contact us. Alternatively you may lodge a complaint with the supervisory authority which is established in your country.
You should be aware that it is not technologically possible to remove each and every record of the information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your personally identifiable information may exist in a non-erasable form that will be difficult or impossible for us to locate. After receiving your request, we will use commercially reasonable efforts to update, correct, change, or delete, as appropriate, all personally identifiable information stored in databases we actively use and other readily searchable media as appropriate, as soon as and to the extent reasonably practicable.
DO NOT TRACK
The term “Do Not Track” refers to a HTTP header offered by certain web browsers to request that websites refrain from tracking the user. If you have enabled Do Not Track on your browser, we will not record any data from you. If you have not enabled Do Not Track on your browser, then we may collect non-personally identifiable visitation data in order to customize and optimize your visit to the Site.
ADDITIONAL PROVISIONS FOR PERSONAL INFORMATION RECEIVED FROM THE EUROPEAN UNION (INCLUDING SWITZERLAND).
Types of Personal Information Collected
As described above, personal information is information relating to an identified or identifiable natural person in the European Union. The types of personal information we collect could include personally identifiable as well as non-personally identifiable information, such as name, password and email address, IP addresses, browser types, unique device identifiers, device types, requested URL, referring URL, browser language, the pages you view, the date and time of your visit, and domain names.
If you no longer wish to have your personal information disclosed to third parties, you may choose to opt-out by notifying us that you want your personal information removed. To do so, send an email to email@example.com. Please be aware that your personal information may have been disclosed to third parties prior to removal. Also, ARTBNK will provide you with notice before using your personal information for a purpose other than that for which it was originally collected or subsequently authorized by you, and you may choose to opt-out of such use by following the directions provided in the notice. However, even after any opt-out or removal of your personal information, we reserve the right to disclose your personal information to a third party when we believe in good faith that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a search warrant, a court or regulatory order, lawful requests by public authorities, including to meet national security or law enforcement requirements, or other valid legal process.
Before we disclose any of your transfer data to a third party we will require that such third party provide the same level of privacy protection as is required by the Privacy Shield Principles. ARTBNK’s accountability for transfer data that it receives under the Privacy Shield and transfers to a third party is outlined in the Privacy Shield Principles. In particular, ARTBNK remains liable under the Privacy Shield Principles if third-party agents that it retains to process transfer data on ARTBNK’s behalf process such transfer data in a manner inconsistent with the Privacy Shield Principles, unless ARTBNK can prove that it is not responsible for the event giving rise to the damage.
Data Integrity and Purpose Limitation
Except as may be authorized by you, we use your personal information in a way that is compatible with and relevant for the purpose for which it was collected. To the extent necessary for these purposes, we take reasonable steps to ensure that personal information is accurate, complete, current, and reliable for its intended use.
You have the right to access your personal information held by us and you may correct, amend, or delete such personal information, to the extent that it is inaccurate or, with respect to transfer data, has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question or where the rights of persons other than the individual would be violated or as otherwise described in the GDPR or, with respect to transfer data, as otherwise described in the Privacy Shield Principles. If you wish to access your personal information, please contact us in either of the ways described below (under Recourse, Enforcement, and Liability).
Recourse, Enforcement, and Liability
For any complaints that cannot be resolved by ARTBNK directly, ARTBNK agrees to cooperate and comply with the EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) to investigate unresolved disputes/complaints. With respect to the application of Privacy Shield Principles to transfer data, the panel established by the DPAs is the independent dispute resolution body designed to address complaints and provide appropriate recourse to you free of charge.
As further described in the Privacy Shield Principles, a binding arbitration option will be made available to you in order to address residual complaints regarding transfer data that have not been resolved by other means. ARTBNK is subject to the investigatory and enforcement powers of the Federal Trade Commission.
Adherence by ARTBNK to the Principles and the above-set forth provisions regarding transfer data may be limited (a) to the extent necessary to meet national security, public interest or law enforcement requirements; (b) by statute, government regulation, or case law that creates conflicting obligations or explicit authorizations; or (c) if the effect of the GDPR or Member State law is to allow exceptions or derogations, provided that such exceptions or derogations are applied in comparable contexts.
WHO DO I CONTACT IF I HAVE ANY PRIVACY QUESTIONS?
By postal mail or courier:
Rob Steinberg, CEO
98 Penhallow Street
Portsmouth, NH 03801