Privacy Policy & Secure Checkout | Sergio Aranda Art Studio

Privacy Policy
Last Updated: June 1, 2026
The e-shop on the website www.sergioaranda.shop (operated by Sergio Aranda, independent contemporary artist based in Barcelona, Spain) processes personal data provided by the Customer to fulfill, confirm, and execute the official Terms and Conditions, process electronic orders, manage international shipments, and maintain necessary communication during the period required by global law.
1. General Provisions & Controller Identity
  1. The personal data controller, in absolute compliance with the General Data Protection Regulation (hereinafter referred to as „GDPR“ and global e-commerce privacy standards), is Sergio Aranda, based in Barcelona, Spain.
  2. The direct contact details of the Controller are:
    • E-mail: sergioaranda.artist@gmail.com
  3. Personal data refers to any information that relates to an identified or identifiable natural person who visits or purchases from our gallery platform.
2. The Source & Collection of Personal Data
  1. The Controller processes personal data obtained with explicit consent from the Customer, collected securely through the contract to purchase and the fulfillment of the electronic order created in the e-shop www.sergioaranda.shop.
  2. The Controller processes only the identifying, transactional, and contact details of the Customer which are strictly indispensable for the clean fulfillment of the purchase contract.
  3. The Controller processes personal data exclusively for international shipping logistics, secure accounting purposes, legal tax compliance, and essential customer support communication. Personal data will never be made public, sold, or transferred to unauthorized third parties.
3. Purpose of Data Processing
The Controller processes personal data of the Customer for the following verified purposes:
  1. Secure account registration and guest checkout tracking on the website www.sergioaranda.shop in full compliance with Chapter 4, Section 2 of the GDPR.
  2. For the flawless logistical fulfillment of the electronic order created by the Customer (requiring legal name, shipping address, billing address, e-mail, and telephone number).
  3. To observe international laws, customs clearings, and anti-fraud regulations arising from the contractual relationship between the Customer and the Controller.
  4. Execution of mandatory transaction communications, order receipts, and delivery tracking updates.
4. Duration of Personal Data Storage
  1. The Controller stores personal data safely only for the period necessary for the absolute fulfillment of rights and obligations arising from the contractual relationship between the Controller and the Customer, extending for a legal duration of 3 years following the successful conclusion of the transaction.
  2. The Controller must permanently delete or anonymize all personal data after the expiration of the period required for the legal storage of data.
5. Trusted Third-Party Processors & Subcontractors
To execute a gallery-grade international transaction, the services of highly secure subcontractors are indispensable. Third parties processing personal data of the Customer act under strict confidentiality guidelines.
The authorized subcontractors of the Controller are:
  • Shopify (Our secure e-commerce hosting system and encrypted checkout architecture).
  • DHL Express & FedEx (Our certified priority international art couriers used for insured global shipping).
  • Judge.me (Our official verified application used to manage customer reviews and satisfaction ratings).
  • Google Analytics (Used purely for internal website optimization and traffic performance monitoring).
6. Legal Rights of the Customer
In compliance with global data regulations, every Customer is fully entitled to:
  1. The right of access to their personal data.
  2. The right to rectification of any inaccurate personal data.
  3. The right to erasure ("the right to be forgotten").
  4. The right to object to or restrict the processing of personal data.
  5. The right to data portability.
  6. The right to withdraw consent to data processing at any moment in writing via e-mail sent directly to: sergioaranda.artist@gmail.com.
  7. The right to lodge a complaint with the proper supervisory authority if a breach of regulation is suspected.
7. Absolute Security of Personal Data
  1. The Controller declares to take all necessary technical, digital, and organizational precautions for the premium protection of the Customer's personal data.
  2. The Controller utilizes Shopify’s advanced SSL-encrypted connection brackets to secure all data storage spaces, protecting checkout channels, enforcing password access, using professional antivirus firewalls, and performing regular local software maintenance.
8. Final Provisions
  1. By placing an electronic order on the website www.sergioaranda.shop, the Customer confirms to be fully informed about all conditions of personal data protection and accepts them to their full extent.
  2. The Customer accepts these transparent rules by ticking the mandatory consent checkbox in the final order purchase form before submitting payment.
  3. The Controller reserves the right to update these Rules to adapt to new international legislations. The current version will always be publicly displayed here.
These Rules officially come into effect and are fully active as of June 1, 2026.

Contact form