(Last updated March 26, 2020)

Your privacy is critically important to us. At 3DVista Studios SL, we have a few fundamental principles:

  • The use of the Internet pages of the 3DVista Studios SL is possible without any indication of personal data; however, if a data subject (“you”) wants to use special enterprise services via our website -such as buying/selling on the market place, processing of personal data could become necessary.
  • If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
  • We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services.
  • We store personal information for only as long as we have a reason to keep it.
  • We aim for full transparency on how we gather, use, and share your personal information.

Below is our Privacy Policy, which incorporates and clarifies these principles.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the 3DVista Studios SL. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

1. Who we are

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

3DVista Studios SL
Avenida de la Innovación, Edificio BIC
18100 Armilla – Granada
Spain
Phone: +34958948300
Email: privacy@3dvista.com

Our website address is: https://market.3dvista.com.

 

Data Protection Officer

The Data Protection Officer of the controller is:

Jose Ruiz
3DVista Studios SL
Avenida de la Innovación, Edificio BIC
18100 Armilla – Granada
Spain
Phone: +34958948300
Email: privacy@3dvista.com
Website: https://market.3dvista.com

Any data subject may, at any time, contact our Data Protection Officer directly, or any of our emplyees with all questions and suggestions concerning data protection.

 

2. What personal data we collect and why we collect it

We only collect information about you if we have a reason to do so — for example, to provide our Services, to communicate with you, or to make our Services better.

We collect this information from three sources (2.1-2.3): if and when you provide information to us, automatically through operating our Services, and from outside sources. In Section 2.4. we explain our cookies policy.

Let’s go over the information that we collect.

2.1. Information You Provide to Us

It’s probably no surprise that we collect information that you provide to us directly. Here is a list of details we may ask for:

  • Basic account information: We ask for basic information from you in order to set up your account. Which personal data are transmitted to the controller is determined by the respective input mask used for the registration and usually contains data such as:
    • First Name
    • Last Name
    • Email address
    • Establish a password
    • Select whether to be a customer or vendor
    • Establish a Shop Name (in the case of registering as a vendor)
    • Shop URL (in the case of registering as a vendor)
    • Your WordPress account (if you have one)

Store Set-up (Vendors only)

Those vendors who continue setting up a store on our platform, will be asked to insert the following information, which is necessary to create a fully functional vendor profile:

  • Street
  • Street 2
  • City
  • Zip Code
  • Country
  • State
  • Select whether or not to show email address on public profile
  • PayPal Email address
  • Public profile information:If you have an account with us, we collect the information that you provide for your public profile. For example your username is part of that public profile, along with any other information you put into your public profile, like a photo or an “About Me” description or your store address. Your public profile information is just that — public — so please keep that in mind when deciding what information you would like to include. You can decide whether you want your email address to appear on the public profile. If you decide to insert your Store’s address, please keep in mind that this will be shown in the public profile as well.
  • Content information: You might provide us with information about you in draft and published content (a blog post or comment that includes biographic information about you, or any media or files you upload).
  • Media: You can upload media files. All uploaded files are usually publicly accessible (because you’re probably trying to sell them to other users). If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website. The automatic upload of EXIF data is therefore disabled by us to protect you.
  • Comments: When visitors leave comments and reviews on our site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment. When a visitor leaves a comment on a Site, the Service provider of our Site’s plugin – Automattic (https://automattic.com/privacy-notice/) also has access to and collects that comment, and other information that the visitor provides along with the comment, such as the visitor’s name and email address.
  • Communications with us (hi there!): You may also provide us with information when you respond to surveys, communicate with our employees about a support question, or post a question in our public forums. When you communicate with us via form, email, phone, comment, or otherwise, we store a copy of our communications.
  • Order, Payment and Contact information: If you buy something from us or earn revenue through your site, we’ll collect information to process those payments and contact you. If you buy something from us or if you pay fees to a person or business through their Store on our Site, you’ll provide additional personal and payment information like your name, credit card information, and contact information to the payment service provider. We keep a record of the purchases you’ve made. We’ll use this information for purposes, such as, to:
  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them
  • If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

We use third party providers to process payments through a secure system. Some of our — and our customers’ — data will be passed to the respective third party, including information required to process or support the payment, such as the purchase total and our customer’s billing information. Information shared with a payment provider to process payments includes:

  • Name
  • Email
  • Address
  • Phone
  • City/State/Zip
  • Unique payment identifier
  • Payment provider identifier

Paypal

We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.

Please see the PayPal Privacy Policy for more details.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxemburg.

How payment providers use data

To better understand how a provider uses and stores the data shared with them, check their privacy policies directly:

 

How long do we keep this information for?

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 5 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses. If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

 

2.2. Information We Collect Automatically

We also collect some information automatically:

  • Log information:Like most online service providers, we collect a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. This is information that web browsers, mobile devices, and servers typically make available, including the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information, the Internet service provider of the accessing system or any other similar data and information that may be used in the event of attacks on our information technology systems. We collect log information when you use our Services — for example, when you create or make changes to your store on our Site.
  • Visitor Interactions: We collect information about a visitor’s interactions with a Site, including the “likes” and “ratings” left by visitors to a Site using WordPress.com or Jetpack.
  • Location Information: We may determine the approximate location of a visitor’s device from the IP address. We collect and use this information to, for example, see how many people visit our Sites from certain geographic regions. If you’d like, you can read more about our Site Stats feature for WordPress.com sites and Jetpack sites in the Section on WordPress Stats below.
  • Akismet Commenter Information: Our Site uses the Akismet anti-spam service. We, and Akismet, collect information about visitors who comment on Sites. The information we collect typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address…oh, and the comment itself, of course).
  • Jetpack Site Activity: We collect visitor activities related to the management of the Site, such as login attempts/actions and comment submission and management actions. For more information, please see the Jetpack Privacy Center.
  • Information from Cookies and Other Technologies: A cookie is a string of information that a Site stores on a visitor’s computer, and that the visitor’s browser provides to the Site each time the visitor returns. Pixel tags (also called web beacons) are small blocks of code placed on Sites. We use Automattic to run our website and Automattic uses cookies and other technologies like pixel tags to help identify and track visitors and Site usage, and to deliver targeted ads when ads are enabled for free WordPress.com sites or when ads are enabled on a Site through WordAds or Jetpack Ads (see the “Other Tools” section below for more details). For more information about our use of cookies and other technologies for tracking, including how visitors can control the use of cookies, please see our Section about Cookies (2.4.) and Automattic’s Cookie Policy.
  • Information from cookies & other technologies: 3DVista Studios SL uses cookies and other technologies like pixel tags to help us identify and track visitors, usage, and access preferences for our Services. For more information about our use of cookies and other technologies for tracking, including how you can control the use of cookies, please see the section about Cookies.

This information is not only accessible to 3DVista Studios SL, but also to the provider of our Site’s engine and plug-ins, Automattic: https://automattic.com/privacy-notice/.

What we use this information for

While you visit our site, we’ll track:

Stores you’ve viewed: we’ll use this to, for example, show you vendor stores you’ve recently viewed.

Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed.

Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping.

Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of cart contents while you’re browsing our site. Please refer to the subsection 2.4 Cookies for more information on Cookies.

Below you will find a list of the data that our Site’s supporting plug-ins may be collecting for this purpose:

Data protection provisions about the application and use of Jetpack for WordPress

On this website, the controller has integrated Jetpack. Jetpack is a WordPress plug-in, which provides additional features to the operator of a website based on WordPress. Jetpack allows the Internet site operator, inter alia, an overview of the visitors of the site. By displaying related posts and publications, or the ability to share content on the page, it is also possible to increase visitor numbers. In addition, security features are integrated into Jetpack, so a Jetpack-using site is better protected against brute-force attacks. Jetpack also optimizes and accelerates the loading of images on the website.

The operating company of Jetpack Plug-Ins for WordPress is the Aut O’Mattic A8C Ireland Ltd., Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland.

Jetpack sets a cookie on the information technology system used by the data subject. The definition of cookies is explained in the Cookies Section 2.4. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a Jetpack component was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to submit data through the Jetpack component for analysis purposes to Automattic. During the course of this technical procedure Automattic receives data that is used to create an overview of website visits. The data obtained in this way serves the analysis of the behaviour of the data subject, which has access to the Internet page of the controller and is analyzed with the aim to optimize the website. The data collected through the Jetpack component is not used to identify the data subject without a prior obtaining of a separate express consent of the data subject. The data comes also to the notice of Quantcast. Quantcast uses the data for the same purposes as Automattic.

The data subject can, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Automattic/Quantcast from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Automattic/Quantcast may be deleted at any time via a web browser or other software programs.

In addition, the data subject has the possibility of objecting to a collection of data relating to a use of this Internet site that are generated by the Jetpack cookie as well as the processing of these data by Automattic/Quantcast and the chance to preclude any such. For this purpose, the data subject must press the ‘opt-out’ button under the link https://www.quantcast.com/opt-out/ which sets an opt-out cookie. The opt-out cookie set with this purpose is placed on the information technology system used by the data subject. If the cookies are deleted on the system of the data subject, then the data subject must call up the link again and set a new opt-out cookie.

With the setting of the opt-out cookie, however, the possibility exists that the websites of the controller are not fully usable anymore by the data subject.

The applicable data protection provisions of Automattic may be accessed under https://automattic.com/privacy/. The applicable data protection provisions of Quantcast can be accessed under https://www.quantcast.com/privacy/.

The following lists all data used, tracked and synced for each of the functions you may be accessing from the plugin.

Activity

This feature only records activities of a site’s registered users, and the retention duration of activity data will depend on the site’s plan and activity type.

Data Used: To deliver this functionality and record activities around site management, the following information is captured: user email address, user role, user login, user display name, WordPress.com and local user IDs, the activity to be recorded, the WordPress.com-connected site ID of the site on which the activity takes place, the site’s Jetpack version, and the timestamp of the activity. Some activities may also include the actor’s IP address (login attempts, for example) and user agent.

Activity Tracked: Login attempts/actions, post and page update and publish actions, comment/pingback submission and management actions, plugin and theme management actions, widget updates, user management actions, and the modification of other various site settings and options. Retention duration of activity data depends on the site’s plan and activity type. See the complete list of currently-recorded activities (along with retention information).

Data Synced (?): Successful and failed login attempts, which will include the actor’s IP address and user agent.

Carousel

Image views are only recorded if the site owner, has explicitly enabled image view stats tracking for this feature via the jetpack_enable_carousel_stats filter.

Data Used: If image view tracking is enabled, the following information is used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Activity Tracked: Image views.

Comment Likes

This feature is only accessible to users logged in to WordPress.com.

Data Used: In order to process a comment like, the following information is used: WordPress.com user ID/username (you must be logged in to use this feature), the local site-specific user ID (if the user is signed in to the site on which the like occurred), and a true/false data point that tells us if the user liked a specific comment. If you perform a like action from one of our mobile apps, some additional information is used to track the activity: IP address, user agent, timestamp of event, blog ID, browser language, country code, and device info.

Activity Tracked: Comment likes.

Contact Form

Data Used: If Akismet is enabled on the site, the contact form submission data — IP address, user agent, name, email address, website, and message — is submitted to the Akismet service (also owned by Automattic) for the sole purpose of spam checking. The actual submission data is stored in the database of the site on which it was submitted and is emailed directly to the owner of the form (i.e. the site author who published the page on which the contact form resides). This email will include the submitter’s IP address, timestamp, name, email address, website, and message.

Data Synced (?): Post and post meta data associated with a user’s contact form submission. If Akismet is enabled on the site, the IP address and user agent originally submitted with the comment are synced, as well, as they are stored in post meta.

GIF Block

Data Used: An iframe is inserted into the page, using an HTTP connection. The iframe is governed by Giphy’s privacy policy.

Activity Tracked: We don’t track any activity. For details of what Giphy tracks, refer to their privacy policy.

Infinite Scroll

Data Used: In order to record page views via WordPress.com Stats (which must be enabled for page view tracking here to work) with additional loads, the following information is used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Activity Tracked: Page views will be tracked with each additional load (i.e. when you scroll down to the bottom of the page and a new set of posts loads automatically). If the site owner has enabled Google Analytics to work with this feature, a page view event will also be sent to the appropriate Google Analytics account with each additional load.

Jetpack Comments

Data Used: Commenter’s name, email address, and site URL (if provided via the comment form), timestamp, and IP address. Additionally, a jetpack.wordpress.com IFrame receives the following data: WordPress.com blog ID attached to the site, ID of the post on which the comment is being submitted, commenter’s local user ID (if available), commenter’s local username (if available), commenter’s site URL (if available), MD5 hash of the commenter’s email address (if available), and the comment content. If Akismet (also owned by Automattic) is enabled on the site, the following information is sent to the service for the sole purpose of spam checking: commenter’s name, email address, site URL, IP address, and user agent.

Activity Tracked: The comment author’s name, email address, and site URL (if provided during the comment submission) are stored in cookies. Learn more about these cookies.

Data Synced (?): All data and metadata (see above) associated with comments. This includes the status of the comment and, if Akismet is enabled on the site, whether or not it was classified as spam by Akismet.

Likes

This feature is only accessible to users logged in to WordPress.com.

Data Used: In order to process a post like action, the following information is used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID (on which the post was liked), post ID (of the post that was liked), user agent, timestamp of event, browser language, country code.

Activity Tracked: Post likes.

Map Block

Activity Tracked: We don’t track anything. Refer to the Mapbox privacy policy for details of any activity they track.

Mobile Theme

Data Used: A visitor’s preference on viewing the mobile version of a site.

Activity Tracked: A cookie (akm_mobile) is stored for 3.5 days to remember whether or not a visitor of the site wishes to view its mobile version.  Learn more about this cookie.

Notifications

This feature is only accessible to registered users of the site who are logged in to WordPress.com.

Data Used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Some visitor-related information or activity may be sent to the site owner via this feature. This may include: email address, WordPress.com username, site URL, email address, comment content, follow actions, etc.

Activity Tracked: Sending notifications (i.e. when we send a notification to a particular user), opening notifications (i.e. when a user opens a notification that they receive), performing an action from within the notification panel (e.g. liking a comment or marking a comment as spam), and clicking on any link from within the notification panel/interface.

Protect

Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.

Activity Tracked: Failed login attempts (these include IP address and user agent). We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.

Data Synced (?): Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.

Search

Data Used: Any of the visitor-chosen search filters and query data in order to process a search request on the WordPress.com servers.

Sharing

Data Used: When official sharing buttons are active on the site, each button loads content directly from its service in order to display the button as well as information and tools for the sharing party. As a result, each service can in turn collect information about the sharing party. When a non-official Facebook or a Pinterest sharing button is active on the site, information such as the sharing party’s IP address as well as the page URL will be available for each service, so sharing counts can be displayed next to the button. When sharing content via email (this option is only available if Akismet is active on the site), the following information is used: sharing party’s name and email address (if the user is logged in, this information will be pulled directly from their account), IP address (for spam checking), user agent (for spam checking), and email body/content. This content will be sent to Akismet (also owned by Automattic) so that a spam check can be performed. Additionally, if reCAPTCHA (by Google) is enabled by the site owner, the sharing party’s IP address will be shared with that service. You can find Google’s privacy policy  here.

Video Hosting

Data Used: For video play tracking via WordPress.com Stats, the following information is used: viewer’s IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. If Google Analytics is enabled, video play events will be sent there, as well.

Activity Tracked: Video plays.

WooCommerce Services

Data Used: For payments with PayPal or Stripe: purchase total, currency, billing information. For taxes: the value of goods in the cart, value of shipping, destination address. For checkout rates: destination address, purchased product IDs, dimensions, weight, and quantities. For shipping labels: customer’s name, address as well as the dimensions, weight, and quantities of purchased products.

Data Synced (?): For payments, we send the purchase total, currency and customer’s billing information to the respective payment processor. Please see the respective third party’s privacy policy (Stripe’s Privacy Policy and PayPal’s Privacy Policy) for more details. For automated taxes we send the value of goods in the cart, the value of shipping, and the destination address to TaxJar. Please see TaxJar’s Privacy Policy for details about how they handle this information. For checkout rates we send the destination ZIP/postal code and purchased product dimensions, weight and quantities to USPS or Canada Post, depending on the service used.

 

Data protection provisions about the application and use of Google Analytics

Google Analytics is Google’s own web and traffic analytics tool. For example, when you visit a website that uses advertising services such as AdSense, including analytics tools such as Google Analytics, or embeds video content from YouTube, your web browser automatically sends certain information to Google. This includes the URL of the page that you’re visiting and your IP address. Google may also set cookies on your browser or read cookies that are already there. Apps that use Google advertising services also share information with Google, such as the name of the app and a unique identifier for advertising.

Google uses the information shared by sites and apps to deliver its services, maintain and improve them, develop new services, measure the effectiveness of advertising, protect against fraud and abuse and personalize content and ads that you see on Google and on its partners’ sites and apps. See their Privacy Policy to learn more about how they process data for each of these purposes, and their Advertising page for more about Google ads, how your information is used in the context of advertising and how long Google stores this information.

 

Data Used

Please refer to the appropriate Google Analytics documentation for the specific type of data it collects. Our Site is running WooCommerce (also owned by Automattic) and purchase events will send Google Analytics the following information: order number, product id and name, product category, total cost, and quantity of items purchased. Google Analytics does offer IP anonymization, which has been enabled by the site owner.

Activity Tracked

This feature sends page view events (and potentially video play events) over to Google Analytics for consumption. Some additional events are also sent to Google Analytics: shopping cart additions and removals, product listing views and clicks, product detail views, and purchases. Tracking for each specific WooCommerce event needs to be enabled by the site owner.

Data Synced (Read More)

None.

 

WordPress.com Stats

Data Used

Site Visitors

IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Please also see Data Visibility and Retention information for this feature.

Activity Tracked

Site Visitors

Post and page views, video plays (if videos are hosted by WordPress.com), outbound link clicks, referring URLs and search engine terms, and country. When this feature is enabled, Jetpack also tracks performance on each page load that includes the JavaScript file we use for Stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that our plugin and code is not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, JavaScript files, CSS files, etc.).

Data Synced (Read More)

Site Visitors

None.

 

Why we collect and how we use this data

When using these general data and information, the 3DVista Studios SL does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the 3DVista Studios SL analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

 

2.3. Information We Collect from Other Sources

We may also get information about you from other sources. For example, if you create or log in to your WordPress.com account, we’ll receive information from that service (e.g., your username, basic profile information) via the authorization procedures for that service. 

2.4. Cookies

The Internet pages of the 3DVista Studios SL use cookies. Cookies are text files that are stored in a computer system via an Internet browser.

Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.

Through the use of cookies, the 3DVista Studios SL can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimized with the user in mind. Cookies allow us, as previously mentioned, to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website. The website user that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop. The online store remembers the articles that a customer has placed in the virtual shopping cart via a cookie.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

List of Cookies

Stripe

This plugin/extension sets the following cookies:

Cookies set by our plugin Jetpack

Cookies are used by Jetpack in a variety of ways. The cookies are only set when a user interacts with one of these features, or to allow admin functions to be performed.

Further details are provided in the following tables, which list the various cookies that are set for registered users of sites with the Jetpack plugin installed. For information on the cookies set by Jetpack.com, or for visitors to sites with the Jetpack plugin installed, please see the cookie policy at automattic.com/cookies.

Jetpack Comments

Cookie Name

Purpose

comment_author_{HASH}

Remembers the value entered into the comment form‘s name field. Specific to the site from which it is set. This cookie mirrors one set by the core WordPress software for commenting purposes.

comment_author_email_{HASH}

Remembers the value entered into the comment form‘s email field. Specific to the site from which it is set. This cookie mirrors one set by the core WordPress software for commenting purposes.

comment_author_url_{HASH}

Remembers the value entered into the comment form‘s URL field. Specific to the site from which it is set. This cookie mirrors one set by the core WordPress software for commenting purposes

 

Mobile Theme

Cookie Name

Purpose

akm_mobile

Remembers whether or not a user wishes to view the mobile version of a site.

 

Subscriptions

Cookie Name

Purpose

jetpack_comments_subscribe_{HASH}

Remembers the state of the post and comment subscription checkboxes.

jetpack_blog_subscribe_{HASH}

Remembers the state of the post and comment subscription checkboxes.

 

EU Cookie Law Banner

Cookie Name

Purpose

eucookielaw

Remembers the state of visitor acceptance to the EU Cookie Law banner.

 

Please note that this section is not intended to be exhaustive, but rather aims to be representative.

Other cookies

Some Jetpack features make use of third-party applications and services to enhance the experience of visitors. These include social media platforms, such as Facebook and Twitter (via our Sharing feature). As a result, cookies may be set by these third parties, and used by them to track your online activity. We have no direct control over or access to the information that is collected by these cookies. We recommend consulting the individual privacy policies of any such services for more information.

Controlling Cookies & Opt Out

The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.

To find out more on how to manage and delete cookies, visit aboutcookies.org. For more details on your choices regarding use of your web browsing activity for interest-based advertising you may visit the following sites:

On a mobile device, you may also be to adjust your settings to limit tracking.  

For example, you can opt out of Google Analytics by installing Google’s opt-out browser add-on, or from Hotjar by using the Do Not Track header.

 

3. Who has access to which information?

Members of our team have access to the information you provide us. For example, both our Site Administrator and Marketplace Owners/Store Managers can access:

  • Order information like what was purchased, when it was purchased and where it should be sent/
  • Customer information like your name, email address, and billing and shipping information.
  • Wishlist details, such as products added, date of addition, name and privacy settings of your wishlists
  • Customer communication (support, comments, emails).

What we share with others

We have certain integrations with third parties who help us provide seamless services with orders and other store services for you. For example – payment gateways to process and complete your orders or web analytics to make your store and shopping experience better. We use a number of plugins that power our Sites (WordPress (Automattic), WooCommerce (Automattic), Jetpack (Automattic), Dokan). The data that is shared with these parties is described in Section 2.

Automattic – Jetpack – Akismet

Akismet collects information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).  the Jetpack Contact Form submission data — IP address, user agent, name, email address, website, and message — is submitted to the Akismet service (also owned by Automattic) for the sole purpose of spam checking. The actual submission data is stored in the database of the site on which it was submitted and is emailed directly to the owner of the form (i.e. the site author who published the page on which the contact form resides). This email will include the submitter’s IP address, timestamp, name, email address, website, and message.

For Jetpack Comments and Akismet, the following information is sent to the service for the sole purpose of spam checking: commenter’s name, email address, site URL, IP address, and user agent.

Akismet is compliant with the GDPR: https://akismet.com/gdpr/

For detailed information as to the information that Automattic has access to, please consult: https://automattic.com/privacy-notice/

https://automattic.com/privacy-notice/

Dokan

  • Order information like what was purchased, when it was purchased and where it should be sent/
  • Customer information like your name, email address, and billing and shipping information.

Dokan team members, such as, customer support representative, product developers, and marketing personnel have access to information to help fulfill orders, process refunds and support you.

 

4. How and Why we Use this Information

We use information about you for the purposes listed below:

4.1. We process your personal data in order to fulfil our contract with you and to provide you with our Services. This includes the following purposes:

  • Processing of data relating to you or your company for the purpose of entering into a contract with you and executing it.
  • Provision of our Services, including but not limited to enabling and performing transactions with other users (including the transmission of your personal data to other users where necessary to perform the transaction, including in cases of terminated, failed or subsequently voided transactions), providing and enhancing features such as payment processing, ratings and account management, providing other services you may use (as described in connection with such services), and ensuring the functionality of our Services. In connection with the provision of our Services, we will send you notifications relating to the execution of transactions and the use of our Services in accordance with the communication preferences in your account.
  • Provision of our payment services.
  • Processing of general location data (such as IP address or postal code) in order to calculate taxes.
  • Enforcement of our Terms & Conditions and other rules and policies.

4.2. We process your personal data in order to comply with legal obligations to which we are subject. This includes the following purposes:

  • Prevention, detection and mitigation of illegal activities (e.g. fraud, money laundering and terrorist financing).
  • Retention and storage of your personal data to comply with specific legal retention requirements

4.3. To protect our Services, our users, and the public. 

For example, by detecting security incidents; detecting and protecting against malicious, deceptive, fraudulent, or illegal activity; fighting spam; complying with our legal obligations; and protecting the rights and property of Automattic and others, which may result in us, for example, declining a transaction or terminating Services.

 

5. What rights do you have as a user? 

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. In detail, these are the rights you have according to GDPR:

5.1.  Right of confirmation

Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact any employee of the controller.

5.2. Right of access

Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:

    • the purposes of the processing;
    • the categories of personal data concerned;
    • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
    • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    • the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
    • the existence of the right to lodge a complaint with a supervisory authority;
    • where the personal data are not collected from the data subject, any available information as to their source;
    • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organization. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.

5.3. Right to rectification

Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact any employee of the controller.

5.4. Right to erasure (Right to be forgotten)

Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

    • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
    • The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
    • The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
    • The personal data have been unlawfully processed.
    • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
    • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by the 3DVista Studios SL, he or she may, at any time, contact any employee of the controller. An employee of 3DVista Studios SL shall promptly ensure that the erasure request is complied with immediately.

Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. An employees of the 3DVista Studios SL will arrange the necessary measures in individual cases.

5.5. Right of restriction of processing

Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

    • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
    • The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.
    • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
    • The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by the 3DVista Studios SL, he or she may at any time contact any employee of the controller. The employee of the 3DVista Studios SL will arrange the restriction of the processing.

5.6. Right to data portability

Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

In order to assert the right to data portability, the data subject may at any time contact any employee of the 3DVista Studios SL.

5.7. Right to object

Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

The 3DVista Studios SL shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.

If the 3DVista Studios SL processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to the 3DVista Studios SL to the processing for direct marketing purposes, the 3DVista Studios SL will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by the 3DVista Studios SL for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In order to exercise the right to object, the data subject may contact any employee of the 3DVista Studios SL. In addition, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.

5.8. Automated individual decision-making, including profiling

Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, the 3DVista Studios SL shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, at any time, contact any employee of the 3DVista Studios SL.

5.9. Right to withdraw data protection consent

Each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal data at any time.

If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the 3DVista Studios SL.

 

6. Legal Bases for Collecting and Using Information

A note here for those in the European Union about our legal grounds for processing information about you under EU data protection laws, which is that our use of your information is based on the grounds that:

(1) The use is necessary in order to fulfill our commitments to you under the applicable terms of service or other agreements with you or is necessary to administer your account — for example, in order to enable access to our website on your device or charge you for a paid plan; or

(2) The use is necessary for compliance with a legal obligation; or

(3) The use is necessary in order to protect your vital interests or those of another person; or

(4) We have a legitimate interest in using your information — for example, to provide and update our Services; to improve our Services so that we can offer you an even better user experience; to safeguard our Services; to communicate with you; to measure, gauge, and improve the effectiveness of our advertising; and to understand our user retention and attrition; to monitor and prevent any problems with our Services; and to personalize your experience; or

(5) You have given us your consent — for example before we place certain cookies on your device and access and analyze them later on as described in the Cookies section of this agreement.

 

7. Third Parties

Some of the controllers of the date are third party providers, such as Automattic and WordPress:

They store personal data on servers located both in the US and in the EU. If you reside in Australia, Canada, Japan, Mexico, New Zealand, or any country located in the European continent, the controllers for processing your personal information are:

The chart below explains the controllers for processing your personal information. We use the term “Designated Countries” to refer to Australia, Canada, Japan, Mexico, New Zealand, and all countries located in the European continent.

If you reside outside of the Designated Countries (for services other than those offered at WooCommerce.com):

Automattic Inc.
60 29th Street #343
San Francisco, CA 94110

If you reside in the Designated Countries (for services other than those offered at WooCommerce.com):

Aut O’Mattic A8C Ireland Ltd.
Business Centre, No.1 Lower Mayor Street
International Financial Services Centre
Dublin 1, IrelandAutomattic Inc. is also the controller for some of the processing activities related to Services provided by Aut O’Mattic A8C Ireland Ltd.

If you are using our Services offered at WooCommerce.com:

Bubblestorm Management (Pty) Ltd (WooCommerce.com)
Unit A206, The Old Biscuit Mill (TOBM)
373 – 375 Albert Road, Woodstock
Cape Town, South Africa
Automattic Inc. is also the controller for some of the processing activities related to Services provided by Bubblestorm Management (Pty) Ltd (WooCommerce.com).

Transferring Information

Because Automattic’s Services are offered worldwide, the information about you that we process when you use the Services in the EU may be used, stored, and/or accessed by individuals operating outside the European Economic Area (EEA) who work for us, other members of our group of companies, or third-party data processors. This is required for the purposes listed in the How and Why We Use Information section above. When providing information about you to entities outside the EEA, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Policy as required by applicable law. These measures include:

  • In the case of US based entities, entering into European Commission approved standard contractual arrangements with them, or ensuring they have signed up to the EU-US Privacy Shield; or
  • In the case of entities based in other countries outside the EEA, entering into European Commission approved standard contractual arrangements with them.

You can ask us for more information about the steps we take to protect your personal information when transferring it from the EU.

 

8. Security

While no online service is 100% secure, we work very hard and with the best service providers out there to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so. The platforms that our Sites use monitor our Services for potential vulnerabilities and attacks.

 

That’s it! Thanks for reading

This Privacy Policy has partly been generated by the Privacy Policy Generator of the External Data Protection Officers that was developed in cooperation with the Media Law Lawyers from WBS-LAW.