Updated May 6, 2026

Karin Shoup Art ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at karinshoup.art (the "Site"), including when you make purchases or otherwise interact with us.

Please read this Privacy Policy carefully. By using the Site, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree, please do not use the Site.

This Privacy Policy is incorporated into and forms part of our Terms of Use. Capitalized terms not defined here have the meanings given in the Terms of Use.

1. Information We Collect

We collect information in the following ways:

1.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you:

•       Contact us via email or a contact form (name, email address, message content)

•       Create an account on the Site (name, email address, password)

•       Place a purchase order (name, billing address, shipping address, email address, phone number)

•       Subscribe to a newsletter or mailing list (name, email address)

•       Submit artwork inquiries, commission requests, or other correspondence

1.2 Information Collected Automatically

When you visit the Site, certain information may be collected automatically through cookies and similar technologies, including:

•       IP address and approximate geographic location

•       Browser type and version

•       Device type and operating system

•       Pages viewed and time spent on each page

•       Referring website or link

•       Date and time of your visit

•       Clickstream data and navigation paths through the Site

1.3 Payment Information

When e-commerce features are active, payment transactions will be processed by third-party payment processors (such as Stripe or PayPal). We do not collect, store, or have access to your full payment card numbers, CVV codes, or bank account details. Payment processors handle this data under their own privacy policies and security standards (e.g., PCI-DSS compliance).

1.4 Information from Third Parties

We may receive limited information about you from third-party sources, including:

•       Social media platforms (if you follow, share, or interact with our social media accounts)

•       Analytics providers (aggregated or anonymized usage data)

•       Payment processors (transaction confirmation details, but not full payment card data)

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Operate and Improve the Site

•       Displaying artwork and Site content

•       Analyzing usage patterns to improve Site performance and user experience

•       Diagnosing technical issues and ensuring Site security

2.2 To Process Transactions

•       Fulfilling artwork orders and processing payments

•       Communicating order confirmations, shipping updates, and receipts

•       Handling returns, exchanges, or customer service inquiries related to purchases

2.3 To Communicate with You

•       Responding to your messages, questions, and support requests

•       Sending newsletters, promotional emails, or updates about new artwork (only if you have opted in)

•       Notifying you of changes to the Site, these policies, or your account

2.4 Legal and Compliance Purposes

•       Complying with applicable laws, regulations, and legal processes

•       Enforcing our Terms of Use and other agreements

•       Protecting the rights, property, and safety of Karin Shoup Art, our users, and the public

•       Detecting, investigating, and preventing fraudulent transactions and other illegal activities

3. Legal Basis for Processing (EEA/UK Visitors)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:

•       Contract Performance: Processing necessary to fulfill a purchase order or respond to a pre-contractual inquiry

•       Legitimate Interests: Processing for analytics, fraud prevention, and Site security, where our interests are not overridden by your rights

•       Consent: Processing for marketing communications and non-essential cookies, where you have given us your prior consent

•       Legal Obligation: Processing required to comply with applicable law

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4. Cookies and Tracking Technologies

4.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. We and our third-party service providers may use cookies, web beacons, pixel tags, and similar tracking technologies to collect and store information about your visits to the Site.

4.2 Types of Cookies We Use

•       Strictly Necessary Cookies: Required for the Site to function (e.g., session management, security). These cannot be disabled.

•       Performance/Analytics Cookies: Help us understand how visitors use the Site (e.g., Google Analytics). These collect anonymized or aggregated data.

•       Functional Cookies: Remember your preferences (e.g., language settings, items in a shopping cart).

•       Marketing/Targeting Cookies: Used to deliver relevant advertising or track the effectiveness of marketing campaigns (only used if applicable third-party tools are active).

4.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse, delete, or be notified when cookies are set. Please note that disabling certain cookies may affect the functionality of the Site. For information on managing cookies, visit www.allaboutcookies.org.

5. Sharing and Disclosure of Your Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information in the following limited circumstances:

5.1 Service Providers

We engage trusted third-party vendors who perform services on our behalf, including:

•       Website hosting and infrastructure providers

•       Payment processors (e.g., Stripe, PayPal)

•       Email marketing and communications platforms

•       Analytics providers (e.g., Google Analytics)

•       Shipping and fulfillment partners

These providers are contractually obligated to use your data only as directed by us and in accordance with this Privacy Policy.

5.2 Legal Requirements

We may disclose your information if we believe in good faith that such disclosure is necessary to:

•       Comply with a legal obligation, court order, or governmental request

•       Enforce our Terms of Use or protect our rights

•       Prevent fraud, abuse, or harm to any person

•       Protect the security or integrity of the Site

5.3 Business Transfers

In the event of a merger, acquisition, sale of assets, or other business transaction involving Karin Shoup Art, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Site of any such change in ownership and any choices you may have regarding your information.

5.4 With Your Consent

We may share your information with third parties for any other purpose with your prior written consent.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention guidelines include:

•       Contact form submissions and general correspondence: Up to 3 years from last contact

•       Purchase and transaction records: Up to 7 years, as required for tax and accounting compliance

•       Account information: For the duration of your account plus 2 years following closure

•       Marketing opt-in records: Until you unsubscribe, plus 1 year for compliance documentation

•       Website analytics data: As configured by our analytics provider (typically 26 months)

When personal data is no longer needed, we will securely delete or anonymize it.

7. Your Rights and Choices

Depending on your location, you may have the following rights with respect to your personal information:

7.1 Access and Portability

You have the right to request a copy of the personal information we hold about you and, where technically feasible, to receive it in a structured, machine-readable format.

7.2 Correction

You have the right to request that we correct inaccurate or incomplete personal information.

7.3 Deletion

You have the right to request that we delete your personal information, subject to certain exceptions (e.g., where retention is required by law or necessary to complete a transaction).

7.4 Objection and Restriction

You may object to or request that we restrict the processing of your personal information in certain circumstances, including where processing is based on our legitimate interests.

7.5 Withdrawal of Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

7.6 Marketing Opt-Out

You may opt out of receiving marketing emails from us at any time by clicking the "unsubscribe" link in any marketing email or by contacting us directly. We will process your request promptly. Note that you may still receive transactional communications (e.g., order confirmations) even after opting out of marketing.

7.7 California Residents (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

•       The right to know what personal information we collect, use, disclose, and sell

•       The right to delete personal information we hold about you

•       The right to opt out of the sale or sharing of personal information (we do not sell personal information)

•       The right to non-discrimination for exercising your privacy rights

•       The right to correct inaccurate personal information

•       The right to limit the use of sensitive personal information

To exercise your California privacy rights, contact us using the information in Section 12. We will verify your identity before processing your request.

7.8 How to Submit a Request

To exercise any of the rights described above, please contact us at the email address provided in Section 12. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

8. Data Security

We take the security of your personal information seriously and implement reasonable administrative, technical, and physical safeguards to protect it from unauthorized access, disclosure, alteration, and destruction. Our security measures include:

•       Encrypted data transmission using SSL/TLS technology

•       Secure storage practices for any data we retain

•       Limiting access to personal information to authorized personnel who need it to perform their duties

•       Regular review of our information collection, storage, and processing practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you as required by applicable law.

9. Children's Privacy

The Site is not directed to children under the age of 13 (or 16 in the EEA/UK), and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under the applicable age threshold, we will take steps to delete it promptly. If you believe we have collected information from a child, please contact us immediately using the information in Section 12.

10. International Data Transfers

The Site is operated from Puerto Rico, a U.S. territory. If you are accessing the Site from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries whose data protection laws may differ from those in your country of residence.

If you are located in the EEA or UK, we rely on appropriate safeguards (such as Standard Contractual Clauses approved by the European Commission) when transferring your personal data to countries that have not received an adequacy decision from the relevant data protection authority. By using the Site, you consent to the transfer of your information to the United States and other countries as described in this Policy.

11. Third-Party Websites and Social Media

The Site may contain links to third-party websites, social media platforms, or embedded content (e.g., Instagram, Facebook, Pinterest). This Privacy Policy does not apply to those third-party sites or services. We encourage you to review the privacy policies of any third-party sites you visit, as we have no control over their data practices. Our inclusion of a link does not constitute an endorsement of those sites or their privacy practices.

12. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. When we make material changes, we will revise the Effective Date at the top of this page and, where appropriate, notify you by email or by a prominent notice on the Site. We encourage you to review this Privacy Policy periodically. Your continued use of the Site after any changes constitutes your acceptance of the updated Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Karin Shoup Art

Email:  karin@karinshoup.art

Website:  karinshoup.art

If you are located in the EEA or UK and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local supervisory authority (e.g., the Information Commissioner's Office in the UK, or the relevant data protection authority in your EU member state).