CRUZ-DIEZ ART FOUNDATION ("the Foundation" or "us") strongly committed to maintaining data privacy to the highest standards when personal data is passed to us for processing by our clients to get their deliverables to their customers wherever they may be geographically located.
We are a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required by law to inform you about the information which we hold to enable you to understand the purposes for which it is used.
What information do we collect?
We may require some or all of the following information in order to provide our services and, where applicable, ensure we have everything necessary to clear any deliverables through customs into their destination countries and get them to their end recipient:
Name, address and contact details of client;
Name, address and contact details (eg. phone number, email address) of recipient;
Passport or other ID details (including number and issue date, and images of certain IDs) or tax identification numbers for customs mandated requirements in certain jurisdictions;
Manifest details of parcel and container contents for Customs Clearance;
Any alternative delivery address information as and when requested;
Any information regarding client or end recipient bank account and credit card details.
Some or all of this information may be requested from you directly or it may be passed to us by your end client but in either case it will be personal data that you have provided or consented to share. We may combine the personal information that you provide to us with other non-personal information relating to your deliverables which could include reference number(s), shipping information and delivery confirmation (e.g. time/date stamp and signature of recipient)).
Where you are a client passing us the personal data of your customers, you confirm that you have appropriate legal grounds under the provisions of the GDPR for collecting and sharing such personal data with us. We confirm that we process the personal data that is shared with us in compliance with GDPR and all other similar applicable national laws in relation to data privacy and security.
If we do not receive all of the personal data that we request as necessary to provide our services, we may not be able to fully provide our services to you. It is also your duty to ensure that you do not upload, input or disclose to us any unnecessary or irrelevant personal data about individuals that we are not required to hold to perform our services.
What do we do with personal data?
The Foundation respects the privacy rights of every person for whom we process and hold personal data in the performance of our services. We use appropriate practices to ensure the security of the personal data held and processed by us.
The Foundation maintains and requires each of its agents and subcontracted partners to maintain appropriate physical, technical and organizational measures to protect personal data in our possession from any data breach, i.e. any accidental, unauthorized or unlawful destruction, loss, alteration, disclosure or access.
In each case where you provide The Foundation with personal data about any other person, e.g. your end client(s), you confirm that you have their permission to do so for the purposes outlined in an agreement between you and that other person. You also confirm that you have made them aware that we will use their data to provide our services and deliver our products. This may include sharing their data with any of our agents and subcontractors who may have a part to play in the provision of our services or the delivery of our products.
Disclosing your information
If we hold your information for the purposes of providing a service to you, we will only use that information to provide this service or in the instances explained above. We will not sell or share your information for marketing purposes with any other company or third party.
Legal basis for using Information
The legal basis on which we will normally use the personal data which is provided to us, is as follows:
a) where we need to perform our contract with you for the provision of services or the delivery of products that you have requested; or
b) where we need to comply with a legal obligation; or
c) where it is necessary for our legitimate interests (or those of a third party), provided that your interests and rights do not override our interests.
The situations in which we may rely on (c) above are cases where we have reason to think that the purpose for which the data is to be used was contemplated by you and us when the data was provided, even though the purpose is outside the scope of the particular services or products that you have requested.
The personal data which you may send to us will be held by us in an electronic form on IT systems which are appropriately protected by passwords and to which only authorized users have access and in some cases in hard copy form. Where hard copy records are kept, they are securely stored.
Where you provide personal data to us electronically, please be aware that we cannot guarantee the security of the data in the course of transmission and any such transmission is at your own risk.
For how long is personal information retained?
We will retain your personal information throughout the period during which we are requested by you from time to time to provide services or products and for as long as necessary thereafter to fulfil the purposes for which the information was collected. In determining the period we will have regard to any legal or accounting requirements. The period of retention may be affected by any disputes which may arise in relation to a service or product.
GDPR offers individuals certain rights in respect of their personal data, including the right to be informed about how your personal data is used and to access the personal data we hold about you; the right to request a correction of inaccurate personal data or to request a deletion of your personal data; that we stop processing it or to withdraw your consent to any consent based processing; or to request that we transfer your personal data to yourself or another service provider where this is applicable. If you wish to exercise any of these rights, please contact us using the details below. However please be aware that should you exercise certain of these rights it may mean that we are unable to continue to provide you with the services that are in process at that time. You also have the right to complain to your data protection regulator.
cruzdiezartfoundation.org is a Wix website, and our online shop runs in Wix. When you place an order with us we receive your name, email address, phone number, billing address and shipping address. We DO NOT store any payment details. This information allows us to process your order, ship it out to you, and get in touch with you should there be any problems.
We use Gmail for all our company email. If you contact us on any email address ending in cruz-diezfoundation.org, your email address and email content will be stored on Gmail’s servers. When you place an online shop order, we receive a confirmation email to our email address. In this email we receive your name, email address, phone number, billing address and shipping address, as well as details of your order.
Mailchimp is a marketing automation platform, and we use it to send out our marketing emails. When you subscribe to our newsletter, we store your name, address and email address (depending on what you share with us) on Mailchimp.
Paypal and Stripe
We use both Paypal and Stripe as ecommerce payment providers. When you place an order with us we receive your name, email address, phone number, billing address and shipping address via the payment provider you choose. We DO NOT store any payment details.
If you have any further questions about how The Foundation handles the personal data that you provide to us or if you wish to exercise any of your rights in relation to your personal data as listed above, please send any enquiries to firstname.lastname@example.org