Merchantartistic

Privacy Policy

Last updated: February 20, 2025

1. Introduction

Merchantartistic ("we," "our," or "us") operates the website https://merchantartistic.world (the "Website"). We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy explains in detail how we collect, use, disclose, retain, and safeguard your information when you visit our Website, purchase our products, or interact with our services.

This policy is designed to comply with the General Data Protection Regulation (GDPR) applicable in the European Union and European Economic Area, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable federal and state data protection laws in the United States, including sector-specific regulations where relevant.

By using our Website, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any aspect of this policy, you must discontinue use of our Website and services immediately.

2. Data Controller

The data controller responsible for your personal data is:

Merchantartistic
47315 Van Dyke Ave
Shelby Township, MI 48317
United States

Email: contact@merchantartistic.world

Phone: +1 586 326 0006

3. Personal Data We Collect

We may collect and process the following categories of personal data, as applicable to your interactions with us:

  • Identity Data: Full name, title, date of birth (where necessary for age verification or product suitability).
  • Contact Data: Email address, telephone number, mailing address, billing address, shipping address.
  • Transaction Data: Order details, order history, payment information (including card type and last four digits; full payment details are processed by our secure payment providers and not stored by us), purchase history, refund and return records.
  • Technical Data: Internet protocol (IP) address, browser type and version, browser plug-in types and versions, operating system and platform, device information (including device type, unique device identifiers), time zone setting, screen resolution.
  • Usage Data: Information about how you use our Website, including pages visited, page interaction information (such as scrolling, clicks, and mouse-overs), time spent on pages, navigation paths, search terms used, download errors, and access times.
  • Marketing and Communications Data: Your preferences for receiving marketing communications, opt-in and opt-out choices, communication history with our customer service team, and feedback you provide to us.

4. How We Collect Your Data

We collect personal data through the following methods:

  • Direct Interactions: When you fill out forms on our Website (including order forms, contact forms, registration forms, and feedback forms), create an account, subscribe to our newsletter, place an order, request support, participate in surveys or promotions, or correspond with us via email, phone, or postal mail.
  • Automated Technologies or Interactions: As you navigate our Website, we may automatically collect Technical Data and Usage Data through cookies, web beacons, pixel tags, server logs, and similar tracking technologies. These technologies help us analyze traffic patterns, prevent fraud, and improve user experience. For comprehensive details, please see our Cookie Policy.
  • Third Parties or Publicly Available Sources: We may receive personal data from third parties such as payment processors (for transaction confirmation), shipping and logistics partners (for delivery status), analytics providers (for aggregated usage insights), advertising networks (where you have consented), and publicly available sources (e.g., social media profiles where you have made information public and have interacted with our content).

5. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and on the following legal bases:

  • Order Fulfillment: To process and deliver your orders, manage payments, and provide customer service. Legal basis: Performance of a contract.
  • Website Operation: To ensure the proper functioning, security, and optimization of our Website. Legal basis: Legitimate interests.
  • Communication: To respond to your inquiries, send order confirmations, and provide support. Legal basis: Performance of a contract or legitimate interests.
  • Marketing: To send promotional communications (with your consent). Legal basis: Consent.
  • Analytics: To analyze Website usage, improve our services, and understand customer behavior. Legal basis: Legitimate interests or consent, depending on the type of analytics.
  • Legal Compliance: To comply with legal obligations, including tax, accounting, and regulatory requirements. Legal basis: Legal obligation.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, and in accordance with applicable legal, regulatory, tax, accounting, or reporting requirements. Our retention periods are as follows:

  • Order and Transaction Data: Retained for a minimum of 7 years from the date of the transaction for accounting, tax, and legal compliance purposes, as required by applicable laws.
  • Contact and Customer Service Data: Retained for 3 years after the last interaction, unless a longer retention period is required for legal proceedings or regulatory compliance.
  • Marketing Data: Retained until you withdraw consent or opt out of marketing communications. We will process your opt-out request promptly and cease marketing communications within 10 business days.
  • Technical and Usage Data: Retained for up to 2 years for analytics, security monitoring, and fraud prevention purposes.
  • Cookie Data: Retention periods vary by cookie type; please refer to our Cookie Policy for specific retention periods.

After the applicable retention period expires, we will securely delete or anonymize your personal data so that it can no longer be associated with you. In some cases, we may retain anonymized or aggregated data indefinitely for statistical and analytical purposes.

7. Data Security

We implement appropriate technical and organizational measures designed to protect your personal data against unauthorized access, alteration, disclosure, loss, or destruction. Our security measures include, but are not limited to:

  • Encryption: Encryption of data in transit using industry-standard TLS/SSL (HTTPS) protocols. Sensitive data stored on our servers may be encrypted at rest using AES-256 or equivalent standards.
  • Access Controls: Role-based access controls limiting data access to authorized personnel on a need-to-know basis. Multi-factor authentication may be used for administrative access.
  • Secure Infrastructure: Hosting environments with physical and logical security controls, including firewalls, intrusion detection systems, and regular vulnerability scanning.
  • Policies and Training: Internal policies on data handling, confidentiality, and security. Regular training for employees and contractors who process personal data.
  • Incident Response: Procedures for detecting, reporting, and responding to data security incidents in accordance with applicable breach notification laws.

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of any account credentials and for all activities that occur under your account.

8. Data Sharing and Disclosure

We may share your personal data with:

  • Service Providers: Payment processors, shipping and logistics partners, email service providers, hosting providers, and analytics services that assist us in operating our Website and business.
  • Legal Authorities: When required by law, court order, or to protect our rights, property, or safety.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, where your data may be transferred as part of the transaction.

We require all third parties to respect the security of your data and to treat it in accordance with the law. We do not sell your personal data to third parties.

9. International Data Transfers

Your personal data may be transferred to, stored, and processed in countries outside the United States or your country of residence. Our servers and service providers may be located in jurisdictions that do not offer the same level of data protection as your home country.

Where we transfer personal data from the European Economic Area (EEA) or United Kingdom to countries that have not been deemed to provide an adequate level of data protection, we implement appropriate safeguards. These may include Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Agreement, Binding Corporate Rules (where applicable), or other transfer mechanisms permitted under applicable law. You may request a copy of the safeguards we use for such transfers by contacting us.

10. Your Rights

Depending on your location and applicable law, you may have the following rights in relation to your personal data:

  • Right of Access: Request a copy of the personal data we hold about you, including information about the purposes of processing, categories of data, recipients, and retention periods.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data. We will correct such data without undue delay.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data in certain circumstances, such as where the data is no longer necessary, you withdraw consent, or the data was processed unlawfully. This right is subject to exceptions where we are required to retain data by law.
  • Right to Restrict Processing: Request that we limit how we use your data (e.g., while we verify the accuracy of data or where you have objected to processing).
  • Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible, where processing is based on consent or contract and carried out by automated means.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes. We will cease such processing unless we have compelling legitimate grounds that override your interests.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Right to Lodge a Complaint: Lodge a complaint with a supervisory authority in your country of residence, place of work, or place of the alleged infringement. For EU residents, a list of data protection authorities is available at edpb.europa.eu.

To exercise any of these rights, please contact us using the details in Section 13. We will respond to your request without undue delay and in any event within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request. We do not charge a fee for processing such requests unless the request is manifestly unfounded or excessive.

CCPA/CPRA Rights (California Residents): If you are a California resident, you have additional rights including the right to know what personal information is collected, the right to delete personal information, the right to opt-out of the "sale" or "sharing" of personal information, the right to correct inaccurate personal information, and the right to non-discrimination for exercising these rights. Please note that we do not sell or share personal information as defined under the CCPA/CPRA. To exercise your CCPA rights, contact us as provided in Section 13.

11. Children's Privacy

Our Website and products are not intended for individuals under 18 years of age. We do not knowingly collect, use, or disclose personal data from children under 18. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately. Upon verification, we will take steps to delete such information from our systems. If you are under 18, please do not provide any personal data on our Website or use our services.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes that materially affect how we use your personal data, we may also notify you by email (if we have your email address) or by a prominent notice on our Website. Your continued use of our Website after such changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically to stay informed about how we protect your information.

13. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us at:

Merchantartistic
47315 Van Dyke Ave, Shelby Township, MI 48317, United States

contact@merchantartistic.world

+1 586 326 0006