Privacy Policy

This Policy explains how Art Tone collects, uses, discloses, and protects your information when you visit our website, shop artworks, or request commissions.

Last updated: November 10, 2025

1) Who we are & scope

“Art Tone”, “we”, “our”, or “us” refers to the artist website and related shop/commission services presented on this site. This Policy covers information collected online through our website and forms (including commission request forms) and through our direct communications (e.g., email, WhatsApp).

2) Data we collect

  • Identity & Contact: name, email, phone/WhatsApp, address (for shipping).
  • Order & Commission Details: size, medium, palette preferences, deadlines, notes, reference images (if you upload).
  • Payment & Transaction: payment status and amount (payment card data is processed by our payment provider; we do not store full card numbers).
  • Communication: messages you send via email, contact forms, or WhatsApp.
  • Technical: IP address, device/browser data, pages viewed, timestamps, and basic diagnostics/logs.
  • Cookies & Similar: identifiers for remembering preferences, analytics, and (if applicable) marketing.
  • User-Generated Content: comments or media you provide for testimonials or references.

3) How we use your data (purposes & legal bases)

We process personal data for the following purposes and—where GDPR/UK law applies—on these legal bases:

  • Provide the Service & fulfill orders/commissions (contract performance).
  • Respond to inquiries & support (contract or legitimate interests to operate and reply).
  • Payments & fraud prevention (contract; legitimate interests; legal obligation).
  • Shipping & delivery updates (contract).
  • Site functionality, analytics, and improvements (legitimate interests; consent where required).
  • Marketing communications (consent; you can opt out anytime).
  • Compliance with laws, tax & accounting (legal obligation).

4) Sharing & processors

We share data only as needed with trusted providers who help run our website and services (“processors”), such as hosting, email delivery, analytics, payment processing, and shipping carriers. We may also share data when required by law, to protect rights, or in connection with a business transfer.

We do not sell your personal information.

5) Cookies & tracking

We use cookies and similar technologies to keep the site secure, remember preferences, measure performance, and (where applicable) support media embeds.

  • Strictly necessary: security, basic features.
  • Performance/analytics: traffic and usage metrics (aggregated).
  • Functional: remembering choices (e.g., language).
  • Advertising/third-party: only if we enable marketing pixels or media that set cookies.

Your browser lets you block or delete cookies. Blocking may impact site functionality. If a cookie banner is presented, you can manage non-essential cookies there.

6) Analytics, embeds & social

We may use analytics to understand site performance in aggregate. Our pages may include third-party embeds (e.g., YouTube thumbnails), social links, or widgets. These third parties may set their own cookies and collect data per their policies. We do not control third-party tracking.

7) Security

We apply reasonable technical and organizational safeguards to protect your data. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8) Retention

We keep personal data only as long as necessary for the purposes above, including to meet legal, accounting, or reporting requirements. Typical retention: order/commission records for up to 6 years; routine inquiry emails for up to 24 months; analytics data per provider defaults.

9) Your rights

Depending on your region, you may have the right to request: access, correction, deletion, restriction, portability, and to object to certain processing, as well as to withdraw consent at any time (without affecting prior lawful processing). You may also have the right to lodge a complaint with your local supervisory authority.

10) Regional notices

  • EU/EEA & UK (GDPR): Our legal bases are listed above. Where we rely on legitimate interests, we balance them against your rights.
  • Canada (incl. Québec Law 25): You can request access/correction and withdraw consent. If applicable, you may request de-indexing or portability for certain data. A Privacy Officer is identified below.
  • California (CPRA): We do not “sell” or “share” personal information as defined by CPRA. You have rights to know, delete, and correct, subject to verification.

11) International transfers

We may process and store data in countries outside your own. Where required, we use appropriate safeguards (e.g., standard contractual clauses) to protect cross-border data transfers.

12) Children

Our site is not directed to children under the age of 16. If you believe a child has provided personal data, contact us and we will take appropriate steps.

13) Changes to this Policy

We may update this Policy periodically. Changes will appear on this page with a new “Last updated” date. Your continued use of the site after changes means you accept the updated Policy.

14) Contact

To ask questions or exercise your rights, contact our Privacy Officer:

Top

Expressive canvases by Eyas Jaafar — the human figure, existence, and a quiet search for peace.

Contact

Powered by AELESTRA ·
Top