Privacy Policy

Privacy Policy

Effective date: 3 February 2026
Last updated: 3 February 2026

1) Who we are

SpectrArt Limited (“SpectrArt”, “we”, “us”) is a fine art printmaker and framer based in Hong Kong providing fine art printing, custom framing, and installation services.
Our website is: https://spectrart.com.

Contact (privacy enquiries)
Email: [email protected] | Phone: +852 3468 6020 | Hours: Mon–Fri 10:00–18:00 (UTC+8), by appointment only.

2) Scope and applicable laws

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our website, contact us, create an account, subscribe to marketing updates, or purchase from our online shop.
If you are located in the EU/EEA/UK, we provide the information typically required where personal data is collected from you (GDPR Article 13-type transparency), and we describe legal bases and rights in Sections 6 and 12.

3) What personal data we collect

We do not collect personal data from visitors unless you choose to provide it (for example by placing an order, creating an account, subscribing, leaving a comment, or contacting us).

Depending on your use of the site, we may collect:

  • Identity and contact data: name, email address, phone number.
  • Account/profile data (registered users): information stored in your WordPress user profile.Order data (e-commerce): billing and shipping address, purchased items, order totals, delivery notes, invoices/receipts, and order-related messages.
  • Payment-related data: transaction status and payment references; payment card details are processed by your chosen payment provider (e.g., Stripe or PayPal) rather than stored by us.
  • Marketing/CRM data: subscription status, preferences, segmentation (lists/tags) and campaign interaction data used for email campaigns and marketing analysis.
  • Comments data: the information you enter in the comment form.
  • Technical data: IP address and browser user-agent string (primarily for security and spam prevention).

4) How we collect data

We collect personal data when you:

  • Place an order or create an account on our website.
  • Submit forms (e.g., contact us, appointment requests, newsletter signup).
  • Leave comments.
  • Use the website, where cookies and similar technologies are enabled and permitted by your settings/consent.

5) What we use personal data for

We use personal data to:

  • Provide our services, process orders, and deliver products.
  • Communicate with you about quotes, appointments, orders, and support requests.
  • Administer accounts and enable site features for registered users.
  • Run email campaigns and marketing analysis where you have subscribed/opted in.
  • Maintain website security, prevent spam/fraud, and troubleshoot issues.
  • Understand website usage and improve the website (analytics).

6) Legal bases (GDPR)

Where GDPR applies, we rely on one or more of the following legal bases:

  • Contract necessity: to process and fulfill purchases and provide customer support.
  • Consent: for email marketing subscriptions and for non-essential cookies/tracking where required.
  • Legitimate interests: to secure our website, prevent spam and abuse, and improve our services (balanced against your rights).
  • Legal obligation: to meet applicable legal, accounting, and tax requirements.

7) Cookies and consent (CookieYes)

Our website uses cookies for functionality and convenience.
We use CookieYes | GDPR Cookie Consent to present a cookie banner and manage cookie preferences, and CookieYes can block third‑party scripts/cookies until the user gives consent (prior consent / auto-blocking).
You can control cookies via your browser settings, and you can change/withdraw cookie choices using the cookie banner/settings (if enabled).

Cookies used by WordPress (examples on this site):

  • Comments: If you leave a comment, you may opt in to saving your name, email and website in cookies for one year.
  • Login and preferences: A temporary cookie may be set to check cookie support; login cookies typically last two days; screen options cookies last one year; “Remember Me” can persist for two weeks; logging out removes login cookies.
  • Editing/publishing: If you edit or publish an article, a cookie may be saved for one day and does not contain personal data.

8) Comments

If you leave comments, we collect the information shown in the comment form, and also your IP address and browser user agent string to help spam detection.
Comments and their metadata may be retained indefinitely so we can recognize and approve follow-up comments automatically.

9) Contact forms

When you submit an inquiry via our contact form, we collect essential details such as your name and email address to respond to you.
These submissions are stored for customer service purposes and are not used for marketing unless you separately opt in.

10) Email marketing

If you register for newsletters or marketing updates, your email address may be added to a segmented mailing list for email campaigns and marketing analysis.
You can opt out at any time by using the unsubscribe link in our emails or by contacting us.

11) Payments, shipping, and service providers

Payments (Stripe and PayPal). We use Stripe as our main payment processor and may offer PayPal as an alternative option; these providers process personal data in connection with providing payment services under their own privacy terms.

Shipping (Hongkong Post; ShipAny.io planned). To deliver orders, we may share necessary delivery details (such as recipient name, contact number, and address) with logistics/shipping providers; if ShipAny.io is enabled for fulfillment, its policy describes recipient shipment data it may collect/process (e.g., name, contact number, address).

Spam detection. Visitor comments may be checked through an automated spam detection service.

12) Embedded content from other websites

Pages on this site may include embedded content (e.g., videos, images, articles).
Embedded content behaves as if you visited the third-party website directly; those sites may collect data, use cookies, embed third‑party tracking, and monitor your interaction, especially if you are logged into that service.

13) Analytics

We use a Google Analytics plugin for website insights.
Google’s Google Analytics Terms & Conditions are available here: https://marketingplatform.google.com/about/analytics/terms/us/.

14) Who we share data with

We do not sell personal data.
We may share personal data with service providers that help us operate the website and deliver services (including payment processors, shipping/logistics partners, hosting/IT providers, analytics, and security/spam prevention) to the extent necessary for those purposes.

15) International transfers

Some service providers may process personal data on servers located outside Hong Kong and/or outside your country of residence.
Where GDPR applies, we will use appropriate safeguards for international transfers where required (depending on the provider and transfer scenario).

16) Retention (how long we keep data)

We retain personal data only as long as necessary for the purposes described in this policy, including to comply with legal, accounting, tax, dispute-resolution, and security obligations.
Comments and their metadata may be retained indefinitely.
Registered users (if applicable) can see, edit, or delete their personal information at any time (except usernames, which typically cannot be changed), and site administrators can also edit that information.

17) Your rights

If you have an account on this site or have left comments, you can request an exported file of the personal data we hold about you and request deletion, except for data we must keep for administrative, legal, or security purposes.
Where GDPR applies, you may also have rights such as access, rectification, erasure, restriction, objection, data portability, and the right to withdraw consent at any time (without affecting processing already carried out).

To exercise rights, contact us using the details in Section 1.

18) Security

We take measures designed to protect personal data, including using encryption where possible, access controls, and security procedures intended to prevent unauthorized access.
However, no method of transmission over the internet or electronic storage is 100% secure, and any transmission is at your own risk.​

19) Changes to this policy

We may update this Privacy Policy from time to time by posting a revised version on this page and updating the “Last updated” date.