Privacy Policy for thai-fine-art.com
1. Introduction
At thai-fine-art.com (“we,” “our,” or “us”), your privacy is of the utmost importance. We are committed to protecting the confidentiality, integrity, and availability of your personal data and to upholding your rights in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant legislation. This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you access or use our website and related services.
2. Scope of this Policy and Data Controller Role
This Privacy Policy applies to all users of our website, thai-fine-art.com, and any related services or communications. We act as the data controller with respect to the personal data we process, meaning we determine the purposes and means of processing your personal information. If you have any questions or concerns about our privacy practices, please contact us at [email protected].
3. Categories of Data We Process
We collect and process various categories of personal data to provide and improve our services. These include:
– Usage Data: Technical information including browser type and version, IP address, time zone setting, referring/exit pages, site usage patterns, pages visited, session duration, and interactions with the site.
– Account Data: Personal identifiers such as full name, residential or delivery address, email address, telephone number, and other details submitted when registering or creating an account.
– Profile Data: Preferences, purchase history, browsing behavior, saved items, and other personalization or behavioral insights.
– Communication Data: Records of communications and inquiries made through contact forms, customer support requests, feedback, and correspondence via email or other means.
– Technical Data: Device information, operating system, network type, time stamp logs, and system configuration data collected through electronic means.
– Transaction Data: Payment details (processed securely via third parties), order information, shipping details, billing address, and fulfillment records.
– Preference Data: Marketing preferences, product interests, newsletter subscriptions, and consent details for promotional messaging.
4. Legal Bases for Processing
We only process your personal data when we have a valid legal basis to do so, including:
– Contractual Necessity: When processing is required to fulfill a contract with you or to take pre-contractual steps at your request.
– Legitimate Interest: When processing supports our legitimate interests (or those of a third party), provided these interests are not overridden by your rights and freedoms. Examples include fraud prevention, service improvement, and website analytics.
– Consent: When you have given us clear and informed consent to process your personal data for a specific purpose (e.g., for marketing communications).
– Legal Obligation: When processing is required to comply with a legal or regulatory obligation.
5. Your Rights
In accordance with the GDPR and CCPA, you have several important rights regarding your personal data:
– Right of Access: You can request access to the personal data we hold about you.
– Right to Rectification: You have the right to request correction of inaccurate or incomplete data.
– Right to Erasure: Also known as the ‘right to be forgotten’, you may request deletion of your personal data in certain circumstances.
– Right to Restriction: You may request we limit the processing of your personal data where applicable.
– Right to Data Portability: Where processing is based on consent or contract, you may request your data be transferred to you or another data controller.
– Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
– Rights under CCPA: California residents may also have the right to opt out of the sale of personal information, request information about data collected and disclosed in the last 12 months, and request deletion of personal data, subject to applicable limitations.
To exercise these rights, please email [email protected].
6. Security Measures
We have implemented rigorous security measures to safeguard your personal data, including:
– Data encryption in transit and at rest
– Role-based access controls with restricted permissions
– Firewall and intrusion detection systems
– Routine data backups and disaster recovery plans
– Employee training on data privacy and security protocols
While we take all reasonable precautions, no online transmission or storage system can be guaranteed secure. Accordingly, you share your information at your own risk.
7. International Transfers
Some of your personal data may be stored or processed outside your country of residence, including in jurisdictions that may not offer the same level of protection. In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission and compliance with applicable cross-border data protection frameworks.
8. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected or to comply with legal, accounting, or reporting obligations. Data retention periods vary by type:
– Usage and Technical Data: up to 12 months from collection, for analytics and security purposes.
– Account Data and Profile Data: retained while your account remains active and for up to 5 years thereafter for legal purposes.
– Transaction Data: held for at least 7 years to comply with tax and financial reporting laws.
– Communication Data: kept for 3 years following the last interaction.
– Preference Data: retained until you change your preference or revoke consent.
9. Cookie Policy
Our website uses cookies and similar tracking technologies for various purposes:
– Essential Cookies: Required for the site to function correctly. These include session cookies and authentication tokens.
– Functional Cookies: Allow enhanced performance and personalization, such as remembering login credentials or preferred language.
– Analytics Cookies: Collect aggregated data to understand how users interact with the website (e.g., Google Analytics), which helps us improve the user experience.
– Performance Cookies: Help monitor site performance and load times to ensure service reliability.
These cookies may originate from third-party service providers. You can find detailed information in our Cookie Notice located on our website.
10. Cookie Management and Compliance
Users are given the option to manage cookie preferences via a dedicated cookie consent banner on their first visit. You can withdraw or modify consent at any time by accessing cookie settings via your browser or by interacting with the cookie management tool available on thai-fine-art.com.
We comply with GDPR obligations by obtaining affirmative consent before deploying non-essential cookies in the EU/EEA. Under the CCPA, we honor “Do Not Sell My Personal Information” requests and provide transparency into data collection practices.
11. Special Protections for Children
Our website and services are not directed toward children under the age of 13, and we do not knowingly collect personal data from them. If we learn that we have inadvertently collected such data without appropriate parental consent, it will be promptly deleted. If you believe a child has provided personal information, please contact us immediately at [email protected].
12. Policy Updates
From time to time, we may update this Privacy Policy to reflect regulatory changes, operational adjustments, or improvements to our privacy practices. Updated versions will always be made available on thai-fine-art.com. We will notify users of material changes where required by law, typically via email or website banners.
13. Contact
For privacy-related inquiries, data requests, or any concerns about how your personal data is handled, you may contact us at:
Email: [email protected]
We are committed to protecting your privacy and ensuring full compliance with applicable data protection laws. Please do not hesitate to reach out with any questions or to exercise your rights under this policy.