Privacy Policy
ArtsGalleri Privacy Policy
Effective date: August 12, 2025
Applies to: artsgalleri.com, our mobile experiences, and any site or service that links to this Policy (the “Services”).
ArtsGalleri (“ArtsGalleri,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains what we collect, why we collect it, how we use and share it, how long we keep it, and the choices and rights you have. If you do not agree with this Policy, please do not use the Services.
1) Who we are & how to contact us
- Controller: ArtsGalleri, Stackvägen 18, Sollentuna, Sweden
- Website:https://artsgalleri.com/
- Email: info@artsgalleri.com
- Phone: +46 8 559 227 86
- EU/EEA: ArtsGalleri is established in Sweden and is the controller for EEA users.
- UK representative (if/when appointed): We will update this Policy; until then, UK users can contact us at the details above.
- Data Protection Officer: Not appointed. You can still contact us about any privacy question at info@artsgalleri.com.
2) Scope
This Policy covers personal information we collect online through the Services and offline interactions related to an online order or customer support case. It does not cover third-party websites or services you access via links; their policies apply.
3) What we collect, why, legal basis, how long & who receives it
We aim to collect the minimum data needed. This table maps categories to purposes, legal bases (EEA/UK), retention and typical recipients.
| Category (examples) | Purpose(s) | Legal basis (EEA/UK) | Typical retention | Main recipients/processors |
|---|---|---|---|---|
|
Identifiers & contact: name, email, phone, shipping/billing address; account ID |
Create/manage account; fulfill and deliver orders; service messages; support |
Contract (Art. 6(1)(b)); Legitimate interests for support (6(1)(f)); Legal obligation for records (6(1)(c)) |
Orders & invoices 7–10 years (tax/audit); support threads 12–24 months after closure; account data until deletion/inactivity (36 months) |
Commerce platform; order & warehouse systems; carriers; support tools |
|
Payment details: tokenized card info, last 4 digits, payment status (we do not store full card numbers or CVV) |
Take payment, refunds, fraud prevention |
Contract; Legitimate interests; Legal obligation |
Transaction logs 7–10 years; fraud signals up to 36 months |
Payment processors (e.g., our card processor). Full card data stays with the processor. |
|
Commercial data: order history, cart contents, wishlist |
Fulfillment; returns; analytics; personalized experience |
Contract; Legitimate interests |
Order history 5 years for service; analytics derivatives 12–24 months |
Commerce platform; analytics providers |
|
Device/usage data: IP address, device IDs, pages viewed, clicks, session timestamps, approximate location |
Secure the Services; debug/performance; improve UX |
Legitimate interests; Consent where required |
Raw logs 30–180 days; analytics reports 12–24 months |
Hosting/CDN/security; analytics providers |
|
Session replay / product analytics: events like page views, clicks, mouse movements; we mask fields that may contain passwords, payment or other sensitive entries |
Understand flows; fix issues; improve features |
Legitimate interests; Consent where required |
Up to 12 months
|
Session replay/analytics provider(s) configured to mask sensitive inputs |
|
Marketing & advertising data: cookie IDs, ad IDs, referral source, campaign metrics, inferences |
Show and measure ads; limit frequency; newsletters |
Consent where required; Legitimate interests; For “sharing” (US CPRA), opt-out honored |
IDs up to 12 months from last activity; email until you unsubscribe |
Ad/measurement partners (e.g., platforms you use to see our ads) |
|
Communications: emails, chat, reviews, survey responses |
Customer support; publish reviews you submit; service improvements |
Contract/Legitimate interests; Consent for publishing where required |
Support threads 12–24 months; published reviews until you remove them |
Support desk and reviews platform |
|
Fraud & security signals: device fingerprint, failed payments, abuse indicators |
Detect/prevent fraud and abuse; protect users |
Legitimate interests; Legal obligation |
Up to 36 months depending on risk |
Fraud tools; payment processors |
|
Photos/art submissions (if applicable) |
Custom framing/printing; user galleries (with permission) |
Contract; Consent for showcasing |
Project files 12 months after completion unless you ask us to retain; showcased items until you withdraw consent |
Print partners; asset hosting |
We do not sell personal information for money. In some regions (e.g., California), “sharing” for cross-context behavioral advertising is a defined term—see Section 10 for opt-out options and Global Privacy Control.
4) Sources
- Directly from you (checkout, account, support).
- Automatically from your devices (cookies/SDKs/server logs).
- From partners (ad platforms, payment processors, fraud tools) and from social logins if you connect them (you control what is shared via your social platform settings).
5) Cookies & similar technologies
We use necessary, performance, functional, and advertising cookies/SDKs. Where required, we obtain consent before placing non-essential cookies.
- Manage preferences: Use our cookie banner and settings (link from footer).
- Global Privacy Control (GPC): When we detect a GPC signal, we treat it as an opt-out of sale/share and targeted advertising where legally recognized.
- Analytics/session replay: Configured to mask password, payment, and other sensitive fields; we disable keystroke capture on such fields.
See our Cookie Notice (linked from the banner) for provider details and lifetimes.
6) How we use personal information
To operate and secure the Services; fulfill orders and provide support; process payments and prevent fraud; personalize content and recommendations; run analytics and A/B tests; deliver and measure marketing; comply with law; and defend legal claims. We do not use sensitive personal information (e.g., precise geolocation, government IDs, full financial account numbers) to infer characteristics or for targeted advertising.
7) Disclosures to third parties
We share personal information with:
- Service providers / processors (hosting/CDN, commerce platform, payment processors, carriers, customer support, analytics/session replay, email/SMS, reviews, printing/fulfillment).
- Advertising/measurement partners (when you consent or where allowed) for targeted ads and measurement; you can opt out (see Section 10).
- Affiliates under common control, bound to this Policy.
- Authorities / legal requests where required by law or to protect rights, safety, or our users.
- Corporate transactions (e.g., merger/acquisition); your information will continue to be protected consistent with this Policy.
We require contracts, confidentiality, and (where applicable) data processing agreements with processors. See Annex A for our current core processors (kept up to date).
8) International data transfers
We operate globally. When we transfer personal information internationally, we use recognized safeguards such as:
- Adequacy decisions (where applicable),
- EU Standard Contractual Clauses (SCCs) and the UK IDTA/Addendum, and
- Additional measures (encryption in transit/at rest, strict access controls).
Details appear in Annex A and in our data processing addendum for business customers (available on request).
9) Security
We use administrative, technical, and organizational measures appropriate to the risk, including encryption in transit, least-privilege access, MFA for internal tools, logging/alerting, vulnerability management, and vetted vendors. No system is 100% secure; please use a strong unique password and keep your credentials confidential.
If we become aware of a breach affecting your data, we will notify you and/or regulators as required by law.
10) Your choices & rights
Marketing & preferences
- Email/SMS: Opt out any time via the message or by contacting us at info@artsgalleri.com.
- Cookies/Ads: Use the cookie settings and your platform tools (e.g., ad preferences in Google/Meta/TikTok, etc.).
- GPC: We honor Global Privacy Control signals as an opt-out of sale/share and targeted ads where recognized.
Region-specific rights (summary)
Depending on your location, and subject to verification and legal exceptions, you may have the right to:
- Access (know) and port your data,
- Correct inaccurate data,
- Delete data,
- Opt out of targeted advertising, sale or sharing, and certain profiling,
- Limit use/disclosure of sensitive personal information,
- Withdraw consent (where processing relies on consent),
- Appeal a rights decision (where required).
How to exercise: Email info@artsgalleri.com with your request. We may ask for reasonable information to verify your identity (and, in some regions, accept requests from an authorized agent with suitable proof). We won’t discriminate against you for exercising your rights.
California “Notice at Collection”:
We collect the categories in Section 3 for the purposes listed there, retain them for the periods shown, and disclose them to the recipients listed. We do not sell personal information for money. We may share identifiers, internet/usage data, commercial data and inferences with advertising partners for cross-context behavioral advertising unless you opt out via Your Privacy Choices (link in the site footer) or a valid GPC signal. We do not use or disclose sensitive personal information for purposes that require a “Limit Use of Sensitive PI” link.
EEA/UK/Switzerland (GDPR/UK GDPR):
You may request access, rectification, erasure, restriction, objection, and portability, and object to profiling used for direct marketing. You can also lodge a complaint with your local supervisory authority (in Sweden: Integritetsskyddsmyndigheten (IMY)).
Brazil (LGPD), Canada (PIPEDA), Australia and other regions:
Comparable rights may apply; contact us using the details above.
Appeals (US states where applicable): If we deny your request, you can appeal by replying to our decision within 45 days. If you still disagree, you may contact your state attorney general or local data protection authority.
11) Children
Our Services are intended for adults. We do not knowingly collect personal information from children under 13 (or a higher age where local law requires parental consent, e.g., 16 in parts of the EEA for certain processing). If you believe a child provided data, contact us and we will delete it.
12) Automated decision-making & profiling
We use basic profiling (e.g., browsing or purchase history) to personalize content and ads. We do not conduct automated decisions that produce legal or similarly significant effects without human involvement. Where local law gives you rights related to profiling, you can exercise them via Section 10.
13) Retention
We keep personal information only as long as needed for the purposes stated, to comply with law, resolve disputes, and enforce agreements. See the Retention column in Section 3. When data is no longer needed, we delete or de-identify it. Aggregated and de-identified data is not subject to this Policy.
14) Payments
Payments are processed by our third-party payment processor(s). Full payment card numbers and CVV are not stored by ArtsGalleri. Processors may use your data solely to process payments, combat fraud, and comply with law.
15) Third-party links, social logins & user content
Our Services may link to external sites; their policies govern those sites. If you choose social login or connect a social account, we receive the data you authorize (you can revoke access in that platform’s settings). Reviews, comments, and other user-generated content may be publicly visible—please don’t post personal information you wouldn’t want public.
16) International customers & representatives
Because we are established in the EEA (Sweden), we do not need an EU representative. If we appoint a UK representative, we will update this Policy.
17) Changes to this Policy
We may update this Policy to reflect changes in our practices or the law. We’ll post the new effective date and, where required, provide notice and/or obtain consent. Your continued use of the Services means you accepts the updated Policy.
18) Contact & complaints
Questions or requests? info@artsgalleri.com or:
ArtsGalleri – Privacy
Stackvägen 18, Sollentuna, Sweden
Phone: +46 8 559 227 86
If you are in the EEA/UK/Switzerland, you also have the right to lodge a complaint with your local data protection authority (in Sweden: Integritetsskyddsmyndigheten (IMY)). In California and other US states, you may contact your state attorney general.