Section 1 – What Do We Do with Your Information
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
Section 2 - Consent
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
We also obtain information about you when you contact us about our gallery or products for sale, leave us your details when in the gallery or if you register to receive one of our regular newsletters or updates from specific artists or genres.
When you buy something from our website and fill in the contact form you will be asked if you’d like to receive our e-news bulletins which let you know about new products and what’s happening at the gallery with new work and artists.
You can also give sign up to our newsletter at the bottom of any page just by giving us your email address. It is held on Mailchimp, who are legally obliged to follow the GDPR regulations and will enable us to then send you information in the future.
If you have previously bought something from us or have asked to be put on our email list we have also added your name to Mailchimp. You can unsubscribe from our emails at any time by clicking on the ‘unsubscribe’ link at the bottom of our communications, or by sending an email directly to firstname.lastname@example.org
We do not sell any personal information we receive to any third party.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at email@example.com or mailing us at:
Section 3 - Information Sharing and Disclosure
Information about our customers is important to our business. We share your personal information for very limited reasons and in limited circumstances, as follows:
- Shopify and MailChimp (see below).
- Service providers. We engage certain trusted third parties to perform functions and provide services to our shop, such as delivery companies. We will share your personal information with these third parties, but only to the extent necessary to perform these services.
- Business transfers. If we sell or merge our business, we may disclose your information as part of that transaction, only to the extent permitted by law.
- Compliance with laws. We may collect, use, retain, and share your information if we have a good faith belief that it is reasonably necessary to: (a) respond to legal process or to government requests; (b) enforce our agreements, terms and policies; (c) prevent, investigate, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of our customers, or others.
- If you violate our Terms of Service
Section 4 – MailChimp
We use MailChimp to manage our newsletter email lists and marketing campaigns. This means that when you choose to subscribe to receive newsletters from us your personal data is transferred to MailChimp and processed by MailChimp. MailChimp processes the collection (e.g., via sign-up forms) and storage of your personal data in order to allow us to create and use distribution lists, send marketing email campaigns, and place online advertisements, and personal data is transferred to certain of MailChimp’s sub-processors (who perform some critical services, such as helping MailChimp prevent abuse). For more insight, you may want to read MailChimp's legal policies (https://mailchimp.com/legal/)
Section 5 – Shopify
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Section 6 – Third Party Services
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
Downloads & Media Files
Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third party anti virus software or similar applications.
We accept no responsibility for third party downloads and downloads provided by external third party websites and advise users to verify their authenticity using third party anti virus software or similar applications.
Our store uses Google Analytics to help us learn about who visits our site and what pages are being looked at.
We have deliberately chosen to Anonymize IP addresses coming to our site at the point of collection. This action tells Google not track IP data on our website.
You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Section 7 – Security
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Section 8 – Cookies
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
PREF, persistent for a very short period, Set by Google and tracks who visits the store and from where
Google Analytics – Cookie name and timescale/usage
_ga - 2 years Used to distinguish users.
_gid - 24 hours - Used to distinguish users.
_gat - 1 minute - Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.
AMP_TOKEN - 30 seconds to 1 year - Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
__utmt - 10 minutes - Used to throttle request rate.
__utmc - End of browser session Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.
__utmv - 2 years from set/update - Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics._
Section 9 - Data Retention
Section 10 – Age of Consent
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
Section 12 - Your Rights, Questions and Contact Information
If you reside in certain territories, including the EU, you have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases.
- Access. You may have the right to access and receive a copy of the personal information we hold about you by contacting us using the contact information below.
- Change, restrict, delete. You may also have rights to change, restrict our use of, or delete your personal information. Apart from in exceptional circumstances (like where we are required to store data for legal reasons) we will generally delete your personal information upon request.
- Object. You can object to (i) our processing of some of your information based on our legitimate interests and (ii) receiving marketing messages from us after providing your express consent to receive them. In such cases, we will delete your personal information unless we have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
- Complain. If you reside in the EU and wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact firstname.lastname@example.org or by mail at: