Privacy Policy
1. Introduction
The McGilloway Gallery (“we”, “our”, or “us”) is committed to safeguarding your privacy and ensuring that your personal data is handled with the highest standard of data protection and transparency. We understand the importance of privacy in the digital age and prioritize the security and lawful processing of your personal information as you engage with our website, located at themcgillowaygallery.com.
This Privacy Policy outlines how we collect, use, disclose, and protect personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant legislation.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data collected through our website, themcgillowaygallery.com, and associated digital services. The McGilloway Gallery acts as the “data controller” under applicable data protection laws, meaning we determine the purposes and means of processing your personal data.
By engaging with our website, you acknowledge that you have read and understood this policy.
3. Categories of Data Processed
We may process the following categories of personal data:
– Usage Data: Information about how you use our website, including IP address, browser type, device type, operating system, referring URLs, and session length.
– Account Data: Information you provide when you register or create an account, including your full name, mailing address, email address, and telephone number.
– Profile Data: Your preferences, purchase history, browsing habits, and any personalized settings or behavioral data gathered during your interaction with our services.
– Communication Data: Correspondence records you submit through contact forms, customer service requests, email communications, or support logs.
– Technical Data: Details about your technological environment, such as device identifiers, system configurations, screen resolution, and connectivity status.
– Transaction Data: Payment and purchase history, billing address, and shipping details, processed securely through our dedicated third-party payment processors.
– Preference Data: Your marketing and communication preferences, product interest selections, and opt-in or opt-out choices regarding data use.
4. Legal Bases for Processing
We process personal data solely under lawful bases established by applicable legislation. These bases include:
– Consent: Where you have explicitly given informed, clear consent to the processing of your personal data for specific purposes (e.g. newsletter subscription).
– Contractual Necessity: Where processing is required to fulfill or enter into a contract with you (e.g. processing your orders or account registrations).
– Legal Obligation: Where we are required to comply with a legal obligation (e.g. tax records).
– Legitimate Interests: Where processing is necessary for our legitimate interests—such as improving website performance, customer engagement, or fraud prevention—provided such interests do not override your fundamental rights and freedoms.
5. Your Rights
Subject to applicable law, you have the following rights with respect to your personal data:
– Right of Access: You may request confirmation regarding whether we hold personal data about you and obtain a copy of that data.
– Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
– Right to Erasure: You may request deletion of your personal data under certain circumstances, such as when the data is no longer necessary or has been unlawfully processed.
– Right to Restriction: You may request that we limit the processing of your personal data under specific situations (e.g. pending review of an accuracy challenge).
– Right to Data Portability: You are entitled to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller where technically feasible.
– Right to Object: You may object to processing based on our legitimate interests or for direct marketing purposes at any time.
To exercise any of these rights, please contact us at [email protected]. We reserve the right to request verification of your identity before processing your request in accordance with legal requirements.
6. Security Measures
We employ appropriate technical and organizational measures to ensure the security and confidentiality of personal data. These include:
– Data encryption in transit and at rest
– Firewall and intrusion detection systems
– Role-based access control and multi-factor authentication
– Secure data backups and business continuity protocols
– Staff training on data protection awareness and secure handling practices
While we implement and maintain robust protections, no system is entirely immune to risk. We advise users to take reasonable precautions when transmitting data over the Internet.
7. International Transfers
When personal data is transferred outside of the jurisdiction in which it was collected (e.g., transfers to data processing partners located in other countries), we ensure appropriate safeguards are in place. These may include Standard Contractual Clauses approved by the European Commission or other legally recognized data protection mechanisms.
For California residents, we do not sell your personal data as defined under the CCPA.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, regulatory, accounting, or reporting obligations. Retention periods are as follows, unless extended by legal necessity:
– Usage Data: 12 months
– Account Data: Active duration of account + 5 years
– Profile and Communication Data: 3 years following last interaction
– Technical and Transaction Data: 7 years for transactional data (for tax/audit purposes)
– Preference Data: Until consent is withdrawn or updated
Anonymized and aggregated data may be stored indefinitely without further notice.
9. Cookie Policy
We use cookies and similar technologies on themcgillowaygallery.com to enhance your experience and analyze website traffic. Cookies fall into the following categories:
– Essential Cookies: Required for core functionality such as authentication, navigation, and security.
– Functional Cookies: Remember user preferences and provide customized features.
– Analytics Cookies: Help us understand traffic patterns and user behavior, improving site performance.
– Performance Cookies: Monitor page load speeds and technical system issues to ensure optimal browsing.
10. Cookie Management & GDPR/CCPA Compliance
You have the right to manage your cookie settings at any time. On first visit and periodically thereafter, you will be presented with a cookie consent banner giving you full control to accept, reject, or customize cookie use, in compliance with GDPR and CCPA requirements.
You may also adjust your browser settings to refuse cookies or alert you to their presence. Be aware that limiting cookies may affect certain features and functionality of the website.
11. Children’s Privacy
The McGilloway Gallery does not knowingly collect or solicit personal data from individuals under the age of 13. If we learn that we have inadvertently gathered data from a child without verifiable parental consent, we will take appropriate steps to delete such data promptly. If you believe we may have such information, please contact us at [email protected].
12. Policy Updates & Notifications
We reserve the right to revise or update this Privacy Policy at our discretion. Any material changes will be posted on themcgillowaygallery.com and, where applicable, communicated directly to users via email or site notifications. Continued use of the website after changes signals your acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or complaints regarding this Privacy Policy or our data practices, you may contact us at:
We are committed to ensuring full compliance with data protection laws and protecting the rights and freedoms of all individuals whose data we process.