Last Updated Date: 29 November 2024
Gelato ASA is committed to protecting the Personal Data of the Users of our Services that are available through our Website. This policy describes our data protection practices and how we use and collect the Personal Data. Our processing of your Personal Data is needed for us to deliver the service to you. We may also process your Personal Data in order to comply with our legal obligations as explained below or due to our legitimate interests.
We will collect Personal Data from you in the following circumstances:
When you create an Account and/or place an Order; we will collect your first and last name, E-mail address, postal address, phone number, password, payment information, such as your credit card or PayPal Account information, drafts of product designs that you save under your Account, Content that you choose to save under your user Account, communications and correspondence sent to and from your Account, information about purchasing habits and preferences, Order histories, and/or Account histories.
When you invite others to use the Platform; we may collect the date and time of the invite and to what e-mail addresses the invite was sent.
When you invite others to share your design library and related Content; we may collect the e-mail addresses and other information that you provide about the invitees.
When you contact us regarding products or orders, or for Customer Support or other customer service purposes; we may collect your name, e-mail address, phone number, and any communications from you to us.
If you chose to save the names and postal or mailing addresses of any contacts under your Account; (where the feature is offered), we may collect such names and addresses.
When you create or design products; we may collect any images, text, logos or other Content that you upload or submit, including information related to or included within such Content, such as the names, phone numbers and positions of individuals to whom the Content is related.
When you visit our website, use our Services, open or claim on emails we send you emails, or interact with our advertisements; we may employ tracking technology (e.g. clear gifs, web beacons, etc), that help us better manage the website and subscription services by informing us what content is effective. Clear gifs may be embedded invisibly on our websites or in our emails. We use clear gifs or pixels in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. We tie the information gathered by clear gifs in emails to our customers' personal information.
Automatically collected information; We receive and store certain types of information through technology whenever you interact with us, some which may contain Personal Data such as Cookies, Pixel Tags and Information collected by our servers. You will have a possibility to opt out of us collecting this data. Please see further information in our Cookie Policy.
We use your Personal Data, including your Content, for the following purposes:
To provide you with the Services and to evaluate, modify and enhance the Services
To enable you to set up your Account and to process and fulfill your Order
To process your payment, facilitate billing and issue invoices, as applicable
To communicate with you and to respond to your requests
To provide you with customer service and support
For corporate Account management purposes
To help keep our Website safe and secure and to improve the Website.
We use Automatic Information to administer the Website and track user activities on the Website. We will create anonymous data records from Personal Data by excluding information (such as your name) that makes the data personally identifiable to you. We use such Anonymous Data records to analyze request and usage patterns so that we may enhance the Content of the Services and improve Website navigation.
We disclose your Personal Data as described below. No Personal Data provided by you or that we may obtain automatically by your use of the Website, is not and will not be sold, rented, or shared by us with any third party without your prior consent.
Transfer and Storage of Personal DataYour Personal Data will be transmitted, uploaded, transferred, stored, or backed up at Gelato’s servers with our GDPR compliant cloud providers in the United States and Europe.
Members of our groupWe may share your Personal Data with any member of our group, which means our subsidiaries, our ultimate holding company and any of its subsidiaries in Order to perform our Services to you.
Third Party Service ProvidersWe will share your Personal Data with third party companies and individuals that perform Services on our behalf to help us provide the Platform and Services to you. In Order to fulfill your print Order in the most environmentally friendly way, we let the printer closest to the address of delivery print your products. This may mean a transfer of your personal data out of EU. Other examples of Services that may be provided by Third Party Service Providers may include, but are not limited to, processing credit card payments with our payment provider in EU, providing customer service by our suppliers in EU and the Philippines, and maintaining our customer lists by our service providers in EU. Third Party Service Providers acting on our behalf are only provided with such Personal Data reasonably required to provide the particular service for which they are retained. Our Third-Party Service Providers are obligated to keep all of your Personal Data confidential and to collect, use and disclose your Personal Data only to the extent necessary to provide the Services on our behalf. They are fully compliant to the EU GDPR regulation and have signed a Data Processing Agreement with Gelato.
Third Party Payment ProcessorFor online payments, we use the payment Services of Adyen B.V. Gelato does not process, record or maintain your credit card or bank Account information. Gelato records the payment method you have chosen.
Business TransfersWe may share some or all of your Personal Data in connection with or during negotiation of any merger, financing, acquisition or dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, Personal Data may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess the Personal Data that we have collected and will assume the rights and obligations regarding your Personal Data as described in this Privacy Policy. The company may need your consent to continue handling your data.
Compliance with Law, Court Order, and Other DisclosuresYou hereby acknowledge and agree that Gelato may, in its sole discretion, release Account and other Personal Data when we believe such release is appropriate: (a) to comply with an applicable law, statute, regulation, Court Order, or administrative proceeding; (b) in connection with any legal investigation; (c) to investigate or assist in preventing any violation or potential violation of this Privacy Policy or our Terms of Use; or (d) to protect the rights, property, or safety of Gelato, our users, or others. This may include exchanging information with other companies and organizations for fraud protection and credit risk reduction.
Third Party SitesThe Website may contain links to third party Websites, e.g Dropbox, or third-party Websites may otherwise be associated with the Website. These companies are GDPR compliant and Gelato has signed a Data Processing Agreement with them, but is not responsible for the policies and practices employed by the owners of such third party Websites, including but not limited to their collection, use and disclosure of your Personal Data, nor does Gelato offer any (and expressly disclaims any) guarantee, representation, warranty, or covenant of any kind with respect to the collection, use or disclosure of your Personal Data by any third party Website that is linked from (or is otherwise associated with) the Website. Please consult the terms and conditions and privacy policies of any third-party Websites prior to use.
Security of Your Personal DataWe employ security safeguards to protect your Personal Data against loss or theft, as well as against unauthorized access, disclosure, copying, use, or modification. When we transmit highly confidential information over the Internet, we protect it through the use of encryption technology, such as the Secure Socket Layer (SSL) protocol. We also protect your stored password through the use of encryption technology.
International Data Transfers, Data Privacy Framework and Contractual TermsGelato will transfer personal data to countries outside of EU due to our business model with printing locally and due to suppliers’ premises being outside of EU.
When Personal Data is transferred to the U.S, we can verify that our Printers or Third parties have signed our Data Processing Agreement and are certified under the EU-US Data Privacy Framework, Swiss-US Data Privacy Framework, and the UK-US Data Privacy Framework Extension (as applicable), and/or, have signed the Standard Contractual Clauses. For further information about the above Data Privacy Frame, please visit here.
When Personal Data is transferred to other countries outside of EU, we can verify that the Printers or Third parties have signed our Data Processing Agreement and the EU Standard Contractual Clauses.
CookiesGelato uses Cookies and similar technologies to provide and support our websites and Services, as more fully explained in our Cookie Policy. You may decide whether to accept or reject cookies and exercise your cookie preferences by clicking on the appropriate opt-in / opt-out buttons in our website’s cookie banner.
You may set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our website though your access to some functionality and areas of our website may be restricted. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser's help menu for more information.
Marketing CommunicationBy being an active and existing customer of Gelato, we have a legitimate interest of marketing our products for you. You can unsubscribe to this kind of communication in your customer Account or at any time by following the unsubscribe instructions in communication sent to you or by contacting us at [email protected]. Despite your indicated opt-out preferences, we may continue to send you administrative and transaction related communications.
Changing, Transferring or Deleting Your Personal DataWe delete Your Personal Data once no longer necessary in relation to the purposes for which they were collected or otherwise processed. You may access, review, update, correct or delete the Personal Data in your Account either by using the Account buttons or by contacting us directly using the contact information provided below. If you would like to have your personal data transferred to someone else, please e-mail us at [email protected] and we will provide you with a file of your data. If you completely delete all of your Personal Data, then your Account will become deactivated. If you rather want us to delete your data, please contact us and we will fulfill your request.
The EU GDPR regulation differentiates between the “Data Controller” and “Data Processor” of data. Our Gelato Globe customers are Data Controllers of their personal data. Gelato is also a Data Controller of your personal data. Our printers in our network and a few third-party suppliers, are Data Processors. This means they are processing the data on yours and Gelato’s behalf.
We reserve the right to change this Privacy Policy at any time for any reason. If we change it, we will post the new one on our web page. Any non-material changes to this Privacy Policy will be effective as of the day they are posted. If we make any material change to this Privacy Policy, we will notify you by prominently posting notice of the changes on our Website. Any material changes to this Privacy Policy will be effective upon thirty (30) calendar days following our posting of notice of the changes on our Website. These changes will be effective immediately for new users of our Service.
Gelato [email protected] Eufemias gate 8, 0191 Oslo, Norway
If you believe that Gelato does not fulfill its obligations according to the EU GDPR regulation or other applicable privacy legislation, you also have the right to lodge a complaint with a supervisory authority.