Privacy Policy
1. Introduction
At thai-fine-art.com (“we,” “our,” or “us”), your privacy is of paramount importance. We are committed to safeguarding the personal data of all visitors, users, and customers of our website. As a company with global users and obligations, we adhere strictly to the requirements of the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws. This Privacy Policy outlines the principles and practices we apply to ensure the confidentiality, security, and lawful treatment of your personal information.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all personal data processed by thai-fine-art.com in connection with your use of our website, services, and interactions with us. Thai-fine-art.com acts as the “data controller” for the personal data collected, meaning we determine the purposes and means of processing that data. For any questions regarding how we collect, use, or protect your data, you may contact us at [email protected].
3. Categories of Data Processed
We may collect, use, store, and transfer various categories of personal data, including but not limited to:
– Usage Data: Information about how you interact with our website, including IP address, browser type, geolocation, session statistics, and referring URLs.
– Account Data: Information you provide when creating an account, such as your full name, email address, mailing address, and phone number.
– Profile Data: Preferences, purchase history, behavior patterns, and feedback related to your experience with thai-fine-art.com.
– Communication Data: Records of correspondence with us, including support inquiries, contact form submissions, chats, and emails.
– Technical Data: Device identification information, operating system type and version, browser plug-in types, screen resolution, and system configuration details.
– Transaction Data: Details related to purchases and financial transactions, including item details, billing addresses, payment method (limited—no raw payment data is stored), and delivery information.
– Preference Data: Information related to communication preferences, consent to receive marketing, and interest areas within our product offerings.
4. Legal Bases for Processing
We process your personal data only where legally permitted. Our lawful bases include:
– Performance of a Contract: Where processing is necessary to fulfill a contract with you, such as delivering your orders or creating your user account.
– Legal Obligation: Where processing is required for compliance with legal obligations, such as accounting or regulatory requirements.
– Consent: Where you have freely given informed consent for us to process your data, particularly in relation to marketing emails or optional cookies.
– Legitimate Interest: We may process data based on our legitimate interest in improving services, maintaining website security, and conducting administrative functions, provided these interests do not override your rights.
5. Your Rights
Under applicable law, including GDPR and CCPA, you have specific rights regarding your personal data. These include:
– Right of Access: You may request confirmation and a copy of the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete personal data.
– Right to Erasure: Also known as the “right to be forgotten,” you may request deletion of your data when no longer necessary or if you withdraw consent.
– Right to Restriction: You may ask us to suspend processing your data while we verify accuracy or assess other legal grounds.
– Right to Data Portability: Where processing relies on consent or contract, you may request your data in a structured, commonly used, and machine-readable format.
To exercise any of your rights, please contact us at [email protected]. We may require identity verification before proceeding with your request.
6. Security Measures
We apply robust technical and organizational measures to ensure a high level of security for your personal data, including but not limited to:
– ISO-standard encryption protocols for data transmission and storage.
– Role-based access control ensuring that personal data is accessed only on a need-to-know basis.
– Daily encrypted backups for data recovery and integrity.
– Ongoing privacy training and awareness programs for our personnel.
– Regular audits and assessments of our internal systems against industry best practices.
7. International Transfers
Your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA) or your jurisdiction, where data protection laws may differ. In such cases, we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or other regionally accepted mechanisms, to ensure your data receives an equivalent level of protection.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, and reporting obligations. The retention periods differ based on the data category:
– Usage and Technical Data: 12 months for analytics and diagnostic review.
– Account and Profile Data: Retained for as long as your account remains active or until deletion is requested.
– Communication Data: Retained for 24 months from the date of the last contact.
– Transaction Data: Retained for up to 7 years pursuant to tax and financial recordkeeping obligations.
– Preference Data: Until preference is updated or consent is withdrawn.
9. Cookie Policy
Our website deploys cookies to enhance your browsing experience and to enable functionality. The types of cookies used include:
– Essential Cookies: Necessary for core functionalities like user authentication, account access, and secure navigation.
– Functional Cookies: Enhance usability by remembering user settings and preferences.
– Analytics Cookies: Collect aggregated, anonymous data for analyzing website behavior and performance.
– Performance Cookies: Help us optimize load times and site responsiveness.
These cookies may be set by thai-fine-art.com or by third-party providers whose services we have integrated on our site.
10. Cookie Management and GDPR/CCPA Compliance
Upon first visit and periodically thereafter, users are presented with a cookie consent banner compliant with GDPR and CCPA standards. You have the ability to configure, accept, or decline non-essential cookies through our cookie preference panel, accessible at any time at the bottom of the website.
For CCPA-related “Do Not Sell or Share My Personal Information” requests, users may opt-out of targeted advertising and analytics cookies. We do not sell your personal information in the traditional sense.
11. Children’s Privacy
Our website and services are not directed to children under the age of 13. We do not knowingly collect personal information from children without parental consent. If we become aware that we have unintentionally collected such data, we will take immediate steps to delete it. If you believe we may have information related to a child, please contact us at [email protected].
12. Policy Updates and Notifications
We reserve the right to modify or update this Privacy Policy as necessary to reflect changes in our practices or to comply with legal requirements. Any material changes to this policy will be prominently noted on our website. Continued use of thai-fine-art.com following any amendments implies your acceptance of the revised policy.
13. Contact Information
If you have any questions, concerns, or requests related to this Privacy Policy or our handling of your personal data, please contact us at:
Email: [email protected]
Website: https://thai-fine-art.com
We are committed to addressing privacy concerns promptly and diligently.
—
Thai-fine-art.com is fully committed to aligning with all applicable data protection laws, including GDPR and CCPA. For any further information or to exercise your rights, please reach out to us at [email protected].