
privacy policy.
INTRODUCTION
The following Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from https://houseofvese.com/ (the “Website”).
Parties:
“We”; “Our” – refers to House of VèSè.
“You”; “Your” – refers to the client.
Terms:
“website” – refers to the online website used by House of VèSè to display and sell their artwork.
“client” – refers to any person browsing or purchasing products on the House of VèSè online website.
PERSONAL INFORMATION WE COLLECT:
When you visit our website, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse our website, we collect information about the individual web pages or products that you view, what websites or search terms referred you to our website, and information about how you interact with our website. We refer to this, above-mentioned, automatically collected information as “Device Information”.
We collect Device Information using the following technologies:
- “Cookies” which are data files that are placed on your device or computer and often include an anonymous unique identifier.
- “Log files” are used to track actions occurring on our website, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse our website.
Additionally, when you make a purchase or attempt to make a purchase through our website, we collect certain information from you; this includes your name, billing address, shipping address, payment information (including credit card/debit card numbers, email address, and phone number). We refer to this information as “Order Information”.
When we talk about “Personal Information” in this Privacy Policy, we are refereeing to both the Device Information and Order Information.
HOW WE USE YOUR PERSONAL INFORMATION:
We use the Order Information that we collect generally to fulfill any orders placed through our website (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations).
Additionally, we use this Order Information to:
- Communicate with you;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our website.
SHARING YOUR PERSONAL INFORMATION:
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
We also use Google Analytics to help us understand how our customers use the Site -- you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/.
You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
BEHAVIOURAL ADVERTISING:
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
DO NOT TRACK:
Please note that we do not alter our website’s data collection and use practices when we see a Do Not Track signal from your browser.
YOUR RIGHTS:
If you live in South Africa, you are subject to the Protection of Personal Information Act (POPI Act) (Act No. 4 of 2013 : Protection of Personal Information Act, 2013).
The POPI Act is South Africa’s equivalent of the EU GDPR. It sets some conditions for responsible parties (called controllers in other jurisdictions) to lawfully process the personal information of data subjects (both natural and juristic persons).
The POPI Act does not stop you from processing and does not require you to get consent from data subjects to process their personal information. Whoever decides why and how to process personal information is responsible for complying with the conditions. There are eight general conditions and three extra conditions.
The responsible party is also responsible for a failure by their operators (those who process for them) to meet the conditions.
The POPI Act protects data subjects from harm, like theft and discrimination. The risks of non-compliance include reputational damage, fines and imprisonment, and paying out damages claims to data subjects. The biggest risk, after reputational damage, is a fine for failing to protect account numbers.
DATA SUBJECT RIGHTS:
Everyone has the right to be informed if someone is collecting their personal information, or if their personal information has been accessed by an unauthorized person. In addition, they have the right of access to their personal information and to require that personal information be corrected or destroyed, or they may object to their personal information being processed.
The Act does not apply to personal information processed
-
in the course of a personal or household activity,
-
or where the processing authority is a public body involved in national security, defense, public safety, anti-money laundering,
-
or the Cabinet or Executive Council of the Province
-
or as part of a judicial function.
Personal information can only be processed: (Section 11)
-
with the consent of the “data subject”; or
-
if it is necessary for the conclusion or performance of a contract to which the “data subject” is a party; or
-
if it is required by law; or
-
if it protects a legitimate interest of the “data subject”; or
-
if it is necessary to pursue your legitimate interests or the interest of a third party to whom the information is supplied.
Everyone has the right to object to having their personal information processed. They have the right to withdraw their consent, or object if they can show legitimate grounds for their objection.
A Responsible Party has to collect personal information directly from the “data subject”, unless:
-
this information is contained in some public record or has been deliberately published by the data subject;
-
collecting the information from another source does not prejudice the subject;
-
it is necessary for some public purpose; or to protect their own interests;
-
obtaining the information directly from the subject would prejudice a lawful purpose or is not reasonably possible.
Personal Information may only be collected for a specific, explicitly defined and lawful purpose and the data subject must be aware of the purpose for which the information is being collected. (section 13)
Once the Personal Information is no longer needed for the specific purpose for which it was gathered, it must be disposed of (or the data subject must be “de-identified”).
Personal Information may only be kept if it is allowed by law, or the information is needed to keep the record for lawful purpose or in accordance with the contract between the company and the data subject, or the data subject has consented to the data processor keeping the records. (section 14)
The company is entitled to keep records of personal information for historical, statistical or research purposes if it has been “de-identified” and safeguards have been established to prevent the records being used for any other purposes.
Records must be destroyed in a way that prevents them from being reconstructed.
Personal information may only be used for the purpose which the data was collected. (section 15).
Documentation relating to personal information and how it has been processed must be maintained as referred to in section 14 or 51 of the Promotion of Access to Information Act.
When information is being collected, data subjects must be made aware of: (section 18)
-
the information that is being collected and if the information is not being collected from the subject, the subject must be made aware of the source from which the information is being collected;
-
the name and address of the person/organisation collecting the information;
-
the purpose of the collection of information;
-
what period the information will be retained for and assurance given that it will be destroyed by given date;
-
whether the supply of the information by the subject is voluntary or mandatory;
-
the consequences of failure to provide the information;
-
whether the information is being collected in accordance with any law;
-
if it is intended for the information to leave the country and what level of protection will be afforded to the information after it has left South Africa.
-
who will be receiving the information;
-
that the data subject has access to the information and the right to rectify any details;
-
that the data subject has the right to object to the information being processed (if such right exists);
-
that the data subject has the right to lodge a complaint to the Information Regulator. The contact details of the Information Regulator must also be supplied. (section 18).
These requirements have to be met before the information is collected directly from the subject, or soon as reasonably practicable. If additional information is collected from a subject for a different purpose, the same process must be followed.
DATA RETENTION:
When you place an order through our website, we will maintain your Order Information for our records unless and until you ask us to delete this information.
CHANGES:
We may amend this privacy policy at any time, at our digression, without notice, in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.
It is your responsibility to regularly check our privacy policies…
CONTACT US:
For more information about our privacy practices; if you have questions; or if you would like to make a complaint, please contact us via e-mail at houseofvese@gmail.com.