Privacy Policy for Kissing the Canvas
1. Introduction
At Kissing the Canvas (“Company”, “we”, “us”, or “our”), accessible at kissingthecanvas.com, we are fully committed to safeguarding your privacy and protecting your personal data in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy is designed to inform you of how we collect, use, disclose, store, and safeguard your information when you interact with our website, services, or communicate with us.
2. Scope of the Policy and Data Controller Role
This Privacy Policy applies to all users who visit, use, or interact with the website kissingthecanvas.com or engage with our services in any form. Kissing the Canvas is the data controller for the personal data collected through this website and related services. As the data controller, we determine the purposes and methods for processing your personal information in compliance with applicable data protection regulations.
3. Categories of Personal Data We Process
We collect and process various categories of personal data, either directly from you or automatically through your use of our website or services. These categories include:
a) Usage Data
Includes details about how you interact with the site, such as your IP address, browser type, device identifiers, pages visited, time spent on pages, referring URL, and interaction behavior.
b) Account Data
Information voluntarily provided when creating an account or placing an order, including your full name, billing and shipping address, email address, and telephone number.
c) Profile Data
Includes user-specific settings, saved preferences, past orders, purchase history, and behavioral interactions within the website interface.
d) Communication Data
Covers correspondence sent to or received from us, such as support inquiries, contact form submissions, and any associated metadata (e.g., timestamps, contact channel used).
e) Technical Data
Device and environment information such as platform type, operating system, hardware characteristics, browser language, and screen resolution.
f) Transaction Data
Includes payment information (processed through secure third-party processors), billing records, delivery tracking, and order confirmations.
g) Preference Data
Includes information regarding your consent preferences (such as marketing opt-ins), interests, and product category preferences, where provided.
4. Legal Bases for Processing
We process your personal data under the following lawful bases as defined by the GDPR and other applicable laws:
– Consent: Where required, we seek your explicit consent before we collect or process certain personal data, particularly in relation to cookies and direct marketing.
– Contractual Necessity: We process data to fulfill a contract with you, including completing transactions, providing services, and handling customer support.
– Legal Obligation: We may process personal data as required to comply with laws and regulatory requirements.
– Legitimate Interests: In some instances, we may process your data to pursue our legitimate interests provided such interests are not overridden by your rights and freedoms. This includes analytics, site optimization, fraud prevention, and securing our platform.
5. Your Rights
Under GDPR and, where applicable, the CCPA, you have the following rights concerning your personal data:
– Right of Access: You may request a copy of the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure (“Right to be Forgotten”): You have the right to request deletion of your personal data where legal grounds permit.
– Right to Restriction: You may request that we restrict the processing of your data where applicable.
– Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format for transfer to another controller.
– Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
– Rights under CCPA: California residents may exercise additional rights, such as requesting disclosure, deletion, and opting out of the sale or sharing of personal information.
To exercise any of the above rights, please contact us at [email protected]. For identity verification, additional information may be requested.
6. Security Measures
We implement a range of administrative, technical, and organizational safeguards to ensure the integrity and confidentiality of your personal data, including:
– SSL/TLS encryption for data in transit
– Restricted access controls and authentication mechanisms
– Regular data backups and disaster recovery protocols
– Staff training on data protection and internal awareness policies
– Regular security audits and vulnerability assessments
7. International Data Transfers
When personal data is transferred outside the European Economic Area (EEA) or other jurisdictions with differing privacy standards, we ensure adequate protection through:
– Standard contractual clauses approved by the European Commission
– Certification mechanisms or privacy frameworks, where applicable
– Regional compliance protocols in accordance with local laws
By using kissingthecanvas.com, you consent to the transfer of your personal data to jurisdictions which may not offer the same level of data protection as your own.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
– Usage Data: 12–24 months, stored for analytical and security purposes
– Account Data: Retained until account deletion or 6 years after last activity
– Transaction Data: Retained for up to 7 years for legal and tax obligations
– Communication Data: Retained for up to 3 years for support and compliance
– Preference Data: Retained for 2 years post last user interaction or until revoked
– Technical Data: Purged periodically, typically within 12 months
Once retention periods expire, personal data is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar tracking technologies to enhance your browsing experience, analyze traffic, and serve targeted content. Categories of cookies used include:
– Essential Cookies: Required for site operation and security
– Functional Cookies: Enable personalization and remembering user preferences
– Analytics Cookies: Help us measure performance and usage patterns
– Performance Cookies: Assist in improving responsiveness and design optimization
Some cookies may be placed by third-party service providers acting on our behalf.
10. Cookie Management and Compliance
You have complete control over your cookie preferences. Upon your first visit to kissingthecanvas.com, you will be presented with options to accept or manage your cookie settings in accordance with GDPR and CCPA obligations. You may also modify your preferences at any time via the cookie consent banner or your browser settings. For California users, requests to opt out of cookie-based data sharing may be submitted via our designated “Do Not Sell or Share My Personal Information” link where available.
11. Children’s Privacy
Our services are not directed to or intended for children under the age of 13. We do not knowingly collect personal data from children without verifiable parental consent. If we become aware that personal information was collected from a child under 13, we will take immediate steps to delete the information. Parents or guardians with concerns should contact us at [email protected].
12. Policy Updates and Notifications
We reserve the right to amend this Privacy Policy as our services evolve or as legal requirements change. We will notify users of material changes by updating this page and, where appropriate, via direct communication (e.g., email or on-site notice). Continued use of kissingthecanvas.com following any amendments indicates your acceptance of the revised terms.
13. Contact Us
For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us at:
We are committed to ensuring full compliance with data protection obligations and respecting your privacy rights at all times.