World Anvil respects and are dedicated to ensuring your privacy & security.
For the purposes of this privacy notice, the data controller is World Anvil LTD with its address at C/O Cruse & Burke, 73 Park Lane, Croydon, United Kingdom, CR0 1JG. We've also set out contact details towards the end of this notice.
We may collect and process the following information about you:
We may also ask you for information if you experience problems when using this site. We may also ask you to complete surveys for research purposes, although you don't have to respond to these.If you create an World Anvil account via the World Anvil Sites or through third party sites (an "Account"), we collect certain information in the performance of contractual service that can be used to identify you, such as your name, age/birthdate, postal address, telephone number, email address. If you register for one of our memberships Subscription/Paid accounts to enable high service and features, the third party responsible for charging your reoccurring membership, may collect your credit card information, or bank account details, or other information that can be used to contact you or identify you as an individual (collectively, Personally Identifiable Information "PII").
If you create your account using your login credentials from a third-party site or service, we'll be able to access and collect your name and email address and other PII that your privacy settings on that third-party site or service permits us to access, but we don't receive or store passwords for those third-party sites and services. We cannot delete or change any PII that is stored on third party sites and services. If we have an existing relationship with you, and we can identify you from information obtained or provided by your use of the site, we may associate those sets of information, for example, to enable us to respond to a query you have submitted.
When you create an Account, your profile page will display your Account user name and certain statistics regarding your own use of the Services, including but not limited to, the date you became an Account holder, the categories of materials you posted and how long ago you last visited the Sites. It will also display information about the Account holders who visit your profile page including the names of those Account holders who follow you (if the Account holder has permitted such display), and the number of visitors to, and views of your profile page or pages containing Artworks you have submitted.
Any information or content that you share/publish to sites, will be publicly accessible by users, as such we encourage you to review prior to sharing content. The name you choose when creating your account is visible to all users of the services. If you visit another account holder's profile page, your user name will appear on that page. World Anvil does not control, and is not responsible for, the use of any information or content that you have exposed to the public through your use of the Services. You may use the tools we make available via the Services to make decisions about what information about you, including PII, will be visible on your profile page and on the profile pages of other Account holders that you visit. Please note Accounts can be created either by individuals or companies.
We'll only use your information where we have your explicit consent or where we have another lawful reason for processing and using your data such as: In relations to our legal obligation or for the performance of the contract/service agreement. Unless we say otherwise below, we'll use your personal information on the basis that it's within our legitimate interests in operating the services and maintaining the site and providing you with site functionality and related services. We may use the information provided or obtained via this site to:
We also use the information provided to meet our compliance obligations and/or legal obligations, to comply with applicable laws and regulations and to share with regulators and other authorities that World Anvil are subject to. We'll only do this on the basis that it's strictly needed to comply with a legal obligation which can include information disclosures to vested authorities as required by court order. It's in our legitimate interests and that of yours and others which this undertaken to prevent or detect unlawful acts.
We only store your data as per the Data Protection Act 2018 & The General Data Protection Regulation for as long as required. We will retain information in line with our data retention policy. For example, if you're a customer/user of our service, we'll normally keep for 360 working days on the end of our relationship with you. We retain information to comply with legal or regulatory requirements or for our legitimate purposes, such as service delivery, responding to enquiries, and may sometimes need to keep it for a longer period; however, this will only be as required. If we don't need to retain it for as long as stated, we may delete, destroy or anonymise data sooner. Data is stored primarily for your convinience in order allow you to backup/save your work in case of error or unwanted action.
As Platform we provide service to enable you to develop content, through the platform you have control. You at any time may review your PII by logging in and navigating to your settings page on the website. Once there, you may modify information that is incorrect and delete certain information from your profile. You can also change your marketing preferences and permission which setup on creation at any time via the settings page. Sharing of Information
We take reasonable measures as per Privacy By Design requirements and applicable laws to protect the information that we collect from you or about you (including your Personal Information) such as encrypting your data at rest, line and during transit,
The computers storing the information are kept in a secure environment with restricted physical access. We use secure firewalls and other measures to restrict electronic access which will be managed in accordance with the Payment Card Industry (PCI) practice.
As per the Data Protection Act 2018 and The General Data Protection Regulation 2018, all individuals who are the subject of personal data held by World Anvil are entitled to:
You have the right to access your data, to obtain a copy of your data, to request their erasure or rectification and the right not to be subject to a purely automated decision without having your views taken into consideration. You also have the right to object to the processing, withdraw your consent and lodge a complaint with the Data Protection Office should you consider that this data processing violates the law.
You can exercise your rights by contacting us using by emailing [email protected] using subject line "Data Subject Rights -*" and prefixing -* with the relevant rights you wish to exercise such as Data Subject access request (DSAR). We will respond within 72 hours to confirm receipt of your request and respond within one calendar month or up to three months if required extension for complex cases which will be handled as per the Applicable Data Protection law without undue delay. To handle your request as we will need to verify your identity as per recital 64 of GDPR, we may ask for additional data were required to verify you identify, however existing data will be leverage in the first instance. In such an event/situation where we are unable to verify your identify, we may refuse to process the subject request unless provided with additional information. Please note the improper filing of rights may result in your request not being processed efficiently and the applicable timeframes stated will not be applicable. You also have a right to complain to the UK Information Commissioner's Office by visiting www.ico.org.uk or to the data protection regulator in the country where you live or work.
All processing of personal data by World Anvil will be done in compliance with the Data Protection Act 2018 (DPA 2018) / The General Data Protection Regulation 2018 (GDPR 2018) .
Here at World Anvil, we use a range of measures to keep your information safe and secure, which may include encryption and other forms of security. We require our staff and any third parties which carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.
If you'd like further information on anything stated in this privacy notice, or to contact our Data Protection Officer (DPO), contact us at [email protected] and mark in the subject 'for the attention of the DPO'.
This policy will be updated as and when required to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the Data Protection Act 2018 / The General Data Protection Regulation.