CONTROLLER AND PROCESSORS
Olmo - Design Studio, Lda (hereafter “Olmo”, “we” or “us”), owner of the brand Francis Stories and this Site, is the data controller of your personal data and is responsible for determining the collection, use, disclosure, retention and protection of your personal information in accordance with the General Data Protection Regulation. The data collected can be processed either by us or by selected suppliers on Olmo’s behalf and in accordance with Olmo’s instructions. As part of the processing of the data, either by Olmo or its supplies, your personal data must be transferred to regions outside the European Economic Area, including the United States or Canada – any of these transfers will be compliant with relevant Data Protection Legislation.
USE OF THE DATA
We use the personal information we collect to: provide and improve our services, provide you with a personalized experience on our site, provide you customer service, provide you with personalized advertising and marketing, and detect, prevent, mitigate and investigate fraudulent or illegal activities.
We do not sell or rent our customer’s personal data to any other entity. We do not disclose your personal information to third parties for marketing purposes. We may share your data with selected suppliers who perform functions on our behalf such as fulfilling orders and delivery of orders, processing payments, carrying out promotional services or data management, to maintain our website, to distribute e-mails, to send out our newsletter and to provide client communications. As necessary, the personal data you provide to us may be processed by these third parties, solely on Olmo’s behalf and in accordance with our instructions as data processors. We do not authorize any of our suppliers to make any other use of your personal data.
We or our suppliers process personal data relating to your interaction (transactions, site visits) with the Site to enable us to personalize your experience with the Site. This processing constitutes profiling under the GDPR and we or our suppliers process your personal data in this way as it is in our legitimate interest to offer you a personalized experience on our sites and to provide you with personalized advertising and marketing.
Where we have the right to do so, we shall use and retain your personal information to personalize communications, to contact you, either via email, telephone or social media, in order to inform you of account activity, delivery fulfilment and marketing related activities.
We or our suppliers do not engage in fully automated decision-making with your personal data. The one exception lies in the risk and fraud screening, where a payment card number or IP address may be automatically blocked after a certain number of unsuccessful payment attempts. We do not believe this has a significant legal effect on customers because the automated blocking lasts only for a short period of time.
Where legally compelling grounds exist, we may also disclose your personal information to governmental and law enforcement agencies, and otherwise in the defense of legal claims.
WHAT DATA IS COLLECTED
The personal data collected for the purposes of a purchase comprises: your contact details (name, address, e-mail address and telephone number), your credit card details or PayPal account details.
If you have subscribed to our newsletter, we will collect and process one or more of the following: your name, your e-mail address, your country of residence, and your interests. We do so to keep you updated on any news and offers by Francis Stories, or other content that we find relevant for our newsletter subscribers. You are entitled to unsubscribe to our newsletter at any time by clicking on the unsubscribe link included in each newsletter or by contacting customer service at firstname.lastname@example.org. We will send you the newsletter until you unsubscribe to the newsletter service.
If you have contacted us regarding a complaint, return or question, the e-mail conversation will be stored for as long as it is necessary to administer your matter, including following up on the matter.
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. Cookies are used on the site to improve your browsing experience. In addition, they are used for statistical purposes, and help identify your computer, allowing the website to recall your personal settings.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
We will retain your personal information for as long as necessary in relation to the purposes for which the data was collected or otherwise processed. In addition, we may retain personal information to comply with legal requirements, prevent fraud and resolve disputes. Where a legal requirement obliges the retention of personal data for a specific minimum period, we will retain data for at least that period. When we determine the maximum retention duration of any personal data we hold we do so with regard to our legitimate interests to retain data, our obligation under GDPR to minimize, data and the nature and sensitivity of the personal data and the potential risk of harm from unauthorized use or disclosure of your personal data.
We protect your information using measures that reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Under the General Data Protection Regulation, you have the right of access, rectification and erasure of your personal information. Furthermore, you have the right to object the use of your personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing. You are also entitled to exert the right of portability of your personal data, including both receiving it in a structured, commonly use and machine-readable format, and transmitting it to another data controller. If you wish to enforce any of your rights, please contact us through any of the following means:
Address: Rua da Republica, n9 1-Dto, 9545-128, Azores, Portugal