(Last updated March 26, 2020)
Your privacy is critically important to us. At 3DVista Studios SL, we have a few fundamental principles:
- The use of the Internet pages of the 3DVista Studios SL is possible without any indication of personal data; however, if a data subject (“you”) wants to use special enterprise services via our website -such as buying/selling on the market place, processing of personal data could become necessary.
- If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
- We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services.
- We store personal information for only as long as we have a reason to keep it.
- We aim for full transparency on how we gather, use, and share your personal information.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the 3DVista Studios SL. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
1. Who we are
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
3DVista Studios SL
Avenida de la Innovación, Edificio BIC
18100 Armilla – Granada
Our website address is: https://market.3dvista.com.
Data Protection Officer
The Data Protection Officer of the controller is:
3DVista Studios SL
Avenida de la Innovación, Edificio BIC
18100 Armilla – Granada
Any data subject may, at any time, contact our Data Protection Officer directly, or any of our emplyees with all questions and suggestions concerning data protection.
2. What personal data we collect and why we collect it
We only collect information about you if we have a reason to do so — for example, to provide our Services, to communicate with you, or to make our Services better.
We collect this information from three sources (2.1-2.3): if and when you provide information to us, automatically through operating our Services, and from outside sources. In Section 2.4. we explain our cookies policy.
Let’s go over the information that we collect.
2.1. Information You Provide to Us
It’s probably no surprise that we collect information that you provide to us directly. Here is a list of details we may ask for:
- Basic account information: We ask for basic information from you in order to set up your account. Which personal data are transmitted to the controller is determined by the respective input mask used for the registration and usually contains data such as:
- First Name
- Last Name
- Email address
- Establish a password
- Select whether to be a customer or vendor
- Establish a Shop Name (in the case of registering as a vendor)
- Shop URL (in the case of registering as a vendor)
- Your WordPress account (if you have one)
Store Set-up (Vendors only)
Those vendors who continue setting up a store on our platform, will be asked to insert the following information, which is necessary to create a fully functional vendor profile:
- Street 2
- Zip Code
- Select whether or not to show email address on public profile
- PayPal Email address
- Public profile information:If you have an account with us, we collect the information that you provide for your public profile. For example your username is part of that public profile, along with any other information you put into your public profile, like a photo or an “About Me” description or your store address. Your public profile information is just that — public — so please keep that in mind when deciding what information you would like to include. You can decide whether you want your email address to appear on the public profile. If you decide to insert your Store’s address, please keep in mind that this will be shown in the public profile as well.
- Content information: You might provide us with information about you in draft and published content (a blog post or comment that includes biographic information about you, or any media or files you upload).
- Media: You can upload media files. All uploaded files are usually publicly accessible (because you’re probably trying to sell them to other users). If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website. The automatic upload of EXIF data is therefore disabled by us to protect you.
- Communications with us (hi there!): You may also provide us with information when you respond to surveys, communicate with our employees about a support question, or post a question in our public forums. When you communicate with us via form, email, phone, comment, or otherwise, we store a copy of our communications.
- Order, Payment and Contact information: If you buy something from us or earn revenue through your site, we’ll collect information to process those payments and contact you. If you buy something from us or if you pay fees to a person or business through their Store on our Site, you’ll provide additional personal and payment information like your name, credit card information, and contact information to the payment service provider. We keep a record of the purchases you’ve made. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
- If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We use third party providers to process payments through a secure system. Some of our — and our customers’ — data will be passed to the respective third party, including information required to process or support the payment, such as the purchase total and our customer’s billing information. Information shared with a payment provider to process payments includes:
- Unique payment identifier
- Payment provider identifier
We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxemburg.
How payment providers use data
To better understand how a provider uses and stores the data shared with them, check their privacy policies directly:
How long do we keep this information for?
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 5 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses. If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
2.2. Information We Collect Automatically
We also collect some information automatically:
- Log information:Like most online service providers, we collect a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. This is information that web browsers, mobile devices, and servers typically make available, including the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information, the Internet service provider of the accessing system or any other similar data and information that may be used in the event of attacks on our information technology systems. We collect log information when you use our Services — for example, when you create or make changes to your store on our Site.
- Visitor Interactions: We collect information about a visitor’s interactions with a Site, including the “likes” and “ratings” left by visitors to a Site using WordPress.com or Jetpack.
- Location Information: We may determine the approximate location of a visitor’s device from the IP address. We collect and use this information to, for example, see how many people visit our Sites from certain geographic regions. If you’d like, you can read more about our Site Stats feature for WordPress.com sites and Jetpack sites in the Section on WordPress Stats below.
- Akismet Commenter Information: Our Site uses the Akismet anti-spam service. We, and Akismet, collect information about visitors who comment on Sites. The information we collect typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address…oh, and the comment itself, of course).
- Jetpack Site Activity: We collect visitor activities related to the management of the Site, such as login attempts/actions and comment submission and management actions. For more information, please see the Jetpack Privacy Center.
This information is not only accessible to 3DVista Studios SL, but also to the provider of our Site’s engine and plug-ins, Automattic: https://automattic.com/privacy-notice/.
What we use this information for
While you visit our site, we’ll track:
Stores you’ve viewed: we’ll use this to, for example, show you vendor stores you’ve recently viewed.
Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed.
Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping.
Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
Below you will find a list of the data that our Site’s supporting plug-ins may be collecting for this purpose:
Data protection provisions about the application and use of Jetpack for WordPress
On this website, the controller has integrated Jetpack. Jetpack is a WordPress plug-in, which provides additional features to the operator of a website based on WordPress. Jetpack allows the Internet site operator, inter alia, an overview of the visitors of the site. By displaying related posts and publications, or the ability to share content on the page, it is also possible to increase visitor numbers. In addition, security features are integrated into Jetpack, so a Jetpack-using site is better protected against brute-force attacks. Jetpack also optimizes and accelerates the loading of images on the website.
The operating company of Jetpack Plug-Ins for WordPress is the Aut O’Mattic A8C Ireland Ltd., Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland.
Jetpack sets a cookie on the information technology system used by the data subject. The definition of cookies is explained in the Cookies Section 2.4. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a Jetpack component was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to submit data through the Jetpack component for analysis purposes to Automattic. During the course of this technical procedure Automattic receives data that is used to create an overview of website visits. The data obtained in this way serves the analysis of the behaviour of the data subject, which has access to the Internet page of the controller and is analyzed with the aim to optimize the website. The data collected through the Jetpack component is not used to identify the data subject without a prior obtaining of a separate express consent of the data subject. The data comes also to the notice of Quantcast. Quantcast uses the data for the same purposes as Automattic.
The data subject can, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Automattic/Quantcast from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Automattic/Quantcast may be deleted at any time via a web browser or other software programs.
In addition, the data subject has the possibility of objecting to a collection of data relating to a use of this Internet site that are generated by the Jetpack cookie as well as the processing of these data by Automattic/Quantcast and the chance to preclude any such. For this purpose, the data subject must press the ‘opt-out’ button under the link https://www.quantcast.com/opt-out/ which sets an opt-out cookie. The opt-out cookie set with this purpose is placed on the information technology system used by the data subject. If the cookies are deleted on the system of the data subject, then the data subject must call up the link again and set a new opt-out cookie.
With the setting of the opt-out cookie, however, the possibility exists that the websites of the controller are not fully usable anymore by the data subject.
The applicable data protection provisions of Automattic may be accessed under https://automattic.com/privacy/. The applicable data protection provisions of Quantcast can be accessed under https://www.quantcast.com/privacy/.
The following lists all data used, tracked and synced for each of the functions you may be accessing from the plugin.
This feature only records activities of a site’s registered users, and the retention duration of activity data will depend on the site’s plan and activity type.
Data Used: To deliver this functionality and record activities around site management, the following information is captured: user email address, user role, user login, user display name, WordPress.com and local user IDs, the activity to be recorded, the WordPress.com-connected site ID of the site on which the activity takes place, the site’s Jetpack version, and the timestamp of the activity. Some activities may also include the actor’s IP address (login attempts, for example) and user agent.
Activity Tracked: Login attempts/actions, post and page update and publish actions, comment/pingback submission and management actions, plugin and theme management actions, widget updates, user management actions, and the modification of other various site settings and options. Retention duration of activity data depends on the site’s plan and activity type. See the complete list of currently-recorded activities (along with retention information).
Data Synced (?): Successful and failed login attempts, which will include the actor’s IP address and user agent.
Image views are only recorded if the site owner, has explicitly enabled image view stats tracking for this feature via the jetpack_enable_carousel_stats filter.
Data Used: If image view tracking is enabled, the following information is used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code.
Activity Tracked: Image views.
This feature is only accessible to users logged in to WordPress.com.
Data Used: In order to process a comment like, the following information is used: WordPress.com user ID/username (you must be logged in to use this feature), the local site-specific user ID (if the user is signed in to the site on which the like occurred), and a true/false data point that tells us if the user liked a specific comment. If you perform a like action from one of our mobile apps, some additional information is used to track the activity: IP address, user agent, timestamp of event, blog ID, browser language, country code, and device info.
Activity Tracked: Comment likes.
Data Used: If Akismet is enabled on the site, the contact form submission data — IP address, user agent, name, email address, website, and message — is submitted to the Akismet service (also owned by Automattic) for the sole purpose of spam checking. The actual submission data is stored in the database of the site on which it was submitted and is emailed directly to the owner of the form (i.e. the site author who published the page on which the contact form resides). This email will include the submitter’s IP address, timestamp, name, email address, website, and message.
Data Synced (?): Post and post meta data associated with a user’s contact form submission. If Akismet is enabled on the site, the IP address and user agent originally submitted with the comment are synced, as well, as they are stored in post meta.
Data Used: In order to record page views via WordPress.com Stats (which must be enabled for page view tracking here to work) with additional loads, the following information is used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code.
Activity Tracked: Page views will be tracked with each additional load (i.e. when you scroll down to the bottom of the page and a new set of posts loads automatically). If the site owner has enabled Google Analytics to work with this feature, a page view event will also be sent to the appropriate Google Analytics account with each additional load.
Data Used: Commenter’s name, email address, and site URL (if provided via the comment form), timestamp, and IP address. Additionally, a jetpack.wordpress.com IFrame receives the following data: WordPress.com blog ID attached to the site, ID of the post on which the comment is being submitted, commenter’s local user ID (if available), commenter’s local username (if available), commenter’s site URL (if available), MD5 hash of the commenter’s email address (if available), and the comment content. If Akismet (also owned by Automattic) is enabled on the site, the following information is sent to the service for the sole purpose of spam checking: commenter’s name, email address, site URL, IP address, and user agent.
Activity Tracked: The comment author’s name, email address, and site URL (if provided during the comment submission) are stored in cookies. Learn more about these cookies.
Data Synced (?): All data and metadata (see above) associated with comments. This includes the status of the comment and, if Akismet is enabled on the site, whether or not it was classified as spam by Akismet.
This feature is only accessible to users logged in to WordPress.com.
Data Used: In order to process a post like action, the following information is used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID (on which the post was liked), post ID (of the post that was liked), user agent, timestamp of event, browser language, country code.
Activity Tracked: Post likes.
Data Used: A visitor’s preference on viewing the mobile version of a site.
Activity Tracked: A cookie (akm_mobile) is stored for 3.5 days to remember whether or not a visitor of the site wishes to view its mobile version. Learn more about this cookie.
This feature is only accessible to registered users of the site who are logged in to WordPress.com.
Data Used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Some visitor-related information or activity may be sent to the site owner via this feature. This may include: email address, WordPress.com username, site URL, email address, comment content, follow actions, etc.
Activity Tracked: Sending notifications (i.e. when we send a notification to a particular user), opening notifications (i.e. when a user opens a notification that they receive), performing an action from within the notification panel (e.g. liking a comment or marking a comment as spam), and clicking on any link from within the notification panel/interface.
Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.
Activity Tracked: Failed login attempts (these include IP address and user agent). We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.
Data Synced (?): Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.
Data Used: Any of the visitor-chosen search filters and query data in order to process a search request on the WordPress.com servers.
Data Used: For video play tracking via WordPress.com Stats, the following information is used: viewer’s IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. If Google Analytics is enabled, video play events will be sent there, as well.
Activity Tracked: Video plays.
Data Used: For payments with PayPal or Stripe: purchase total, currency, billing information. For taxes: the value of goods in the cart, value of shipping, destination address. For checkout rates: destination address, purchased product IDs, dimensions, weight, and quantities. For shipping labels: customer’s name, address as well as the dimensions, weight, and quantities of purchased products.
Data protection provisions about the application and use of Google Analytics
Google Analytics is Google’s own web and traffic analytics tool. For example, when you visit a website that uses advertising services such as AdSense, including analytics tools such as Google Analytics, or embeds video content from YouTube, your web browser automatically sends certain information to Google. This includes the URL of the page that you’re visiting and your IP address. Google may also set cookies on your browser or read cookies that are already there. Apps that use Google advertising services also share information with Google, such as the name of the app and a unique identifier for advertising.
Please refer to the appropriate Google Analytics documentation for the specific type of data it collects. Our Site is running WooCommerce (also owned by Automattic) and purchase events will send Google Analytics the following information: order number, product id and name, product category, total cost, and quantity of items purchased. Google Analytics does offer IP anonymization, which has been enabled by the site owner.
This feature sends page view events (and potentially video play events) over to Google Analytics for consumption. Some additional events are also sent to Google Analytics: shopping cart additions and removals, product listing views and clicks, product detail views, and purchases. Tracking for each specific WooCommerce event needs to be enabled by the site owner.
Data Synced (Read More)
IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Please also see Data Visibility and Retention information for this feature.
Data Synced (Read More)
Why we collect and how we use this data
When using these general data and information, the 3DVista Studios SL does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the 3DVista Studios SL analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
2.3. Information We Collect from Other Sources
We may also get information about you from other sources. For example, if you create or log in to your WordPress.com account, we’ll receive information from that service (e.g., your username, basic profile information) via the authorization procedures for that service.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
List of Cookies
This plugin/extension sets the following cookies:
- _stripe_mid – Learn more https://stripe.com/gb/privacy
- _stripe_sid – Learn more https://stripe.com/gb/privacy
Cookies set by our plugin Jetpack
Cookies are used by Jetpack in a variety of ways. The cookies are only set when a user interacts with one of these features, or to allow admin functions to be performed.
Remembers whether or not a user wishes to view the mobile version of a site.
Remembers the state of the post and comment subscription checkboxes.
Remembers the state of the post and comment subscription checkboxes.
EU Cookie Law Banner
Remembers the state of visitor acceptance to the EU Cookie Law banner.
Please note that this section is not intended to be exhaustive, but rather aims to be representative.
Some Jetpack features make use of third-party applications and services to enhance the experience of visitors. These include social media platforms, such as Facebook and Twitter (via our Sharing feature). As a result, cookies may be set by these third parties, and used by them to track your online activity. We have no direct control over or access to the information that is collected by these cookies. We recommend consulting the individual privacy policies of any such services for more information.
Controlling Cookies & Opt Out
The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
To find out more on how to manage and delete cookies, visit aboutcookies.org. For more details on your choices regarding use of your web browsing activity for interest-based advertising you may visit the following sites:
On a mobile device, you may also be to adjust your settings to limit tracking.
3. Who has access to which information?
Members of our team have access to the information you provide us. For example, both our Site Administrator and Marketplace Owners/Store Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent/
- Customer information like your name, email address, and billing and shipping information.
- Wishlist details, such as products added, date of addition, name and privacy settings of your wishlists
- Customer communication (support, comments, emails).
What we share with others
We have certain integrations with third parties who help us provide seamless services with orders and other store services for you. For example – payment gateways to process and complete your orders or web analytics to make your store and shopping experience better. We use a number of plugins that power our Sites (WordPress (Automattic), WooCommerce (Automattic), Jetpack (Automattic), Dokan). The data that is shared with these parties is described in Section 2.
Automattic – Jetpack – Akismet
Akismet collects information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself). the Jetpack Contact Form submission data — IP address, user agent, name, email address, website, and message — is submitted to the Akismet service (also owned by Automattic) for the sole purpose of spam checking. The actual submission data is stored in the database of the site on which it was submitted and is emailed directly to the owner of the form (i.e. the site author who published the page on which the contact form resides). This email will include the submitter’s IP address, timestamp, name, email address, website, and message.
For Jetpack Comments and Akismet, the following information is sent to the service for the sole purpose of spam checking: commenter’s name, email address, site URL, IP address, and user agent.
Akismet is compliant with the GDPR: https://akismet.com/gdpr/
For detailed information as to the information that Automattic has access to, please consult: https://automattic.com/privacy-notice/
- Order information like what was purchased, when it was purchased and where it should be sent/
- Customer information like your name, email address, and billing and shipping information.
Dokan team members, such as, customer support representative, product developers, and marketing personnel have access to information to help fulfill orders, process refunds and support you.
4. How and Why we Use this Information
We use information about you for the purposes listed below:
4.1. We process your personal data in order to fulfil our contract with you and to provide you with our Services. This includes the following purposes:
- Processing of data relating to you or your company for the purpose of entering into a contract with you and executing it.
- Provision of our Services, including but not limited to enabling and performing transactions with other users (including the transmission of your personal data to other users where necessary to perform the transaction, including in cases of terminated, failed or subsequently voided transactions), providing and enhancing features such as payment processing, ratings and account management, providing other services you may use (as described in connection with such services), and ensuring the functionality of our Services. In connection with the provision of our Services, we will send you notifications relating to the execution of transactions and the use of our Services in accordance with the communication preferences in your account.
- Provision of our payment services.
- Processing of general location data (such as IP address or postal code) in order to calculate taxes.
- Enforcement of our Terms & Conditions and other rules and policies.
4.2. We process your personal data in order to comply with legal obligations to which we are subject. This includes the following purposes:
- Prevention, detection and mitigation of illegal activities (e.g. fraud, money laundering and terrorist financing).
- Retention and storage of your personal data to comply with specific legal retention requirements
4.3. To protect our Services, our users, and the public.
For example, by detecting security incidents; detecting and protecting against malicious, deceptive, fraudulent, or illegal activity; fighting spam; complying with our legal obligations; and protecting the rights and property of Automattic and others, which may result in us, for example, declining a transaction or terminating Services.
5. What rights do you have as a user?
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. In detail, these are the rights you have according to GDPR:
5.1. Right of confirmation
Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact any employee of the controller.
5.2. Right of access
Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organization. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.
5.3. Right to rectification
Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact any employee of the controller.
5.4. Right to erasure (Right to be forgotten)
Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
- The personal data have been unlawfully processed.
- The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by the 3DVista Studios SL, he or she may, at any time, contact any employee of the controller. An employee of 3DVista Studios SL shall promptly ensure that the erasure request is complied with immediately.
Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. An employees of the 3DVista Studios SL will arrange the necessary measures in individual cases.
5.5. Right of restriction of processing
Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
- The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by the 3DVista Studios SL, he or she may at any time contact any employee of the controller. The employee of the 3DVista Studios SL will arrange the restriction of the processing.
5.6. Right to data portability
Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
In order to assert the right to data portability, the data subject may at any time contact any employee of the 3DVista Studios SL.
5.7. Right to object
Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.
The 3DVista Studios SL shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
If the 3DVista Studios SL processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to the 3DVista Studios SL to the processing for direct marketing purposes, the 3DVista Studios SL will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by the 3DVista Studios SL for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
In order to exercise the right to object, the data subject may contact any employee of the 3DVista Studios SL. In addition, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.
5.8. Automated individual decision-making, including profiling
Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, the 3DVista Studios SL shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.
If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, at any time, contact any employee of the 3DVista Studios SL.
5.9. Right to withdraw data protection consent
Each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal data at any time.
If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the 3DVista Studios SL.
6. Legal Bases for Collecting and Using Information
A note here for those in the European Union about our legal grounds for processing information about you under EU data protection laws, which is that our use of your information is based on the grounds that:
(1) The use is necessary in order to fulfill our commitments to you under the applicable terms of service or other agreements with you or is necessary to administer your account — for example, in order to enable access to our website on your device or charge you for a paid plan; or
(2) The use is necessary for compliance with a legal obligation; or
(3) The use is necessary in order to protect your vital interests or those of another person; or
(4) We have a legitimate interest in using your information — for example, to provide and update our Services; to improve our Services so that we can offer you an even better user experience; to safeguard our Services; to communicate with you; to measure, gauge, and improve the effectiveness of our advertising; and to understand our user retention and attrition; to monitor and prevent any problems with our Services; and to personalize your experience; or
(5) You have given us your consent — for example before we place certain cookies on your device and access and analyze them later on as described in the Cookies section of this agreement.
7. Third Parties
Some of the controllers of the date are third party providers, such as Automattic and WordPress:
They store personal data on servers located both in the US and in the EU. If you reside in Australia, Canada, Japan, Mexico, New Zealand, or any country located in the European continent, the controllers for processing your personal information are:
The chart below explains the controllers for processing your personal information. We use the term “Designated Countries” to refer to Australia, Canada, Japan, Mexico, New Zealand, and all countries located in the European continent.
If you reside outside of the Designated Countries (for services other than those offered at WooCommerce.com):
If you reside in the Designated Countries (for services other than those offered at WooCommerce.com):
Aut O’Mattic A8C Ireland Ltd.
If you are using our Services offered at WooCommerce.com:
Bubblestorm Management (Pty) Ltd (WooCommerce.com)
- In the case of US based entities, entering into European Commission approved standard contractual arrangements with them, or ensuring they have signed up to the EU-US Privacy Shield; or
- In the case of entities based in other countries outside the EEA, entering into European Commission approved standard contractual arrangements with them.
You can ask us for more information about the steps we take to protect your personal information when transferring it from the EU.
While no online service is 100% secure, we work very hard and with the best service providers out there to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so. The platforms that our Sites use monitor our Services for potential vulnerabilities and attacks.
That’s it! Thanks for reading