Who are we?
This website or mobile application (the “Platform”) you are now visiting is owned and operated by Tattoodo ApS (“us”, “we”, or “our”), Artillerivej 86, 2. th., 2300 Copenhagen S, CVR number 34687684, Denmark. When we process your personal data on our Platform; market to you; provide services or products to you; when you create an account on our Platform; or when we communicate with you, we are your data controller and your point of contact.
Why do we collect your personal data?
We process your personal data with the purposes of marketing to you, offering you various tattoo related services and products, and communicating with you.
Marketing from us
If you consent to receiving direct marketing from us, our processing of your personal data will be based on the GDPR Article 6(1)(a).
Creation of an account, purchase of services and products
When you create an account or when you purchase services or products on our Platform, we process your personal data for us to fulfil our part of the contract as intermediary; in this case, the processing is based on the GDPR Article 6(1)(b).
In any other cases, such as in case you might contact us for further inquiries, if you wish to complain, etc., we will process your personal data with the purposes of establishing, exercising or defending legal claims, where we are following a legitimate purpose where our legitimate interests override your interests or fundamental rights and freedoms. The processing will then be based on the GDPR Article 6(1)(f).
Using our Platform
When using our Platform, we process your personal data using cookie technology which entails the use of necessary cookies, statistic cookies and marketing cookies. Our processing of cookies is based on your consent and on the GDPR Article 6(1)(a). When we share cookie information with the purpose of remarketing to you on other platforms (social media, websites, apps, etc.) we follow a legitimate purpose where our legitimate interests override your interests or fundamental rights and freedoms and where the processing is based on the GDPR Article 6(1)(f).
Applying for a job
If you apply for a job with us, we will process your data with the purpose of assessing whether if we will offer you a job. In such case, the processing will be based on the GDPR Article 6(1)(b). Should we contact references, we will collect your consent beforehand in accordance with the GDPR Article 6(1)(a).
What do we collect and from where?
We will process ordinary personal data about you, including contact details such as name, email address, telephone number, address and credit card information.
The personal data is provided by you.
- Necessary Cookies. Necessary cookies help make our Platform usable by enabling basic functions like page navigation and access to secure areas of the Platform. The Platform cannot function properly without these cookies.
- Statistic Cookies. These cookies help us understand how visitors interact with our Platform by collecting and reporting information anonymously.
- Marketing Cookies. These cookies are used to track visitors across our Platform. The intention is to show ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our Platform.
For further information and description of the actual cookies used, please see [insert link].
How do we disclose your personal data?
We do not sell, rent, or otherwise disclose your personal data to others for their independent use, except when expressly required by law or if deemed necessary in relation to the purposes as described above.
In any case of disclosure of your personal data, this will be based on the GDPR Article 6(1)(a) when you have consented to receiving marketing form our affiliates, Article 6(1)(b) when we act as intermediary in connection with you purchasing services or products on our Platform, Article 6(1)(c) when legally required to do so or Article 6(1)(f) when we remarket you using cookie technology and when we are establishing, exercising or defending legal claims, etc.
Your personal data processed by us will be transferred to countries outside the EU/EEA. In this case, the transfer will be based on the GDPR Article 49(1)(b-e).
Personal data may be processed by external suppliers, including data processors, who are under written instruction from us to process personal data.
When do we delete your personal data?
Generally, we will keep your personal data only for as long as you have an active account on our Platform and/or as long as you have consented to receive direct marketing from us. Subsequently, we will process the personal data for a period of up to five years, depending on the specific data, in order to document compliance with current legislation.
How do we secure your data?
We choose to use vendors deploying security according to best industry practices, and we only use encrypted data communication when transferring confidential or sensitive personal data. This includes, when required or appropriate and feasible, obtaining written assurances from third parties that may access your personal data that they will protect the data with safeguards designed to provide a level of protection equivalent to that adopted by us.
However, no data system can be a 100% secure. Hence, we cannot guarantee the absolute security of your data. Moreover, we are not responsible for the security of the data you transmit to us over networks that we do not control, including the Internet and wireless networks.
What are your rights?
Under chapter III of the GDPR, you have several rights in relation to our processing of your data.
You have the following rights:
- You are entitled to request access to, rectification or erasure of your personal data.
- You are also entitled to oppose the processing of your personal data and to request restriction of the processing of your personal data.
- In particular, you have an unconditional right to oppose the processing of your personal data for direct marketing purposes.
- If the processing of your personal data is based on your consent, you are entitled to withdraw such consent at any time by either using the unsubscribe function in the latest communication or by contacting us as described below. Withdrawal of your consent will not affect the lawfulness of the processing carried out prior to your withdrawal of consent.
- You are entitled to receive personal data which you have provided to us in a structured, commonly used and machine-readable format (data portability).
Your rights may be subject to conditions or restrictions. Accordingly, there is no certainty that you will be entitled to, for example, data portability in the specific situation; or to have your personal data erased; it will depend on the circumstances of the processing.
You can always lodge a complaint with a data protection authority, and you can read more about your rights in the Danish Data Protection Agency’s guidelines on the data subjects’ rights, which is available at www.datatilsynet.dk.
How to contact us
If you would like to contact us with questions about our privacy and data protection practices, or you simply want to opt out of receiving marketing material from us, please use one of the following options:
- Regular mail – Tattoodo Aps, Artillerivej 86, 2. th., 2300 Copenhagen, Denmark
- Email – firstname.lastname@example.org
In your request, please specify your identity and to what your request pertains. We will require you to document your identity if this is not sufficiently done in your initial request.