PRIVACY POLICY

Last Revised: May 31, 2021

INTRODUCTION

Privacy and security of your personal information are very important to us. This Privacy Policy describes how we, Caswell, Inc. (doing business as Caswell Sculpture), a corporation governed by the laws of the State of Oregon, USA (“Company,” ”we,” “our,” or “us”), collect, store, use, and disclose personal information (as defined below) of users of the website found at www.caswellsculpture.com or any service associated with it (collectively, “Website”)

We aim to limit our collection of personal information to only such personal information as required for legitimate purposes. We do not sell, rent, trade or otherwise disclose your personal information to third parties, other than as described in this Privacy Policy. We take appropriate security measures to protect your personal information and we respect your right to access your personal information or have it corrected or deleted, at your request. If you have any questions, or want to know exactly what personal information we keep about you, please contact us. All capitalized terms not defined herein are defined in our Terms & Conditions.

We may amend this Privacy Policy from time to time. We will post any changes to this Privacy Policy here so that you always know what information we gather, how we might use that information, and whether we will disclose that information to anyone. Please refer back to this Privacy Policy on a regular basis. By using the Website, you acknowledge that you accept the practices and policies outlined in this Privacy Policy and you hereby consent that we will collect, store, use, and disclose your personal information as outlined in this Privacy Policy. If you do not agree with any practices in this Privacy Policy, please stop using the Website.

PERSONAL INFORMATION COLLECTED THROUGH PLATFORM

Personal information,” also known as personal data or personally identifiable information, is any information related to an identifiable person. When you register for an Account, commission an Artwork, or fill out one of our questionnaires, we may collect the following personal information from you: Name, email, physical address, phone number, IP (Internet Protocol) address, and any personal information you choose to provide to us voluntarily.

NON-PERSONAL OR AGGREGATE INFORMATION WE MAY COLLECT

We may collect data which is non-personal, anonymous, or pseudonymous, including, but not limited to, time zone you are in, information on how you first heard about us, browser type, Website usage history, information regarding any URLs visited, number of logins, login times, time/date of login, data showing the effectiveness of promotional campaigns, ordering data, the type of device being used, data regarding use of the Artworks, other information related to customer surveys and/or offers, and any other information we are legally allowed to collect.

PURPOSES FOR WHICH WE USE INFORMATION ABOUT YOU

We only use information about you to support your experience throughout the Website or to communicate with you about our services. In particular, we collect information about you:

  • to recognize you as a registered user;
  • to respond to your inquiries or requests;
  • to provide customer support;
  • to process your orders and payments;
  • to conduct market research;
  • to comply with all applicable laws or if we are required by law or by a court order to do so;
  • to analyze non-personal or aggregate information for the sake of Website improvement; and
  • to transfer information in connection with the sale or merger or change of control of the Company.

We reserve the right to use and disclose non-personal information and anonymous aggregate statistics for any purpose and to any third party at our sole discretion.

PAYMENT PROCESSING

When you commission and Artwork from us, either via Website, phone, or email, we will collect payment details from you. Please, be aware that credit/debit cards payments are not processed on our servers. We use a third-party intermediary to manage payment processing and this intermediary is not permitted to store, retain, or use your billing information except to process your credit card information for purchases. You agree that any such third-party payment processing partner may store your encrypted credit card information on its own servers.

BUSINESS TRANSFERS

We may sell, transfer or otherwise share some or all of our assets, including your personal information, in connection with a merger, acquisition, reorganization, bankruptcy, or sale of assets.

WHAT WE DO NOT DO WITH PERSONAL INFORMATION WE GATHER

We do not disclose, sell, distribute, rent, lease or use any of any user’s personal information or pass on any such personal information to third parties, which are not our officers, directors, employees, business partners, affiliates, licensors, contractors, agents, or representatives, unless we have your permission or are required by law to do so.

FEEDBACK & REVIEWS

If you submit any feedback or review about the Website, our services, or an Artwork (“Feedback”), you hereby assign to the Company all rights in the Feedback and agree that the Company shall have the right to use such Feedback and related information in any manner it deems appropriate. We will treat any Feedback you provide to us as non-confidential and non-proprietary. You agree that you will not submit to us any information or ideas that you consider to be confidential or proprietary.

MINORS (CHILDREN) POLICY: MINIMUM AGE REQUIREMENT

We comply with the strictest laws that protect privacy of minors. Therefore, in order to register for an Account on the Website you must meet our minimum age requirements or obtain verifiable consent of your parent or legal guardian.

The minimum age requirement for:

  • the residents of all countries except the EU and EEA areas is set to 13 ( in compliance with COPPA and LGPD);
  • the residents of the EU and EEA areas is set to 16 (in compliance with GDPR).

Minors not meeting these age requirements may register for an Account on the Website only with the consent of a parent or a legal guardian. We do not knowingly collect or solicit personal information from anyone under these minimum age thresholds. If you are under a minimum age threshold, please do not send or share any information about yourself to us, or other users of the Website, including your name, address, telephone number, or email address. In the event that we learn that we have collected personal information from an individual under a minimum age threshold without the consent of a parent or legal guardian, we will delete that information as quickly as possible.

HOW LONG WE KEEP YOUR INFORMATION

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements) or up until such time when you withdraw your consent for processing it. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

DATA STORAGE

The data centers where we store your information are located in the United States. Please keep in mind that the data protection and privacy laws of the United States may not be as comprehensive as the laws in your country. For example, personal data transferred to the United States may be subject to lawful access requests by federal and state authorities in the United States. By providing your personal information, you consent to any transfer of your data and processing in accordance with this Privacy Policy.

SECURITY

The security of your information is very important to us. We apply all reasonable security measures and comply with the industry standards to protect your personal information (including, preventing the loss, misuse, unauthorized access, disclosure, alteration and destruction of your personal information).

Please be aware, however, that despite our efforts, no security measures are impenetrable. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Thus, while we strive to protect your personal information, we cannot ensure and do not warrant the security of any information you transmit to us.

YOUR RIGHTS UNDER GDPR

The European General Data Protection Regulation (“GDPR”) is a regulation in EU law on data protection and privacy for all natural persons accessing the Internet from the European Union and the European Economic Area, whatever their nationality or place of residence is. It also addresses the transfer of personal data outside the EU and EEA areas. Our collection, processing and protecting of personal information of those who access the Website from a European country, is compliant with GDPR.

If you are accessing and using the Website from the European Union and the European Economic Area, you have the following rights with regard to your personal information:

  1. the right to be informed about what kind of information about you is collected, stored, processed and disclosed by us (that is why we have compiled this Privacy Policy for you);
  2. the right of access (you can request us to provide you verbally or in writing with the type of information we store about you and we have a month to respond to your request);
  3. the right to rectify (amend/correct) any personal information about you that is inaccurate;
  4. the right to erasure (some conditions apply, see Data Retention section below);
  5. the right to restrict processing your personal information, however, if you restrict us from processing a part of your personal information that is essential to our provision of the Website, you may be asked to terminate your Account and stop using the Website;
  6. the right to data portability (the right to data portability allows users of the Website to obtain and reuse their personal information for their own purposes across different services; you may request us to transmit your personal information directly from our servers to another company’s servers and we will do so if it is technically feasible);
  7. the right to object (for example, you have an absolute right to stop us from using your personal information for direct marketing – read our opt-out instructions below; you may express your objection verbally or in writing and we have a month to respond to any such objection; we might still continue processing your personal information if we are able to show that we have a compelling reason for doing so);
  8. the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or that affects you significantly.

We represent and warrant that your personal information is:

  1. processed lawfully, fairly and transparently;
  2. collected only for specific legitimate purposes;
  3. collection of personal data is adequate, relevant and limited to what is necessary;
  4. accurate and kept up to date (with your help);
  5. stored only as long as is necessary; and
  6. is secure and kept in confidence.

Data Retention: Generally, your personal information will be erased when (i) it is no longer needed for its original processing purpose, (ii) you withdraw your consent for us to store by deleting your Account, (iii) there is no preferential justified reason for the processing of your personal information and you object to our processing of your personal information, or (iv) erasure of your personal information is required in order to fulfil a statutory obligation under the EU law or the right of the EU Member States. Therefore, we will make sure your personal information will be erased under all of the above-mentioned circumstances. You may request us to erase your personal information verbally or in writing and we have one (1) month to respond to any such request.

Data Breach Notification: Should there be a personal data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we will notify you and appropriate supervisory authority without undue delay and, where feasible, not later than seventy-two (72) hours after having become aware of it.

YOUR RIGHTS UNDER LGPD

Lei Geral de Proteção de Dados (“LGPD”) is the Brazilian general data protection law, which applies to businesses that process the personal data of users located in Brazil. LGPD establishes rules on collecting, handling, storing and sharing of personal data managed by organizations.

According to the article 18 of LGPD, individuals have the following nine rights over their data processing:

  1. The right to receive a confirmation about processing of their personal data;

  2. The right to access their personal data;
  3. The right to correct incomplete, inaccurate or out-of-date personal data;
  4. The right to anonymize, block or delete unnecessary or excessive data or data processed in noncompliance with the provisions of LGPD;
  5. The right of portability of the data to another service or product provider, by means of an express request and subject to commercial and industrial secrecy, pursuant to the regulation of the controlling agency;
  6. The right to delete their personal data;
  7. The right to know who their data is being shared with (e.g., third parties, sub-processors, public, and private entities);
  8. The right to know how to deny consent and what would be the consequences of denying consent to collect personal data; and
  9. The right to revoke consent.

The Company has appointed a Data Protection Officer (DPO), who will receive requests and complaints, and who will communicate with Website users and local authorities (as and when required under LGPD). If you are located in Brazil, you may exercise any of the above rights by contacting Company’s DPO, whose contact information you will find at the bottom of this Privacy Policy.

MARKETING EMAILS, OTHER COMMUNICATIONS & OPT-OUT OPTION

With your consent you will receive updates, newsletters, surveys, offers, ads and other promotional materials from us via your email. You may indicate a preference to stop receiving further communications or notifications from us by following the unsubscribe link provided in the email you receive. Despite your indicated preferences, we may send you service related communication, including notices of any updates to Website’s Terms & Conditions, Privacy Policy, or other statements.

COOKIES POLICY

This Cookie Policy provides information about our use of cookies in connection with your use of and interaction with our Website.

A “cookie” is a small piece of data sent along with pages of a website and stored by the user’s web browser on the user’s computer or mobile device. Cookies were designed to be a reliable mechanism for websites to remember certain information (such as items added in a shopping cart) or to record a user’s browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). Cookies are intended to help you access a website faster and more efficiently, because they can store information to help you enter a website without having to log in. In effect, cookies tell the website that your browser has been to the website before. It does not need to know your exact identity. Cookies can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit card numbers.

Browsers may accept or reject cookies automatically but allow you to change these settings. The help menu on most browsers will tell you how to change your browser’s settings and how to have the browser notify you when you receive a new cookie, and how to disable cookies all together. You can also disable or delete cookies you have previously accepted if you wish to.

Like many other websites, we also use cookies on our Website. By using the Website, you agree that we may set cookies listed below. These cookies ensure that certain parts of the Website work properly and that your user preferences remain known. You do have the right to opt-out and to object against the further use of any cookies. However if you do so, please keep in mind that our Website may no longer function properly for you.

The following are examples of cookies that may be used on our Website:

a) Strictly necessary cookies. These cookies are essential in order to enable you to move around the Website and use its features.

b) Performance/analytic cookies. These cookies collect data about how visitors use our Website, including the country from which the visitor is accessing the Website. They allow us to recognize and count the number of visitors and to see how visitors move around the Website when they are using it. 

c) Functionality cookies. These are used to recognize you when you return to our Website. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

CONTACT US

If you would like to exercise any of the above rights or learn more about this Privacy Policy, please contact us.

Data Protection Officer: Alison Caswell
Email: info@caswellsculpture.com
Phone: + 1 (503) 502-7756