Privacy Policy
Offsite Gallery (“we,” “us,” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, process, and protect your personal information when you interact with our website, https://offsite-gallery.com (“Website”), and describes your rights under applicable data privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
1. Commitment to Privacy and Data Protection
At Offsite Gallery, we recognize the importance of safeguarding personal data and are committed to protecting the privacy rights of our visitors, customers, and users. We adopt a privacy-first approach in all our data collection and processing activities. This policy explains how your personal data is gathered, stored, used, shared, and protected in accordance with the highest standards of data protection.
2. Scope of Policy and Role of Data Controller
This Privacy Policy applies to all personal data collected through your use of the Website, any online services associated with it, and communications with us via email or other channels.
For the purposes of data protection laws, Offsite Gallery is the “data controller” of your personal data. Our contact email for any data protection issues is: [email protected].
3. Categories of Personal Data We Collect and Process
We may process the following categories of personal data, depending on your interactions with the Website:
a) Usage Data
Includes information about how you interact with our Website, such as IP address, browser type, access dates and times, pages viewed, time spent on pages, and referring URLs.
b) Account Data
Includes full name, address, email address, phone number, and other contact information provided when creating an account or placing an order on the Website.
c) Profile Data
Includes preferences, purchase history, browsing behavior, wish lists, saved items, and other information related to your interaction with our products and services.
d) Communication Data
Includes content of correspondence with us via email or web forms, customer service interactions, support requests, and communications history.
e) Technical Data
Includes information about the devices you use to access our Website, such as operating system, device type, screen resolution, internet service provider, system configuration, language settings, and diagnostic logs.
f) Transaction Data
Includes order history, payments made, billing/shipping address, and delivery tracking data.
g) Preference Data
Includes marketing and communication preferences, newsletter opt-ins, product interest indications, and consent records.
4. Legal Bases for Processing Personal Data
We rely on a variety of lawful bases to process your data in compliance with GDPR and CCPA, including:
– Consent: Where you have given consent for specific purposes, such as email marketing.
– Contractual Necessity: When the processing is necessary to fulfill a contract or take steps before entering into a contract.
– Legal Obligation: Where we are required to comply with a legal or regulatory obligation.
– Legitimate Interests: When processing is necessary for our legitimate interests, such as improving our Website or preventing fraud, and such interests are not overridden by your rights.
5. Your Data Protection Rights
Under applicable data protection laws, you have the following rights:
– Right of Access: You may request access to your personal data held by us.
– Right to Rectification: You have the right to correct inaccurate or incomplete personal data.
– Right to Erasure: You may request the deletion of your personal data, subject to certain conditions.
– Right to Restriction: You have the right to request restriction of processing where there is a dispute about the accuracy or legitimacy of processing.
– Right to Data Portability: You may request to receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
To exercise any of your rights, please contact us at: [email protected].
6. Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing your personal data. These include:
– Data encryption in transit and at rest
– Role-based access controls and authentication protocols
– Firewall and intrusion detection systems
– Secure servers and hosting environments
– Regular data backups and disaster recovery plans
– Staff training on data protection and confidentiality
7. International Data Transfers
Your personal data may be processed in or transferred to countries outside of your jurisdiction, including those that do not provide the same level of data protection. Where data is transferred internationally, we apply appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission. Transfers to the United States or other third countries are made in compliance with applicable regional regulations.
8. Data Retention
We retain your data only for as long as necessary for the purposes described in this Privacy Policy, which generally means:
– Usage and Technical Data: 14 months after collection
– Account and Profile Data: For the duration of your account and up to 6 years after closure
– Communication Data: 2 years after the last interaction
– Transaction Data: 7 years to satisfy accounting and legal requirements
– Preference Data: Retained until consent is withdrawn or the data becomes obsolete
After the data retention period expires, we securely delete or anonymize the data.
9. Cookie Policy
We use cookies and similar technologies for the following purposes:
– Essential Cookies: Required for the Website to function (e.g., shopping cart, session management)
– Functional Cookies: Store your preferences to enhance your experience (e.g., language selection)
– Analytics Cookies: Help us understand Website usage and improve performance (e.g., Google Analytics)
– Performance Cookies: Monitor system performance and identify bugs to ensure stable operation
10. Cookie Management and Compliance
You have control over your cookie preferences. Upon your first visit to our Website, a cookie consent banner allows you to accept or reject non-essential cookies. You can update your preferences at any time through the cookie settings interface on the Website or by changing your browser settings to reject cookies.
Our use of cookies complies with GDPR requirements in the European Economic Area and CCPA obligations for California residents, including providing opt-out functionality and disclosure of cookie uses.
11. Children’s Privacy
We do not knowingly collect personal data from children under the age of 13. If you are a parent or guardian who believes that your child has provided personal information on our Website, please contact us at [email protected], and we will take appropriate measures to delete such data in accordance with applicable laws.
12. Policy Updates
We reserve the right to modify this Privacy Policy at any time to reflect changes in our processing activities, technologies, legal obligations, or business practices. We will notify users of material changes via the Website or email, where appropriate.
You are encouraged to regularly review this Privacy Policy for the most current information about how we process and protect your data.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:
Email: [email protected]
We are committed to ensuring your privacy is respected and protected. We comply with all applicable privacy regulations, including GDPR, CCPA, and relevant national and international frameworks. If you’d like to learn more or exercise your rights, please reach out to us using the contact details above.