Privacy Policy

 

Gary Taxali (“we” or “us”) is committed to protecting your privacy. We value your trust and recognize that maintaining this trust requires that we be open and accountable in how we handle the personal information that you choose to share with us. We do not trade, rent, or sell your personal information.

This Privacy Policy applies to both garytaxali.com (the artist website) and shop.garytaxali.com (our online shop for art, prints, and merchandise). We comply with Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and Canada’s Anti-Spam Legislation (CASL).

What our privacy policy covers

This policy describes how we collect, use, and share personal information. Personal information means information about an identifiable individual. Business contact information is not considered personal information under Canadian law. This policy applies to Gary Taxali and to any service providers acting on our behalf.

What we collect

We collect personal information that you provide to us directly, such as when you:

  • purchase artwork, prints, or merchandise through our online shop
  • register for an account on our shop
  • subscribe to our newsletter or marketing emails
  • contact us with an inquiry or request
  • engage with us on social media
  • enter a contest, event, or promotion

Examples of information we may collect include your name, address, phone number, email, payment and billing information, and order details.

When you visit our websites, we also automatically collect technical information such as your IP address, browser type, operating system, referring URLs, and browsing activity using cookies and analytics tools (such as Google Analytics). For more information, see Google’s privacy policy.

If you leave a comment, we collect the data you enter along with your IP address and browser user agent string to help detect spam. An anonymized string of your email address may be sent to the Gravatar service to display an avatar if you use it.

If you upload images, please avoid including embedded location data (EXIF GPS), as visitors may download and extract such data.

Cookies

We use cookies to enhance your browsing experience and provide essential shop functionality. Cookies may be used to:

  • remember items in your shopping cart (WooCommerce)
  • maintain your login session
  • remember your display and language preferences
  • track usage for analytics and site performance

You can disable cookies in your browser settings, but some site features (such as checkout) may not function properly.

Payments

Payments on shop.garytaxali.com are processed securely by Stripe and PayPal. When you complete a purchase:

  • Payment details (such as credit card numbers) are sent directly to Stripe or PayPal over an encrypted connection.
  • We do not receive or store your full card number or CVV.
  • We may receive limited details such as your billing address, payment confirmation, card brand, or the last four digits of your card for record-keeping.

Both Stripe and PayPal may process data outside Canada and are subject to their own privacy policies.

How we use your personal information

We use your information to:

  • process and fulfill orders, returns, and customer support requests
  • send order confirmations, shipping updates, and account notices
  • improve our websites, services, and user experience
  • protect against fraud, unauthorized transactions, and security risks
  • send newsletters and marketing communications if you have opted in (unsubscribe anytime)
  • comply with legal, tax, and regulatory obligations

How we share your personal information

We do not sell or rent your personal information. We may share it only with:

  • trusted service providers (such as shipping carriers, payment processors, newsletter/email providers, and analytics providers) to perform services on our behalf
  • law enforcement or regulators where required by law or to protect rights, safety, or security
  • successors in a business transaction, such as a merger or sale of assets, subject to this policy’s protections

Protecting your personal information

We take reasonable administrative, technical, and physical measures to protect your personal information. Employees and service providers who have access to your data are required to keep it confidential. Our payment systems are PCI compliant. However, no method of online transmission or storage is completely secure.

Transfers outside Canada

Some of our service providers (such as Stripe, PayPal, and Google) may store or process personal information outside Canada, including in the United States. While your data is outside Canada, it may be subject to foreign laws. We take steps to ensure your information remains protected under this policy.

Consent

By providing personal information to us, you consent to our collection, use, and disclosure of it as described in this policy. You may withdraw your consent at any time, subject to legal or contractual restrictions. To withdraw consent, please contact us at [email protected].

Retention of personal information

We retain personal information only as long as necessary for the purposes described here and as required by law. When no longer needed, we securely delete or anonymize the information.

Accuracy and access

We aim to keep personal information accurate and up to date. You may request access to, or correction of, your personal information by contacting us. We may need to verify your identity before granting access or making changes.

Children under the age of 14

Our websites are not directed to children under 14. We do not knowingly collect personal information from children. If you believe your child has provided us with personal information without your consent, please contact us immediately and we will remove it.

Contact us

If you have questions about this Privacy Policy, our privacy practices, or to exercise your privacy rights, please contact us:

Email: [email protected]
Website: garytaxali.com | shop.garytaxali.com

Changes to this policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. The effective date at the top indicates the most recent version. By continuing to use our websites, you agree to the updated policy.

Log Data

When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.

Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.

Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.

Business Transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.

Do Not Track

Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browser “Do Not Track” signals.

We adhere to the standards outlined in this privacy policy, ensuring we collect and process personal information lawfully, fairly, transparently, and with legitimate, legal reasons for doing so.

Text Message Communications

When you contact us by text message (Short Message Service – SMS), we may collect your personal information, such as your mobile phone number and the content of your message. We use this information solely to communicate with you regarding our services, manage coordination, and respond to related inquiries.

We do not share mobile phone numbers, text messaging originator data, or text messaging consent data with third parties or affiliates, excluding aggregators and providers of the text message services.

Additional Disclosures for U.S. States Privacy Law Compliance

The following section includes provisions that comply with the privacy laws of these states (California, Colorado, Delaware, Florida, Virginia, and Utah) and is applicable only to the residents of those states.

California Privacy Laws – CCPA

Under California Civil Code Section 1798.83, if you live in California and your business relationship with us is mainly for personal, family, or household purposes, you may ask us about the information we release to other organizations for their marketing purposes. In accordance with your right to non-discrimination, we may offer you certain financial incentives permitted by the California Consumer Privacy Act, and the California Privacy Rights Act (collectively, CCPA) that can result in different prices, rates, or quality levels for the goods or services we provide. Any CCPA-permitted financial incentive we offer will reasonably relate to the value of your personal information, and we will provide written terms that describe clearly the nature of such an offer. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

To make such a request, please contact us using the details provided in this privacy policy with “Request for California privacy information” in the subject line. You may make this type of request once every calendar year.

California Notice of Collection

In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA:

  • Identifiers, such as name, email address, phone number, account name, IP address, and an ID or number assigned to your account.
  • Customer records, such as billing and shipping address, and credit or debit card data.
  • Commercial information, such as products or services history and purchases.
  • Internet activity, such as your interactions with our service.
  • Geolocation data.
  • Inferences, such as information about your interests, preferences and favorites.

Right to Know and Delete

You have rights to delete your personal information we collected and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about you we disclosed for a business purpose or sold;
  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
  • The business or commercial purpose for collecting or selling the personal information; and
  • The specific pieces of personal information we have collected about you.

To exercise any of these rights, please contact us using the details provided in this privacy policy.

Additional Disclosures for General Data Protection Regulation (GDPR) Compliance (EU)

Data Controller / Data Processor

The GDPR distinguishes between organizations that process personal information for their own purposes (known as “data controllers”) and organizations that process personal information on behalf of other organizations (known as “data processors”). We, Gary Taxali, located at the address provided in our Contact Us section, are a Data Controller and/or Processor with respect to the personal information you provide to us.

Legal Bases for Processing Your Personal Information

We will only collect and use your personal information when we have a legal right to do so. In which case, we will collect and use your personal information lawfully, fairly, and in a transparent manner. If we seek your consent to process your personal information, and you are under 16 years of age, we will seek your parent or legal guardian’s consent to process your personal information for that specific purpose.

Our lawful bases depend on the services you use and how you use them. This means we only collect and use your information on the following grounds:

  • Consent From You: Where you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time; however this will not affect any use of your information that has already taken place.
  • Performance of a Contract or Transaction: Where you have entered into a contract or transaction with us, or in order to take preparatory steps prior to our entering into a contract or transaction with you.
  • Our Legitimate Interests: Where we assess it is necessary for our legitimate interests, such as for us to provide, operate, improve and communicate our services.
  • Compliance With the Law: In some cases, we may have a legal obligation to use or keep your personal information.

International Transfers Outside of the European Economic Area (EEA)

We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.

Your Rights Under GDPR

  • Restrict: You have the right to request that we restrict the processing of your personal information.
  • Objecting to processing: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest.
  • Data portability: You may have the right to request a copy of the personal information we hold about you in CSV format or other easily readable machine format.
  • Deletion: You may have a right to request that we delete the personal information we hold about you at any time.

Additional Disclosures for UK General Data Protection Regulation (UK GDPR) Compliance

Data Controller / Data Processor

The GDPR distinguishes between organizations that process personal information for their own purposes (known as “data controllers”) and organizations that process personal information on behalf of other organizations (known as “data processors”). We, Gary Taxali, located at the address provided in our Contact Us section, are a Data Controller and/or Processor with respect to the personal information you provide to us.

Your Data Subject Rights Under UK GDPR

  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information.
  • Right to Object: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest.
  • Right to be Informed: You have the right to be informed with how your data is collected, processed, shared and stored.
  • Right of Access: You may request a copy of the personal information that we hold about you at any time. The statutory deadline for fulfilling a request is 30 calendar days.
  • Right to Erasure: In certain circumstances, you can ask for your personal data to be erased from the records held by organizations.
  • Right to Portability: You have the right to get some of your personal data in an accessible and machine-readable format.
  • Right to Rectification: If personal data is inaccurate, out of date, or incomplete, you have the right to correct, update or complete that data.

Notification of Data Breaches

Upon discovery of a data breach, we will investigate the incident and report it to the UK’s data protection regulator and yourself, if we deem it appropriate to do so.

Complaints

You have the right, at any time, to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

PIPEDA Ten Principles of Privacy

This privacy policy complies with PIPEDA’s requirements and ten principles of privacy:

  1. Accountability: Gary Taxali is responsible for the personal information under its control and will designate persons to ensure organizational accountability for compliance.
  2. Identifying purposes: We identify the purposes for which personal information is collected at or before the time the information is collected.
  3. Consent: Consent is required for collection, use or disclosure of personal information, except where required or permitted by PIPEDA or other law.
  4. Limiting collection: Personal information collected will be limited to that which is necessary for the purposes identified.
  5. Limiting use, disclosure and retention: We will not use or disclose personal information for purposes other than those for which the information was collected, except with your consent or as required by law.
  6. Accuracy: Personal information will be maintained in an accurate, complete and up-to-date format.
  7. Safeguards: We will protect personal information with security safeguards appropriate to the sensitivity of such information.
  8. Openness: We will make our policies and practices relating to the collection and management of personal information readily available upon request.
  9. Customer access: We will inform customers of the existence, use and disclosure of their personal information and will provide access.
  10. Challenging compliance: Customers are welcome to direct any questions concerning our compliance with this privacy policy.

Anti-Spam Legislation

Our email interactions with our customers are compliant with Canadian Anti-Spam Legislation. We do not send unsolicited email to persons with whom we have no relationship. We will not sell personal information, such as email addresses, to unrelated third parties.

Enquiries, Reports and Escalation

To enquire about Gary Taxali’s privacy policy, or to report violations of user privacy, you may contact us using the details in the Contact Us section.

If we fail to resolve your concern to your satisfaction, you may also contact the Office of the Privacy Commissioner of Canada:
30 Victoria Street, Gatineau, QC K1A 1H3
Toll Free: 1.800.282.1376
www.priv.gc.ca