Privacy Policy – Scott Holt Fine Art

[Last Update October 10, 2021]

Introduction

Welcome to the website of Scott Holt Fine Art. Our website address is: https://scottholtart.com. When you visit this website and use the services offered therein, we collect and process certain elements of personal and usage data that are required to provide and to improve those services.

In addition to informing you about which data we collect, this privacy policy also explains how we collect and use that data, and tells you about your privacy rights and how the law protects you. We respect your right to know about and to manage the data that you share, and we never sell or rent your personal data to third parties.

§ 1 Party responsible for data processing on this website

The controller responsible for the processing of data on this website under Art. 4 No. 7 GDPR is:

Scott Holt Fine Art
Mittelstrasse 13
24568 Oersdorf, Germany

Tel.: +49 (0)4191 2744167
E-mail: scott@scottholtart.com

§ 2 Types of data that we collect about you

Personal data is information that allows you to be identified either directly or when the data is combined with other data. We collect personal data from a few sources:

2.1 Personal data provided by you

When you use payment gateways (PayPal or Stripe) to purchase artworks from scottholtart.com we ask you to provide us with certain personal data. The data that you supply for this purpose is required for the initiation of a purchase contract between you and Scott Holt Fine Art. You may choose not to supply this data, but this will result in you not being able to complete the purchase.

Additionally, when you fill out a contact form to communicate with us from within our website, we also gather personal data.

The personal data that you provide and we collect are as follows:

First name and last name
Email address
Phone number (optional)
Address, State, Province, Postal code, City, Country
Products you place in our store’s shopping cart / Products you order
Credit/Debit card number
Online payment login data
Bank account and routing information

2.2 Usage Data

Usage data is collected automatically when you visit our website. This data is collected when your browser sends us log files that are necessary to make your access to our website possible, and through the use of cookies that anonymously gather usage data to help us improve our services. The usage data that we collect is as follows:

Time and date of the visit as well as the visit duration
Host and Internet Protocol (IP) address of the accessing device
Referrer URL and search phrases used to find us
Visiting device’s operating system
Visiting device’s browser type and version
Country in which the visiting device is located
Pages visited on our website and time spent on those pages
Files that are downloaded from our website
Mouse usage data including: movements, scroll position, keypress events, touch events, and gyroscope / accelerometer information

§ 3 Why we collect and process this data

We collect and process your personal data only to make our services available to you, to improve our website and your visit experience and to maintain a secure web environment. The following provides details of why we collect and process this data:

3.1 Personal data provided by you

When you provide us with personal data while placing an order on our site, we use this data to authenticate you, to initiate, fulfill and terminate purchase contracts with you, to facilitate the processing of your order, to communicate the status of your order, to facilitate its delivery and to fulfill legal obligations on our part including contractual or legal guarantee and warranty periods. The legal basis for this processing of personal data is Art. 6 §1(a), (b) & (c) GDPR. (a) You have given us consent to process your data for the above mentioned specific purposes; (b) the processing of personal data is necessary for the performance of the purchase contract to which you become a party when you place your order; (c) the processing is necessary for compliance with a legal obligation to which we are subject.

As part of communicating the status of your order, we are required by German law (Burgerliches Gesetzbuch, or BGB) to send you an electronic order confirmation when you place an order. The basis for processing your email address for this purpose is Art. 6 §1(c) GDPR. This processing is necessary for compliance with a legal obligation to which we are subject.

Additionally, we process the personal data you provide us when you fill out a contact form on our website in order to facilitate your communications with us. The basis for this processing is Art. 6 §1(f) GDPR. It is in our legitimate business interest to facilitate your business communications with us.

3.2 Usage data

The log files that are automatically sent by your device to our server, including your IP address and host name, are required to make the connection from your device to our servers and to maintain security on our website. It is therefore essential to the functioning of our website. The use of this data for this purpose ends when your session ends. The legal basis for the processing of these log files for this purpose is Art. 6 §1(f) GDPR. It is in our legitimate business interest to technically facilitate your visit to our website.

After your session ends, log file information is further processed and used to analyze the performance of our site over time. This allows us to improve site performance and the user experience. The data is anonymized through the deletion of user IP addresses and host names and thereafter contains no personal data which may be used alone, or in combination with other data, to identify you. The files are securely stored on our servers as described under “Duration of storage” below. The legal basis for this processing is Art. 6 §1(f) GDPR and Art. 89 §1 GDPR. It is in our legitimate business interest to archive usage data in an anonymized form for statistical purposes in order to improve the performance of our website over time and the user’s experience when visiting it.

We use your IP address to geo-locate the country from which you access our website so that we may determine any tax that legally must be applied to your purchases. The IP address is used only once for this purpose and is not stored for this purpose thereafter. The legal basis for this processing is Art. 6 §1(c) GDPR. This processing is necessary for compliance with a legal obligation to which we are subject.

When you access our Contact Page, the hCaptcha anti-bot service (hereinafter “hCaptcha”) is used to check whether the data entered has been entered by a human or by an automated program. To do this, hCaptcha evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to IMI (See section 5.4 for further information). The legal basis for this data processing is Art. 6§1(f) of the GDPR. It is our legitimate interest to protect our site from abusive automated crawling and spam. IMI acts as a “data processor” acting on behalf of Scott Holt Fine Art as defined under the GDPR, and as a “service provider” for the purposes of the California Consumer Privacy Act (CCPA). For more information about hCaptcha and IMI’s privacy policy and terms of use, please visit the following links: https://www.hcaptcha.com/privacy and https://www.hcaptcha.com/terms.

§ 4 How we store your data

4.1 How long we retain your data

Personal data collected when you successfully purchase products from us are kept by us for the time necessary to fulfill the contract, including contractual or legal guarantee and warranty periods. Beyond this, we retain the data required by German tax law for the legally required time period of 10 years and then delete it. During this time, the data will only be processed in the case of an audit.

Data on orders that fail during submission or are canceled are kept for 1 day and are then deleted.

If you choose to pay for an order via offline direct bank transfer, we will retain the order details within our system for a maximum of 5 days unless payment is received. After this time, the order and all related personal data will be deleted.

The contents of your shopping cart are maintained for a maximum of 2 days and are then deleted.

Stripe data is retained for 2 years and is then deleted.

When you fill out a contact form and submit it to us, we will retain the personal data you supply for the minimum amount of time necessary to answer your request. Once the communication chain has been completed, your personal data will be deleted.

Log file data will be stored by us until the end of the month in which it is collected. At this time, the data will be anonymized so that you cannot be identified even if this data were combined with other data, and then archived indefinitely for statistical analysis purposes.

4.2 How we protect your data

All data that you personally provide us, including your payment data, and all data that are collected automatically are transmitted over an SSL (Secure Socket Layer) connection. SSL is a secure standard that is, for example, used in online banking applications. You can identify a site using the SSL connection when the page’s URL uses the https://… prefix (including the ‘s’) in the address bar of your browser. Additionally, you can look for the secure ‘lock’ symbol in front of the URL.

The data that we collect and process is stored on our host server, where appropriate, industry-standard technical means are utilized to protect your data against manipulation, loss and unauthorized access from third parties. These technical means are constantly improved to remain state-of-the-art. Although we take these measures, no system is foolproof, and you should be aware that there is always the potential for a data breach. In such a case we will take all legally required measures to mitigate the breach and inform you and the required authorities as required by law.

§ 5 Data sharing and international data transfers

Scott Holt Fine Art does not sell or rent your personal data to anyone, nor do we transfer any personal data about you outside of the European Economic Area (EEA). Our third-party service providers, however, do transfer your data internationally as described below:

5.1 Payment gateway providers

When you use one of the provided payment gateways (Stripe or PayPal) during checkout, the personal data provided by you during payment is transferred directly to the payment gateway provider from within our website. Your credit/debit card information, your online payment login data and your bank account and routing information are encrypted and shielded from our view and we do not process this information on our servers.

The payment gateway providers that we contract with are located within the EEA and are contractually bound by us to fulfill, at a minimum, the standards set out in this privacy policy.

These providers may, however, send your data to their own service providers in third countries, including the United States, which do not currently require a similar level of data security as provided by the GDPR. In such cases, the payment gateway suppliers contractually oblige their service providers to fulfill the same level of data security as they, themselves, fulfill. If legally obliged by the third country, the payment gateway providers and/or their service providers may share your personal data with government agencies.

Before using our payment gateway services, please read their respective data security statements at the following links to find out how they process and secure your personal data:

PayPal: https://www.paypal.com/de/webapps/mpp/ua/legalhub-full?locale.x=en_DE
Stripe (Privacy Policy): https://stripe.com/gb/privacy
Stripe (Cookie Policy): https://stripe.com/cookies-policy/legal

5.2 Transport services

To facilitate the delivery of your orders, we share your name, shipping address, and if you supply it, your telephone number with the transport service firms with whom we contract. Your telephone number is only used to contact you in case of difficulty in delivering your purchased artworks. Your personal data may be transferred internationally in the process of delivering your orders.

5.3 Google Analytics

We use the third-party services of Google Analytics, a website analysis service of Google Inc., to analyze the performance of our website and how visitors use it. Google utilizes cookies (small text files) stored on your computer to collect usage information about how you use our website. The usage data that Google gathers includes your IP address in an anonymized, shortened form. Google does not combine this information with any other information that may identify you.

The data gathered by Google within the EEA is typically transferred for processing to servers within the USA. IP addresses are anonymized prior to data being transferred outside of the EEA. Only in rare cases will data including an IP address be transferred first to a server in the USA and then anonymized.

If you choose not to allow Google to track your use of our website for analytical purposes, you have several options:

As described in the next section, “How we use cookies”, the cookies used by Google for this purpose are deactivated on our website by default. They are activated only if you give your consent to their use when you first visit our site, or when you later change your cookie settings. Therefore, you merely have to decline your consent to their use and no tracking will occur.
You can also instruct your browser to refuse all third-party cookies, but you should be aware that this general setting may also stop other services from working on our site.
Finally, you can “opt out” of Google Analytics altogether by visiting the site below. Here you can set an “opt out” cookie in your browser that tells our site not to activate Google Analytics now or during future visits:

Deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de

5.4 hCaptcha

We use the third-party hCaptcha anti-bot service (hereinafter “hCaptcha”) on our website. This service is provided by Intuition Machines, Inc., a Delaware US Corporation (“IMI”). hCaptcha is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, hCaptcha analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters our Contact Page with hCaptcha enabled. For the analysis, hCaptcha evaluates various information (e.g. IP address, how long the visitor has been on the website or app, or mouse movements made by the user). hCaptcha analysis in the “invisible mode” may take place completely in the background. Website visitors are not advised that such an analysis is taking place if the user is not shown a challenge.

The data collected during the analysis will be forwarded to IMI for processing. Your Personal Information may be stored and processed in any country where IMI has facilities or in which they engage service providers, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.

Processing of EU Data Subject data operates under the legal basis of the Standard Contractual Clauses (SCCs) integrated within the Data Processing Addendum to IMI’s Terms of Service or Data Processing Agreements with their Integrators.

Data processing is based on Art. 6(1)(f) of the GDPR (DSGVO): the website operator has a legitimate interest in protecting its site from abusive automated crawling and spam. IMI acts as a “data processor” acting on behalf of its customers as defined under the GDPR, and a “service provider” for the purposes of the California Consumer Privacy Act (CCPA). For more information about hCaptcha and IMI’s privacy policy and terms of use, please visit the following links: https://www.hcaptcha.com/privacy and https://www.hcaptcha.com/terms.

§ 6 How we use cookies

Cookies are small text files placed in your device by websites that you visit. They are used to make website services function, to allow your preferences to be remembered between visits, to track visitors and their use of the website for analysis and for a variety of other purposes.

Cookies can be treated as personal data because some of them allow the user of a device to be uniquely recognized as the same user, even if the user’s real identity remains unknown.

6.1 The purposes for which we use cookies

Cookies allow us to:

Keep track of items in your shopping cart
Accept payments when you place an order
Analyze and improve our website
Remember your privacy choices regarding the use of cookies for future visits

6.2 Types of cookies we use

Cookies can be “session” or “persistent” cookies:

Session cookies are often necessary to make website services function and are used only for a single visit, being deleted as soon as you close your web browser.
Persistent cookies remain on your device after your session until they reach their predetermined maximum allowed age, after which they are deleted. They allow, for example, your preferences to be stored between visits, and analysis services to count unique visitors and determine which pages on a site they view.

6.3 Access to cookie content

Who has access to the information stored in cookies determines whether they are considered “first-party” or “third-party” cookies:

Many of the cookies we use are implemented directly by our website. These are called “first-party” cookies, and only we have access to their content.
Other cookies, called “third-party” cookies, are implemented by external service providers. We use third-party cookies from service providers such as Google Analytics to anonymously monitor usage data on our website and provide us with information on how our site is performing. We also use third-party cookies from Payment Gateways such as PayPal and Stripe to make payments on our site possible.

6.4 Our cookie categories

The cookies we use fall into the following two categories:

Necessary / Essential Cookies: These cookies are a mix of both first- and third-party cookies and are essential for the functioning of services on the website. As such, there is no legal basis for you to reject their use. These are therefore, by default, activated. They are used, for example, to manage each visitor’s shopping cart and to allow payment gateways to function.

The legal basis for the use of these cookies and their processing is Art. 6 §1(f) GDPR. Our legitimate interest is the provision of the website, and Art. 5 § 3 of the “Eprivacy Directive” (Directive 2002/58/EG of the European Parliament). Without these cookies, the services that you request cannot be provided, and we only use these cookies to provide you with those services.

Analytics Cookies: These cookies are a mix of both first-party and third-party cookies. They allow us to anonymously analyze how users interact with our website. They let us know, for example, how many visits our site has had, how many of these are returning visitors, the visitor’s average session duration, types of devices accessing our site, which country the visits originated from, which sites referred them, pages and products viewed, and other useful statistics that allow us to decide where our site can be improved to provide you with a better experience.

All data collected by our analytics cookies are anonymized and aggregated so that you cannot be identified. Please see Section 5.3 (Google Analytics) for more information about where and how data from third-party analytics cookies is processed.

These cookies are inactive when you first visit our website and are only activated after you provide your informed, explicit consent to their use. You may object to their use and your usage data will be left out of our analyses. This will in no way affect your use of our site or its services.

The legal basis for the use of these cookies and their processing is Art. 6 §1(f) GDPR. Our legitimate interest is the analyzing and improving the website, and Art. 5 § 3 of the “Eprivacy Directive” (Directive 2002/58/EG of the European Parliament). We implement these cookies only after you are provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, you are offered the right to refuse such processing, and you give your explicit consent to the processing.

6.5 How to manage your cookies

Giving or rejecting initial consent: Non-essential cookies are not set on our website until you give your explicit consent. When you first visit our website, you are presented with a cookie banner, which allows you to accept all cookies or reject non-essential cookies with one click. You can manage your choices in more detail by clicking on “Cookie settings”. Here you can choose to accept or reject different categories of cookies as well as learn about which cookies we set.

Removing consent after making your initial choice: Once you have made your choice about which cookies to accept or reject, you can always revisit your choice by clicking on the “Manage consent” widget that appears at the lower right of your screen. This will present you with the cookie banner once more, through which you can make changes to your cookie choices.

Deleting/refusing cookies from your device: Cookies do not harm your device and you can delete them at any time from within the settings area of your browser. You can also instruct your browser to refuse all cookies or only third-party cookies, but you should be aware that by not allowing your browser to accept cookies, the services within our website may not function for you.

§ 7 Your data protection rights

Scott Holt Fine Art would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access– You have the right to request that we supply you with copies of the personal data we have collected from you. In certain cases, we may charge you a small fee for this service.

The right to rectification– You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

The right to erasure– You have the right to request that we erase your personal data under certain conditions. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

The right to restrict processing– You have the right to request that we restrict the processing of your personal data under certain conditions. This does not include any data we are obliged to process for administrative, legal, or security purposes, nor does it retroactively affect any processing that occurred prior to you informing us of your objection.

The right to object to processing– You have the right to object to our processing of your personal data under certain conditions. This does not include any data we are obliged to process for administrative, legal, or security purposes, nor does it retroactively affect any processing that occurred prior to you informing us of your objection.

The right to data portability– You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we are legally given up to one month to respond to you. If you would like to exercise any of these rights, please contact us via one of the following:

Email: scott@scottholtart.com
Telephone: +49 4191 2744167
Mailing Address:
Scott Holt Fine Art
Mittelstrasse 13
24568 Oersdorf, Germany

§ 8 Privacy policies of our service providers

Our website offers third-party payment gateway services from both PayPal and Stripe to provide you a secure and convenient means of making purchases. These providers collect and process your payment information using third-party cookies. In particular, when you use the PayPal gateway, a pop-up window appears allowing you to make payments through PayPal without “leaving” our site. When you enter personal information within this window, you are interacting directly with PayPal and are effectively visiting a PayPal website with its own cookies. PayPal will ask you to make cookie choices for this site. Scott Holt Fine Art is not responsible for the cookies and data processing on this PayPal site.

For more information about how Stripe and PayPal collect, process and secure your data, please visit:

PayPal: https://www.paypal.com/de/webapps/mpp/ua/legalhub-full?locale.x=en_DE
Stripe (Privacy Policy): https://stripe.com/gb/privacy
Stripe (Cookie Policy): https://stripe.com/cookies-policy/legal

We also use the services of Google Analytics, who collect and process information about you through the use of cookies. To learn about how Google Analytics collects, processes and secures your data, please visit:

Google: https://policies.google.com/privacy?hl=en

To guard against spam and malicious attacks through the use of our Contact form, we use the services of hCaptcha, who collect and process information about you. To learn how hCaptcha (Intuition Machines, Inc.) collects, processes and secures your data, please visit:

hCaptcha (Privacy Policy): https://www.hcaptcha.com/privacy
hCaptcha (Terms): https://www.hcaptcha.com/terms

§ 9 How we respond to Do Not Track signals

Internet browsers generally allow users to send a “Do Not Track” signal to websites that they visit. There is currently no international standard for how to handle such requests, and for this reason, scottholtart.com does not respond to such requests.

§ 10 Changes to our privacy policy

Scott Holt Fine Art keeps this privacy policy under regular review and places any updates on this web page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

§ 11 How to contact us

If you have any questions about Scott Holt Fine Art’s privacy policy, the data we hold on you, or you would like to exercise one or more of your data protection rights, please do not hesitate to contact us via one of the following:

Email: scott@scottholtart.com
Telephone: +49 4191 2744167
Mailing Address:
Scott Holt Fine Art
Mittelstrasse 13
24568 Oersdorf, Germany

§ 12 How to contact the appropriate authority

Should you wish to report a complaint, or if you feel that Scott Holt Fine Art has not addressed your concerns in a satisfactory manner, you may contact the Independent State Center for Data Security (ULD) for Schleswig-Holstein, Germany.

The following website provides an online form through which you can file your complaint:
https://www.datenschutzzentrum.de/formular/beschwerde.php

Alternatively, the contact data for the ULD are available here:
https://www.datenschutzzentrum.de/impressum/

Cookie	Duration	Description
__stripe_mid	1 Year	This third-party cookie is set by Stripe to remember who you are and to enable us to process your payments without storing your credit card information on our servers.
__stripe_sid	30 Minutes	This third-party cookie is set by Stripe to remember who you are and to enable us to process your payments without storing your credit card information on our servers.
akavpau-ppsd	Session	This third-party cookies is set by PayPal to enable online Payments. No additional information from PayPal is available.
cookielawinfo-checkbox-analytics	1 Year	This first-party cookie is used to store the user consent for the cookies in the category "Analytics". Stores no personal information.
cookielawinfo-checkbox-necessary	1 Year	This first-party cookie is used to store the user consent for the cookies in the category "Necessary". Stores no personal information.
CookieLawInfoConsent	1 Year	This first-party cookie records the default button state of each cookie category along with the status of CCPA. It does not store any personal data.
I#_az	30 Minutes	This third-party cookies is set by PayPal to enable online Payments. No additional information from PayPal is available.
KHcI0EuY7AKSMgfvHI7J5E7hPtK	20 Years	This third-party cookies is set by PayPal to enable online Payments. No additional information from PayPal is available.
LANG	9 Hours	This third-party cookies is set by PayPal to enable online Payments. No additional information from PayPal is available.
nsid	Session	This third-party cookies is set by PayPal to enable online Payments. No additional information from PayPal is available.
sc_f	1 Year	This third-party cookies is set by PayPal to enable online Payments. No additional information from PayPal is available.
store_notice[notice id]	Session	This first-party cookie allows customers to dismiss store notice banners that are used to provide visitors with important store information. Stores no personal information.
ts	3 Years	This third-party cookies is set by PayPal to enable online Payments. No additional information from PayPal is available.
ts_c	3 Years	This third-party cookies is set by PayPal to enable online Payments. No additional information from PayPal is available.
tsrce	3 Days	This third-party cookies is set by PayPal to enable online Payments. No additional information from PayPal is available.
viewed_cookie_policy	1 Year	This first-party cookie monitors the user's consent to the use of cookies when they click on the 'Accept All', 'Reject All' or 'Save & Accept' buttons. It does not store any personal data.
woocommerce_cart_hash	Session	This first-party cookie helps determine when the shopping cart contents/data changes.
woocommerce_items_in_cart	Session	This first-party cookie helps determine when the shopping cart contents/data changes.
wp_woocommerce_session_#	2 days	This first-party cookie contains a unique code for each customer, making it possible to find a customer's cart data in the customer database.
x-cdn	Session	This third-party cookies is set by PayPal to enable online Payments. No additional information from PayPal is available.
x-pp-s	Session	This third-party cookies is set by PayPal to enable online Payments. No additional information from PayPal is available.

Cookie	Duration	Description
_ga	2 years	This third-party cookie is set by Google Analytics and is used to distinguish individual users for the site's analytics report.
_gali	1 Minute	This third-party cookie is used by Google Analytics to determine which links on a page have been clicked.
_gat_gtag_UA_#	1 minute	This third-party cookie is used by Google Analytics to throttle the rate of information requests.
_gid	1 day	This third-party cookie is set by Google Analytics and is used to distinguish individual users for the site's analytics report.
tk_ai	5 years	First-party cookie, which gathers information for our own analytics tool about how our website and services are used. It contains a collection of internal metrics on user activity used to improve our website.
tk_lr	1 year	This first-party cookie is set by the JetPack plugin on sites using WooCommerce. This is a referral cookie used to analyze referrer behavior.
tk_or	5 years	This first-party cookie is set by the JetPack plugin on sites using WooCommerce. This is a referral cookie used to analyze referrer behavior.
tk_qs	30 minutes	First-party cookie, which gathers information for our own analytics tool about how our website and services are used. It contains a collection of internal metrics on user activity used to improve our website.
tk_r3d	3 days	This first-party cookie is set by the JetPack plugin on WordPress sites. It is used for internal metrics of user activities to improve the website and the user experience.