Arsty Privacy Policy

Privacy Policy

Privacy Policy

Arsty (“Arsty”, “we” or “us”) treats personal data provided to us with respect and integrity. We are committed to safeguarding the privacy of our website, as data protection is of a particularly high priority for the management of our company. The use of our website is not possible without any indication of personal data.

This Privacy Policy explains how Arsty handles personal information that it collects in the course of performing its functions and activities. The processing of personal data, such as, but not limited to, the name, address, e-mail address, or telephone number of a data subject shall always be in line with the:

  • Australian Privacy Principles contained in the Privacy Act 1988
  • General Data Protection Regulation (GDPR), applicable in Europe;
  • Privacy Act U.S.C. 552a (Privacy Act of USA),
  • Privacy Acts in Latin America;
  • Any other country-specific data protection regulations applicable.

By means of this data protection declaration, our company would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As controller and processor, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, internet-based data transmissions may, in principle, have security gaps occasionally, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.

Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you will not receive direct marketing communications and will limit the publication of your information.

In your relationship with us through the website, controller, for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

Dashi Media Limited (“Arsty”)

Room 1-1-1405, No.2 Building, Xinpu Road

Chunhua Street Hedong District, Tianjin

1. Definitions

Our data protection declaration should be legible and understandable for the general public, as well as for our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

c) Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

f) Controller or controller responsible for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

g) Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

h) Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

i) Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

j) Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Collection

Upon purchasing from us, we ask you to provide us with your payment data, which will be used for secure processing of your order.

In addition, we may ask for a valid e-mail address, which will be included in our emailing list, for information regarding news & updates, as well as marketing promotions.

In this Section we have set out:

(a) the general categories of personal data that we may process;

(b) in the case of personal data that we did not obtain directly from our customers, the source and specific categories of that data;

(c) the purposes for which we may process personal data;

(d) the legal bases of the processing.

We may process data about your use of our website and services (“usage data“). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analyzing the use of the website and services.

We may process your account data (“account data“). The account data may include your name and email address. The account data may be processed for the purposes of providing our services, updates, promotions, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.

We may process your personal data that are provided in the course of the use of our services (“service data“). The service data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.

We may process information contained in any enquiry you submit to us regarding goods and/or services (“enquiry data“). The enquiry data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.

We may process information relating to our customer relationships, including customer contact information (“customer relationship data“). The customer relationship data may include your name, your employer, your job title or role, your contact details, and information contained in communications between us and you or your employer. The customer relationship data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.

We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our services (“transaction data“). The transaction data may include your contact details, and the transaction details. The transaction data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.

We may process information contained in or relating to any communication that you send to us (“correspondence data“). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.

“Automatically Collected” Information: The Arsty website collect a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be:

(1) the ISP,

(2) the operating system used by the accessing system,

(3) the website from which an accessing system reaches our website (so-called referrers),

(4) the sub-websites,

(5) the date and time of access to the website,

(6) an Internet Protocol address (IP address),

(7) any other similar data and information that may be used in the event of attacks on our information technology systems.

When using these general data and information, Arsty does not draw any conclusions about the data subject. Rather, this information is needed to:

(1) deliver the content of our website correctly;

(2) optimize the content of our website as well as its advertisement;

(3) ensure the long-term viability of our information technology systems and website technology;

(4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack;

In addition to the specific purposes for which we may process your personal data set out in this Section, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Please do not supply any other person’s personal data to us, unless we prompt you to do so.

Obviously, the access to our website is free; however, we inform you that for the use of the website via mobile device the charges and the standard tariffs provided in the service contract that you have stipulated with them will still be applied by the telephone operators.

Privacy of minorsWe do not collect or consciously request information from customers under the age of 18, nor do we consciously allow such customers to register with our services, except with parental consent. Our services and their contents are not intended for children under the age of 18.

If we learn that we have collected personal information from a child under the age of 18 without parental consent, we will delete this information as soon as possible.

If you believe we have any information about a child under the age of 18, please contact us.

3. Use and Disclosure of personal data to others

We will use the received data to help you easily obtain assistance on your problems, after the acquisition of an application; to provide you with personalized content and information, including online listings or other forms of direct marketing; to offer, improve, test and monitor the effectiveness of our services; to develop and test new products and functions; to monitor metrics such as total visitor numbers, traffic and demographic models; to diagnose or solve technological problems; to automatically update the website on your device.

We, or other subjects that will be authorized by us, may use your personal data for promotional, advertising and / or marketing purposes. We may disclose personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

In addition to the specific disclosures of personal data set out in this Section 4, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.[We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

We do not rent or sell your information to third parties outside of Arsty without your consent, unless otherwise provided on the basis of statutory provisions.

We may share your information, as well as information from tools such as cookies or similar, with third party organizations that help us provide you with the services, but only as far as is reasonably necessary.

We can also share this information with our advertising partners, so that we can offer you, among other things, targeted advertising that may be of interest to you.

We can access your information as well as store and share it in response to a request when the law requires us to do so. In addition, we may access your information, as well as store and share it, if we believe in good faith that this is necessary to: detect, prevent and manage fraud and other illegal activities; protect ourselves, you and other people, even in the context of any investigations; prevent events that could cause imminent physical damage or deat.

4. Cookies and Tracking Technologies

Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which internet pages, servers or apps can be assigned to the specific app or server in which the cookie was stored.

Through the use of cookies, Arsty can provide the customers of this website with more customer-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimized with the customer in mind. Cookies allow us, as previously mentioned, to recognize our website customers. The purpose of this recognition is to make it easier for customers to utilize our website. The website customer that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the customer’s computer system.

The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the app, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time, if the data subject deactivates the setting of cookies in the app, not all functions of our website may be entirely usable.

We use automatically collected information and other information collected during the Services through cookies and similar technologies to: (i) personalize our Service, such as remembering a Customer’s or Visitor’s information or login details so that the Customer or Visitor will not have to re-enter it during a visit or on subsequent accessing; (ii) provide customized content and information; (iii) monitor and analyze the effectiveness of website and third-party activities; and (iv) monitor site usage metrics such as the number of visitors.

5. Data Quality

We will take reasonable steps to ensure that personal information we have about you is accurate, complete and up to date when we use it. Generally, we rely on you to assist us in keeping your personal information accurate and up to date.

6. Data Security

We have taken reasonable steps to keep your personal information secure at all times and in accordance with our Information Security Policies. For example, electronic access is limited to authorized personnel.

We also take steps to reasonably protect your personal information from misuse and loss, unauthorized access, modification or disclosure and maintained in an accurate, complete and up-to-date manner.

7. Openness

We will be honest and open with you about the type of personal information that we collect about you and the actual use of any such information. We will let you know at the time we collect your personal information, or soon after, how we will treat it.

If you require any details of the personal information held by us about you, then please contact us by e-mail.

8. Access, Correction and Deletion

We respect your privacy rights and provide you with reasonable access to the information we have collected about you and obtain a more in-depth explanation about how the information is used.

If you wish to access or amend any other personal information we hold about you, or to request that we delete any information about you that we have obtained through procuring our website, you may contact us as set forth below in ‘How to Contact Us’. Unless personal information is required to be retained by us for administrative or legal reasons Arsty will meet such requests at the earliest possible opportunity.

If you would like access to detailed personal information and such information is not immediately or easily accessible by us, we may charge an administrative fee for our costs in retrieving and supplying the information to you.

9. Opting out from Communications

If you receive emails from us, you may unsubscribe at any time by following the instructions contained within the email or by sending an email to the address provided in the ‘How to Contact Us’ section.

Please be aware that if you opt-out of receiving emails from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request. Please note that you may still receive administrative messages from us regarding our Services.

10. Transfer of Data

We take reasonable steps to ensure that if any personal information you give us is transferred from one continent to another, that it will remain subject to the protection given by our privacy policy and undertaken in accordance with the EU General Data Protection Regulation (GDPR), the Australian Privacy Principles and USA Privacy Regulations where required.

11. Data Controller and Data Processor

In accordance with the regulations provided by the:

  • Privacy Act U.S.C. 552a (Privacy Act of USA),
  • Privacy Acts in Latin America
  • the Privacy Act of 1988 of Australia
  • the General Data Protection Regulation, aka GDPR for European Union

the data controller and data processor for Arsty is the developer of the website. For the purpose of clarifying this provision, we stipulate the we are controller for the personal data provided by our customers who are creating accounts on our website, and processors for the data they collect through our provided services.

Data Processor is also any third party that receives collected personal data from us. They are subject to Data Processing Agreement, enforcing protection of the personal data they receive from us.

12. Sensitive Information

We do not believe in intrusive collection of your personal details and will not collect information that is considered highly personal or highly sensitive about you without your prior consent.

13. Data Retention and Data Deletion

We only retain the personal information collected from a Customer for as long as the Customer’s email address is active on our mailing list, or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law.

In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the 10-year criteria, after your relationship with us ends.

Notwithstanding the other provisions of this Article, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Your rights

Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

Your principal rights under data protection law are:

(a) the right to access;

(b) the right to rectification;

(c) the right to erasure;

(d) the right to restrict processing;

(e) the right to object to processing;

(f) the right to data portability;

(g) the right to complain to a supervisory authority; and

(h) the right to withdraw consent.

You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: [the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed]. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.

In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To the extent that the legal basis for our processing of your personal data is:

(a) consent;

(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,

and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

You may exercise any of your rights in relation to your personal data by written notice to us.

14. Complaints Resolution

We are committed to providing our clients with a fair and responsive system for handling and resolving complaints concerning the handling of their personal information. You have a right to complain and to have your complaint handled efficiently if you are concerned about our handling of your personal information. We believe that in receiving your complaint, we are provided with a valuable opportunity to improve the services we deliver to you and maintain your confidence in our services.

If at any time you wish to lodge a complaint in respect of the handling, use or disclosure of your personal information by us, you may do so by contacting us directly.

We aim to investigate and advise you of the outcome of the complaint promptly.

15. Amendments

We may update this policy from time to time by publishing a new version on our website.

You should check this page occasionally to ensure you are happy with any changes to this policy.

We may notify you of significant changes to this policy by email or through the private messaging system within our service system.

16. How to Contact Us

By letter:

Room 1-1-1405, No.2 Building

Xinpu Road Chunhua Street Hedong District

Tianjin

China 300000

By email: service@arstybeauty.com