Privacy Policy for data security and privacy

Privacy Policy for ArtByRhea.com

Effective Date: 01.07.2025

At ByRhea, we are committed to protecting your privacy, confidentiality and ensuring the security of your personal data. This Privacy Policy explains how we collect, process, and safeguard your information in accordance with applicable laws, including the European Union General Data Protection Regulation (GDPR), and other relevant privacy legislation.

By accessing or using our website ([artbyrhea.com](https://artbyrhea.com)), you agree to the terms outlined in this Privacy Policy.

---

1. Definitions and Scope

- Personal Data: Any information relating to an identified or identifiable natural person.

- Processing: Any operation or set of operations performed on Personal Data.

- Controller: ByRhea, responsible for data collection and processing.

- This policy applies to all visitors, customers, suppliers, and users who interact with our website.

2. Data Collected and Lawful Basis

We collect and procedure your data based on the following lawful grounds under the GDPR:

- Consent (Article 6(1)(a)): When you voluntarily provide your information, such as subscribing to newsletters or submitting inquiries.

- Contractual Necessity (Article 6(1)(b)): To fulfill orders, deliver products, and provide customer service.

- Legal Obligation (Article 6(1)(c)): To comply with legal requirements.

- Legitimate Interests (Article 6(1)(f)): For marketing efforts, fraud prevention, and improving services.

3. Use of Personal Data

We use your data to:

- Process transactions and orders securely

- Provide customer support and communication

- Send updates, newsletters (if opted-in)

- Improve website functionality and user experience

- Detect and prevent fraudulent or malicious activity

- Comply with legal obligations

4. Data Sharing and Recipients

Your data may be shared with:

- Third-party service providers (payment gateways, shipping providers, website hosting, email marketing platforms) who process data exclusively on our behalf.

- Legal authorities if legally required, or to protect our legal rights.

- Business transfers in case of mergers, acquisitions, or sale of assets.

We ensure all third-party recipients are GDPR compliant and have appropriate data protection measures in place.

5. International Data Transfers

Your data may be transferred outside the European Economic Area (EEA). In these cases, we ensure such transfers are compliant with GDPR, employing mechanisms like standard contractual clauses or adequacy decisions.

6. Data Security Measures

We implement appropriate technical and organizational security measures, such as encryption, secure servers, and access controls, to protect your personal data from unauthorized access, alteration, or disclosure.

7. Retention Period

We retain your data only as long as necessary:

- To fulfill the purpose for which it was collected

- To comply with legal obligations

- For dispute resolution purposes

Specific retention periods are outlined in our data processing records.

8.  Changes to this Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or for legal reasons. When we do, we will revise the “Effective Date” at the top of this page. We encourage you to review this policy regularly.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to provide a better user experience, analytics, and personalized advertising. You can manage your cookie preferences via your browser settings.

10. Children’s Privacy

Our services are not intended for children under 16 years old. We do not knowingly collect data from children.