Privacy Policy for onesunart.com
1. Introduction
At One Sun Art (“we”, “us”, or “our”), accessible via onesunart.com, we are deeply committed to respecting your privacy and safeguarding your personal information. This Privacy Policy outlines the types of information we collect from visitors and users of our website, how it is used, stored, and shared, and the rights and options available to you. We adhere strictly to applicable data privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), and are dedicated to maintaining a privacy-first environment in all our practices.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all personal data processed by One Sun Art through our website, services, and any related communication channels. For the purposes of the GDPR and other applicable data protection laws, One Sun Art is the “data controller” responsible for the processing of your personal data as described herein.
3. Categories of Personal Data We Process
We process the following categories of personal data, depending on your interaction with the site:
a. Usage Data
Information automatically collected when you visit onesunart.com, including your IP address, browser type and version, time zone setting, device identifiers, referring URLs, interaction data (e.g., pages viewed), and session duration.
b. Account Data
Data you provide when creating an account, including your full name, email address, phone number, shipping and billing addresses, and login credentials.
c. Profile Data
Details derived from account use, such as saved preferences, purchase history, wishlist items, and behavioral data such as shopping patterns.
d. Communication Data
Records of your interactions with us, including customer service inquiries, feedback submissions, email correspondence, and messages sent through our contact forms.
e. Technical Data
Specifics regarding the device and technology you use to interact with our website, including operating system, platform, screen resolution, and user-agent information.
f. Transaction Data
Financial and transactional data related to orders placed, including purchase history, payment method (encrypted), transaction IDs, delivery details, and return/refund information.
g. Preference Data
Your expressed preferences regarding marketing communications, product interests, notification settings, and consent to data processing for specific purposes.
4. Legal Bases for Processing
We process your personal data under the following lawful bases, as permitted by the GDPR:
– Consent: Where you have given clear permission for us to process your data, such as for marketing emails.
– Contractual Necessity: To fulfill obligations under a contract, e.g., delivering products or processing payments.
– Legitimate Interests: To manage, improve, and personalize our services, provided that your rights and freedoms are not infringed.
– Legal Obligation: When required to comply with an applicable legal or regulatory requirement.
5. Your Rights
Under relevant data protection laws, you have the following rights:
– Right of Access: You can request to know what personal data we hold about you.
– Right to Rectification: You can request correction of inaccurate or incomplete data.
– Right to Erasure: You may ask us to delete your data, under certain conditions.
– Right to Restrict Processing: You can request limited use of your data where applicable.
– Right to Data Portability: You can request to receive your data in a structured, commonly used, and machine-readable format.
– Right to Object: You may object to specific types of processing, including direct marketing.
– Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time.
CCPA Consumers in California also have the right to:
– Know what categories and specific pieces of personal information are collected.
– Delete personal information, subject to exceptions.
– Opt out of the sale or sharing of personal data (One Sun Art does not sell personal data).
– Not be discriminated against for exercising privacy rights.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement robust measures to protect your data from unauthorized access, disclosure, destruction, or alteration, including:
– End-to-end encryption during data transmission.
– Role-based access controls ensuring only authorized personnel access sensitive data.
– Secure servers with regular patch management and vulnerability auditing.
– Regular automated and encrypted backups of data.
– Employee training on data privacy and security best practices.
7. International Data Transfers
If and when personal data is transferred outside the European Economic Area (EEA) or California, we ensure adequate protection by:
– Entering into standard contractual clauses approved by the European Commission or other competent authorities.
– Ensuring that recipients are located in jurisdictions deemed to provide an adequate level of data protection.
– Using secure transmission protocols and data handling practices in compliance with legal safeguards.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Specific retention periods include:
– Account Data: Retained as long as the account is active plus 6 years for legal compliance.
– Transaction Data: Retained for 7 years for tax and accounting requirements.
– Communication Data: Retained for 3 years following closure of support tickets.
– Usage and Technical Data: Retained for up to 2 years for analytics and security evaluation.
– Marketing Preferences: Retained until consent is withdrawn.
After expiration of retention periods, data is securely deleted or anonymized.
9. Cookie Policy
Our website uses cookies and similar technologies to enhance user experience and optimize functionality. Categories of cookies used include:
– Essential Cookies: Necessary for site operation, such as login or shopping cart functionality.
– Functional Cookies: Enable us to store user preferences and improve usability.
– Analytics Cookies: Help us understand how visitors interact with the site (e.g., Google Analytics).
– Performance Cookies: Monitor overall site performance to optimize responsiveness.
10. Cookie Management and Compliance
You can manage your cookie preferences upon your first visit via the cookie banner, and at any time thereafter through your browser settings or by contacting us. We honor Do Not Track (DNT) signals and comply with both GDPR and CCPA regulations regarding consent and opt-out capabilities.
Visitors from jurisdictions that require opt-in consent before storing non-essential cookies (including the EEA) will be prompted to provide explicit consent before such cookies are deployed.
11. Children’s Privacy
Our website and services are not intended for children under the age of 13, and we do not knowingly collect or solicit personal data from children. If we become aware that we have collected data from a child without parental consent, we will promptly delete that data. Parents or guardians who believe their child may have submitted personal data may contact us at [email protected].
12. Policy Updates
We may amend or update this Privacy Policy to reflect operational, legal, or regulatory changes. We will notify users of any significant changes through appropriate channels, such as via the website or email correspondence. Continued use of onesunart.com following such updates constitutes acceptance of the revised policy.
13. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal information, please reach out via email at [email protected]. We are committed to addressing privacy-related inquiries promptly and transparently.
—
We maintain our practices in full compliance with applicable data protection laws, including the GDPR and CCPA. For any concerns about your rights or the use of your data, we welcome you to contact [email protected].