Privacy Policy

Privacy Policy (Galry.eu)

Last updated: 20 november 2025

This Privacy Policy explains how we collect, use, share and protect your personal data when you visit or use galry.eu (the “Website”), including when you browse artworks, create an account, place an order, use a wishlist, or contact us.

1. Controller (Data Controller)

The data controller responsible for processing personal data under the General Data Protection Regulation (GDPR) is:

David De Gendt

Gravity Bv
Hyacinthenstraat 58, 9300 Aalst, Belgium

VAT: BE0770451895
Tel.: +32 (0)49 578191
E-mail: info@galry.eu

2. What personal data we collect

Depending on how you use the Website, we may collect the following categories of personal data:

2.1. When you visit the Website (server and security logs)

When you browse the Website, our hosting environment may process technical data such as:

  • IP address

  • date and time of access

  • pages visited

  • referrer URL (the page you came from)

  • browser type/version, device and operating system

  • basic security and performance logs

2.2. When you contact us (WPForms, e-mail, or “Price on Request” inquiry)

If you contact us, we collect the information you submit, typically:

  • name

  • e-mail address

  • message content

  • the artwork/product you are inquiring about (if applicable)

2.3. When you create an account or place an order (WooCommerce)

If you create an account or place an order, we collect:

  • name

  • billing address and shipping address

  • e-mail address and phone number (if provided)

  • order details (items, quantities, prices, taxes, shipping)

  • account credentials (password is stored in hashed form)

  • order history and customer service communications

2.4. Payments (Stripe)

When you pay through Stripe, payment information is handled by the payment infrastructure. We do not store complete card details on our servers. We receive transaction-related information (such as payment confirmation, payment status, and identifiers) necessary to manage the order, refunds, and accounting.

2.5. Wishlist and login features (MoreConvert Wishlist for WooCommerce)

When you use the wishlist feature, the Website may process:

  • the products you add to your wishlist

  • if you are logged in: wishlist linked to your account

  • if you are not logged in: wishlist may be stored using cookies/local storage in your browser so it can persist

3. Why we process your personal data (purposes)

We process personal data for the following purposes:

  • to display and operate the Website securely and reliably

  • to respond to inquiries and customer support requests

  • to create and manage customer accounts

  • to process orders, payments, shipping and returns

  • to enable wishlist functionality

  • to prevent fraud, abuse and security incidents

  • to comply with legal obligations (e.g., invoicing/accounting)

4. Legal bases for processing (GDPR)

We rely on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)): to process orders, shipping, returns, and account services.

  • Legitimate interests (Art. 6(1)(f)): to run and secure the Website, prevent fraud, and respond to general inquiries (when not directly contract-related).

  • Legal obligation (Art. 6(1)(c)): e.g., accounting and tax obligations.

  • Consent (Art. 6(1)(a)): where required (e.g., non-essential cookies/marketing, if used). You can withdraw consent at any time.

5. Cookies and similar technologies

We use cookies and similar technologies for:

  • essential functionality (e.g., shopping cart, session management, security)

  • preferences (e.g., remembering certain settings)

  • wishlist persistence (especially for guests)

You can manage cookies in your browser settings. Disabling cookies may affect Website functionality (cart, wishlist, login).

If we introduce analytics/marketing cookies in the future, we will request your consent through a cookie banner before placing them.

6. Third parties we share data with (processors)

We only share personal data when necessary to operate the Website and provide services:

6.1 Hosting

  • Cloud86 (website hosting and related infrastructure). Hosting providers may process technical logs and store Website data necessary to keep the site running.

6.2 Payments

  • Stripe (payment service integrated into WooCommerce). Payment processing typically involves payment infrastructure partners. We receive confirmation and payment status; full card details are not stored on our servers.

6.3 Shipping carriers

If you request delivery, we share necessary shipping details (name, shipping address, and sometimes phone/e-mail if required for delivery) with the carrier to deliver the order.

6.4 Service e-mails

We may send you transactional e-mails (order confirmations, shipping updates, password resets, inquiry responses). These are sent to fulfill the contract or to respond to you.

7. Google Fonts

We use Google Fonts to display typography consistently. When your browser loads these fonts, it may connect to Google servers and share technical data such as your IP address and browser information as part of the request.

If you prefer not to load fonts from Google, you may use browser settings or privacy tools that block external font requests (note: this may affect design/appearance).

8. International data transfers

Some service providers may process data outside the European Economic Area (EEA). Where required, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or rely on other lawful transfer mechanisms available under GDPR.

9. Data retention

We keep personal data only as long as necessary for the purposes described above:

  • Orders & invoices: retained as required by applicable accounting and tax laws.

  • Account data: kept while your account remains active; you can request deletion, subject to mandatory retention for order/invoice records.

  • Inquiries/contact requests: retained as long as necessary to respond and for follow-up, then deleted or anonymized unless we need to keep it for legal reasons.

  • Server/security logs: typically retained for a limited period for security and troubleshooting.

10. Your rights under GDPR

You have the right to:

  • access your personal data

  • correct inaccurate data

  • request deletion (where applicable)

  • restrict processing

  • object to processing based on legitimate interests

  • data portability (where applicable)

  • withdraw consent (when processing is based on consent)

To exercise your rights, contact us at info@galry.eu.

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données).

11. Security

We take appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. However, no online service can be guaranteed 100% secure.

12. Changes to this Privacy Policy

We may update this policy from time to time (for example, if we add new features or service providers). The latest version will always be published on this page