Privacy Policy for Sculpture for Change

1. Introduction

At Sculpture for Change, accessible via sculptureforchange.com, we are committed to respecting and protecting your privacy. We recognize the importance of safeguarding personal data and are dedicated to ensuring that your personal information is collected, handled, and stored with the highest standards of security and legal compliance. This Privacy Policy outlines how we collect, use, and protect information obtained through our website and services, in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Scope of the Policy and Data Controller Role

This Privacy Policy applies to all users of the website sculptureforchange.com, including customers, visitors, and account holders. Sculpture for Change operates as the “Data Controller,” meaning we determine the purposes and means of processing your personal data when you interact with our services. This policy covers all data collected through our website, services, communications, and transactions.

3. Categories of Data Processed

We may collect and process the following categories of personal data depending on your interaction with our website:

a) Usage Data
Includes information about how you use our website, such as browser type, IP address, device identifiers, access times, pages viewed, sessions, and referring website URLs.

b) Account Data
Includes your full name, postal address, email address, phone number, and login credentials when you create an account on sculptureforchange.com.

c) Profile Data
Includes your interests, preferences, purchase history, saved items, and browsing behavior within your account profile.

d) Communication Data
Includes email exchanges, customer support inquiries, feedback, message history, and any contact interaction initiated by you through [email protected].

e) Technical Data
Includes information about your device, operating system, language settings, mobile network, and system configuration when accessing our services.

f) Transaction Data
Includes details of goods or services purchased through sculptureforchange.com, payment methods used, invoice details, delivery arrangements, and transaction amounts.

g) Preference Data
Includes your marketing and communication consents, subscription status, product interest selections, and opt-in or opt-out indicators regarding direct marketing.

4. Legal Bases for Processing

We process your personal data using the following legal bases:

– Consent: Where you have provided explicit permission (e.g., subscribing to a newsletter or consenting to Cookies).
– Contractual Necessity: When processing is required to fulfill a service, such as fulfilling an order or managing your account.
– Legitimate Interest: When it is in our legitimate interest to improve services, prevent fraud, or communicate with you in contexts that respect your rights and interests.
– Legal Obligation: Where processing is required to comply with applicable laws, regulations, or legal proceedings.

5. Your Rights

Under GDPR and CCPA standards, you are entitled to the following rights:

– Right to Access: You can request a copy of your personal data held by us.
– Right to Rectification: You may ask us to correct inaccurate or incomplete data.
– Right to Erasure: You may request the deletion of your data under certain conditions.
– Right to Restriction: You may request limitation of your data processing where legally applicable.
– Right to Data Portability: You can obtain and reuse personal data in a structured format for personal use or transfer to other services.
– Right to Object: You may object to processing based on legitimate interests, and to direct marketing.

To exercise any of your rights, please contact us at [email protected]. We will respond to your request in accordance with applicable laws.

6. Security Measures

We implement robust data protection safeguards to ensure the security and confidentiality of your personal information. These include:

– Data encryption protocols for secure information transmission.
– Role-based access controls limiting who can access personal data.
– Regular backups to prevent data loss.
– Secure hosting environments and firewalls.
– Security training for staff handling personal data.

While no system can guarantee absolute security, we take all reasonable steps to protect your data.

7. International Data Transfers

In cases where your personal data is transferred outside the European Economic Area (EEA) or your local jurisdiction, we ensure that such transfers are lawful and secure. We utilize EU standard contractual clauses and other valid legal mechanisms to ensure that your data receives an adequate level of protection in line with GDPR and regional requirements.

8. Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting obligations. Specific retention periods include:

– Account Data: Retained for the life span of your user account and up to seven (7) years thereafter for legal purposes.
– Transaction Data: Retained for a minimum of seven (7) years in compliance with tax and accounting obligations.
– Communication & Support Data: Retained for three (3) years from the date of last correspondence.
– Preference and Marketing Data: Retained until you revoke consent or opt out of such communications.
– Usage and Technical Data: Retained for analytics purposes up to two (2) years.

9. Cookie Policy

Our website uses cookies and similar tracking technologies to enhance user experience. The categories of cookies we use include:

– Essential Cookies: Required for the functionality of our website, such as login authentication and cart processing.
– Functional Cookies: Enable personalized features such as language selection or saved preferences.
– Analytics Cookies: Help us understand how users interact with sculptureforchange.com by collecting aggregated usage data.
– Performance Cookies: Used to improve website speed, responsiveness, and debugging performance issues.

10. Cookie Management and Compliance

In compliance with GDPR and CCPA, you have control over the use of cookies through our cookie consent banner. You may:

– Accept all cookies
– Reject non-essential cookies
– Customize preferences for specific categories

Most web browsers also allow you to delete or disable cookies via settings. Please note that opting out of certain cookies may affect site functionality.

11. Special Protections for Children

Sculpture for Change does not knowingly collect or process personal data from children under the age of thirteen (13). If we become aware that a child under this age has provided personal data, we will take steps to delete such information from our records. If you believe we have collected data from a minor, please contact us immediately at [email protected].

12. Policy Updates

We may periodically revise this Privacy Policy to reflect changes in legal requirements, services, or operational practices. When updates occur, we will notify users by posting the revised policy on sculptureforchange.com and, where legally required, requesting renewed consent for affected activities.

13. Contact

For questions, concerns, or to exercise your privacy rights, please contact us at:

Email: [email protected]

Sculpture for Change is committed to full compliance with applicable privacy laws including GDPR and CCPA. We welcome all inquiries relating to your data rights and our privacy practices.