Privacy Policy
Effective Date: 12 Nov 2025
This Privacy Policy is designed to provide you with clear, comprehensive, and transparent information regarding how AaronBelkar art (operating at art.aaronbelkar.com) collects, uses, and shares your personal information.
As our business is located in Israel and my customers are in additional global locations such as the European Union (EU), the United Kingdom (UK), the United States (specifically California), and Australia, our data processing activities are governed by the strictest applicable laws, including the Israeli Protection of Privacy Law (PPL), the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA) as amended by the CPRA, and the Australian Privacy Principles (APPs).
1. Identity of the Data Controller and Contact Information
The entity responsible for the collection and processing of your personal information is:
Business Name: AaronBelkar art (art.aaronbelkar.com)
Location (Data Controller/Database Owner): Israel
For all privacy-related inquiries, requests regarding your personal information, or to submit a complaint, please contact our dedicated privacy team:
Email: aaron@aaronbelkar.com
We commit to responding to all valid data rights requests within the timeframes mandated by the applicable laws.
2. Categories of Personal Information We Collect
We collect personal information from you in three main ways: directly from you (upon purchase or registration), automatically as you use the site, and through third parties necessary for transactions. This section serves as our “Notice at Collection” required by the CCPA/CPRA.
| Category of Personal Information | Specific Data Elements Collected | Sources of Collection |
| Identifiers and Account Data | Real name, alias (account name), email address, physical shipping address, IP address, and, if provided, telephone number. | Directly from you (account registration, purchase form) |
| Commercial Information | Records of products (art prints) purchased, considered, or obtained; order history; and transaction details (excluding credit card numbers). | Directly from you (purchase process) |
| Internet Activity and Technical Data | Browsing history, search history on the site, cookie identifiers (such as the Google Analytics Client ID), device identifiers, and generalized geolocation data (inferred from IP address). | Automatically through cookies, tracking pixels, and Google Analytics |
3. Purpose and Lawful Basis for Processing Your Data (GDPR/PPL)
We must have a valid legal basis to process your personal information. We rely on the following bases, depending on the purpose of collection:
| Purpose of Processing | Lawful Basis (GDPR/PPL) | Description |
| Account Management & Order Fulfillment | Contractual Necessity | Processing is necessary to complete the sale of prints, confirm your order, manage your user login, and ship physical products to your specified address. |
| Direct Marketing & Newsletter | Explicit Consent 6 | To send you promotional emails, newsletters, articles, and updates on new artwork. We only process your email address for this purpose if you have given us separate, specific, and unambiguous consent (opt-in). |
| Website Analytics & Optimization | Consent / Legitimate Interest 8 | To monitor site traffic, understand user behavior, ensure site security, and optimize content using Google Analytics and other cookies. This activity requires your explicit consent via a cookie banner. |
| Legal & Regulatory Compliance | Legal Obligation 5 | To maintain required records for tax, audit, and accounting purposes, and to comply with mandatory governmental or legal requests (e.g., fraud prevention). |
4. Disclosure and Sharing of Personal Information with Third Parties
We share personal information only as necessary to conduct our business and fulfill the stated purposes. Under the CCPA/CPRA, the activities below may constitute “sharing” of your personal information.
A. Third-Party Payment Processors
When you purchase a print, we utilize a third-party payment provider to process the transaction. We securely transmit necessary transaction details (your name, billing address, and transaction amount) to them for payment authorization and fraud prevention.9
We do not store or retain your full credit card number, CVV code, or any other sensitive payment information on our servers.
B. Website Analytics and Tracking (Google Analytics)
We use Google Analytics to collect data regarding visitor traffic and site usage.10 This involves the use of cookies and persistent identifiers (like the Client ID) which are classified as personal information under various privacy laws.3 This data is shared with Google for the purpose of analyzing site performance and user activity.3
Your Right to Opt-Out of Sharing (CCPA/CPRA)
For California residents, the transfer of technical data (like IP address and persistent identifiers) for cross-context behavioral purposes (e.g., website optimization) is considered “sharing”.3
- You have the right to opt-out of the sharing of your personal information.
- Global Privacy Control (GPC): We commit to recognizing and respecting the Global Privacy Control (GPC) signal transmitted by your browser as a valid request to opt-out of the sharing of your personal information.11 Upon detecting this signal, we will automatically cease such sharing activities within 15 business days.13
5. International Data Transfers
We operate and are based in Israel, while targeting customers globally. This means your personal information may be transferred across international borders.
- Data Transfers to Israel (EU/UK Residents): The European Commission has issued an Adequacy Decision for Israel, confirming that Israeli law provides an adequate level of data protection comparable to the EU’s standards.14 Therefore, data transfers from EU/UK residents to us in Israel are legally permitted based on this decision.
- Overseas Disclosure (Australian Residents): We are likely to disclose personal information to overseas recipients, specifically to the United States (for analytics and cloud hosting services) to facilitate our business operations, as required by the Australian Privacy Principles.16
6. Data Retention Policy
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or for periods required by law.17 We apply the following criteria to determine retention periods:
- Transactional and Financial Data: We are legally obligated to retain records related to purchases, invoices, and financial transactions (e.g., commercial information) for tax, audit, and accounting purposes for a period required by Israeli and international law, typically five to seven years from the date of the transaction.18 This legal obligation overrides an immediate request for erasure of this specific data.
- Account Data: Data associated with your user login is retained for the duration that your account is active, plus a short administrative period (e.g., 90 days) following account closure.
- Marketing/Newsletter Data: Your email address and consent record for the newsletter are retained only until you withdraw your consent (unsubscribe).19 Upon unsubscription, we retain the email on a suppression list to ensure we comply with your opt-out request.
7. Your Rights Regarding Your Personal Information
Depending on your jurisdiction, you may have the following rights concerning your personal data. We are committed to honoring the highest standard of protection:
| Your Right | Description | Applicable Laws |
| Right to Know/Access | The right to request information about the categories, sources, purposes, and specific pieces of personal information we have collected about you.20 | PPL, GDPR, CCPA/CPRA |
| Right to Rectification/Correction | The right to request the correction of inaccurate or incomplete personal information we hold about you.6 | PPL, GDPR, CCPA/CPRA |
| Right to Deletion/Erasure | The right to request the deletion of your personal information, subject to certain legal exceptions (e.g., data required for tax purposes).6 | PPL, GDPR, CCPA/CPRA |
| Right to Object/Opt-Out | The right to object to processing of your data based on legitimate interests, and the absolute right to opt-out of the sharing of your personal information (CCPA/CPRA).6 | PPL, GDPR, CCPA/CPRA |
| Right to Data Portability | The right to receive your personal data in a structured, commonly used, and machine-readable format.6 | GDPR |
Response Timelines
We aim to respond to all access, correction, and deletion requests within 45 calendar days, with an extension of another 45 days if necessary, provided we notify you of the delay.22 Requests to opt-out of the sale or sharing (including GPC signals) will be processed as quickly as possible, but no later than 15 business days.13
8. Data Security and Legal Recourse
We implement appropriate technical and organizational measures to ensure the security of your personal data, including access controls, encryption, and regular security assessments, in line with the requirements of the PPL Data Security Regulations and the GDPR.6 In the event of a data breach, we will notify affected individuals and relevant supervisory authorities as required by law.
If you believe we have violated your data protection rights, you have the right to lodge a complaint with your local Supervisory Authority:
- Israeli Residents: Israeli Privacy Protection Authority (PPA)
- EU Residents: Your local Data Protection Authority (DPA)
- UK Residents: Information Commissioner’s Office (ICO)
- California Residents: California Privacy Protection Agency (CPPA) 23