Privacy Policy

Jan 15, 2025

OVERVIEW

Welcome to Cherevan Art! This Privacy Policy describes how Cherevan Art, operated by Tetiana Cherevan (NIE: Y967181X), a professional artist based in Barcelona, Spain, collects, uses, protects, and discloses your personal information when you visit our website at https://www.cherevan.art, make a purchase, or otherwise interact with our Services.

Cherevan Art operates this online store and website, including all related information, content, features, tools, products and services, to provide you with a curated art shopping experience (the “Services”). Our Services include sales of original artworks and print-on-demand products through various technology platforms and third-party integrations.

This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase through the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

IMPORTANT: By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with any part of this Privacy Policy, you should not use our Services.

Personal Information We Collect or Process

When we use the term “personal information,” we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified. We collect and process the following categories of personal information:

Contact and Profile Information

Basic Contact Details: Name, email address, phone number, billing address, shipping address
Demographic Information: Country, city, region, language preferences
Social Media Information: When voluntarily provided - Instagram, Facebook, Telegram usernames or profile links
Account Information: Username, password, security questions, account preferences and settings

Transaction and Order Information

Purchase Details: Items viewed, added to cart, purchased, returned, or exchanged
Order History: Past transactions, order values, delivery preferences
Payment Information: Credit/debit card information, payment method, transaction confirmations (processed securely through Shopify)
Shipping Information: Delivery addresses, shipping preferences, tracking information

Communication Data

Customer Support: Messages, emails, and communications exchanged with us
Marketing Preferences: Email subscription status, consent preferences, opt-out choices
Feedback and Reviews: Product reviews, survey responses, feedback provided

Technical and Usage Information

Device Information: Device type, browser type and version, operating system, IP address
Website Usage: Pages visited, time spent, click patterns, search queries, navigation paths
Cookies and Tracking: Cookie preferences, marketing consent status, analytics data
Performance Data: Website load times, error reports, diagnostic information

Art-Specific Information

Original Artwork Purchases: Certificate of authenticity details, provenance information
Print Customization: Any customization requests or specifications (when available)
Art Preferences: Artistic styles, color preferences, size preferences based on browsing behavior

Personal Information Sources

We collect personal information from the following sources:

1. Directly From You

When you create an account or make a purchase
When you visit or use our Services
When you communicate with us via email, contact forms, or customer support
When you subscribe to our newsletter or marketing communications
When you provide social media information or participate in reviews
When you consent to marketing cookies through our cookie banner

2. Automatically Through Our Services

Website Analytics: Through Google Analytics and our website’s tracking systems
Cookies and Tracking: Via cookies, web beacons, and similar technologies
Device and Browser Information: Automatically collected when you visit our website
Usage Patterns: How you navigate and interact with our Services

3. Third-Party Service Providers

Shopify: E-commerce platform data, payment processing, and order management
Gelato: Print-on-demand fulfillment data for custom products
Zoho CRM: Customer relationship management and interaction tracking
MailChimp: Email marketing platform (for users who have opted in)
Google Analytics: Website traffic and usage analytics
Meta Pixel (Facebook): Marketing analytics and advertising (with consent)

4. Business Partners and Third Parties

Shipping Carriers: Delivery confirmation and tracking information (Correos Spain, UkrPoshta Ukraine)
Payment Processors: Transaction verification and fraud prevention
Marketing Partners: With your explicit consent for targeted advertising

How We Use Your Personal Information

We use your personal information for the following purposes, based on legitimate business interests, contractual necessity, and with your consent where required:

1. Providing and Improving Our Services

Order Processing: Process payments, fulfill orders, arrange shipping for original artworks and print-on-demand products
Account Management: Create and manage your account, remember preferences, maintain purchase history
Product Fulfillment: Coordinate with Gelato for print-on-demand production and shipping
Customer Support: Respond to inquiries, resolve issues, provide technical assistance
Service Enhancement: Analyze usage patterns to improve website functionality and user experience

Email Marketing: Send newsletters, promotional content, and art-related updates via MailChimp (only for users who opt-in)
Targeted Advertising: Display personalized ads through Google Analytics and Meta Pixel (with cookie consent)
Art Recommendations: Suggest artworks based on your browsing history and preferences
Event Notifications: Inform you about exhibitions, new artwork releases, and special promotions

3. Customer Relationship Management

CRM Activities: Store interaction history and preferences in Zoho CRM
Communication Tracking: Record email exchanges, support interactions, and customer feedback
Preference Management: Track marketing consent, communication preferences, and opt-out requests

4. Security and Fraud Prevention

Account Security: Authenticate your identity and protect against unauthorized access
Payment Security: Detect and prevent fraudulent transactions through Shopify’s security measures
Website Security: Monitor for malicious activity and protect our systems
Data Protection: Secure customer information and prevent data breaches

5. Legal and Compliance

Legal Obligations: Comply with Spanish and EU laws, tax requirements, and regulatory obligations
Dispute Resolution: Handle returns, exchanges, and customer disputes
Record Keeping: Maintain transaction records and certificates of authenticity for original artworks
Law Enforcement: Respond to lawful requests from authorities when required

6. Analytics and Performance

Website Analytics: Use Google Analytics to understand website usage and improve performance
Business Analytics: Analyze sales patterns, customer preferences, and market trends
Technical Monitoring: Monitor website performance, error rates, and user experience metrics

How We Disclose Personal Information

We may share your personal information with third parties in the following circumstances:

1. Essential Service Providers

Shopify: E-commerce platform providing payment processing, order management, and website hosting
Gelato: Print-on-demand fulfillment partner for custom products, including production and shipping
Zoho CRM: Customer relationship management system for storing interaction history and preferences
Payment Processors: Secure processing of credit card and other payment information

MailChimp: Email marketing services (only for users who explicitly opt-in to marketing communications)
Google Analytics: Website analytics and performance monitoring (with cookie consent)
Meta Pixel (Facebook): Marketing analytics and targeted advertising (with explicit marketing consent)
Advertising Partners: Third-party advertising networks (only with your explicit consent via cookie settings)

3. Shipping and Logistics

Correos (Spain): Shipping services for original artworks shipped from Spain
UkrPoshta (Ukraine): Shipping services for original artworks shipped from Ukraine
International Carriers: For worldwide shipping of original artworks
Local Delivery Services: As needed for specific regional deliveries

4. Data Storage and Technical Services

AWS (Amazon Web Services): Cloud storage services with 1-year data retention policy
Cloud Hosting Providers: Website hosting and data backup services
IT Support Services: Technical maintenance and security monitoring

5. Legal and Compliance Requirements

Legal Authorities: When required by Spanish, EU, or other applicable law
Law Enforcement: In response to lawful requests, subpoenas, or court orders
Professional Advisors: Lawyers, accountants, and business advisors for legal and tax compliance
Regulatory Bodies: Art market regulators or tax authorities as required

6. Business Transfers

Potential Buyers: In case of business sale, merger, or acquisition (with appropriate data protection measures)
Professional Services: Due diligence providers during business transactions

Social Media Platforms: When you choose to connect your social media accounts
Third-Party Integrations: Any additional services you explicitly authorize
Marketing Partners: For specific promotional campaigns you opt into

Important: We never sell your personal information to third parties for their independent use. All data sharing is limited to the purposes described above and is governed by appropriate data processing agreements.

Third-Party Service Relationships

Shopify E-Commerce Platform

Our Services are powered by Shopify, which provides e-commerce functionality, payment processing, and order management. Shopify collects and processes personal information about your access to and use of the Services to provide and improve the Services for you. This includes:

Payment Processing: Secure handling of credit card and payment information
Order Management: Processing and tracking of your orders
Account Data: Managing your customer account and preferences
Analytics: Shopify’s enhanced features that incorporate data from your interactions with our store and other merchants

Information you submit to the Services will be transmitted to and shared with Shopify and may be stored in countries other than where you reside. For Shopify-specific data processing, Shopify is the data controller and is responsible for responding to your requests regarding your rights over your personal information used for their purposes.

Learn More: Shopify Consumer Privacy Policy
Exercise Your Rights: Shopify Privacy Portal

Gelato Print-on-Demand Services

For print-on-demand products, we partner with Gelato to provide production and fulfillment services. When you order print-on-demand products:

Order Information: Your order details are automatically transmitted to Gelato through our Shopify integration
Shipping Data: Your name and shipping address are shared with Gelato for production and delivery
Production Details: Product specifications and customization requirements
Fulfillment Tracking: Order status and delivery information

Gelato produces and ships print-on-demand products from their facility closest to your shipping address, operating in 32 countries through 140+ production partners. Gelato processes this information according to their privacy policies and data protection standards.

Learn More: Gelato Privacy Policy

Zoho CRM System

We use Zoho CRM to manage customer relationships and store interaction data, including:

Contact Information: Name, email, phone number, and addresses
Communication History: Records of emails, messages, and support interactions
Purchase History: Transaction details and order preferences
Social Media Information: When voluntarily provided by customers
Marketing Preferences: Consent status and communication preferences

This data is stored securely in Zoho’s systems and is used solely for customer service and relationship management purposes.

MailChimp Email Marketing

For users who explicitly opt-in to marketing communications, we use MailChimp to send newsletters and promotional emails. MailChimp processes:

Email Address: For sending marketing communications
Marketing Preferences: Subscription status and communication preferences
Engagement Data: Email open rates and click tracking (anonymized)

Important: You will only receive marketing emails if you explicitly consent through our cookie consent mechanism or newsletter signup. You can unsubscribe at any time.

Learn More: MailChimp Privacy Policy

Google Analytics and Meta Pixel

With your consent through our cookie banner, we use:

Google Analytics: For website traffic analysis and user behavior insights
Meta Pixel (Facebook): For marketing analytics and targeted advertising

These services collect anonymous usage data to help us improve our website and provide relevant marketing. You can opt out of these services by declining marketing cookies in our cookie consent banner.

AWS Cloud Storage

We use Amazon Web Services (AWS) for secure data storage with the following practices:

Data Storage: Customer information stored in AWS S3 private buckets
Retention Policy: Data retained for 1 year unless longer retention is required by law
Security: Industry-standard encryption and access controls
Location: Data stored in AWS data centers with appropriate regional compliance

Cookies and Tracking Technologies

We use a cookie consent banner that appears on your first visit to our website. This system allows you to control what types of cookies and tracking technologies we use:

Essential Cookies: Always active - necessary for basic website functionality
Marketing Cookies: Optional - used for analytics, advertising, and email marketing
Cookie Preferences: You can modify your preferences at any time through browser settings

Types of Cookies We Use

Essential Cookies (Always Active):

Website Functionality: Shopping cart, user sessions, security features
Cookie Consent: Remembering your cookie preferences
Performance: Basic website operation and error prevention

Marketing Cookies (With Your Consent):

Google Analytics: Website traffic analysis, user behavior patterns, performance metrics
Meta Pixel (Facebook): Advertising analytics, conversion tracking, custom audiences
MailChimp Integration: Activated only when you consent to marketing communications

You can control cookies through several methods:

Cookie Banner: Accept or decline marketing cookies on your first visit
Browser Settings: Most browsers allow you to refuse cookies or alert you when cookies are being sent
Opt-Out Tools: Use browser extensions or privacy tools to block tracking cookies
Contact Us: Email shop@cherevan.art to modify your preferences

Important: If you disable essential cookies, some parts of our website may not function properly. Marketing cookies can be disabled without affecting basic website functionality.

Session Cookies: Deleted when you close your browser
Persistent Cookies: Stored for up to 2 years or until you delete them
Analytics Data: Retained according to Google Analytics and Meta Pixel policies
Marketing Data: Retained according to our email marketing consent (can be withdrawn anytime)

Third Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

Children’s Data

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children under the age of majority in your jurisdiction. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we “share” or “sell” (as those terms are defined in applicable law) personal information of individuals under 16 years of age.

Security and Retention of Your Information

Data Security Measures

We implement multiple layers of security to protect your personal information:

Encryption: All data is encrypted in transit and at rest using industry-standard protocols
Secure Storage: Customer data is stored in secure AWS S3 private buckets with restricted access
Access Controls: Limited employee access on a need-to-know basis with regular access reviews
Shopify Security: Payment information is processed through Shopify’s PCI-DSS compliant systems
Regular Monitoring: Continuous monitoring for security threats and vulnerabilities
Secure Transmission: HTTPS encryption for all data transmitted between your browser and our servers

Important Security Notice: No security measures are perfect or impenetrable, and we cannot guarantee absolute security. Please do not send sensitive information via unsecured email or other unprotected channels.

Data Retention Periods

We retain your personal information for different periods depending on the type of data and legal requirements:

Customer Account Data:

Active Accounts: Retained while your account remains active
Inactive Accounts: Retained for 3 years after last activity, then anonymized or deleted
Account Deletion: Permanently deleted within 30 days of account deletion request

Transaction and Order Data:

Purchase Records: Retained for 7 years for tax and legal compliance (Spanish and EU requirements)
Original Artwork Certificates: Retained permanently for authenticity and provenance purposes
Payment Information: Handled by Shopify according to their retention policies (we do not store full payment details)
Shipping Records: Retained for 3 years for customer service and warranty purposes

Communication Data:

Customer Support: Retained for 3 years for service improvement and dispute resolution
Marketing Communications: Retained until you unsubscribe or withdraw consent
CRM Data: Retained in Zoho CRM for 5 years or until you request deletion

Technical and Analytics Data:

Website Analytics: Google Analytics data retained according to their policies (up to 26 months)
Cookie Data: Session cookies deleted when browser closes; persistent cookies up to 2 years
AWS Storage: General customer data retained for 1 year unless longer retention is legally required
Log Files: Technical logs retained for 1 year for security and performance monitoring

Legal Obligations:

Tax Records: 10 years as required by Spanish tax law
Business Records: As required by applicable Spanish and EU regulations
Dispute Resolution: Until legal matters are resolved and appeal periods expire

Your Control: You can request deletion of your personal information at any time, subject to legal obligations that may require us to retain certain information.

Your Rights and Choices

General Privacy Rights

Depending on where you live, you may have the following rights regarding your personal information:

Access and Information Rights:

Right to Know: Request information about what personal data we collect and how we use it
Right to Access: Obtain a copy of the personal information we hold about you
Right to Portability: Receive your personal data in a machine-readable format and transfer it to another service

Correction and Deletion Rights:

Right to Correct: Request correction of inaccurate or incomplete personal information
Right to Delete: Request deletion of your personal information (subject to legal obligations)
Right to Restrict Processing: Limit how we process your personal information in certain circumstances

Choice and Consent Rights:

Marketing Opt-Out: Unsubscribe from marketing emails at any time using the unsubscribe link
Cookie Control: Manage cookie preferences through our cookie consent banner
Targeted Advertising: Opt out of targeted advertising through cookie settings

European Union and UK Residents

Under GDPR and UK data protection laws, you have additional rights:

Enhanced Control Rights:

Object to Processing: Object to processing of your personal data for certain purposes, including marketing
Withdraw Consent: Withdraw consent for marketing communications, cookies, or other consent-based processing
Automated Decision Making: Object to automated decision-making or profiling (where applicable)

Data Protection Officer: For EU-related inquiries, you may contact our data protection representative

How to Exercise Your Rights

Contact Methods:

Email: shop@cherevan.art with “Privacy Request” in the subject line
Mail: Carrer Antic de Sant Joan 10, Barcelona, Spain, 08003
Shopify Portal: For Shopify-processed data, visit https://privacy.shopify.com/en

Information Required:

Your full name and email address
Specific request type (access, deletion, correction, etc.)
Identification verification (we may request additional information to verify your identity)
For agents: Proof of authorization to act on your behalf

Response Timeframes:

EU/UK Residents: 30 days (extendable to 60 days for complex requests)
Other Jurisdictions: As required by applicable local law
Urgent Requests: We’ll prioritize security-related or time-sensitive requests

Marketing Communication Preferences

Email Marketing:

Opt-In Required: You’ll only receive marketing emails if you explicitly consent
Easy Unsubscribe: Every marketing email includes an unsubscribe link
Selective Preferences: Contact us to modify what types of communications you receive

Cookie and Tracking Preferences:

Cookie Banner: Accept or decline marketing cookies on your first visit
Change Settings: Clear your browser cookies and revisit our site to see the banner again
Browser Controls: Use your browser settings to block or manage cookies

Important Notes

Non-Discrimination: We will not discriminate against you for exercising your privacy rights
Identity Verification: We may need to verify your identity before processing requests
Legal Limitations: Some rights may be limited by legal obligations (e.g., tax record retention)
Third-Party Services: For data processed by Shopify, Gelato, or other partners, you may need to contact them directly

Complaints

If you have complaints about how we process your personal information, please contact us using the contact details provided below. Depending on where you live, you may have the right to appeal our decision by contacting us using the contact details set out below, or lodge your complaint with your local data protection authority. For the EEA, you can find a list of the responsible data protection supervisory authorities here.

International Transfers

Data Transfer Locations

Your personal information may be transferred to, stored, and processed in countries outside your country of residence, including:

United States: Shopify, AWS, Google Analytics, Meta Pixel, and MailChimp servers
European Union: Various AWS data centers and Gelato production facilities
Other Countries: Gelato operates in 32 countries for local print-on-demand production

Transfer Safeguards

When we transfer personal information outside the European Economic Area (EEA) or United Kingdom, we ensure appropriate safeguards:

Adequacy Decisions: Transfers to countries with EU adequacy decisions
Standard Contractual Clauses: EU-approved data transfer agreements with service providers
UK International Data Transfer Agreement: For transfers from the UK post-Brexit
Processor Agreements: Contractual guarantees from all service providers regarding data protection
Additional Safeguards: Technical and organizational measures to protect data in transit and storage

Third-Party Compliance

Our service providers maintain compliance with international data protection standards:

Shopify: Privacy Shield (legacy) and Standard Contractual Clauses
AWS: GDPR compliance and data residency controls
Google Analytics: Data Processing Amendment and EU-US data transfer frameworks
Gelato: GDPR compliance and local production reducing international transfers

Changes to This Privacy Policy

Policy Updates

We may update this Privacy Policy to reflect:

Changes to our business practices or services
New regulatory requirements or legal obligations
Enhanced privacy features or user controls
Feedback from users or regulatory authorities

Notification Process

When we make material changes to this Privacy Policy:

Website Notice: Updated policy posted at https://www.cherevan.art/legal/privacy-policy/
Email Notification: Sent to users with active accounts for significant changes
Cookie Banner: May be reshown for changes affecting cookie or tracking practices
Effective Date: Updated “Last updated” date at the top of this policy

Your Options

If you disagree with changes to this Privacy Policy:

Continue Using: Continued use of our Services constitutes acceptance of the updated policy
Withdraw Consent: You may withdraw consent for marketing communications or delete your account
Contact Us: Reach out with questions or concerns about policy changes

Contact Information

Data Controller

Cherevan Art
Operated by: Tetiana Cherevan
NIE: Y967181X
Legal Status: Individual artist (will register as sole proprietorship when sales exceed €5,000)

Contact Methods

Email: shop@cherevan.art
Subject Line: Please include “Privacy Inquiry” for privacy-related questions
Mail: Carrer Antic de Sant Joan 10, Barcelona, Spain, 08003
Website: https://www.cherevan.art

Privacy-Specific Contacts

Privacy Requests: shop@cherevan.art (subject: “Privacy Request”)
Data Protection Questions: shop@cherevan.art (subject: “Data Protection Inquiry”)
Marketing Opt-Out: Use unsubscribe links in emails or contact shop@cherevan.art

Third-Party Privacy Contacts

Shopify Data: Shopify Privacy Portal
Gelato Data: Contact Gelato directly for print-on-demand order data
Google Analytics: Use Google’s privacy controls or contact us to process your request

Supervisory Authorities

Spain: Spanish Data Protection Agency (AEPD) - https://www.aepd.es/
EU: Find your local data protection authority at https://edpb.europa.eu/about-edpb/about-edpb/members

Data Controller Role: For the purposes of applicable data protection laws, Cherevan Art (Tetiana Cherevan) is the data controller of your personal information collected through our Services.

We value your privacy