Security & Payments

Tinga Tinga Art provides a secure payment platform that prioritizes the satisfaction of our customers worldwide. Our commitment to providing a smooth buying process is demonstrated through our investment in top-notch ecommerce and payment platforms.

Payments

One of our payment providers, DPO Group is always determined to keep up with the highest level of security and standards to protect merchants and customers. DPO processes payments from customers all across the globe hence the requirement for them to be GDPR compliant.

In the context of GDPR, DPO is both controller and processor: a customer inputs their personal details (name, address, credit card details) into the merchant system via the DPO API. DPO then uses the information to complete the transaction between their system, and that of the associated credit bureau or bank. DPO is fully compliant with GDPR laws and standards, and strives to go above and beyond in all matters of data privacy and security. They have all of the necessary technical and organizational structures in place to uphold this high standard. 

PCI Compliance:

Furthermore, all our payment providers are PCI-DSS Level 1 certified, ensuring that all systems and information involved in the payment process is kept secure, and can be trusted with sensitive payment information. More information on our payment provider's PCI certification can be found here. 

SSL Certificate:

All webpages on our website, including our external payment provider are HTTPS secure with an SSL certificate. SSL stands for Secure Sockets Layer and, in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details.

Transparency and informing the public about how their data are being used are two basic goals of the GDPR.

The European Commission summarizes GDPR as: Privacy by design and privacy by default. This means that any action that involves processing personal data must be done with data protection and privacy built into every step. Once a product or service has been released, the strictest privacy settings must apply by default.

The European Union's General Data Protection Regulation (GDPR) came into effect on May 25, 2018. The GDPR imposes new obligations and responsibilities on controllers and processors of data.

As a merchant, we are generally the controller of our customers’ data. This means that we collect customers’ data and choose how it is handled. 

Shopify is a processor for our customers’ data, Shopify follows our instructions on how to handle that data. For more information about the roles of data controller and processor, please see Shopify’s GDPR whitepaper (in English).

For information about Shopify’s obligations as a data processor for our customers' data, see the Data Processing Addendum.

Shopify believes strongly in protecting customers’ personal data, and understands that doing so is critical to helping them preserve the trust and confidence of customers. Shopify has designed its platform to allow merchants to operate anywhere in the world.

The GDPR doesn't require personal data to be stored in Europe. The GDPR requires only that if the personal data of European residents is transported outside of Europe, then that personal data must be adequately protected.

Shopify protects personal data according to the requirements of the GDPR as it is transferred to the United States and Canada and stored.

GDPR-compliant features are built into Shopify's platform, including features to enable them to offer customers transparency into and control over their personal data, and technical measures to ensure that customers’ personal data is protected as it crosses borders. Shopify believes in making it easy for us to use their platform in a manner that complies with privacy and data protection laws like the GDPR.

For more information on Shopify's role on the GDPR, see here.

GDPR covers all of the European Union Member States, which includes: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden.

The United Kingdom is still part of the EU and thus governed by GDPR. This includes: Channel Isles, England, Northern Ireland, Scotland, and Wales.
GDPR also includes European Economic Area Countries, such as Iceland, Lichtenstein, and Norway. 

The GDPR places equal liability on data controllers (the organization that owns the data) and data processors (outside organizations that help manage that data). A third-party processor not in compliance means our organization is not in compliance. The new regulation also has strict rules for reporting breaches that everyone in the chain must be able to comply with. Organizations must also inform customers of their rights under GDPR.

Please see DPO's privacy policy and other related documents below:

• Privacy Policy
• Terms and conditions
• A Guide to the GDPR from the Information Commissioner's Office (UK) 

For potential customers located in Africa, having access to mobile money wallets, we have the option of payment via M-Pesa, tigo pesa, MTN Money, Airtel Money and others across Eastern and Western Africa.

 

Cryptocurrency

We are pleased to inform you that we also welcome payments in Bitcoin and Ethereum for all purchases of our artwork. If you prefer to pay using cryptocurrency, simply send us an email to request our unique recipient address. Rest assured that the transaction process is secure and easy to navigate.

Money orders

For customers without access to credit cards, PayPal or mobile money wallets, we accept payments by money orders through popular services such as Moneygram, Western Union, Remitly, or Worldremit. This payment option is only available in rare instances.

Moreover, customers residing in African countries where mobile money wallets are not accessible may opt to transfer funds through Ecobank's Rapidtransfer money service or UBA Bank's Africash (where available).

Shipping

We use DHL Express for a majority of our exports.

DHL manages freight security through a global incident reporting room and more than 100 highly secure locations, more than the entire forwarding and logistics industry.

Each of these benefits from instant communication with local and international law enforcement authorities. They also use state-of-the-art risk assessment to ensure that consignments are protected.

For other shipments, we use the local post office, which is a member of the Universal Postal Union. The UPU recognizes that the safety and security of the postal sector as part of the global supply chain is critical to supporting worldwide commerce and communication. To facilitate the development and implementation of security standards and best practices among Posts, the UPU established the Postal Security Group (PSG).

We may also use other professional couriers after evaluating their professional credentials. 

Contact

Contact us for additional information related to your privacy and security:

dataprotection@tingatingaart.com

Contact DPO Group for more information on their compliance with GDPR and security:

support@directpay.online

Other related pages:

• Our privacy policy
• Our FAQ
• Why buy african art from us