Effective Date: November 20, 2023
Last Updated: November 20, 2023
It is our policy to comply with all applicable privacy and data protection laws, including the California Consumer Privacy Act of 2018 (“CCPA”) and its subsequent amendments and the General Data Protection Regulation, Regulation (EU) No. 2016/279 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”). This commitment reflects the value we place on earning and keeping the trust of our customers, business partners, and others who share their data with us.
• Data Controller
• What Data We Collect About You
• Reason for Processing Your Personal Data
• How We Collect Your Personal Data
• How We Use Your Personal Data
• Disclosure of Your Personal Data
• Cookies and Automatic Data Collection Technologies
• Third-Party Links
• Your Rights and Choices
• International Transfers
• Data Security
• Contact Us
1. Data Controller
2. What Data We Collect About You
Personal data means any information about an individual from which that person can be identified, directly or indirectly. It does not include data where the identity has been removed (anonymized data), which we can use for any purpose. Some jurisdictions may consider your Internet Protocol (IP) address to be personal data. We may collect different kinds of personal data about you which we have grouped together as follows:
A. Information You Provide to Us
Information You Provide Us (for Collector Accounts). We collect certain types of information from you when you create a Collector profile or make a purchase using the Platform.
Information You Provide Us (for Artist Accounts). We collect certain types of information from you when you create an Artist profile using the Platform.
Artist Public Profile Information. As an Artist on Co:Create Ink, you must provide certain information for your artist page. You can also choose to share other personal information (such as birthday, gender or location) in connection with your account and activity. Other people will be able to see your profile information. You can edit, remove, or limit this information through your account settings.
Transaction Information. When you buy or sell tattoos on Co:Create Ink, we collect information about the order as part of your transaction history.
Promotion Information. From time to time, Co:Create Ink runs promotional offers, contests and sweepstakes.
Survey Responses and Market Research. You may choose to provide certain information in connection with surveys, research and other feedback mechanisms.
In addition, to the information you provide us, we may automatically collect certain information about your equipment, software, and browser to provide you with an efficient and personalized experience. This information includes:
C. Information Collected from Third-Parties:
We may collect personal or anonymized information about you from third party companies that provide products and services that are used in together with our website or our Services.
Information from our Payment Processors: We receive certain information about Collectors from our third-party payment processors, such as Stripe, who help us to process transactions, provide our Services and prevent fraudulent or illegal activity. This information includes:
Analytics Information: We use data analytics software to ensure Platform functionality and to improve the Services. For more information, see the Cookies and Automatic Data Collection Technologies Disclosures.
We do not collect any special categories of sensitive personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data, and precise geolocation data). Nor do we collect any information about criminal convictions and offenses.
3. Reason for Processing Your Personal Data
We may process the personal data you provide for the following reasons and legal bases:
Why we process your data
Legal basis for processing
To allow you to create a profile, list a tattoo, or complete a purchase
To enable a transaction between a Collector and an Artist
To allow you to interact with a Co:Create brand partner
To enable you to use the Services
To interact with a Co:Create Platform
To enable you to use the Services
To receive your feedback that you provide us on our Contact Us page.
Legitimate interest to manage our website.
To respond to your requests and inquiries for technical support and general questions.
Legitimate interest to manage our website.
To engage in marketing with its customers.
Our legitimate interest based upon balancing your rights and freedoms against our interest of engaging in marketing.
To receive your comments on our social media accounts.
Legitimate interest to manage our website.
To allow you to exercise your data privacy rights.
Necessary to comply with our legal obligation.
In addition, we may process your personal data for the following reasons:
• To carry out our obligations and enforce our rights.
• In any other way we may describe when you provide the information.
• For any other purpose with your consent.
We may use information that is not personal data for any purpose. For example, we may aggregate usage data from many people in a way that does not identify any individuals to calculate the percentage of users accessing our website.
4. How we collect your personal data
We use different methods to collect information from and about you including through:
5. How We Use Your Personal Data
The Company may use your personal data to:
We may also use your personal data for other uses consistent with the context in which the data was collected or with your consent or lawful purposes. If we believe the purpose for which we use your personal data for other purposes go beyond the scope of your consent you provide during the personal data collection, we will communicate with you to obtain your consent.
We may anonymize or aggregate any of the data we collect and use it for any purpose, including research and product development. Such anonymized or aggregated data will not identify you individually.
6. Disclosure of Your Personal Data
7. Cookies and Automatic Data Collection Technologies
Our website may use automatic data collection technologies to distinguish you from other website users. This helps us deliver a better and more personalized experience when you browse our website. It also allows us to improve our website by enabling us to:
The technologies we use for this automatic data collection may include:
Most web browsers include a Do-Not-Track (“DNT”) signal or similar mechanisms for your privacy preference. At this time, there is no technology standard for recognizing and implementing DNT signals has been finalized. Given the state of technology, we do not respond to DNT signals or any other mechanism that automatically communicates your preference not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
8. Third-Party Links
Some content or applications on our website may be served by third parties, content providers and application providers including the following:
b. Third-party links. Our website may contain links to other sites, which we do not control. Those website have their own privacy policies and terms, and we encourage you to read those terms before interacting with third-party sites.
Our website and Services are not intended for children under 16 years of age. We will not knowingly solicit or collect personal data from children under 16, or the relevant minimum age under applicable local legal requirements, except as permitted under applicable law. If we learn that we have received information directly from a child under 16 without his or her parent’s or legal guardian’s consent, we will make commercially reasonable efforts to delete such information.
11. Your Rights and Choices
Your rights may vary depending on where you are located. We have created mechanisms to provide you with the following control over your information.
• Accessing, Updating, and Deleting Your Information. You can contact us as set forth in the Contact Us section below to request access to, correction of, or deletion of personal data that you have provided to us. We may also ask you to verify your identity before we respond to your request. Depending on your request, we may not accommodate your request to change information if we believe the change would violate any law or legal requirement or negatively affect the information’s accuracy.
• California Residents. If you are a California resident, you may have additional personal rights and choices with regard to your personal data. Please see Your California Privacy Rights for more information. California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. At this time, we do not engage in this type of disclosure.
• EU Residents. If you are a resident of the European Union, you have the right to:o request access to your personal data, commonly known as a “data subject access request,” which allows you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
o Request a correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
o Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
o Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may
demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
o Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
▪ If you want us to establish the data’s accuracy.
▪ Where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims.
▪ You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
o Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
o Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain Services to you. We will advise you if this is
the case at the time you withdraw your consent.
o We may make automated decisions about you based on your personal data that may affect your access or Services provided to you. You have the right not to be subject the automated decision making so long as the decision is not necessary for the performance of the contract with you or required by legal obligation. If the
decision making is necessary, you may contest the decision and request human intervention in the decision-making process.
o You also have a right to lodge a complaint with the data protection authority where you live.
12. International Transfers
If you are located in the EEA, we have put in place appropriate measures to comply with the laws and regulations to ensure that the transfer of personal data to countries outside of the EEA provides an adequate level of data protection.
13. Data Security
The security of your personal data is very important to us. We use physical, electronic, and administrative safeguards designed to protect your personal data from loss, misuse and unauthorized access, use, alteration, or disclosure. We will only retain your personal data for as long as reasonably necessary to fulfill the purpose of collecting it.
We also require our service providers and business partners to whom we disclose the information to do the same. When you use certain types of information, for example, we encrypt the transmission of certain sensitive or financial information using secure socket layer technology (SSL). We will continue to improve our physical, electronic, and administrative safeguards. However, the Internet environment is not 100% secure, and we cannot guarantee that information we collect will never be accessed in an unauthorized way.
Effective Date: November 20, 2023
Last Updated: November 20, 2023
What is a cookie?
A cookie is a small text file that we store on your browser or your device (computer, tablet, smartphone, etc.) if you agree. Cookies contain information that is transferred to your device’s memory or computer’s hard drive. There are three main types of cookies:
Purpose of cookies
Some cookies are strictly necessary for the use of our Website. Others make it possible to optimize the use of the Website and personalize the contents displayed. Cookies make it possible to (1) measure and analyze the frequency and use of our Website sections and services so that we can improve the functionality of the Website, and (2) measure safety and performance. We use the following cookies:
Other Information Storing Technologies
How Long Will Cookies Stay on My Device?
Some of the cookies we use are deleted after termination of the browser session, i.e., after your browser window is closed (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser on your next visit (persistent cookies).
In addition, you may withdraw your consent. However, your withdrawal will not retroactively affect the lawfulness of the processing of data before you withdrew your consent.
How Do I Change My Cookie Settings?
Most web browsers allow some control of most cookies through the browser settings. You can configure your browser so that you are informed when cookies are set, or you can decide on an individual basis whether to accept cookies or reject the acceptance of cookies in general. Every browser differs in the management of cookie settings. They are available for the different browsers at the following links:
• Microsoft Windows Explorer
• Google Chrome
• Mozilla Firefox
• Apple Safari
You can find more information about cookies (including how to disable them) at http://www.allabout cookies.org/. Not accepting cookies can result in the limited functionality of our Website. You can also search in your cookie folders to find our cookies and the Google Analytics cookie if you wish to delete them.
Who Controls and Accesses Cookies?
Not all cookies are set by us. Some cookies may be set through third-party services appearing on our pages. Third-party cookies are not in our control but are under the control of a third party.
Any other processing of your data will take place only if you have allowed Google to link your web and app browser history to your Google account and to use information from your Google account to personalize ads that you see on the web. In this case, if you are logged in to your Google account during your visit to our Website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, Google will temporarily link your personal information with Google Analytics data to create target groups.
If you do not want Google Analytics to be used in your browser, Google Analytics provides an opt-out tool which can be found here.
Additional Information for our Visitors from the European Economic Area (“EEA”)
If you are a visitor from the EEA, you will be shown a banner requesting that you accept the placement of cookies before cookies are placed on your computer or device. By accepting the placement of cookies, you are enabling us to provide the best possible experience and service to you. You may, if you wish, decline the placement of cookies unless those cookies are strictly necessary.
You (Data Subject) may lodge a complaint with the relevant data protection authority in the data subject’s jurisdiction.
Effective Date: November 20, 2023
Last Updated: November 20, 2023
Gesso Labs d/b/a Co:Create Ink (“Co:Create Ink”, “we”, “our”, or “us”) cares about your privacy. Thank you for taking the time to read our California Consumer Privacy Act (“CCPA”) privacy notice (“Privacy Notice”). This Privacy Notice covers all personal data processed by our website (https://www.cocreate.ink), including a Co:Create Platform (“Platform”), and our services (“Services”).
If you are a California resident, you may have additional rights and choices about your Personal Information. Please note that the CCPA provides certain exceptions with respect to the Personal Information of California employees, job applicants, owners, directors, vendors, suppliers and contractors.
Information we collect
The categories of personal information we have collected about California residents in the last 12 months are described below:
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, public wallet address, Social Security number, driver's license number, passport number, or other similar identifiers.
categories listed in the California Customer Records statute (Cal. Civ. Code §
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories.
under California or federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual
orientation, veteran or military status, genetic information (including familial genetic information).
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Genetic, physiological, behavioral, and biological
characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity.
Browsing history, search history, information on a
consumer's interaction with a website, application, or advertisement.
Physical location or movements.
H. Sensory data
Audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information
Current or past job history or performance evaluations.
information (per the Family
Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))
Education records directly related to a student maintained by an educational institution or party acting on its behalf,
such as grades, transcripts, class lists, student schedules,
student identification codes, student financial information, or student disciplinary records.
drawn from other Personal
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
B. Use of personal information
In the last 12 months, we have used your personal information for the business and commercial purposes described below.
a. Category A: Identifiers
b. Category B: Personal Information categories listed in the California Customer Records statute
c. Category F: Internet or other similar network activity
C. Sharing of personal information
The business and commercial purposes that we have shared your personal information in the last 12 months are as follows:
• Sharing your personal information for business purposes. We have shared the following categories of personal information with our affiliated companies and service providers for our business purposes:
o Category A: Identifiers
o Category B: Personal Information categories listed in the California Customer Records statute
o Category F: Internet or other similar network activity.
As described above, examples of business purposes include performing transactions, registering accounts, managing our relationship with you, and monitoring for security threats and fraud.
• Sharing your personal information for commercial or other purposes: We have shared the following categories of your personal information with co-sponsors, service providers and other third parties in a manner that is likely to be considered to be a “sale” or “sharing” for commercial purposes under the CCPA:
• Sharing your sensitive personal information as defined by Cal. Civ. Code § 1798.140(ae). Sensitive personal information means personal information that reveals (A) a consumer’s social security, driver’s license, state identification card, or passport number; (B) a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (C) a consumer’s precise geolocation; (D) a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; (E) the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication (F) consumer’s genetic data; (G) biometric information for the purpose of uniquely identifying a consumer; (H) personal information collected and analyzed concerning a consumer’s health; (I) personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.
As described above, this information may be shared for personalization, analytics, marketing, retargeting, and sales. We do not sell or share personal information of consumers we actually know are less than 16 years of age.
D. Your right to know
You have the right to request that we disclose certain information to you about our collection, use, disclosure, and sale of your personal information over the past 12 months. Once we verify your request,
we will disclose to you:
• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: sales, identifying the personal information categories that each category of recipient purchased; and disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
We do not provide access rights to business to business (“B2B”) information.
E. Your right to obtain a copy of your personal information
You have a right to obtain a copy of the specific pieces of personal information we collected about you (also called a data portability request). Once we verify your request, we will provide you a copy of your personal information that is responsive to your request.
We do not provide portability rights to B2B information.
F. Your right to delete your personal information
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We do not provide deletion rights to B2B information.
G. Your right to opt-out of sale of your information
We do not sell or share personal information with third parties that would be considered a “sale” under the CCPA.
H. How to exercise your CCPA rights
To exercise your right to know, right to obtain a copy, or right to delete your personal information as described above, please submit your request to us by contacting us at firstname.lastname@example.org.
I. How we verify requests and respond to requests
Before fulfilling your request, we take steps to verify you are who you say you are or that you have the authority to act on someone else’s behalf. Therefore, upon receipt of your request, we will request additional information that we need to verify you and, if you are submitting a request on behalf of someone else, to verify that you are permitted to act on that person’s behalf.
When we contact you to request verification information, please respond and provide the information that we have requested. Depending on the nature of the request you make, we may require you to verify your identity to either a reasonable degree of certainty or high degree of certainty. This may mean that we need to match two or three pieces of information that we hold about you with information that you provide to us. In some cases, we may require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request or that you are authorized to make the request on behalf of someone else.
In addition to providing the information we need to verify you or your authority, you must provide us with enough information so that we can understand, evaluate, and respond to your request. We cannot respond to your request or provide you with personal information if we cannot confirm the personal information relates to you.
We will only use personal information provided in a verifiable consumer request to verify your identity or authority to make the request and to locate relevant information. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and to understand, evaluate, and respond to your request.
We cannot delete personal information in those situations where our retention is required for our own internal business purposes or otherwise permitted by the CCPA (such as fraud prevention or legal compliance). In these situations, we will retain your information in accordance with our records retention program and securely delete it at the end of the retention period.
J. Who may submit requests?
Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. You may also make request on behalf of your minor child. You may designate an authorized agent to make a request on your behalf by registering such person or entity with the California Secretary of State.
K. How often you can submit requests?
You may make a CCPA consumer request twice within a 12-month period.
L. Response timing and format
We make every attempt to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. When you request a copy of your personal information, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity easily.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. You have a right not to receive discriminatory treatment by us for exercising your privacy rights.
N. Changes To This Privacy Notice
Changes to this Privacy Notice will be posted on this site, along with information on any material changes. The Company reserves the right to update or modify this Privacy Notice at any time and without prior notice. If the changes made to our Privacy Notice are substantial, we will contact you before the changes take place.
O. Contact Us
If you have any questions about this Privacy Notice or our use of your personal data, please contact us by sending an email to: email@example.com.