Privacy Policy

Data Controller

For the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws, the data controller responsible for processing your personal data is:

PLACEHOLDER
PLACEHOLDER
PLACEHOLDER
support@orchestra-art.com
PLACEHOLDER

As the data controller, we determine the purposes and means of processing your personal data.

For any inquiries regarding your personal data or GDPR-related requests, please contact us at the email provided above.

Data We Collect

Personal Data You Provide

• Account Details: When you create an account, we collect your name, email address, password, date of birth, and billing address.
• Purchase Records: Information related to transactions on our platform, including payment details, which are securely processed by third-party providers.
• User-Generated Content: Any inputs or prompts you provide for generating AI-created images.

Data Collected Automatically

• Site Interaction Data: Information about your activities on our website, such as pages visited, features used, and time spent on different sections.
• Device & Technical Information: Includes your IP address, browser type, operating system, and unique device identifiers.
• Cookies & Tracking Technologies: We gather insights about your preferences and interactions with the site through cookies and similar technologies. (Refer to the Cookies and Tracking Technologies section for more details.)

Third-Party Data

Information collected from payment gateways used to securely process transactions, managed and handled by trusted third-party service providers.

How We Utilize Your Data

We handle personal data for the following purposes:

• Account and Service Management: Facilitating account creation, processing payments, and providing access to AI-generated images.
• User Experience Enhancement: Customizing content and recommendations to improve your interaction with our platform.
• Optimization and Performance Analysis: Evaluating service usage to refine features, enhance functionality, and boost overall performance.
• Regulatory Compliance and Security: Meeting legal requirements and implementing safeguards to prevent fraudulent activities.

Sharing and Disclosure of Personal Data

We do not sell or distribute your personal data to third parties, except in the following cases:

Third-Party Service Providers

We may share your personal information with trusted external partners who assist in operating our platform and delivering services, including:

• Payment processing companies to facilitate secure transactions.
• Cloud storage and hosting providers to manage and maintain website infrastructure.

Legal Obligations and Security

Your data may be disclosed if required by applicable laws, regulatory requests, or legal proceedings. Additionally, we may share information to enforce our Terms of Use, ensure user safety, or prevent fraudulent and unauthorized activities.

Business Changes

If our company undergoes a merger, acquisition, or asset sale, your personal information may be transferred as part of the business transition. In such events, we will keep you informed of any significant changes.

Your Data Protection Rights

In accordance with data protection regulations, you are entitled to certain rights regarding your personal information, including:

Access and Modification

You can request access to the personal data we have about you and ask for corrections if any details are inaccurate or incomplete. Additionally, you can update your information directly in your profile, including your email address, full name, date of birth, and address.

Data Portability

You have the right to obtain a copy of your personal data in a commonly used and structured format.

Right to Erasure

You may request the removal of your personal data, provided there are no legal obligations requiring its retention.

Restriction of Processing

Under specific conditions, you can ask us to limit the way we process your personal information.

Cookies and Tracking Methods

To improve your experience on our platform, we utilize cookies and other tracking technologies that help us understand your preferences. Cookies are small data files stored on your device that allow us to:

• Retain your preferences and keep you logged in.
• Monitor website traffic and analyze user interactions.

You have the option to manage or disable cookies through your browser settings at any time.

PCI DSS Compliance

Our payment infrastructure adheres to the Payment Card Industry Data Security Standard (PCI DSS) to guarantee the secure handling of your payment details. We work exclusively with PCI DSS-compliant payment processors, ensuring that industry-standard security measures are applied to protect your financial data during transactions. Your payment information is never stored on our servers; instead, it is processed securely by trusted third-party providers.

Strong Customer Authentication (SCA) Compliance

Our payment system complies with the Strong Customer Authentication (SCA) requirements outlined in the Revised Payment Services Directive (PSD2). This regulation mandates multi-factor authentication to enhance the security of electronic transactions and prevent unauthorized access.

In accordance with PSD2, PLACEHOLDER ensures the protection of online payments by:

• Implementing Strong Customer Authentication (SCA) to verify transactions and prevent fraudulent activities.
• Ensuring transparency in transaction fees, charges, and currency exchange rates.
• Upholding user privacy, guaranteeing that all payment processes follow PSD2 requirements, including secure data handling and obtaining explicit user consent.

These security measures help safeguard transactions while ensuring full compliance with regulatory standards.

Data Security

We implement robust technical and organizational safeguards to protect your personal data from unauthorized access, modification, disclosure, or destruction. Our security measures include encryption, a secure server infrastructure, and strict access controls.

International Data Transfers

When accessing our services from outside the European Economic Area (EEA), your personal data may be transferred to and processed in countries with different data protection regulations. We implement all necessary safeguards to ensure your information remains secure and compliant with this Privacy Policy and relevant data protection laws.

Data Retention

We store your personal data only for the duration required to achieve the purposes outlined in this Privacy Policy, as well as to meet legal, regulatory, or compliance requirements. Once your data is no longer necessary, we ensure its secure deletion or anonymization.

Children's Data Protection

Our services are designed for users aged 13 and older and are not intended for children under this age. We do not knowingly gather personal data from minors. If we discover that information from a child under 13 has been unintentionally collected, we will take immediate action to remove it from our records.

Updates to This Privacy Policy

We may revise this Privacy Policy periodically to align with changes in our operations, legal obligations, or other necessary adjustments. Any modifications will take effect once published on our Site, and the “Effective Date” at the top will be updated accordingly. It is your responsibility to review this policy regularly to stay informed about any updates. By continuing to use the website after changes are posted, you acknowledge and agree to the updated terms.

Your Data Protection Rights under the GDPR

If you are a resident of the European Economic Area (EEA), you are entitled to additional protections under the General Data Protection Regulation (GDPR). This includes the right to file a complaint with your local data protection authority if you believe your privacy rights have been violated.

Contact Information

PLACEHOLDER
PLACEHOLDER
support@orchestra-art.com