Privacy Policy

Last update: 28/02/2020 Version: 3.0

This privacy policy governs the processing of personal data collected through the website https://www.colourlovers.com, the related mobile applications and services (collectively, “Website”). Please read this document carefully to make sure that you understand how we handle your personal data. If you have any further questions regarding our data protection practices, please feel free to contact us.

Our privacy policy explains in detail:

  • What personal data (“PD”) and non-personal data (“NPD”) we collect from you, for what purposes we use it, how we protect it, and how we share it with third parties;
  • How you can access and change your PD and how you can limit our sharing of it; and
  • Your legal rights that you have with respect to your PD.

The topics covered in this privacy policy include:

 

General Information and Definitions1
Types and Purposes of PD and NPD that We Process2
Sharing Your PD and NPD with Third Parties5
Transfer of PD Outside Your Country7
Retaining and Destroying Your PD and NPD7
Your Rights Regarding Your PD8
Protecting the Privacy Rights of Third Parties9
Do Not Track Settings10
Links to Third-Party Websites10
Protecting Children’s Privacy10
Our Email Policy10
Our Security Policy11
Term and Changes to Our Privacy Policy11
Contact Us12

 

1. General Information and Definitions

    1.1 About the Website. The Website provides designers and artists with colour inspiration, ideas, and feedback for their professional and personal projects. The Website is provided free-of-charge.

    1.2 Our role as a data controller. The entity that is responsible for the processing of your PD though the Website is Landocs Ventures LTD & Crispox LTD having an address at Hasaham 30, Petahtiqwa, 49517 Israeland Arlozorov 160 Tel Aviv, Israel 6209831 respectively (“we”, “us”, and “our”). We act as a data controller with regard to your PD collected through the Website (e.g., when you register your user account, browse the Website, or communicate with us). In such instances, we are a data controller because we make decisions about the types of PD that should be collected from you and the purposes for which such PD should be used.

    1.3 Applicable laws. We process PD in accordance with applicable data protection laws, including, but not limited to, the Israeli Protection of Privacy Law, the EU General Data Protection Regulation (“GDPR”), and the California Consumer Privacy Act (“CCPA”).

    1.4 Definitions. In this privacy policy, you will encounter recurrent terms. For your convenience, we would like to explain what they mean:

    • NPDmeansnon-personal data that does not allow us to identify you in any manner;
    • (“PD”) means personal data, i.e., any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. PD is in many ways the same as Personally Identifiable Information (PII). However, PD is broader in scope and covers more data.
    • Visitor” is someone who merely browses our W A “member” is someone who has registered with us to use our services. The terms “user”, “you”, and “your” are collective identifiers that refer to either a visitor or a member.
    • Consent” means a freely given, specific, informed and unambiguous agreement to the processing of
    • Data controller” means the entity that determines the purposes and means of the processing of
    • Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
    • Processing” means the use of PD in any manner, including, but not limited to, collection, storage, erasure, transfer, and disclosure of personal data.

    1.5 Cookies. We use cookies on the Website. For more information on the types and purposes of our cookies, please refer to our cookie policy available at https://www.colourlovers.com/cookie-policy

2. Types and Purposes of PD and NPD that We Process

    2.1 PD that we collect.We comply with data minimisation principles and collect only a minimal amount of PD that is necessary to ensure your proper use of the Website. The types of PD that we collect and process are listed below. We process your PD only for specified and legitimate purposes explicitly mentioned in this privacy policy. In short, we will use your PD only for the purposes of enabling you to use the full functionality of the Website, providing you with the requested services, maintaining and improving the Website, conducting research about our business activities, administrative purposes, and replying to your enquiries. The detailed description of the purposes and legal basis for processing of your PD is provided below.

    Situation/PD

    Purpose

    Legal basis

    When you register your user account, we collect your:

    •       Email address

    •       Username

    •       Password

    •       To create and maintain your user account

    •       To provide access to the Website

    •       To provide you with the requested services

    •       To contact you, if necessary

    •       To ensure security of the Website

    •       Performing a contract with you

    •       Pursuing our legitimate business interests (i.e., to ensure security)

    When you update your profile, we collect your:

    •       Location

    •       Occupation Gender

    •       Birthday

    •       Information that you decide to provide about yourself

    •       Image

    •       Social media links

    •       Screen names

    Such PD is optional and you can decide whether to provide it.

    •       To feature your profile on the Website

    •       To customize your user profile

    •       Performing a contract with you

    •       Your consent (optional personal data)

    When you leave a comment on our blog post, in our forum or a group, we collect:

    •       Any PD that you decide, at your sole discretion, to provide in the comment.

    •       To feature your comment on the Website

    •       Your consent (optional personal data)

    When you contact us by email or through the contact form, we collect your:

    •       Name

    •       Email address

    •       Information you provide in your message

    ▪      To respond to your enquiries

    ▪      To provide you with the requested information

    •       Pursuing our legitimate business interests (i.e., to grow and promote our business)

    •       Your consent (for optional personal data)

    When you use the Website:

    •       IP address

    •       Cookie-related data (please refer to our cookie policy for more information)

    •       To analyse, improve, and evaluate our business activities

    •       To personalise the Website for your location

    •       To ensure security of the Website

    •       Pursuing our legitimate business interests (i.e., to analyse and improve our business activities and ensure security)

    •       Your consent (for certain cookie-related data)

    When you purchase any items through the Website, you will be asked to submit* your:

    •       Full name

    •       Payment details

    •       Shipping address

    •       Billing address

    •       Email address

    •       Phone number

    *Such personal data is collected by a third party Oedema that provides printing services. Please refer to section 2.9 for more information. 

    ▪      To process your payments

    ▪      To send you updates regarding your orders

    ▪      To deliver your orders

    ▪      To contact you, if necessary

    ▪      To perform a contract with you

     

    2.2 NPD that we collect. When you use the Website, we automatically receive information from your web browser or mobile device. This information includes the name of the website from which you entered our Website, if any, as well as the name of the website you’ll visit when you leave our Website.This information also includesyour Internet service provider’s name, your web browser type, the type of mobile device, your computer operating system, and data about your browsing activity when using our Website. We use all this NPD to (i) analyse trends among our users to help improve our Website, (ii) identify and fix errors, and (iii) develop additional features and services.

    2.3 PD obtained from third parties. When using the Website, you can choose to permit or restrict services, functionalities, and integrations provided by third parties, including, but not limited to, social media service providers (“Third-Party Services”). Once enabled, the providers of the Third-Party Services may share certain information and PD with us, subject to the privacy policy of the Third-Party Services. We will use such PD only for the purposes for which it was provided. You are strongly encouraged to check carefully the privacy settings and notices of the Third-Party Services to understand what information may be disclosed to us.

    2.4 What Happens If You Dont Give Us Your PD?If you do not provide us with the PD when requested, we may not be able to provide you with all our products and services. However, you can access and use some parts of our Website without giving us your PD.

    2.5 Sensitive data. We do not intentionally collect special categories of personal data (‘sensitive data’), such as opinions about your religious and political beliefs, racial origins, membership of a professional or trade association, or information about sexual orientation.

    2.6 Your feedback. If you contact us, we may keep records of any questions, complaints or compliments made by you and the response, if any. Where possible, we will de-identify your PD. Please note that de-identified PD is also considered to be NPD.

    2.7 Aggregated data. In case your NPD is combined with certain elements of your PD in a way that allows us to identify you, we will handle such aggregated data as PD. If your PD is de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered PD and we may use it for any legitimate business purpose.

    2.8 Privacy of communication.The Website allows you to exchange messages with other users of the Website. We put reasonable efforts to ensure that any communication data transmitted through the Website remains confidential and properly protected. Moreover, we do not intentionally and directly access, manage, correct, delete, share, or disclose your messages, unless it is strictly necessary for provision of the Website, enforcement of our legal terms, or we are requested by law enforcement agencies to do so. You are solely responsible for any communication through the Website and the content of your messages.

    2.9 Purchases made through the Website. We may feature services enabled by third parties on the Website. For example, we use a third-party monetisation service Ondema (https://www.ondema-m.com) (“Ondema”) that integrates a widget on the Website (the “Widget”) allowing you to print the images that you or any user of the Website create on different tangible items, such as shirts, bags, canvas, cases, and pillows, and buy those items. You are solely responsible for using the Widget. Please note that Ondema and not us provides the said services. Therefore, Ondema is responsible for collecting any personal data related to your orders (e.g., your name, credit card number, billing and shipping address), which allows itto comply with its contractual obligations (e.g., to process your payments and deliver your orders). Ondema also manufactures, ships, and provides customer service in relation to the said items, subject to its terms and conditions and privacy policy.

3. Sharing Your PD and NPD with Third Parties

    3.1 Selling your PD and NPD. WE DO NOT SELL YOUR PD TO THIRD PARTIES FOR MARKETING OR OTHER PURPOSES. The term “sell” refers to selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, your PD by us to another business or a third party for monetary or other valuable consideration. For data aggregation purposes, we may use your NPD, which might be sold to other parties at our discretion. Any such data aggregation would not contain any of your PD.

    3.2 Sharing PD with our data processors. If necessary for the purposes listed below, we will share your PD specified in section 2.1 with our third-party service providers we hire to provide services to us (“Our Processors”). Our Processors include, but are not limited to, web analytics companies, advertising networks, call centres,help desk providers, accountants, law firms, auditors,and email service providers.The disclosure of your PDto Our Processors is limited to the situations when such data is required for the following purposes:

    • Ensuring the proper operation of our Website;
    • Ensuring the delivery of the services requested by you;
    • Providing you with the requested information;
    • Pursuing our legitimate business interests;
    • Enforcing our rights, preventing fraud, and security purposes;
    • Carrying out our contractual obligations;
    • Law enforcement purposes; or

    If you provide your prior consent to such a disclosure.

    3.3 List of Our Processors. We will share your personal data only with Our Processors that agree to ensure an adequate level of protection of personal data that is consistent with this privacypolicy and the applicable data protection laws. Our Processors that may have access to your PD are listed below.

    Service

    Name

    Location

    More information

    Hosting service provider

    Online.net & Amazon (AWS)

    Online.net- Paris. France

    AWS – Virginia US

    https://www.online.net/en

     

    https://aws.amazon.com/

    Business analytics service provider

    Google Analytics

    United States

    https://analytics.google.com

    Header bidding partner

    Adapex

    United States

     

    https://adapex.io/

    Email service provider

    Sendgrid

    United States

    https://sendgrid.com

    Technical support service providers

    IT Syndicate

    IT Syndicate

    HongKong

    Freshdesk

    United States

    https://freshdesk.com

    Printing service provider

    Ondema

    Israel

    https://www.ondema-m.com

    Our group of companies

    Landocs Holdings Ltd, Ran Ventures Ltd, Komantra Holdings Ltd, Keeper Holdings Ltd

    Software developing partners and business advisors                          

    Independent contractors                                                               

     

    3.4 Legally required releases of PD.We may be legally required to disclose your PD if such disclosure is: (i) required by subpoena, law, or other legal process; (ii) necessary to assist law enforcement officials or government enforcement agencies; (iii) necessary to investigate violations of or otherwise enforce our legal terms; (iv) necessary to protect us from legal action or claims from third parties, including you and/or other users or members; or (v) necessary to protect the legal rights, personal/real property, or personal safety of our company, users, employees, and affiliates.

    3.5 Disclosures to successors.If our business is sold or merges in whole or in part with another business that would become responsible for providing the Website to you, we retain the right to transfer your PD to the new business. The new business would retain the right to use your PD according to the terms of this privacy policy as well as to any changes to this privacy policy as instituted by the new business. We also retain the right to transfer your PD if our company files for bankruptcy and some or all of our assets are sold to another individual or business.

    3.6 Disclosure of NPD. We may disclose your NPD and de-identified PD for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving the Website, responding to lawful requests from public authorities, or developing new products and services.

    3.7 Google reCAPCHA. We have implemented reCAPCHA, the service provided by Google (Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) to verify whether you are a human being and not a robot. It helps to protect the Website against spam and abuse. When you use reCAPCHA, Google will collect some PD and NPD from you, such as (i) cookie-related data, (ii) your IP address, (iii) information about your mouse clicks, (iv) CSS information of the Website, (v) date, (vi) browser language, (vii) plug-ins installed in the browser, and (viii) javascript objects. Such data will be sent to Google. We have a legitimate interest in protecting the Website from abusive automated crawling and spam. For more information about Google reCAPTCHA and Google's privacy policy, please visit the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

4. Transfer of PD Outside Your Country

    4.1 The PD that we collect from you may be stored, processed, and transferred between any of the countries in which we or Our Processors operate. For example, if you reside in the European Economic Area (EEA), we may need to transfer your personal data to jurisdictions outside the EEA.

    4.2 Wherever we transfer, process or store your PD, we will take reasonable steps to protect it. For example, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your PD (e.g., the country in which the recipient is located is white-listed by the European Commission or the recipient is a Privacy-Shield certified entity) or we conclude an agreement with the respective third party that ensures such protection (e.g., a data processing agreement based on the Standard Contractual Clauses provided by the European Commission).

    4.3 The European Commission has not found the United States and some other countries where we and our Processors are located to have an adequate level of protection of PD under Article 45 of the GDPR. We rely on derogations for specific situations as defined in Article 49 of the GDPR. We will use your PD to provide the goods, services, and/or information you request from us to perform a contract with you or to satisfy a legitimate interest of our company in a manner that does not outweigh your freedoms and rights.

5. Retaining and Destroying Your PD and NPD

    5.1 Retention of PD. We retain information that we collect from you (including your PD) only for as long as we need it for legal, business, or tax purposes. We always make sure that we have a lawful basis for storing your PD. Your information may be retained in electronic form,paper form, or a combination of both. When your PD is no longer needed and there is no lawful basis for storing it, we will securely destroy, delete, or erase it.

    5.2 Retention of NPD. We may retain your NPD for as long as necessary for the purposes described in this privacypolicy. This may include keeping NPA for the period that is necessary to pursue our legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

    5.3 Retention as required by law. Please note that, in some cases, we may be obliged by law to store PD for a certain period of time (e.g., we have to keep our accountancy records for the time period prescribed by law). In such cases, we will store PD for the time period stipulated by the applicable law and delete it as soon as the required retention period expires.

6. Your Rights Regarding Your PD

    6.1 Updating Your PD. You can update your PD using services found on our Website. If no such services exist, you can contact us using the contact information found at the bottom of this privacy policy and we will help you.

    6.2 Revoking Your Consent for Using Your PD. You have the right to revoke your consent for us to use your PD at any time, if you have provided such a consent. Your opt-out will not affect disclosures otherwise permitted by law including but not limited to: (i) disclosures toaffiliates and business partners; (ii)disclosures to third-party service providers that provide certain services for our business, such as credit card processing, computer system services and data management services; (iii) disclosures to third parties as necessary to fulfil your requests; (iv) disclosures to governmental agencies or law enforcement departments, or as otherwise required to be made under applicable law;(v) previously completed disclosures to third parties; or (vi) disclosures to third parties in connection with subsequent contests or promotions you may choose to enter, or third-party offers you may choose to accept. If you want to revoke your consent for us to use your PD, please contact us using the contact information found at the bottom of this privacy policy and we will help you. You can easily opt-out from our marketing communication by clicking on the “unsubscribe” link included in every marketing email sent by us.

    6.3 You rights.When using our Website and submitting PD to us, you may have certain rights under the GDPR, the CCPA, and other applicable laws. Depending on the legal basis for processing your PD, you may have some or all of the following rights:

    • The right to be informed. You have the right to be informed about the PD we collect from you, and how we process it.
    • The right of access. You have the right to get confirmation that your PD is being processed and have the ability to access your PD.
    • The right to rectification.You have the right to have your PD corrected if it is inaccurate or incomplete.
    • The right to erasure (right to be forgotten). You have the right to request the removal or deletion of your PD if there is no compelling reason for us to continue processing it.
    • The right to data portability. You have the right to request and get your PD that you provided to us and use it for your own purposes. We will provide your PD to you in a machine-readable format (e.g., a .pdf file) within 30 days of your request. 
    • The right to restrict processing. You have a right to ‘block’ or restrict the processing of your PD. When your PD is restricted, we are permitted to store your PD, but not to process it further.
    • The right to object.You have the right to object to us processing your PD for the following reasons:
      • If the processing was based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
      • Direct marketing (including profiling); and
      • Processing for purposes of scientific/historical research and statistics.
    • Automated individual decision-making and profiling. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
    • Filing a complaint with authorities.You have the right to file a complaint with supervisory authorities if your information has not been processed in compliance with the applicable laws. If the supervisory authorities fail to address your complaint properly, you may have the right to a judicial remedy.

    6.4 How to exercise your rights? If you would like to exercise your rights, please contact us by using the contact details at the end of this privacy policy and explain in detail your request. You can contact us electronically (by email or via our contact form) or by post, whichever method you prefer. In order verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we would be able to locate you in our system (we will use such information for verification purposes only). We will answer your request within a reasonable timeframe but no later than 30 days. We will provide your PD in a portable and readily useable format. You can exercise your rights free of charge up to 2 times per year. We will direct all our services providers, including Our Processors, to act according to your request. Please note that, in certain cases (e.g., if we need your PD for completing a transaction, carry out our contractual obligations, comply with the applicable laws, or carry out our legitimate business interests), we may not be able to delete your PD from our systems.

    6.5 How to launch a complaint? If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible (no later than 30 days). If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.

7. Protecting the Privacy Rights of Third Parties

    If any postings you make on our Website contain information, including PD, about third parties, you must make sure you have the permission to include that information in your posting. While we are not legally liable for the actions of our users, we reserve the right to remove any postings about which we are notified, if such postings violate the privacy rights of others.

8. Do Not Track Settings

    Some web browsers have settings that enable you to request that our Website not track your movement within our Website. Our Website does not obey such settings when trans-mitted to and detected by our Website. You can turn off tracking features and other security settings in your browser by referring to your browser’s user manual.

9. Links to Third-Party Websites

    Our Website may contain links to other websites. These third-party websites are not under our control and are not subject to our privacy policy. Third-party websites will likely have their own privacy notices. We have no responsibility for these third-party websites and we provide links to these websites solely for your convenience. You acknowledge that your use of and access to these websites are solely at your risk. It is your responsibility to check the privacy notices of any third-party websites to see how they treat your PD.

10. Protecting Children’s Privacy

    Our Website is not designed for use by anyone under the age of 18. Thus, we do not kno-wingly collect PD from children under the age of 18. If you are a parent or guardian and believe that your child under the age of 18 is using our Website or submit any PD through it, please contact us. Before we remove any PD from our systems, we may ask for proof of identification to prevent malicious removal of account information. If we discover that a child under the age of 18 is accessing our Website, we will delete his/her PD within a reasonable period of time.

11. Our Email Policy

    11.1 Marketing messages. After you sign up to receive our newsletter or conclude a service contract with us, we will, from time to time, send you marketing messages, such as newsletters, brochures, promotions and advertisements, informing you about our new services or new features of the Website. We will not sell, rent, or trade your email address to any unaffiliated third party without your permission.

    11.2 Opting-out.You can change your contact preferences at any time through your account or by sending us an email using the contact form available on the Website.

    11.3 Informational notices. From time to time, we may send you informational notices, such as service-related, technical or administrative emails, information about the Website, your privacy and security, and other important matters. Please note that we will send such notices on an “if-needed” basis and they do not fall within the scope of direct marketing communication that requires your prior consent.

12. Our Security Policy

    12.1 We have built our Website using industry-standard security measures and authentication toolsto protect the security of your PD. We and Our Processors also maintain technical and physical safeguards to protect your PD.

    12.2 We implement organisational and technical information security measures to protect your PD from loss, misuse, unauthorised access, and disclosure. The security measures taken by us include secured networks (we use SSL encryption), strong passwords, DDOS mitigation, limited access to your PD by our staff, and anonymisation of PD (when possible).

    12.3 When we collect your creditcard information through our Website, we will encrypt it before it travels over the Internet using industry-standard technology for conducting secure online transactions. Unfortunately,we cannot guarantee against the loss or misuse of your PD or secure data transmission over the Internet because of its nature.We use third-party billing services and have no control over these services.We use our commercially reasonable efforts to make sure your credit card number is kept strictly confidential by using only third-party billing services that use industry-standard encryption technology to protect your credit card number from unauthorised use.

    12.4 We strongly urge you to protect any password you may have for our Website and to not share it with anyone. You should always log out of our Website when you finish using it, especially if you are sharing or using a computer in a public place.

    12.5 Security breaches. Although we put our best efforts to protect your PD, given the nature of communications and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your PD caused by circumstances that are beyond our reasonable control. In case a PD breach occurs, we will immediately take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.

13. Term and Changes to Our Privacy Policy

    13.1 Term. This privacypolicy enters into force on the effective date indicated at the top of the privacypolicy and remains valid until terminated or updated by us.

    13.2 Changes. We reserve the right to change this privacy policy at any time. If we decide to do so, we will post those changes on our Website so that our users and customers are always aware of our data protection practices. For significant material changes or, where required by the applicable law, we may seek your consent. If you disagree with the changes to the privacypolicy, you should cease using the Website.

    13.3 Repurposing of PD.If at any time we decide to disclose or use your PD in a method different from that specified at the time it wascollected, we will provide advance notice by email (if we have it) and, if necessary, seek your consent.

14. Contact Us

    If you have any questions about our privacy policy or would like to exercise your rights, please contact us using the following contact details:

    Company: Landocs Ventures Ltd & Crispox Ltd

    Address:Hasaham 30, Petahtiqwa, 49517 Israel, Arlozorov 160 Tel Aviv, Israel 6209831

    Contact form: https://www.colourlovers.com/contact

     

    © Copyright notice - This document is protected under the Israeli and foreign copyrights. The copying, redistribution, use or publication by you without our consent is strictly prohibited.

X

Terms Updated

We’d like to inform you that we have updated our Terms of Use. The most substantive changes are:

This platform was acquired by a joint venture in Israel.
changes have been made to the relevant jurisdiction for disputes which may arise out of your use of the platform.
Changes made to the monetization of users’ creations and the ability to opt out from your account settings.

Please view the revised Terms here. If you don’t mind anything there, then you don’t need to do anything. Your continued use of the platform will constitute your acceptance of the latest version of the Terms. If you disagree with anything there, you can terminate your account within seven days from today.