Privacy Policy

ChoiandChoi Online Art Gallery

1. Introduction

choiandChoi Gallery ("we," "our," or "the Gallery") is committed to protecting your privacy. This policy explains how we collect, use, and protect your personal information in accordance with:

- The EU General Data Protection Regulation (GDPR)

- Korean Personal Information Protection Act (PIPA)

- Act on Promotion of Information and Communications Network Utilization and Information Protection (Network Act)

2. Data Controller Information

EU Operations:

- [EU Legal Entity Name]

- [EU Address]

- Data Protection Officer: [Name]

- Email: dpo@choiandchoi.com

Korean Operations:

- [Korean Legal Entity Name]

- [Korean Address]

- Personal Information Manager: [Name]

- Email: privacy@choiandchoi.com

3. Information We Collect

3.1. Account Information:

- Full name

- Email address

- Phone number

- Shipping address

- Billing address

- Date of birth

- Password (encrypted)

3.2. Transaction Information:

- Purchase history

- Payment information

- Shipping preferences

- Art preferences

- Bidding history

3.3. Technical Information:

- IP address

- Browser type

- Device information

- Cookies

- Log data

- Location data

3.4. Communication Information:

- Customer service correspondence

- Newsletter preferences

- Gallery event participation

- Artwork inquiries

4. Legal Basis for Processing (EU)

We process your data under the following legal bases:

4.1. Contract Performance:

- Processing orders

- Managing your account

- Providing customer service

4.2. Legal Obligations:

- Tax compliance

- Anti-money laundering checks

- Art authenticity documentation

4.3. Legitimate Interests:

- Fraud prevention

- Website security

- Business analytics

4.4. Consent:

- Marketing communications

- Cookie usage

- Profile analysis

5. Purpose of Collection (Korea)

As required by PIPA, we specify the following purposes:

5.1. Required Purposes:

- User identification and authentication

- Order processing and fulfillment

- Legal compliance and verification

- Customer support

5.2. Optional Purposes:

- Marketing communications

- Art preference analysis

- Event invitations

- Market research

6. Data Retention

6.1. Account Information:

- Active accounts: Duration of account

- Closed accounts: 30 days post-closure

6.2. Transaction Records:

- EU: 7 years (tax requirements)

- Korea: 5 years (tax requirements)

6.3. Marketing Data:

- Until consent withdrawal

- Reviewed annually

6.4. Technical Data:

- Log files: 90 days

- Analytics: 26 months

7. Data Sharing and Recipients

7.1. Service Providers:

- Payment processors

- Shipping companies

- Cloud storage providers

- Analytics services

7.2. Legal Requirements:

- Government authorities

- Law enforcement

- Tax authorities

- Art authentication bodies

7.3. Third-Party Sharing:

- Only with explicit consent

- Anonymized data for analytics

- No sale of personal data

8. International Data Transfers

8.1. Transfer Mechanisms:

- EU Standard Contractual Clauses

- Korean Data Export Compliance

- Adequate security measures

8.2. Data Storage Locations:

- EU data: EU servers

- Korean data: Korean servers

- Backup: Certified secure facilities

9. Your Rights

9.1. EU Rights (GDPR):

- Access your data

- Rectification

- Erasure ("right to be forgotten")

- Data portability

- Restrict processing

- Object to processing

- Withdraw consent

9.2. Korean Rights (PIPA):

- Access personal information

- Correction of errors

- Deletion request

- Processing suspension

- Consent withdrawal

10. Data Security

10.1. Technical Measures:

- SSL/TLS encryption

- Firewalls

- Access controls

- Regular security audits

- Intrusion detection

- Database encryption

10.2. Organizational Measures:

- Staff training

- Access limitations

- Security policies

- Incident response plan

- Regular assessments

11. Cookies and Tracking

11.1. Essential Cookies:

- Session management

- Security features

- Cart functionality

11.2. Optional Cookies:

- Analytics

- Preferences

- Marketing

11.3. Control Options:

- Browser settings

- Cookie preferences center

- Opt-out mechanisms

12. Children's Privacy

12.1. Age Restrictions:

- EU: No processing under 16

- Korea: No processing under 14

12.2. Verification:

- Age verification systems

- Parental consent mechanism

- Account deletion if underage

13. Marketing Communications

13.1. Consent Requirements:

- Explicit opt-in

- Clear purpose description

- Easy unsubscribe option

13.2. Communication Channels:

- Email

- SMS (with consent)

- Postal mail

- Art event invitations

14. Data Breach Procedures

14.1. EU Notification:

- DPA within 72 hours

- Affected users without delay

- Detailed incident report

14.2. Korean Notification:

- PIPC without delay

- Affected users within 24 hours

- Required breach details

15. Updates to Privacy Policy

15.1. Regular Reviews:

- Annual policy review

- Compliance updates

- Technical changes

15.2. Notification:

- Email for significant changes

- Website notice

- 30-day advance notice

16. Contact Information

Last Updated: November 14, 2024

WELCOME TO CHOIANDCHOI STORE