Although the Overspray Market does not conduct sales outside of the United States of America, we are obligated to protect the privacy of Overspray Market customer data in accordance with Privacy Shield and General Data Protection Regulation (GDPR).
WHY WE COLLECT YOUR DATA
We require certain information for the following reasons:
You provide personal information when you place an order or register an account. Your name, billing and delivery address, email and phone number are collected and maintained so that we can process your order, communicate with you about your order, and so you may retrieve your order history if you registered an account.
If you have a credit agreement with Overspray Market, we will maintain your credit agreement on file locally in a secure environment.
Tax Exempt Certificates
If you are exempt from paying sales taxes, you may submit a certificate to be maintained on file locally in a secure environment.
Site Visitation Tracking
Like most websites, we use Google Analytics (GA) to track user interaction. We use this data to better understand how users interact with our store.
Contact forms and email links
Contact forms and email are not stored by this website nor is it passed to, or processed by, a third-party data processor. The data is collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.
If you choose to join our email newsletter (we don’t currently have one), the email address that you submit will be processed by MailChimp who provide our email marketing services. MailChimp is a third party data processor. The email address that you submit when joining the newsletter is maintained by MailChimp.
You can remove your email address from MailChimp using the unsubscribe links contained in any email newsletters that we send. When requesting removal via email, please send your request from the email account that is subscribed to the mailing list.
We do not market to children. If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter.
Again, we do not have a newsletter yet.
We do not allow commenting or posting in our store as of now but should we choose to use such features in the future, we will comply with then current user requirements including opt-in consent and deletion.
Shopping Cart Data
To keep track of cart data, we utilize 3 session cookies. The first two cookies contain information about the cart as a whole and updates the cart when data changes. The final cookie contains unique code for each customer so that it knows where to find the cart data in the database. No personal information is stored within these cookies.
Google may use a cookie to track your use of our website. You may control your browser cookie use in your browser’s settings.
HOW WE STORE YOUR PERSONAL INFORMATION
We take precautions to prevent the loss, misuse or alteration of your personal data. We ensure that your data is protected against unauthorized access by applying SSL certification on our website, implementing firewalls and other security measures on our servers, encrypted storage of personal data including passwords and using credible security software.
If you place an order on this website some personal information such as name, billing address, delivery address, phone number and email will be stored within this website’s database. This data is stored in an encrypted environment.
We maintain invoice data in a secure location “locally” for tax purposes and on the servers of our accounting software provider. We share your delivery address with carriers as is necessary to complete your order. Your credit card information is not stored by Overspray Market. Financial data is maintained by third-party merchant processors.
YOUR RIGHT TO PERSONAL DATA
Right to Access
You have the right to access your data. Your addresses and contact information are accessible on your Account page where you may update your information. You may also request your information that we retain in our database through the Privacy Tools page. Once we confirm your identity, we will disclose to you all personal data within 72 hours. You may also request that your data be corrected or updated by writing to: firstname.lastname@example.org
Right to Data Portability
You have the right to data portability that will allow you to reuse your personal data for your own purposes. We provide your personal data in CSV, Excel or PDF file. This information is provided free of charge.
Right to Data Erasure
You have the right to erase your personal data only if the data is no longer necessary in relation to the purpose for which it was originally collected/processed. For example, we can erase your data from our website database but are required to retain order related information for tax purposes. Refer to our Data Retention section for order data retention. Please be aware that data deletion is permanent. Use the Privacy Tools page to erase your data.
Accounting data is maintained for 7 years. Data is maintained on our accounting software servers in Canada and locally at the Overspray Market in the United States of America. Personal information that we process will not be kept for longer than is necessary.
ABOUT THIS WEBSITE’S SERVER
All traffic (file transfers) between this website and your browser is encrypted and delivered over HTTPS. Our server is PCI compliant and undergoes quarterly security validation by a third party.
WORKING WITH OUR THIRD-PARTY DATA PROCESSORS
We use a number of third parties to process personal data on our behalf. These include credit card processors such as Amazon Pay and PayPal, freight carriers such as UPS and FedEx, the manufacturers we work with and of course, the hosted servers on which we operate.
Links to Third-Party Websites
We may provide links to other websites, including the manufacturers we work with. The information practices of those third-party websites are not covered by this Privacy Statement.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third-party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
The Data Controller of this website is:
PO BOX 5366
Ardmore OK 73403
DATA PROTECTION OFFICER
DPO, Overspray Market
- State sales tax certificate option expands to any state.
- Data collection and user control best practices.