PRIVACY POLICY

At Kissing the Canvas (“we,” “our,” or “us”), accessible at kissingthecanvas.com (the “Website”), we are committed to protecting your privacy and safeguarding the personal data you share with us. This Privacy Policy outlines how we collect, use, disclose, and secure your personal data in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws. Your trust is paramount, and we are dedicated to ensuring the highest standards of privacy, confidentiality, and security.

1. Introduction

We recognize the importance of your personal data and are fully committed to handling it responsibly and transparently. We believe that privacy is a fundamental right, and we implement processes and safeguards that reflect our privacy-first approach. Whether you are browsing our website, making a purchase, or interacting with us in any other way, your data will be treated with the utmost care.

2. Scope of Policy and Role as Data Controller

This Privacy Policy applies to all users of kissingthecanvas.com and related services. It governs how we collect, store, process, and use personal data obtained through our website and related communications.

For purposes of GDPR and relevant data protection laws, Kissing the Canvas acts as the Data Controller of the personal data you provide when using our services. As a Data Controller, we determine the purposes and means of processing your personal information.

3. Categories of Personal Data We Process

We may process the following categories of personal data:

a) Usage Data: Information relating to your interactions with our website, including your IP address, browser type and version, operating system, time zone setting, referring URLs, page views, and duration of site visits.

b) Account Data: Includes your full name, email address, physical address, telephone number, username, and password when you register or create an account.

c) Profile Data: Information associated with your account preferences, purchase history, behavior on the website, wish lists, and user-generated content.

d) Communication Data: Records of your interactions with us, including customer service inquiries, feedback, and correspondence by email or other communication channels.

e) Technical Data: Device type, Internet service provider, screen resolution, system configurations, and diagnostic data used for troubleshooting and performance enhancement.

f) Transaction Data: Information related to purchases you make, including payment method, billing and delivery information, and transaction details (note that payment card data is securely handled by our third-party payment processors and not stored on our servers).

g) Preference Data: Your communication preferences, marketing consents, areas of interest, and product categories relevant to your engagement with us.

4. Legal Bases for Processing

We process your personal data based on one or more legal grounds as defined under applicable data protection laws, including:

– Consent: Where you have provided clear permission for us to process your personal data for a specific purpose (e.g., subscribing to a newsletter).
– Contractual Necessity: Where processing is necessary for the performance of a contract to which you are party or to take steps at your request before entering into such a contract (e.g., fulfilling an order).
– Legitimate Interest: When it is in our legitimate interests (or those of a third party) to use your information, provided your interests and fundamental rights do not override those interests (e.g., improving website performance, preventing fraud).
– Legal Obligation: Where processing is necessary to comply with a legal requirement (e.g., complying with tax obligations).

5. Your Data Protection Rights

Depending on your location and applicable data protection laws, you may have the following rights:

– Right of Access: You have the right to request access to your personal data held by us.
– Right to Rectification: You may request amendment of inaccurate or incomplete data.
– Right to Erasure: Under certain circumstances, you may request the deletion of your personal data.
– Right to Restriction of Processing: You may request that we limit the processing of your personal data in certain situations.
– Right to Data Portability: You can request your personal data in a structured, commonly used, and machine-readable format or request it be transmitted to another data controller.
– Right to Object: You may object to our processing of your personal data where our legal basis for processing is legitimate interest.
– Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at [email protected].

6. Security Measures

We implement and maintain appropriate administrative, technical, and physical security measures designed to protect the confidentiality, integrity, and availability of your personal data. These include:

– Encryption of data during transmission via SSL/TLS protocols.
– Role-based access control to restrict access to authorized personnel only.
– Regular security audits and software patching.
– Offsite and encrypted backups of critical information.
– Employee training on data protection obligations and phishing prevention.

7. International Data Transfers

Where your personal data is transferred outside the European Economic Area (EEA) or your jurisdiction, we ensure such transfers comply with applicable data protection law by implementing appropriate safeguards, including the use of EU Standard Contractual Clauses (SCCs), binding corporate rules, or regulatory mechanisms approved for cross-border data transfers. By using our website, you acknowledge that your personal data may be transferred to and processed in jurisdictions outside your own.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with applicable legal, regulatory, or internal policy requirements. Retention periods vary depending on the type of data:

– Usage and Technical Data: Up to 2 years post-visit.
– Account and Profile Data: Retained while an account is active, and up to 5 years after closure unless otherwise required for legal obligations.
– Transaction Data: Retained for 7 years in accordance with tax and accounting regulations.
– Communication and Preference Data: Up to 2 years after last interaction or until consent is withdrawn.

9. Cookie Policy

Our website uses cookies and similar tracking technologies to provide, enhance, and analyze site functionality and user experience. The types of cookies we use include:

– Essential Cookies: Necessary for the operation and functionality of the site.
– Functional Cookies: Enable enhanced functionality and personalization.
– Analytics Cookies: Allow us to understand how visitors interact with our website (e.g., Google Analytics).
– Performance Cookies: Help us improve speed and performance by collecting aggregated data on site behavior.

Some cookies may be placed by third-party services that appear on our pages.

10. Cookie Management & Compliance

In compliance with GDPR and CCPA, we offer clear options for users to manage their cookie preferences. On visiting kissingthecanvas.com, you will be presented with a cookie consent banner that allows you to:

– Accept all cookies
– Reject non-essential cookies
– Customize preferences

You can also manage cookies through your browser settings and remove previously stored cookies. For California residents, we respect Do Not Track (DNT) signals and offer the ability to opt out of sale of personal information in accordance with CCPA.

11. Children’s Privacy

Our website and services are not designed for or directed to children under the age of 13. We do not knowingly collect personal data from individuals under 13. If we become aware that data has been collected from a child without parental consent, we will promptly delete such data. If you believe that a child under 13 has provided us with personal information, please contact us at [email protected].

12. Changes to This Privacy Policy

We reserve the right to make updates to this Privacy Policy to reflect changes in legal requirements, our data handling practices, or service offerings. Any significant changes will be communicated through appropriate channels including notification on our website. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us at:

Email: [email protected]

This Privacy Policy is a demonstration of our ongoing commitment to privacy, transparency, and accountability. We comply fully with GDPR, CCPA, and other applicable data protection frameworks. For any privacy-related concerns or requests, do not hesitate to reach out to us.

Copyright © 2025 kissingthecanvas, All rights reserved..