Privacy Policy

Last updated: January 2025

1. Data Controller

Summit Harmony (Hong Kong) is the data controller responsible for your personal data. For privacy-related inquiries, contact us at hello@summit-harmony.com.

2. Data We Collect

We may collect the following categories of personal data:

  • Identity Data: name, username
  • Contact Data: email address, phone number, shipping address
  • Transaction Data: purchase history, invoice records
  • Technical Data: IP address, browser type, device information, cookies
  • Communication Data: correspondence and inquiries

3. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Consent: where you have given explicit consent (e.g., marketing communications, cookies)
  • Contractual Necessity: to fulfill a purchase or service agreement
  • Legal Obligation: to comply with applicable laws and regulations
  • Legitimate Interests: to improve our services and website, provided your rights do not override these interests

4. How We Use Your Data

We use your data for the following purposes:

  • Processing and fulfilling art purchases and shipments
  • Responding to inquiries and providing customer support
  • Sending updates about artworks, artists, and gallery events (with consent)
  • Improving our website and user experience
  • Complying with legal and regulatory obligations
  • Preventing fraud and ensuring transaction security

5. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy. Generally:

  • Contact and identity data: 24 months after last interaction
  • Transaction records: 7 years (legal obligation)
  • Cookie data: as specified in our Cookie section below

6. Your GDPR Rights

Under the General Data Protection Regulation, you have the following rights:

  • Right to Access: request a copy of your personal data
  • Right to Rectification: correct inaccurate or incomplete data
  • Right to Erasure: request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: limit how we use your data
  • Right to Data Portability: receive your data in a structured format
  • Right to Object: object to processing based on legitimate interests or direct marketing
  • Right to Withdraw Consent: withdraw consent at any time without affecting lawfulness of prior processing
  • Right to Lodge a Complaint: file a complaint with your local data protection authority

To exercise any of these rights, contact us at andyxia@summit-harmony.com.

7. Cookies

Our website uses cookies and similar tracking technologies. Cookies are small text files stored on your device. We use:

  • Essential Cookies: required for the website to function properly
  • Analytics Cookies: Google Analytics to understand how visitors interact with our site

You can manage cookie preferences through your browser settings. Google Analytics data is anonymized where possible. You may opt out of Google Analytics by installing the Google Analytics opt-out browser add-on.

8. Third-Party Services

We may use the following third-party service providers who process your data under our instruction:

  • Google Analytics (web analytics)
  • Email communication services
  • Payment processing partners
  • Shipping and logistics providers

All third-party providers are contractually obligated to protect your data and comply with GDPR.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including SSL encryption, secure servers, and access controls. No method of transmission over the Internet is 100% secure, but we strive to protect your data using commercially acceptable means.

11. Children's Data

Our website is not intended for individuals under 16 years of age. We do not knowingly collect personal data from minors.

12. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Significant changes will be communicated via email or a prominent notice on our website.

13. Complaints

If you believe we have not complied with data protection laws, you have the right to lodge a complaint with your local data protection supervisory authority. We encourage you to contact us first so we can resolve any concerns.