Privacy Policy
Last updated: April 12, 2026
1. Who We Are
Heaven Art Shop is operated by Open Empower BV (KvK: 94970963), based in the Netherlands. We sell original artworks online at www.heavenartshop.com.
For privacy questions, contact us at info@heavenartshop.com.
2. What Data We Collect
We collect the minimum data necessary to process your orders and improve your experience:
- Order information: Name, email, shipping address, and phone number when you make a purchase
- Payment data: Processed entirely by Stripe — we never see or store your card details
- Analytics: Anonymous usage data via Google Analytics 4 (page views, device type, referral source)
- Cookies: Essential cookies for cart functionality and optional analytics cookies
3. How We Use Your Data
- Processing and shipping your orders
- Sending order confirmations and shipping updates
- Responding to your inquiries
- Improving our website and product offerings
- Complying with legal obligations (tax records, fraud prevention)
We never sell, rent, or share your personal data with third parties for marketing purposes.
4. Third-Party Services
We use the following services that may process your data:
- Stripe — payment processing (privacy policy)
- Vercel — website hosting (privacy policy)
- Google Analytics — anonymous website analytics (privacy policy)
5. Your Rights (GDPR)
As we are based in the EU, you have the following rights under GDPR:
- Access: Request a copy of the personal data we hold about you
- Rectification: Ask us to correct inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a machine-readable format
- Objection: Object to processing based on legitimate interests
To exercise any of these rights, email info@heavenartshop.com. We will respond within 30 days.
6. Data Retention
We retain order data for 7 years for tax and legal compliance. Analytics data is retained for 14 months. You can request earlier deletion of non-essential data at any time.
7. Security
We protect your data with HTTPS encryption, secure headers (HSTS, CSP), and by minimizing the data we collect. Payment processing is handled entirely by Stripe's PCI-DSS compliant infrastructure.
8. Changes to This Policy
We may update this policy occasionally. Changes will be posted on this page with an updated date. Continued use of our website after changes constitutes acceptance.