Privacy Notice


Effective Date:  May 25, 2018
Notice Version: 1.0



By using any of Christelvoss’s Services, you confirm you have agreed to the Terms of Conditions and read and understood this Privacy Policy and our Cookie Policy.


The data manager at Christelvoss.com is Creative Director, Christel Voss. Christel will delete or return all Personal Data to the Data Controller at the end of the provision of the Services, and delete existing copies, unless further storage of the Personal Data is required or authorized by Applicable Law.

Christelvoss.com register and disclose your personal information in order to deliver the best service to you. All personal information saved, will be handled with the outmost care. The personal data are registered with Christelvoss.com and kept up to five years after which the information is then deleted. When gathering this information via our website, we do so only at your consent. No sensitive information is passed on. Except to the extent necessary to comply with applicable legal, regulatory or law enforcement requirements, Christel will inform you without unreasonable delay in accordance with Applicable Law after it becomes aware of any Incident that has occurred in its systems which affects Personal Data Christel Voss processes on your behalf.



1. My Privacy Notice has been designed with you in mind.
How the notice applies to you will depend on the way in which you interact with me. 
 

How Christelvoss.com collect personal information
Christel obtain personal information from various sources. I do this in three main ways:

  • You provide some of it directly (such as by requesting an inquire, buying ShapeUp hours or opting in on my newsletter).
  • I record some of it automatically when you use my Services (including with technologies like cookies).
  • I don’t collect or store sensitive information.
  • I keep all information (invoices) and projects (content for your website) in Dropbox Pro – a cloud based solution – with a two-factor-authentication login.
  • Contact information: I add you name, last name and company name alongside your telephone number, in my IOS smartphone adressbook and Calendar. These data are backed-up in iCloud.
     

How I use your information and why
For the performance of our contract with you, we use your information when you enter into a contract with us so we can:

  • Process your order
  • Take payment, and
  • Provide you with customer support.
     

For our legitimate business interests

  • To conduct market research and analysis which helps improve and customise our products and services.
  • For our marketing purposes, unless your consent is required for such marketing.
  • To send you customer service emails including confirmations etc.
  • To prevent or detect unlawful behaviour, to protect or enforce our legal rights or as otherwise permitted by law.
     

How I share your personal information

  • I receive some of it from third parties, like when you opt-in on a newsletter (marketing-related information) using a Third Party Service or when you make payments to us using Squarespace and Stripe payment processor (financial information).
  • Service providers. I share personal information with my service providers that perform services on my behalf. For example, I may use third parties to help provide customer support, send marketing and other communications on my behalf or assist with data storage.
  • Process payments. I transmit your personal information (cardholders) via an encrypted connection to our payment processor.  
  • Following the law or protecting rights and interests. I disclose your personal information if I determine that such disclosure is reasonably necessary to comply with the law, protect me or others’ rights, property or interests (such as enforcing my Terms of Conditions (ENG) / betingelser (DK) or prevent fraud or abuse of Squarespace or our Users or End Users. In particular, I may disclose your personal information in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements.
     

Your rights and choices
Where applicable law requires (and subject to any relevant exceptions under law), you may have the right to update, change or delete personal information.

You can update, change or delete personal information by contacting me at hej@christelvoss.com to request the required changes. You can exercise your other rights (including deleting your data) by contacting me at the same email address.


Your choices
Where you have given your consent, you can withdraw it by doing the following:

  • To stop receiving my marketing you can change your preferences within your account, follow the unsubscribe instructions in any of the emails I send you or contact me and we will do it for you.
  • To opt out of the use of cookies and tracking tools, please see my Cookies Policy.
  • To opt out of location tracking and push notifications, you can change the settings on your device or keep your location off. To stop web push notifications, you will need to use your browser settings.
  •  To object to personalization you can change your preferences by contacting me and I will do it for you.
     

Your rights
You also have rights over how your personal information is used including:

  • The right to object to our processing of your data.
  • The right to request that your information be erased or restricted from further use.
  • The right to request a copy of the information I hold about you.
  • The right to correct, amend or update information you have given me.
  • The right to contest any automated decision I make about you. An automated decision is a decision taken without any human intervention which has legal consequences (e.g. credit checking). I don’t typically carry out automated decision making but, if I do, I will make it clear where such decisions are being made.



2. Processing of Personal Data

 

Data Sub-processors are:

  • Google – Mail, file storage, Analytics
  • Dropbox – File storage
  •  iCloud – File storage
  • Stripe – Payment processor
  • Telia – User relationship management
  • Mailchimp – User relationship management
  •  Adobe – User content
     

Basic information collected
The data collected by Squarespace Analytics and Google Analytics, are not exported or used by any other purpose, then to provide me with knowledge as to where my visitors come from and what pages they read the most.

Data collected are first name, last name, telephone, email, adress, cvr/vat number. Geography such as country, IP-adress, search engine queries such as type of device and type of browser used for the session. And traffic sources – referrers.

  • Christelvoss.com collect personal data on this website and webshop through third-party services, specifically: Google Analytics, a Squarespace Form Block connected to Mailchimp if/when you opt-in.
  • Christelvoss.com process personal data on this website and webshop through third-party services, specifically: Stripe, Squarespace, Google.
  • Christelvoss.com controls data in order to build your website, communicate with user (you as a client) and send out invoices. Third-party services are specifically: Telia, iCloud, Google, Dropbox, Mailchimp.
     

Google Analytics
Data are kept for 14 months. New visits do not prolong this period of time. If you come back to Christelvoss.com after 14 months, your data will once again be registered and kept for 14 months. Your IP address will be anonymized, before being registered in Google Analytics. Effective May 7th, 2018.

Google may pass on information to thirdparty, if the law requires them to do so, or complete tasks on behalf of Google Inc. You automatically accept this privacy policy term from Google Analytics, when you visit www.christelvoss.com.
Read more on http://www.google.com/privacy.html


Squarespace data storage
As with existing law, the GDPR requires that certain safeguards be put in place when transferring personal data outside the EU. Squarespace already self-certified to the EU-US Privacy Shield, which allows them to lawfully transfer EU personal data to US-based datacenters. Mailchimp and Stripe has certified to the EU-US and Swiss-US Privacy Shield for this reason.


Webshop
Christelvoss.com use Secure Socket Layers (SSL), the industry standard in transferring information to process your orders.

When you buy a product in my webshop, you submit information about your company – or you as a private person. During checkout I ask my Client to provide their name, address, email address and payment information so that I can complete your order. These data are handled in a secure payment processor; Stripe, and are kept safe and not to be downloaded or exported in any way. Please read Stripe User Terms of Service.


Client payment information
Your payment information may be processed via third party eCommerce Payment Processors such as Stripe. Squarespace transmit your complete payment information when they initially provide so that Squarespace can pass it along to the eCommerce Payment Processor – Stripe. Squarespace do not collect or store your payment information.


Payment processor
Stripe has certain data processing activities for which it acts as a data controller, and others for which it acts as a data processor. A good illustration of this dual role is when Stripe processes credit card transactions. Facilitating a transaction requires the processing of personal data, such as the cardholder’s name, credit card number, the credit card expiry date, and CVC code. The cardholder’s data is sent from the Stripe user to Stripe via the Stripe API (or by some other integration method, such as Stripe Elements). Stripe then uses the data to complete the transaction within the systems of the credit card networks, which is a function that Stripe performs as a data processor. However, Stripe also uses the data to comply with its regulatory obligations (such as Know Your Customer (“KYC”) and Anti Money Laundering (“AML”), and in this role Stripe is a data controller.


Categories of Personal Data
Personal data necessary to manage the electronic commerce platform and to process payment transactions such as:

  • cardholder name
  • email address
  • unique customer identifier
  • order ID
  • bank account details
  • payment card details
  • card expiration date
  • CVC code
  • date/time/amount of transaction
  • merchant name/ID
  • location
     


3. Return and Deletion of Customer Data


The data manager at Christelvoss.com is Creative Director, Christel Voss. Christel will delete or return all Personal Data to the Data Controller at the end of the provision of the Services, and delete existing copies, unless further storage of the Personal Data is required or authorized by Applicable Law.

Christelvoss.com register and disclose your personal information in order to deliver the best service to you. All personal information saved, will be handled with the outmost care. The personal data are registered with Christelvoss.com and kept up to five years after which the information is then deleted. When gathering this information via our website, we do so only at your consent. No sensitive information is passed on. Except to the extent necessary to comply with applicable legal, regulatory or law enforcement requirements, Christel will inform you without unreasonable delay in accordance with Applicable Law after it becomes aware of any Incident that has occurred in its systems which affects Personal Data Christel Voss processes on your behalf.

As registered with Christelvoss.com, you are always entitled to send me your objections to registration. You also have the right to understand what information is registered about you. These rights are in accordance with the EU General Data Protection Regulation (GDPR) / Persondataloven (Danish Personal Data Law).

For further information please contact: hej@christelvoss.com


Access to Personal Data at Stripe
You may access and/or submit requests to review, correct, update, suppress, or delete Personal Data. You can ask to review and correct Personal Data that Stripe maintain about you by sending a written request to privacy@stripe.com. Stripe will then notify me to take action.
 

Access to Personal Data at Squarespace
Contact me here if you wish to remove your data from Squarespace.



4. Limitation of Liability
 

Christel Voss cannot be held responsible or liable for security breaches caused from thirdparty negligence, war, environmental disasters etc.


Links
The site may contain links to other websites beyond our control. Christel cannot be held responsible or liable for content or privacy policies of such sites.


Governing Law
Any dispute or claim arising between you and Christel Voss shall be governed by, and construed in accordance with, the laws of Denmark.


This website is hosted by Squarespace and its use is subject to Squarespace's Terms of Use and Privacy Policy.

 
DANSK
ENGLISH