Privacy Policy

Last updated: January 2025

Information We Collect

When you visit Edmund Dantes Studio, we collect:

• Information you provide during checkout (name, email, shipping address, phone number)
• Basic analytics about how you interact with our artwork
• Technical information such as browser type and IP address

Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract Performance: Processing necessary to fulfill your order (name, address, payment details)
• Legitimate Interest: Analytics to improve our website and understand how visitors engage with artwork
• Consent: Marketing emails and newsletters (only with your explicit opt-in)

How We Use Your Information

We use your information to:

• Process and fulfill your orders
• Improve our website and artwork collections
• Send order confirmations and shipping updates
• Analyze how visitors interact with our artwork

Your Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Data Portability: Request your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for marketing communications at any time

To exercise any of these rights, contact us at [email]. We will respond within 30 days.

If you are in the EU/EEA, you also have the right to lodge a complaint with your local data protection authority.

Data Retention

We retain your personal data for the following periods:

• Order records: 7 years (for accounting and legal compliance)
• Analytics data: 26 months
• Marketing list: Until you unsubscribe or request deletion
• Customer inquiries: 3 years after last contact

Data Storage and Security

Your data is securely stored using industry-standard encryption. We use:

• Stripe for secure payment processing (PCI-DSS compliant)
• MongoDB Atlas for order and analytics data (encrypted at rest)
• Netlify for website hosting (SOC 2 compliant)

Your data may be transferred to and processed in the United States, where our service providers operate. These providers maintain appropriate data protection safeguards.

Cookies and Tracking

We use essential cookies to:

• Remember your shopping cart items
• Track basic site analytics
• Improve site performance

We use Google Analytics 4 for website analytics. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Third-Party Services

We work with trusted partners who process data on our behalf:

• Stripe (payment processing)
• MongoDB Atlas (data storage)
• Netlify (hosting)
• Google Analytics (website analytics)

We have Data Processing Agreements with our service providers to ensure your data is protected.

California Residents (CCPA)

If you are a California resident, you have additional rights:

• Right to know what personal information we collect and how it is used
• Right to delete personal information we have collected
• Right to opt-out of the sale of personal information

We do not sell your personal information. To exercise your CCPA rights, contact us using the information below.

Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify affected users within 72 hours as required by GDPR and applicable laws.

Children's Privacy

This website is not intended for users under 16 years of age. We do not knowingly collect personal information from children.

Contact Us

For privacy questions or to exercise your data rights, contact us at:

Email: [email]

We aim to respond to all privacy requests within 30 days.