Privacy Policy for Deinspar Ltd

1. Data Controller and Contact Information

1.1 Deinspar Ltd is the data controller for all personal information collected through our platform and services.
1.2 For any privacy-related inquiries, data subject requests, or concerns about how we handle your personal information, please contact us through the official channels provided in your Creator Dashboard.
1.3 We are committed to responding to all privacy inquiries within 30 days of receipt, or sooner where required by applicable law.
1.4 Our Data Protection Officer can be reached through the same contact channels for specific GDPR-related matters.

2. Legal Basis for Processing

2.1 We process your personal data based on the following legal grounds under the UK General Data Protection Regulation (UK GDPR):
2.2 Contractual Performance: Processing necessary to fulfill our contractual obligations as outlined in our Terms and Conditions, including account management, payment processing, and service delivery.
2.3 Legitimate Interests: Processing necessary for our legitimate business interests, such as platform security, fraud prevention, customer support, marketing communications, and business analytics.
2.4 Legal Compliance: Processing required to comply with applicable laws, regulations, tax obligations, and legal requests from authorities.
2.5 Consent: Processing based on your explicit consent for specific purposes, such as marketing communications or optional data collection.
2.6 Vital Interests: Processing necessary to protect your vital interests or those of another person in emergency situations.

3. Personal Information We Collect

3.1 Account Registration Data: Full name, email address, postal address, telephone number, date of birth, professional information, and account credentials.
3.2 Payment and Financial Information: Bank account details, PayPal information, tax identification numbers, payment history, transaction records, and commission calculations.
3.3 Profile and Content Data: Artist biography, portfolio information, uploaded artwork, design files, metadata, and any other content you choose to share.
3.4 Communication Records: Customer service correspondence, platform notifications, feedback, support tickets, and any other communications with our team.
3.5 Technical and Usage Data: IP addresses, device information, browser type and version, operating system, referral sources, page views, session duration, click patterns, and platform usage statistics.
3.6 Location Data: Country, region, and city information derived from IP addresses or provided directly during registration.
3.7 Marketing and Preference Data: Communication preferences, marketing consent status, and interaction with promotional materials.
3.8 Business and Tax Information: Business registration details, VAT numbers, tax residency information, and other data required for legal and regulatory compliance.

4. How We Collect Your Information

4.1 Direct Collection: Information you voluntarily provide during account registration, profile creation, content upload, communication with support, and platform interaction.
4.2 Automatic Collection: Technical data collected automatically through cookies, analytics tools, server logs, and platform usage monitoring.
4.3 Third-Party Sources: Information from payment processors, identity verification services, fraud prevention tools, and other legitimate business partners.
4.4 Public Sources: Publicly available information that may be relevant to your artist profile or business verification processes.
4.5 Cookies and Tracking Technologies: We use essential cookies for platform functionality, analytics cookies for performance monitoring, and preference cookies for user experience optimization.

5. Purposes of Data Processing

5.1 Account Management: Creating and maintaining user accounts, authentication, profile management, and access control.
5.2 Service Delivery: Processing orders, managing content publication, handling customer inquiries, and providing technical support.
5.3 Payment Processing: Calculating commissions, processing payouts, maintaining financial records, and tax reporting compliance.
5.4 Platform Security: Fraud detection and prevention, account security monitoring, abuse prevention, and maintaining platform integrity.
5.5 Legal Compliance: Meeting regulatory requirements, tax obligations, data retention policies, and responding to legal requests.
5.6 Business Analytics: Understanding platform usage, improving services, conducting market research, and making data-driven business decisions.
5.7 Marketing and Communications: Sending service notifications, promotional materials, platform updates, and maintaining customer relationships.
5.8 Quality Assurance: Monitoring service quality, content moderation, customer satisfaction measurement, and continuous improvement initiatives.

6. Data Sharing and Third-Party Disclosure

6.1 Service Providers: We share data with trusted third-party service providers who assist in payment processing, cloud hosting, analytics, customer support, marketing services, and other business operations.
6.2 Payment Processors: Financial information is shared with PayPal, banking institutions, and other payment service providers for transaction processing and payout distribution.
6.3 Legal Requirements: We may disclose information when required by law, court orders, regulatory authorities, or to protect our legal rights and interests.
6.4 Business Transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity with appropriate safeguards.
6.5 Fraud Prevention: We may share limited information with fraud prevention services and security providers to protect against fraudulent activities.
6.6 Marketing Partners: With your consent, we may share information with marketing partners for promotional purposes and business development activities.
6.7 We do not sell, rent, or trade personal information to third parties for their independent marketing purposes without explicit consent.

7. International Data Transfers

7.1 Your personal data may be transferred to and processed in countries outside the United Kingdom and European Economic Area (EEA).
7.2 When transferring data internationally, we ensure appropriate safeguards are in place, including:
7.3 Adequacy Decisions: Transfers to countries with adequacy decisions from the UK Information Commissioner's Office (ICO).
7.4 Standard Contractual Clauses: Use of approved standard contractual clauses for transfers to countries without adequacy decisions.
7.5 Certification Programs: Transfers to organizations participating in recognized certification programs with appropriate privacy safeguards.
7.6 Corporate Binding Rules: Transfers within corporate groups with approved binding corporate rules.
7.7 We regularly review and update our transfer mechanisms to ensure continued compliance with applicable data protection laws.

8. Data Retention and Storage

8.1 We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by applicable law.
8.2 Active Account Data: Retained for the duration of your account relationship and up to 7 years after account closure for legal and business purposes.
8.3 Financial Records: Payment and tax-related information retained for 7 years in accordance with UK tax and accounting requirements.
8.4 Communication Records: Customer service and support communications retained for 3 years for quality assurance and dispute resolution.
8.5 Technical Logs: Server logs and technical data retained for 12 months for security and performance monitoring purposes.
8.6 Marketing Data: Marketing consent and communication records retained until consent is withdrawn or for 3 years after last engagement.
8.7 Data is securely deleted or anonymized when no longer required, following industry best practices for data destruction.

9. Data Security Measures

9.1 We implement comprehensive technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
9.2 Technical Safeguards: Encryption in transit and at rest, secure server infrastructure, regular security updates, firewall protection, and intrusion detection systems.
9.3 Access Controls: Role-based access restrictions, multi-factor authentication, regular access reviews, and principle of least privilege implementation.
9.4 Organizational Measures: Staff training on data protection, confidentiality agreements, incident response procedures, and regular security assessments.
9.5 Third-Party Security: Due diligence on service providers, contractual security requirements, and regular security compliance monitoring.
9.6 Incident Management: Comprehensive breach detection, response procedures, and notification protocols in compliance with regulatory requirements.
9.7 Despite our security measures, no system is completely secure, and we cannot guarantee absolute protection against all potential threats.

10. Your Rights and Choices

10.1 Under the UK GDPR, you have the following rights regarding your personal data:
10.2 Right of Access: Request information about how your personal data is processed and obtain a copy of your data.
10.3 Right to Rectification: Request correction of inaccurate or incomplete personal data.
10.4 Right to Erasure: Request deletion of your personal data under certain circumstances, subject to legal and contractual obligations.
10.5 Right to Restrict Processing: Request limitation of data processing under specific conditions.
10.6 Right to Data Portability: Request transfer of your data to another service provider in a structured, machine-readable format.
10.7 Right to Object: Object to processing based on legitimate interests, including direct marketing activities.
10.8 Right to Withdraw Consent: Withdraw consent for processing activities that require consent, without affecting prior lawful processing.
10.9 Right to Lodge Complaints: File complaints with the UK Information Commissioner's Office (ICO) regarding our data processing practices.
10.10 To exercise these rights, please contact us through the official channels provided in your Creator Dashboard.

11. Cookies and Tracking Technologies

11.1 Our platform uses cookies and similar tracking technologies to enhance user experience, analyze platform performance, and provide personalized services.
11.2 Essential Cookies: Necessary for platform functionality, security, and basic operations. These cannot be disabled without affecting platform performance.
11.3 Analytics Cookies: Collect information about platform usage, performance metrics, and user behavior to improve our services.
11.4 Preference Cookies: Remember your settings, language preferences, and customization choices for enhanced user experience.
11.5 Marketing Cookies: Track user interactions with promotional content and measure the effectiveness of marketing campaigns.
11.6 You can manage cookie preferences through your browser settings, though disabling certain cookies may limit platform functionality.
11.7 We provide detailed cookie information and management options through our cookie consent banner and privacy settings.

12. Children's Privacy

12.1 Our platform is designed for use by individuals aged 18 and over who can enter into legally binding contracts.
12.2 We do not knowingly collect personal information from individuals under 18 years of age.
12.3 If we become aware that we have collected personal data from someone under 18, we will take immediate steps to delete such information.
12.4 Parents or guardians who believe their child has provided personal information to us should contact us immediately for data removal.
12.5 We encourage parents and guardians to monitor their children's online activities and educate them about privacy protection.

13. Marketing Communications

13.1 We may send marketing communications about platform updates, new features, promotional opportunities, and business-related information.
13.2 Marketing communications are sent only to users who have provided consent or where we have legitimate interests in maintaining business relationships.
13.3 You can opt out of marketing communications at any time by:
13.4 Using unsubscribe links in email communications
13.5 Updating preferences in your Creator Dashboard
13.6 Contacting us directly through official support channels
13.7 Opting out of marketing does not affect essential service communications related to your account, transactions, or legal obligations.

14. Automated Decision-Making and Profiling

14.1 We may use automated systems for certain business processes, including fraud detection, content moderation, and payment risk assessment.
14.2 These systems help us maintain platform security, ensure compliance, and provide efficient services.
14.3 Significant decisions affecting your account or services are subject to human review and intervention.
14.4 You have the right to request human review of automated decisions that significantly affect you.
14.5 We do not engage in profiling that produces legal effects or significantly affects individuals without appropriate safeguards and rights.

15. Business Transfers and Changes

15.1 In the event of a merger, acquisition, bankruptcy, or sale of assets, personal data may be transferred as part of the business transaction.
15.2 We will provide notice of any such transfer and ensure that the acquiring entity maintains appropriate privacy protections.
15.3 Your rights and choices regarding personal data will be preserved during any business transfer process.
15.4 We will update this Privacy Policy to reflect any material changes resulting from business transfers.

16. Updates to This Privacy Policy

16.1 We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations.
16.2 Material changes will be communicated through email notifications, Creator Dashboard announcements, or prominent website notices.
16.3 We will provide at least 30 days' notice for significant changes that affect your rights or how we process your data.
16.4 Continued use of our platform after policy updates constitutes acceptance of the revised terms.
16.5 Previous versions of this Privacy Policy are available upon request for reference and comparison purposes.

17. Regulatory Compliance

17.1 We are committed to compliance with all applicable privacy and data protection laws, including the UK GDPR, Data Protection Act 2018, and other relevant regulations.
17.2 We regularly review and update our privacy practices to maintain compliance with evolving legal requirements.
17.3 We cooperate fully with regulatory authorities and respond promptly to official inquiries and investigations.
17.4 Our privacy program includes regular training, audits, and assessments to ensure ongoing compliance and best practices.

18. Company Information

Deinspar Ltd
124 City Road
London EC1V 2NX
United Kingdom

Company Registration Number: 14900703
Registered in: England and Wales

For privacy-related inquiries or to exercise your data protection rights, please contact us through the official channels provided in your Creator Dashboard.