Privacy policy

Last updated: April 11, 2026

This Privacy Policy explains how Galerie d'art Iris (the “Site,” “we,” “us,” or “our”) collects, uses, and discloses your personal information when you visit, use our services, or make a purchase on galerieiris.com (the “Site”), or otherwise communicate with us regarding the Site (collectively, the “Services”). For the purposes of this Privacy Policy, “you,” “your,” and “yours” mean you as the user of the Services, whether you are a customer, a website visitor, or another individual whose information we have collected according to this Privacy Policy.

Please read this Privacy Policy carefully.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the “Last updated” date, and take any other steps required by applicable law.

How We Collect and Use Your Personal Information

To provide the Services, we collect and have collected over the past 12 months personal information about you from various sources, as outlined below. The information we collect and use depends on how you interact with us.

In addition to the specific uses described below, we may use the information we collect about you to communicate with you, provide or improve the Services, comply with applicable legal obligations, enforce any applicable Terms of Service, and protect or defend the Services, our rights, and the rights of our users or others.

Personal Information We Collect

The types of personal information we obtain about you depend on how you interact with our Site and use our Services. When we use the term “personal information,” we mean information that identifies, relates to, describes, or can be associated with you. The sections below describe the categories and specific types of personal information we collect.

Information We Collect Directly from You

The information you submit directly through our Services may include:

  • Contact information such as your name, address, phone number, and email.
  • Order information such as your name, billing and shipping address, payment confirmation, email, and phone number.
  • Account information such as your username, password, security questions, and other information used for account security.
  • Customer service information such as the information you choose to include in your communications with us, for example when you send a message through the Services.

Certain features of the Services may require you to provide certain information. You may choose not to provide this information, but this may prevent you from using or accessing those features.

Information We Collect About Your Use

We may also automatically collect certain information about your interaction with the Services (“Usage Data”). To do this, we may use cookies, pixels, and similar technologies (“Cookies”). Usage Data may include details about how you access and use our Site and your account, including device information, browser information, network connection information, IP address, and other details regarding your interaction with the Services.

Information We Obtain from Third Parties

We may also obtain information about you from third parties, including vendors and service providers who may collect information on our behalf, such as:

  • Companies that support our Site and Services, such as Shopify.
  • Our payment processors, who collect payment information (e.g., bank account, credit or debit card details, billing address) to process your payment and fulfill your orders in order to perform the contract we have with you.
  • When you visit our Site, open or click on emails we send you, or interact with our Services or ads, we or third parties we work with may automatically collect certain information using online tracking technologies like pixels, web beacons, SDKs, third-party libraries, and cookies.

Any information we obtain from third parties will be handled according to this Privacy Policy. See also the section below, Third-Party Websites and Links.

How We Use Your Personal Information

  • Providing Products and Services. We use your personal information to provide the Services in order to perform our contract with you, including to process payments, fulfill orders, send notifications related to your account, purchases, returns, or exchanges, create and maintain your account, arrange for shipping, and facilitate returns and exchanges and other account-related features. We may also improve your shopping experience by allowing Shopify to match your account with other Shopify services you may choose to use. In this case, Shopify will process your information as outlined in its Privacy Policy and Consumer Privacy Policy.
  • Marketing and Advertising. We may use your personal information for marketing and promotional purposes, such as sending promotional communications by email, SMS, or postal mail, and showing you ads for products or services. This may include using your personal information to better tailor the Services and ads on our Site and other websites. If you reside in the EEA, the legal basis for this data processing is our legitimate interest in marketing our products, consistent with Art. 6(1)(f) GDPR.
  • Security and Fraud Prevention. We use your personal information to detect, investigate, or take action regarding possible fraudulent, illegal, or malicious activities. If you choose to use the Services and create an account, you are responsible for maintaining the security of your account credentials. We strongly recommend you do not share your username, password, or other access details. If you believe your account has been compromised, please contact us immediately. If you reside in the EEA, the legal basis for this data processing is our legitimate interest in ensuring the security of our website, per Art. 6(1)(f) GDPR.
  • Communicating with You and Improving the Services. We use your personal information to provide customer service and improve our Services. This is in our legitimate interest to ensure responsiveness, provide effective services, and maintain our business relationship with you under Art. 6(1)(f) GDPR.

Cookies

Like many websites, we use cookies on our Site. For specific details about the cookies used in connection with operating our store with Shopify, visit https://www.shopify.com/legal/cookies. We use cookies to operate and improve our Site and Services (including remembering your actions and preferences), to conduct analytics and better understand user interaction with the Services (in our legitimate interest of administering, improving, and optimizing the Services). We may also allow third parties and service providers to use cookies on our Site to better tailor services, products, and ads on our Site and other websites.

Most browsers automatically accept cookies by default, but you can set your browser to delete or reject cookies through its controls. Please note that deleting or blocking cookies may negatively impact your user experience and cause some Services, including certain features, to malfunction or become unavailable. Blocking cookies may also not fully prevent how we share information with third parties like our advertising partners.

Our website also recognizes the Global Privacy Control (GPC) signal, which allows you to opt out of certain uses or disclosures of your information. If you inform us of your preference through the GPC signal, we will treat that signal as a valid opt-out request for targeted advertising or data sharing for the associated browser or device, and if we can link the device sending the signal to a Shopify account, we will also apply that request to the account. To learn more about Global Privacy Control, visit https://globalprivacycontrol.org/. Aside from the Global Privacy Control signal, we do not recognize other “Do Not Track” signals sent from your browser or device.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for contractual, legitimate, or other purposes consistent with this Privacy Policy. This may include:

  • Vendors or other third parties who perform services on our behalf (e.g., IT management, payment processing, data analysis, customer service, cloud storage, order fulfillment, and shipping).
  • Business and marketing partners to provide services and deliver advertising to you. These partners will use your information according to their own privacy policies.
  • When you request or consent to our disclosure of certain information to third parties, such as to ship products or via your use of social media widgets or login integrations, with your consent.
  • With our affiliates or within our group of companies, in our legitimate interest of operating a successful business.
  • In the context of a business transaction such as a merger or bankruptcy, to comply with legal obligations (including responding to subpoenas, search warrants, and similar requests), to enforce applicable Terms of Service, and to protect or defend the Services, our rights, and the rights of our users or others.

Over the past 12 months the following categories of personal and sensitive personal information for the purposes described above in the sections “How We Collect and Use Your Personal Information” and “How We Disclose Personal Information”:

Category Categories of Recipients
  • Identifiers such as basic contact details and certain order and account information
  • Categories of personal information listed in the California Customer Records statute, such as basic contact details and certain order and account information
  • Commercial information such as order information, purchase information, and customer service information
  • Internet or other similar network activity, such as usage data
  • Geolocation data such as location determined by IP address or other technical measures
  • Vendors and third parties providing services on our behalf (such as ISPs, payment processors, order processing partners, customer service partners, and analytics providers)
  • Business and marketing partners
  • Affiliates

We do not use or disclose sensitive personal information without your consent or for the purpose of inferring characteristics about you.

With your consent, we share personal information for advertising and marketing activities, as follows.

We have “sold” and “shared” (as those terms are defined by applicable law) personal information in the past 12 months for advertising and marketing activities, as follows.

Categories of Personal Information Categories of Recipients
Identifiers such as name, email address, and phone number Business and marketing partners
Commercial information such as records of products or services purchased Business and marketing partners
Usage data Business and marketing partners

Third-Party Websites and Links

Our Site may provide links to third-party websites or online platforms. If you follow links to unaffiliated or uncontrolled sites, you should review their privacy and security policies and other terms of use. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on those sites. Information you provide in public or semi-public areas, including information you share on third-party social media platforms, may also be visible to other users of the Services and/or users of those third-party platforms, without limitation on our use or theirs. Inclusion of such links does not imply endorsement of the content of those platforms or their owners or operators, except as specified in the Services.

Children’s Data

The Services are not intended for use by children, and we do not knowingly collect personal information from children. If you are the parent or guardian of a child who has provided us with personal information, you may contact us using the details below to request deletion.

As of the effective date of this Privacy Policy, we do not knowingly “share” or “sell” (as defined by applicable law) the personal information of individuals under 16 years old.

Security and Retention of Your Information

Be aware that no security measure is perfect or impenetrable and we cannot guarantee “absolute security.” Additionally, any information you send us may not be secure during transit. We recommend you do not use unsecure channels to send sensitive or confidential information.

The retention period for your personal information depends on various factors, such as whether we need the information to maintain your account, provide the Services, comply with legal obligations, resolve disputes, or enforce other applicable contracts and policies.

Your Rights

Depending on your location, you may have some or all of the rights listed below regarding your personal information. These rights are not absolute and may only apply in certain circumstances, and we may deny your request where permitted by law.

  • Right to Access/Know: You may have the right to request access to the personal information we hold about you, including details about how we use and share it.
  • Right to Delete: You may have the right to request that we delete the personal information we maintain about you.
  • Right to Correct: You may have the right to request that we correct inaccurate personal information we maintain about you.
  • Right to Portability: You may have the right to receive a copy of the personal information we hold about you and request that we transfer it to a third party, in certain circumstances and with some exceptions.
  • Right to Opt Out of Sale/Sharing or Targeted Advertising: You may have the right to request that we not “sell” or “share” your personal information or opt out of processing your information for purposes considered “targeted advertising,” as defined by privacy laws. If you visit our Site with the Global Privacy Control (GPC) opt-out preference signal enabled, depending on your location, we will treat that as an automatic opt-out request for the “sale” or “sharing” of information for the device and browser you use to visit the Site.
  • Restriction of Processing: You may have the right to ask us to stop or restrict our processing of personal information.
  • Withdrawal of Consent: Where we rely on your consent to process personal information, you may have the right to withdraw that consent.
  • Appeal: You may have the right to appeal our decision if we deny your request. You can do so by replying directly to our denial.
  • Managing Communication Preferences: We may send you promotional emails, which you can opt out of at any time by using the unsubscribe option in those emails. If you opt out, we may still send you non-promotional emails, such as those about your account or orders you have placed.

You may exercise any of these rights where indicated on our Site or by contacting us using the contact details below.

We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as your email address or account details, before providing a substantive response. In accordance with applicable laws, you may designate an authorized agent to submit requests on your behalf. Before accepting a request from an agent, we will require proof that you have authorized the agent to act for you, and we may need you to verify your identity directly with us. We will respond to your request as soon as reasonably practicable and as required by applicable law.

Complaints

If you have any complaints about how we process your personal information, please contact us using the details provided below. If our response does not resolve your complaint to your satisfaction, depending on your location, you may have the right to appeal our decision by contacting us again using the details below, or to lodge a complaint with your local data protection authority. For the EEA, you can find a list of supervisory authorities here.

International Users

Please note that we may transfer, store, and process your personal information outside the country where you live. Your personal information may also be processed by employees, service providers, and third-party partners in those countries.

If we transfer your personal information out of Europe, we will rely on recognized transfer mechanisms such as the European Commission’s Standard Contractual Clauses or an equivalent instrument issued by the competent UK authority, as applicable, unless the transfer is to a country deemed to provide an adequate level of protection.

Contact

If you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of your rights, please call or email us at iris@galerieiris.com or contact us at 30 Rue St Jean Baptiste, Baie-Saint-Paul, QC, G3Z 1L9, CA.

For the purposes of applicable data protection laws and unless we explicitly state otherwise, we are the controller of your personal information.