Privacy Policy - Offsite Gallery

1. Introduction

At Offsite Gallery (“we,” “our,” or “us”), accessible at offsite-gallery.com, we are committed to safeguarding your personal data and respecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and protect your information where it relates to your use of our website and services. We value privacy as a fundamental human right and handle all personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Scope of Policy and Role as Data Controller

This Privacy Policy applies to all users, visitors, and customers who access or interact with offsite-gallery.com, including any subdomains or connected services. Offsite Gallery acts as the “data controller” in relation to the personal data collected and processed through the website. This means we determine the purposes and means by which your personal data is processed.

3. Categories of Personal Data We Process

We collect and process various categories of personal data, including but not limited to:

a) Usage Data
Information on how you use offsite-gallery.com, such as IP address, geographic location, browser type and version, operating system, referral sources, length of visit, page views, and navigation paths.

b) Account Data
Information you provide for account registration and management, including your name, billing and shipping addresses, email address, and phone number.

c) Profile Data
Preferences, purchase history, user behavior, and settings associated with your user profile.

d) Communication Data
Messages, inquiries, customer service interactions, email exchanges, and other forms of correspondence initiated through offsite-gallery.com.

e) Technical Data
Device identifiers, operating system information, language preferences, browser configurations, screen resolution, and other technical aspects of the devices you use to access our services.

f) Transaction Data
Records of products or services purchased, billing details, payment method, payment confirmations, and delivery information.

g) Preference Data
Marketing preferences, communication opt-ins, product interest tags, and notification settings chosen by you.

4. Legal Bases for Processing

We process personal data under the following legal bases, as required by the GDPR:

– Legitimate Interests: To understand how our services are used, prevent abuse, and maintain security and performance standards.
– Contractual Necessity: To create or fulfill agreements made with you, including purchase and delivery of goods or services.
– Consent: Where you have clearly and affirmatively given us permission—for example, to receive marketing emails.
– Legal Obligation: When we are required to comply with a legal or regulatory obligation.

Under the CCPA, you have the right to know what categories of personal information are collected and the purposes for which that information is used.

5. Your Rights

Subject to applicable law, you may exercise the following rights in relation to your personal data:

– Right of Access: Obtain confirmation of whether we process your data and access a copy of your personal information.
– Right to Rectification: Request corrections to any inaccurate or incomplete data we hold about you.
– Right to Erasure: Request deletion of your personal data where legally permissible.
– Right to Restriction: Restrict the processing of your data under certain circumstances.
– Right to Data Portability: Receive a structured, machine-readable copy of your data or request its transfer to another controller.
– Right to Object: Object to processing of your data based on legitimate interests or for direct marketing purposes.

To exercise any of the above rights, please contact us at [email protected]. We may require identity verification to ensure the protection of your data.

6. Security Measures

We implement appropriate technical and organizational safeguards to protect personal data, including but not limited to:

– Encryption of data during transmission using SSL and HTTPS protocols.
– Role-based access controls and authentication protocols.
– Secure data storage and regular system backups.
– Staff training on data protection principles and incident response.

While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

7. International Transfers

Your data may be processed in countries outside your country of residence. Where personal data is transferred outside the European Economic Area (EEA) or California, we ensure safeguards through:

– Standard Contractual Clauses approved by the European Commission.
– Binding Corporate Rules or other approved mechanisms.
– Compliance with regional data protection laws and regulations.

8. Data Retention

We retain data only for as long as necessary to fulfill the purposes outlined in this policy:

– Usage Data: Retained for up to 12 months for analytics and security.
– Account Data: Retained while your account is active and for up to 6 years thereafter for compliance purposes.
– Communication Data: Retained for up to 3 years after last interaction.
– Transaction Data: Retained for up to 7 years for financial and legal obligations.
– Technical/Preference/Profile Data: Retained while relevant or until you request deletion or update.

When data is no longer required, it is securely deleted or fully anonymized.

9. Cookie Policy

Offsite-gallery.com uses cookies and similar technologies to enhance your browsing experience. Cookies used include:

– Essential Cookies: Required for the operation of the website, such as user session management and navigation.
– Functional Cookies: Enable personalized features like saved preferences.
– Analytics Cookies: Collect anonymized data on usage patterns to improve site functionality.
– Performance Cookies: Monitor visitor behavior and site performance for optimization.

10. Cookie Management and Regulatory Compliance

You may control cookie settings via your browser or through our on-site cookie consent banner. On your first visit, you will be prompted to accept or reject non-essential cookies in compliance with GDPR and CCPA. You may update your preferences at any time by accessing cookie settings on our website or by clearing your browser cookies.

Under the CCPA, California residents also have the right to opt out of the “sale” of their personal data. We do not sell your personal data as defined by the CCPA.

11. Children’s Privacy

Offsite Gallery does not knowingly collect or solicit personal information from children under the age of 13. If we discover that a child under 13 has provided us with personal data, we will promptly delete such information from our records. Parents or guardians who believe that their child may have submitted personal data are encouraged to contact us immediately at [email protected].

12. Policy Updates and Notifications

We reserve the right to update or amend this Privacy Policy at any time to reflect changes in our practices or legal obligations. You are encouraged to review the policy periodically. Where material changes are made, we will notify users via email or a notice on offsite-gallery.com.

13. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:

Email: [email protected]

We are committed to handling your inquiry quickly and in accordance with lawful data protection standards.

Compliance Statement

Offsite Gallery is dedicated to privacy compliance in line with the GDPR, CCPA, and other applicable privacy legislation. Users may contact us at any time to exercise their rights or raise concerns related to the handling of their personal data.