Xucymii - Custom Portrait Illustration & Artwork is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, protect, and handle your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.
We collect various types of information to provide and improve our custom portrait illustration and artwork services. The data we collect falls into several categories designed to enhance your experience while maintaining your privacy rights.
Your personal data is processed for legitimate business purposes related to providing custom portrait illustration and artwork services. We use your information to create personalized artwork, process orders, communicate about your projects, improve our services, and ensure secure transactions. We may also use aggregated, anonymized data for business analytics and service enhancement purposes.
Under GDPR, we process your personal data based on several legal grounds including contract performance when fulfilling your custom artwork orders, legitimate interests for business operations and service improvement, legal compliance for tax and regulatory requirements, and your explicit consent for marketing communications and optional services.
We do not sell, rent, or trade your personal information to third parties. We may share your data with trusted service providers who assist in order fulfillment, payment processing, and website functionality, all under strict confidentiality agreements. We may also disclose information when required by law, to protect our rights, or in connection with business transfers, always ensuring appropriate safeguards are in place.
As a data subject, you have comprehensive rights regarding your personal information. You can access your data to know what information we hold about you, request corrections to inaccurate or incomplete data, and request deletion of your personal information under certain circumstances. You also have the right to restrict processing, object to certain uses of your data, and request data portability to transfer your information to another service provider.
We implement robust security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our security protocols include encrypted data transmission, secure server infrastructure, regular security audits, access controls limiting data access to authorized personnel only, and secure backup procedures to prevent data loss.
We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Order information and artwork files are typically retained for seven years for business and legal purposes, while marketing data is kept until you withdraw consent or request deletion.
If we transfer your personal data outside the European Economic Area, we ensure appropriate safeguards are in place, including adequacy decisions by the European Commission or standard contractual clauses approved by the European Commission to protect your data rights.
Our website uses cookies and similar technologies to enhance user experience, analyze website performance, and provide personalized content. You can control cookie preferences through your browser settings, though disabling certain cookies may affect website functionality and your user experience.
Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly and terminate any associated accounts.
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will notify you of significant changes through website notices or email communications, and the updated policy will include the effective date of changes.
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay, providing clear information about the nature of the breach and steps being taken to address it.