Privacy Policy

GDPR Compliance for Buyers and Artists At Hands and Roots, we are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR). This section applies to all users of the platform, including both artists and buyers.

1. 1. Personal Data Collection

   We collect personal data for the following purposes:

   • Artist registration and verification.
   • Buyer registration and order processing.
   • Facilitation of payments and shipment details.
   • Marketing (if consent is provided).

   Personal data includes, but is not limited to, names, contact information, shipping addresses, payment details, and browsing activity on the platform.

2. 2. Legal Basis for Processing

   The processing of personal data is carried out under the following legal bases:

   • Contractual Necessity: Processing is required to perform contractual obligations, such as completing sales and shipping orders.
   • Legitimate Interest: Processing for platform improvements, security, and fraud prevention.
   • Consent: In specific cases (e.g., marketing emails), we will obtain explicit consent from users.
3. 3. Data Subject Rights

   Under GDPR, you have the following rights regarding your personal data:

   • Right of Access: You may request access to the personal data we hold about you.
   • Right to Rectification: You may request correction of any inaccurate or incomplete personal data.
   • Right to Erasure: You can request that your data be deleted (subject to legal and contractual obligations, such as tax and accounting requirements).
   • Right to Restriction: You may request limitations on how your data is processed under certain conditions.
   • Right to Data Portability: You have the right to receive your data in a structured, commonly-used, machine-readable format.
   • Right to Object: You may object to the processing of your data in specific circumstances, such as for marketing purposes.
   • Right to Withdraw Consent: If you provide consent for specific data processing (e.g., marketing emails), you may withdraw your consent at any time.
4. 4. Data Retention

   We retain personal data only as long as necessary to fulfill the purposes for which it was collected or as required by law (e.g., tax and financial records).

5. 5. Data Transfers

   In compliance with GDPR, personal data may be transferred to third-party service providers (such as payment processors or shipping services) with appropriate safeguards in place. If data is transferred outside the European Economic Area (EEA), we use Standard Contractual Clauses or other legal mechanisms to protect your data.

6. 6. Data Security

   We use a range of technical and organizational measures to protect personal data from unauthorized access, alteration, or disclosure. These include encryption, secure servers, and restricted access policies.

7. 7. Data Breach Notification

   If a data breach occurs that may risk your rights and freedoms, we will notify you and the appropriate data protection authorities without undue delay, as required by law.

8. 8. How to Contact Us

   If you have any concerns or questions about your data privacy or wish to exercise your rights under GDPR, please contact us:

   • Email: [email protected]