This policy explains what personal information we collect when you use johndinanartist.com, why we collect it, and how it’s handled. We’re committed to keeping it minimal and treating it carefully.
Who we are
Data controller: John Dinan, sole trader, Cross, Co. Mayo, Ireland. Contact: hello@johndinanartist.com.
What we collect, and why
- When you buy a painting: name, email, shipping address, and payment method (handled by Stripe — we never see your card details). Used to fulfil your order and provide a Certificate of Authenticity.
- When you contact us: name, email, message contents. Used only to reply.
- When you join the mailing list: email address and the source page. Used only to email you about new paintings, workshops, or newsletters. Unsubscribe from any email.
- Site usage: anonymous, aggregated visitor metrics via Vercel Analytics. No cookies are set.
Legal basis
Processing is based on contract performance (orders), legitimate interest (replying to enquiries), and consent (the mailing list). You can withdraw consent at any time.
Who handles your data
We use a small set of trusted processors to run the site:
- Vercel (US/EU) — site hosting and analytics
- Neon (EU) — database for painting inventory and orders
- Vercel Blob (EU) — image storage
- Stripe (US/EU) — payment processing
- Resend (US) — transactional and mailing list email
- Cloudflare (global) — DNS and email routing
Each processor has its own privacy policy and uses standard contractual clauses for any transfers outside the EEA.
How long we keep it
Order records: seven years (Irish tax law). Mailing list: until you unsubscribe. Contact form messages: 12 months. Anonymous analytics: aggregated and not personal.
Your rights
Under GDPR you have the right to access, correct, delete, port, or restrict the use of your personal data. Email us at hello@johndinanartist.com and we’ll respond within one month. You also have the right to lodge a complaint with the Irish Data Protection Commission.