Understanding Your Privacy at ART-Kinsella

Discover how we prioritize your privacy and protect your personal information with our comprehensive policy.

Our Commitment to Your Privacy

At ART-Kinsella, we are dedicated to safeguarding your privacy. Our privacy policy outlines the methods we use to collect, utilize, and protect your personal data. We gather information through various means, including website interactions and purchases, to enhance your experience with our unique, handmade ceramics. We do not share your information with third parties without your explicit consent, ensuring your trust and confidence in our brand. For any concerns or inquiries regarding your data, please contact our support team.

This Privacy Policy explains how kinsella-art.com (“we”, “us”, “our”) collects, uses, discloses, and protects personal information when you visit this website, contact us, leave comments, subscribe to updates, or (if applicable) purchase ceramics through the site.

We are committed to complying with:

  • The EU General Data Protection Regulation (GDPR), where it applies to visitors located in the European Union/EEA, and
  • The Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as this business operates from Victoria, Australia.

If you have any questions about this policy or how your data is handled, contact us at:

Data controller: Alina Kinsella, trading as Kinsella Art

Location: Bendigo, Victoria, Australia

Email:

ABN 17619421692.

1. Who we are

Our website address is: https://www.kinsella-art.com. This site showcases and sells handmade ceramic work, and shares information about exhibitions, open calls, and studio practice.

2. What personal data we collect

Depending on how you interact with the site, we may collect:

When you contact us or enquire about work

  • Name, email address, and any information you include in a message (e.g. via a contact form or email link).

When you comment on a post

  • The content of the comment, your name/email/website if provided, your IP address, and browser user-agent string (used for spam detection).

When you subscribe to a newsletter or mailing list

  • Name and email address, and your engagement with emails (opens/clicks), via our email service provider.

When you purchase ceramic work through the site

  • Name, shipping/billing address, email, phone number (if provided), and order details.
  • Payment card details are collected and processed directly by our payment processor (Square) — we do not store your full card details on our servers.

Automatically, when you browse the site

  • IP address, browser type, device type, pages visited, and referral source, via cookies and/or analytics tools (see Section 5).

Images you upload

  • If you upload photos (e.g. in a comment or submission form), please note that image files can contain embedded location data (EXIF GPS). We recommend stripping this data before uploading, as visitors may be able to extract it from images published on the site.

3. Why we collect it and our legal basis (GDPR)

Purpose Legal basis under GDPR
Responding to enquiries Legitimate interest / pre-contractual steps at your request
Processing orders and payments Performance of a contract
Sending newsletters/marketing Consent (opt-in; withdrawable at any time)
Spam/fraud prevention on comments Legitimate interest
Site analytics Consent (where required by your cookie settings) or legitimate interest for essential analytics
Complying with tax/accounting law Legal obligation

Under Australian law, we collect only what is reasonably necessary for these business functions, consistent with APP 3.

4. Comments

When you leave a comment, we collect the content of the comment plus your IP address and browser user-agent string, to help identify spam.

We may send a one-way anonymised hash of your email address to the Gravatar service (operated by Automattic) to check whether you have a Gravatar profile picture. This only happens if you provide an email address when commenting, and Gravatar’s own privacy policy applies to that check: https://automattic.com/privacy/. If your comment is approved, your name and (if applicable) your Gravatar photo will be publicly visible alongside your comment.

Retention: Comments and associated metadata are retained for as long as the related post remains published, or until you request deletion, whichever is earlier, and in any case are reviewed at least every 24 months to remove content no longer needed. You may request removal of a comment at any time by contacting us.

5. Cookies

We use the following categories of cookies:

  • Strictly necessary cookies — e.g. to remember cookie consent choices, or (if you have a login) to keep you signed in. These cannot be disabled and do not require consent.
  • Functional cookies — e.g. to remember your name/email if you opt in when commenting, so you don’t need to re-enter them (retained for 1 year).
  • Login cookies (for user accounts) — login session cookies (2 days, or 2 weeks if “Remember Me” is selected) and screen-option cookies (1 year). Removed on logout.
  • Analytics cookies (Google Analytics) — used to understand site traffic.

Where consent is legally required for non-essential cookies (GDPR visitors), we will ask for it via a cookie banner before those cookies are set, and you can withdraw consent at any time via [cookie settings link / browser settings].

6.Embedded content from other websites

Pages on this site may include embedded content (e.g. YouTube videos, Instagram posts, maps, or images hosted elsewhere). Embedded content behaves exactly as if you had visited the other website directly — that third-party site may collect data about you, set its own cookies, and track your interaction with the embedded content, including if you’re logged into an account there. We do not control this and recommend reviewing the third party’s own privacy policy.

7. Data Share

We do not sell your personal data. We may share it with:

  • Service providers who process data on our behalf under contract, such as: our website host [name if known], email/newsletter provider [name], payment processor [name], and spam-filtering service.
  • Gravatar/Automattic, as described in Section 4.
  • If you request a password reset (where accounts exist), your IP address is included in the reset email for security purposes.
  • Legal or regulatory authorities, where required by law.

Some of these providers may be located outside the EU/Australia (e.g. the United States). Where this occurs for GDPR purposes, we rely on the provider’s Standard Contractual Clauses or equivalent safeguard; where relevant for Australian law, we take reasonable steps consistent with APP 8 before disclosing personal information overseas.

8. International transfers and GDPR territorial scope

While kinsella-art.com is operated from Australia, if you are located in the EU/EEA and are browsing this site, purchasing work, or being offered goods/services by us, GDPR may apply to that processing under Article 3(2).

9. How long we retain your data

  • Enquiry/contact form messages: retained for 24 months from last contact, then deleted unless an ongoing relationship (e.g. a commission or exhibition) requires longer retention.
  • Comments: as set out in Section 4.
  • Order/purchase records: retained for 7 years to meet Australian tax record-keeping obligations.
  • Newsletter subscriber data: retained until you unsubscribe.
  • Account data: retained while your account is active; deleted within 30 days of a verified deletion request, except where we’re legally required to keep it.

10. Your rights

If you are in the EU/EEA (GDPR): you have the right to access, rectify, erase, restrict, or object to our processing of your personal data, and the right to data portability and to withdraw consent at any time. You also have the right to lodge a complaint with your local data protection supervisory authority.

If you are in Australia (Privacy Act / APPs): you have the right to access and request correction of personal information we hold about you (APP 12–13). If you believe we have mishandled your personal information, you can contact us directly, and if unresolved, lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

For anyone, you may request a copy of the personal data we hold about you, or ask us to erase it, by contacting [email]. We will respond within one month (GDPR) / 30 days (Australia) unless the request is complex, in which case we will notify you of an extension. Some data may be retained where we have an overriding legal, administrative, or security obligation to keep it (e.g. tax records).

11. Children’s data

This website is not directed at children, and we do not knowingly collect personal information from children.

12. Data security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or misuse, including HTTPS encryption, restricted admin access, reputable third-party hosting, regular site maintenance. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

In the event of a data breach likely to result in risk to individuals, we will notify affected individuals and the relevant regulator (OAIC and/or applicable EU supervisory authority) as required by law.

13. Automated decision-making

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.

14. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will reflect the most recent revision. Continued use of the site after changes take effect constitutes acknowledgement of the updated policy.

15. Contact us

For any privacy-related question, access request, or complaint:

Email:

Postal address: Bendigo, Victoria, Australia

error: Content is protected !!