PRIVACY POLICY (GDPR)

Last updated: 27.02.2026

1. Controller

SILVERFINEART e.U.
Gerald Berghammer
Lindengasse 28/3, 1070 Vienna, Austria
Emaill: sales@silverfineart.com

2. Overview: What we process and why

We process personal data only to the extent necessary to operate this website, respond to inquiries, and perform contracts (orders), as well as for accounting and legal obligations. Where we use analytics and marketing technologies, we do so only based on your consent via our cookie banner.

3. Website access and server log data

When you access our website, technical data may be processed automatically (e.g., IP address, date/time of access, requested page/URL, browser type/version, operating system, referrer URL if applicable).

  • Purpose: website security, stability, troubleshooting, and protection against abuse.

  • Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

  • Retention: typically [7–30 days], unless longer storage is required for security-related investigation.

4. Contact requests

If you contact us (e.g., via email or a contact form), we process the data you provide (e.g., name, email address, message content, and any attachments).

  • Purpose: handling and replying to your request.

  • Legal basis: performance of pre-contractual measures / contract (Art. 6(1)(b) GDPR) and/or legitimate interests (Art. 6(1)(f) GDPR).

  • Retention: typically 6 months after the final communication, unless longer retention is necessary for legal claims.

5. Orders, customer accounts, and contract performance

When you place an order in our shop, we process the data needed to conclude and perform the contract, such as:

  • name, billing and shipping address

  • email address and (if provided) phone number

  • order details, invoices, communication regarding the order

  • payment confirmation and transaction details necessary for bookkeeping and customer service

  • Purpose: order processing, delivery, customer service, returns, invoicing, and accounting.

  • Legal basis: contract (Art. 6(1)(b) GDPR) and legal obligation (Art. 6(1)(c) GDPR) for statutory retention.

  • Retention: in line with statutory retention obligations (typically 7 years for accounting records in Austria), and longer where required for product liability/defense of legal claims.

6. Payments (Squarespace Payments)

We offer payment processing via Squarespace Payments. To process payments, payment-related data is transmitted to and processed by payment processing partners involved in the transaction. We receive confirmation of payment and the information necessary to fulfill the contract and comply with accounting requirements.

  • Purpose: processing payments, fraud prevention, chargebacks, and secure transaction handling.

  • Legal basis: contract (Art. 6(1)(b) GDPR) and legitimate interests (Art. 6(1)(f) GDPR) in secure payment processing.

  • Note: payment processing partners may process data under their own responsibility in accordance with their privacy notices, depending on the specific processing step.

7. Newsletter (Squarespace Email Campaigns) (only with consent)

If you subscribe to our newsletter, we process the data you provide (typically your email address and, if provided, your name).

  • Purpose: sending newsletters and marketing communications, measuring basic campaign performance (e.g., delivery, opens/clicks where enabled), and managing unsubscribes.

  • Legal basis: your consent (Art. 6(1)(a) GDPR).

  • Double opt-in: where applicable, we use a confirmation process to verify your subscription.

  • Withdrawal / unsubscribe: you can withdraw your consent at any time by clicking the unsubscribe link in any newsletter or by contacting us at sale@silverfineart.com. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

  • Retention: we store your subscription data until you unsubscribe/withdraw consent, and for a limited period thereafter to document consent and comply with legal requirements [e.g., up to 3 years for evidence of consent, if you choose].

8. Cookies and consent management

We use cookies and similar technologies.

  • Strictly necessary cookies: required for core website functions (e.g., security, shopping cart, checkout).

  • Optional cookies (analytics/marketing): used only if you give consent via our cookie banner.

You can manage or withdraw your consent at any time via the cookie banner / cookie settings (“Manage cookies” / “Cookie settings”). Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

Cookie details: Information on cookies used (categories, providers, purposes, and retention periods) is available in [your cookie settings panel / cookie list link].

9. Google Analytics (only with consent)

If you consent, we use Google Analytics to analyze website usage and improve our website. Google Analytics may process usage and device information (e.g., pages viewed, session duration, approximate location derived from IP address, device/browser information) and may set cookies.

  • Purpose: website analytics and improvement.

  • Legal basis: consent (Art. 6(1)(a) GDPR).

  • Withdrawal: anytime via cookie settings.

10. Meta Pixel (only with consent)

If you consent, we use the Meta Pixel to measure the effectiveness of advertising, build audiences, and optimize marketing. This may involve processing events such as page views or purchases and may set cookies.

  • Purpose: marketing measurement and optimization.

  • Legal basis: consent (Art. 6(1)(a) GDPR).

  • Withdrawal: anytime via cookie settings.

11. Recipients / service providers (processors)

We use service providers to operate our website and services. These providers may process personal data on our behalf as processors (Art. 28 GDPR), in particular for:

  • Website platform and hosting: Squarespace

  • E-commerce and checkout: Squarespace (Commerce)

  • Payments: Squarespace Payments and involved payment processing partners

  • Analytics (if consented): Google Analytics

  • Marketing measurement (if consented): Meta Pixel

  • Email marketing / newsletters (if consented): Squarespace Email Campaigns

We disclose data only to the extent necessary for the stated purposes.

12. International data transfers (outside the EEA)

Some of our service providers and technology partners may process data outside the European Economic Area (EEA), including in the United States. Where such transfers occur, we use appropriate safeguards under the GDPR (e.g., adequacy decisions where applicable and/or Standard Contractual Clauses) to ensure an adequate level of protection.

You can request further information about the safeguards by contacting us at sales@silverfineart.com.

13. Social media links and embedded content

Our website may contain links to social media pages (e.g., Instagram). If you click on such links, the respective platform processes data under its own responsibility.

If we embed third-party content (e.g., social feeds or videos), the provider may receive technical information (e.g., IP address) when the content loads. Where consent is required, such content will load only after you have given consent via cookie settings.

14. Your rights (data subject rights)

Under the GDPR, you have the right to:

  • access (Art. 15), rectification (Art. 16), erasure (Art. 17),

  • restriction (Art. 18), data portability (Art. 20),

  • objection (Art. 21), and

  • withdraw consent at any time (Art. 7(3)) where processing is based on consent.

To exercise your rights, contact sales@silverfineart.com.

You also have the right to lodge a complaint with a supervisory authority, in particular in Austria with the Austrian Data Protection Authority (Datenschutzbehörde).

15. Security

We apply appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure.