Welcome to pictorios.com (the “Platform”), operated by Novevisix OÜ (“Company” or “we”). This Privacy Policy describes the principles and procedures we follow for collecting, using, processing, and safeguarding your personal data in accordance with the EU General Data Protection Regulation ("GDPR"). To the extent information is (a) associated with an identified or identifiable natural person and (b) protected as personal data under applicable data protection laws, such information is referred to in this Privacy Policy as “Personal Data”.
We encourage you to review this Privacy Policy thoroughly, as it outlines our data handling practices and explains your rights regarding your personal information. By using our services, you confirm that you have read, understood, and agree to the data collection and processing practices outlined in this Privacy Policy. Should you have any questions or need further information, please feel free to reach out to us using the contact details provided below.
DATA CONTROLLER
The entity responsible for processing your personal data in accordance with this Privacy Policy is Novevisix OÜ, company number 17063370, registered at Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Kopli tn 27, 10412.
As the data controller, we determine the purposes and means of processing your personal data and ensure compliance with applicable data protection laws. Our role involves deciding why and how your data is processed, implementing appropriate safeguards, and upholding your data rights throughout its lifecycle. We are dedicated to maintaining high standards of data security and protecting your rights under the law.
If you have questions or need more information about how we handle your personal data, please contact us using the details above.
CATEGORIES OF PERSONAL DATA PROCESSED
We may collect, utilize and otherwise process the following categories of personal data:
(a) Contact Information: Includes your name, phone number, email, postal address, and other similar details necessary for communication.
(b) Account Information: Includes profile details such as your account ID, login credentials, activity logs, settings, preferences, photos, avatars, and any other content you choose to share.
(c) Identity Data: Includes full name, date of birth, government-issued ID numbers, details of identification documents, and other information required for identification and authentication.
(d) User-Generated Content: Data you upload, post, or create while using our services, including text, images, and other media.
(e) Legal and Compliance Data: Information required to comply with legal obligations, such as AML, CFT, and KYC regulations.
(f) Transaction Data: Details of your orders, transaction history, payment amounts, billing information, and account balance necessary for processing and record-keeping.
(g) Payment Information: Includes your payment history, payment methods, bank account details, credit or debit card information, and other financial data needed to process payments.
(h) Communication Logs: Records of interactions between you and us, including call logs, chat transcripts, emails, and other correspondence, used to provide support and improve service.
(i) Marketing Data: Includes your marketing preferences, participation in surveys or promotions, and engagement with marketing communications and advertisements.
(j) Technical Data: Information about your devices and technology used to access our services, including IP addresses, device identifiers, operating systems, browser types, and usage analytics.
(k) Customer Support Information: Details of issues or inquiries raised with our support team, including correspondence and documentation related to the issue.
(l) Visitor Data: If you visit our premises, data may be collected through CCTV footage and visitor logs to ensure security and comply with legal requirements.
If you need further information or clarification about the types of data we collect and their uses, please contact us. We are committed to transparency and ensuring you understand our data processing practices.
LEGAL GROUNDS AND PURPOSES OF PROCESSING PERSONAL DATA
We process your personal data for various purposes, each grounded in a specific legal basis as required by applicable law:
(a) Account Management: To establish and administer your user account, ensuring you have access to our services and can utilize them effectively. (Legal Basis: Performance of a contract)
(b) Provision of Services: To deliver the services you have requested, ensuring their efficiency and alignment with your needs. (Legal Basis: Performance of a contract)
(c) Identity Verification: To confirm your identity and secure your account, thereby safeguarding against fraud and unauthorized access. (Legal Basis: Compliance with a legal obligation, Legitimate interests)
(d) Legal Compliance: To ensure adherence to applicable laws and regulations, including those related to anti-money laundering (AML), counter-terrorist financing (CFT), know-your-customer (KYC), and other relevant legal requirements. (Legal Basis: Compliance with a legal obligation, Performance of a public task).
(e) Order Fulfillment: To process and complete your orders, including the efficient handling of payments and delivery of goods or services. (Legal Basis: Performance of a contract)
(f) Transaction Management: To manage and facilitate transactions, ensuring their accuracy, security, and compliance with applicable standards. (Legal Basis: Performance of a contract, Legitimate interests)
(g) Risk Management: To assess, monitor, and manage business risks, ensuring the continued smooth operation of our services. (Legal Basis: Performance of a contract, Compliance with a legal obligation, Legitimate interests)
(h) Customer Communication: To engage with you regarding your account, provide customer support, and address any inquiries or issues you may have. (Legal Basis: Performance of a contract, Legitimate interests)
(i) Marketing: To send you marketing communications and personalized content tailored to your preferences, subject to your consent. (Legal Basis: Consent, Legitimate interests)
(j) Fraud Prevention: To detect, prevent, and respond to fraud and other unlawful activities, thereby protecting both our services and your data. (Legal Basis: Compliance with a legal obligation, Legitimate interests)
(k) Security: To safeguard our information systems and assets from unauthorized access, ensuring the integrity and confidentiality of data. (Legal Basis: Performance of a contract, Compliance with a legal obligation, Legitimate interests)
(l) Technical Support: To diagnose and resolve technical issues, maintaining the functionality, stability, and reliability of our services. (Legal Basis: Performance of a contract)
(m) Service Improvement: To enhance, refine, and develop our services based on user feedback, behavior, and usage patterns, ensuring they continue to meet your evolving needs. (Legal Basis: Legitimate interests)
(n) Dispute Resolution: To manage and resolve any legal claims or disputes, protecting our legal interests and ensuring compliance with our legal obligations. (Legal Basis: Performance of a contract, Compliance with a legal obligation, Legitimate interests)
METHODS OF DATA COLLECTION
We collect personal data through various methods, including but not limited to:
(a) Direct Collection: Data you provide directly to us when applying for our services, registering an account, communicating with us, or engaging with us in any other manner.
(b) Automated Collection: Data collected automatically when you interact with our website through cookies and similar tracking technologies. Please see our Cookie Notice published on our website for more information about our cookie practices.
(c) Third-Party Sources: Data obtained from third-party sources, such as service providers (e.g., payment processors), state authorities, or publicly available sources.
REQUIRED AND OPTIONAL DATA PROVISION
To deliver our services effectively, we collect specific personal data that is necessary for accessing and using key features. This required data will be clearly identified during the collection process. Without this data, we may be unable to provide the full range of our services. In addition to required data, we also collect optional information that is not essential for service delivery. Providing optional data is completely voluntary and will not affect your access to our core services. You can manage or update this information at any time through your account settings. If you have any questions about required or optional data or need help managing your information, please contact us.
DATA SHARING
Your personal data may be disclosed to service providers who assist us, such as payment processors, IT support, and marketing agencies, all of whom must adhere to our data protection standards. We may also share your data with regulatory or legal authorities as required by law. We do not sell your personal data to third parties, and any data sharing is conducted in compliance with legal requirements and safeguarded appropriately.
INTERNATIONAL DATA TRANSFERS
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) and the European Union (EU) as part of our service delivery. These transfers may occur in jurisdictions that do not provide the same level of data protection as within the EEA and EU. To ensure the protection of your data during these transfers, we implement strict safeguards, including the use of the European Commission's Standard Contractual Clauses, binding corporate rules, or other legally recognized mechanisms. When a non-EU/EEA country has been deemed by the European Commission to provide an adequate level of data protection, transfers to that country will be based on such an adequacy decision. These measures ensure that your personal data receives a level of protection equivalent to that in the EEA and EU, regardless of where it is processed.
DATA RETENTION
We retain your personal data only for the period necessary to fulfill the purposes for which it was collected, or as required by applicable law. Retention periods vary depending on the type of data. For instance, data required to meet legal obligations is typically retained for five years, with possible extensions if mandated by law. Data that may be relevant to potential legal claims is usually kept until the expiration of the statutory limitation period, generally not exceeding ten years. Once the relevant retention period expires, your data is securely deleted or anonymized to protect your privacy. If you have questions about our data retention practices, please contact us. We are dedicated to maintaining transparency and ensuring the security of your personal data.
DATA SECURITY
We are committed to safeguarding your personal data through a comprehensive set of technical and organizational measures designed to protect it from unauthorized access, alteration, disclosure, or destruction. Our security framework includes the following key elements:
Encryption: Advanced encryption technologies protect your personal data during both transmission and storage, ensuring it remains secure and inaccessible to unauthorized parties.
Access Controls: We implement strict access control protocols, allowing only authorized personnel to access your data based on their role and necessity, minimizing the risk of data breaches.
Regular Security Assessments: We conduct regular security audits and assessments to identify and mitigate potential vulnerabilities. Our systems and practices are continuously updated to keep pace with evolving security threats and industry best practices.
Secure Data Storage: Your personal data is stored in secure environments protected by multiple layers, including firewalls, intrusion detection systems, and secure data centers that comply with industry standards.
Trusted Partners: We collaborate only with partners and service providers who adhere to the highest security standards, such as the Payment Card Industry Data Security Standard (PCI DSS) for secure handling of payment information. These partners are thoroughly vetted to ensure their security measures align with our stringent requirements.
While we take extensive steps to protect your personal data, you also play a vital role in ensuring its security. Here are some recommended practices:
Use Strong Passwords: Create strong, unique passwords for your accounts and update them regularly. Avoid using easily guessable information such as birthdays or common words.
Enable Two-Factor Authentication (2FA): Where available, enable two-factor authentication to add an extra security layer to your account, ensuring that even if your password is compromised, your account remains protected.
Be Cautious with Public Wi-Fi: Avoid accessing your accounts or providing personal information on public Wi-Fi networks, which may not be secure and could expose your data to unauthorized access.
Keep Your Software Updated: Regularly update your software, applications, and devices to protect against the latest security vulnerabilities.
Monitor Your Accounts: Review your account activity regularly for suspicious transactions or changes. Report any unauthorized activity to us immediately.
Beware of Phishing: Be vigilant about phishing attempts. Verify the authenticity of emails, messages, or phone calls requesting personal information and avoid clicking on suspicious links.
If you have any concerns or need guidance on protecting your data, please contact us. Together, we can ensure the highest level of data security.
YOUR DATA SUBJECT RIGHTS
As a data subject under data protection laws, you have the following rights concerning your personal data:
Right of Access: You have the right to request access to and obtain a copy of the personal data we hold about you.
Right to Rectification: You can request the correction of any inaccurate or incomplete personal data we hold.
Right to Erasure: You may request the deletion of your personal data, subject to certain legal obligations and limitations.
Right to Restrict Processing: Under specific circumstances, you may request that we restrict the processing of your personal data.
Right to Object: You have the right to object to the processing of your personal data when it is based on our legitimate interests or used for direct marketing purposes.
Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format and request that we transfer this data to another data controller where technically feasible.
Right to Withdraw Consent: If the processing of your personal data is based on consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, please contact us using the details provided in this document. Upon receiving your request, we will inform you of any applicable limitations and the outcome of your request. We may also require you to provide sufficient information to verify your identity before processing your request to ensure the security of your data.
USER-GENERATED CONTENT AND SENSITIVE DATA
When utilizing our services, you may choose to upload various types of information, including data that is sensitive in nature. To safeguard your privacy and ensure the secure handling of your data, we urge you to adhere to the following guidelines:
(a) Exercise Discretion: Carefully evaluate the sensitivity of the information you choose to share. Upload only data that is both necessary for your interaction with our services and that you are comfortable disclosing.
(b) Handle Sensitive Data with Caution: Take extra precautions when submitting sensitive information, which may include personal, confidential, or otherwise protected data. Sensitive data demands a higher degree of care and discretion to prevent unauthorized access or misuse.
(c) Limit Disclosure to Necessity: Share only the information that is directly relevant and required for the specific purpose at hand. Avoid disclosing excessive or unnecessary details to mitigate potential risks to your privacy.
(d) Acknowledge Your Responsibility: You bear the responsibility for the content and nature of the information you choose to disclose. It is imperative that you understand the potential consequences of sharing sensitive data and make informed decisions regarding the information you upload.
By engaging with our services and uploading any form of data, you affirm that you comprehend these considerations and agree to assume full responsibility for the information you disclose. While we are committed to implementing robust measures to protect your data, the ultimate responsibility for the information provided lies with you. Should you have any questions or concerns about the type of data you are sharing, we encourage you to contact us for further guidance.
AUTOMATED DECISION-MAKING AND PROFILING
We do not engage in automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you.
COMPLAINTS
If you have concerns regarding the way we handle your personal data, we welcome the opportunity to address them directly and encourage you to contact us first. However, if for any reason it is not feasible to reach out to us, or if you prefer, you may also lodge a complaint with the supervisory authority in your jurisdiction. In Estonia, the relevant authority is Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).
UPDATES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect changes in our data processing practices or to comply with legal requirements. The most recent version of this Privacy Policy will always be available on our website, and any significant changes will be communicated to you through appropriate channels. We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your personal data and to ensure you are aware of any updates or modifications.
CONTACT US
If you have any questions or concerns regarding this Privacy Policy or our data processing practices, please contact us at: support@pictorios.com
Last updated on 05 september 2024.