Privacy Policy for One Sun Art
At One Sun Art (https://onesunart.com), we are firmly committed to safeguarding your personal data and upholding your privacy rights. This Privacy Policy outlines how we collect, use, store, and share your personal information. Our practices are designed to protect your rights under applicable data protection frameworks, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). By accessing or using our website, you consent to the practices described herein.
1. Our Commitment to Privacy and Data Protection
Your privacy is critically important to us. We do not sell your personal information and take all necessary steps to ensure that your data is processed fairly, lawfully, and transparently. We apply robust protective measures to keep your data secure and strive for full compliance with international privacy standards.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users who access or interact with the services provided through our website, onesunart.com. For purposes of applicable data protection laws, One Sun Art is the data controller determining the purposes and methods of personal data processing. If you have questions regarding how your data is handled, you may reach us at [email protected].
3. Categories of Data Processed
We collect and process the following categories of personal data to provide, maintain, and improve our services:
A. Usage Data
Includes data such as your IP address, browser type and version, geographic location, referral source, pages visited, time spent on pages, and patterns of service use.
B. Account Data
Data you provide when you create an account, including your full name, email address, billing and shipping addresses, and phone numbers.
C. Profile Data
Includes your preferences, order history, product reviews, saved items, and browsing behavior.
D. Communication Data
Comprises the content of email communications, chat messages, support interactions, and your correspondence history.
E. Technical Data
Includes device identifiers, operating system, browser plug-in types and versions, and in rare cases, system failure logs.
F. Transaction Data
Details of purchases made through our website, including payment methods, transaction amounts, and shipping details.
G. Preference Data
Data related to your marketing and communication preferences, including your opt-in/opt-out consents and interests in products or services.
4. Legal Bases for Processing Personal Data
We process your personal data under the following lawful bases, as provided by GDPR and mirrored where applicable under CCPA:
– Consent: Where you have affirmatively provided your consent (e.g., to receive newsletters or marketing material).
– Contract: Where processing is necessary to fulfill contractual obligations (e.g., fulfilling your orders).
– Legitimate Interests: Where processing is necessary for our legitimate business interests (e.g., fraud prevention, service improvement), provided that these are not overridden by your rights and freedoms.
– Legal Obligation: Where we are required to comply with local, national, or international laws.
5. Your Rights Under Data Protection Laws
As a data subject, you have the following rights under GDPR provisions (and similar rights under CCPA for California residents):
– Right of Access: To know what personal data we hold and how we use it.
– Right to Rectification: To request correction of inaccurate or incomplete data.
– Right to Erasure: To request deletion of personal data where legally permissible.
– Right to Restriction: To restrict certain types of data processing.
– Right to Data Portability: To receive your data in a structured format and transmit it to another controller.
– Right to Object: To object to specific processing, particularly for direct marketing.
– Right to Withdraw Consent: Where our processing is based on your consent, you may withdraw such consent at any time.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We adopt appropriate technical and organizational security measures to protect your data from unauthorized access, disclosure, alteration, or loss. These include:
– Data encryption in transit and at rest
– Controlled access with role-based permissions
– Secure data backup and redundancy protocols
– Ongoing employee privacy training and confidential handling policies
Despite our best efforts, no system can be 100% secure. We encourage users to protect their own data by using secure passwords and devices.
7. International Transfers
Where your personal data is transferred outside the European Economic Area (EEA) or California, we ensure the use of appropriate safeguards, including European Commission-approved Standard Contractual Clauses or other legally recognized transfer mechanisms. All such transfers comply with applicable legal standards.
8. Data Retention
We retain data only for as long as necessary to fulfill the purposes outlined in this policy or to meet legal, accounting, or regulatory requirements. Specific retention periods include:
– Account Data: Retained until user-initiated deletion or after five years of inactivity
– Transaction Data: Retained for at least seven years to comply with tax and financial laws
– Communication Data: Retained for two years for service-related follow-up
– Usage and Technical Data: Generally retained for 12–24 months for analytics and security
9. Cookie Policy
We use cookies and similar technologies to enhance user experience, analyze site usage, and provide customized content. Cookies fall under the following categories:
– Essential Cookies: Necessary for the functioning of our website (e.g., shopping cart, account login)
– Functional Cookies: Remember your preferences and settings
– Performance Cookies: Collect aggregate data for performance and usage analysis
– Analytics Cookies: Help us understand user behavior through tools such as Google Analytics
– Advertising Cookies: Used for personalized marketing content if explicitly consented to
10. Cookie Management and Rights
Under GDPR and CCPA, you have the right to accept or reject cookies at your discretion. Visitors from the EU and California will be presented with a cookie consent banner upon first visit. You can manage cookie settings at any time via browser controls or the dedicated cookie preferences panel available on onesunart.com.
Your rights include:
– Opting out of non-essential cookies
– Requesting access to data collected via cookies
– Requesting deletion of related data where feasible
11. Protection of Children’s Privacy
Our website is not directed to, and we do not knowingly collect or solicit personal data from, individuals under the age of 13. In the event we learn that we have inadvertently collected data from a child under 13 without verifiable parental consent, we will promptly delete such information. Parents or guardians who believe their child may have submitted personal data may contact us at [email protected].
12. Policy Updates and Notifications
We may modify this Privacy Policy from time to time to reflect changes in law, technology, or our data handling practices. Where material changes are made, we will notify you through appropriate channels, such as posting a notice on our website or via direct communication. We encourage users to review this policy periodically to remain informed about how their data is handled.
13. Contact Us
Should you have any privacy-related questions, concerns, or requests, please contact:
One Sun Art
Email: [email protected]
Website: https://onesunart.com
We are fully committed to respecting your privacy rights and will respond to your inquiries in accordance with applicable data protection regulations.
This Privacy Policy serves as confirmation of our compliance with GDPR, CCPA, and other applicable laws. We welcome any questions or concerns regarding this policy at [email protected].