In brief: We will hold your email address, or other personal information, -if you have given us your permission, by actively subscribing online or 'in store', -if you have contacted us with an enquiry or regarding a purchase, -in a secure format, and we will take measures to ensure your privacy, -until you Unsubscribe, We will not share your details.
Date: 19/5/18 We are committed to safeguarding the privacy of our website visitors and prospective customers and customers; in this policy we explain how we will handle your personal data. Credit: This document was created using various sources and advice, including a template from SEQ Legal (http://www.seqlegal.com).
1. Where did we obtain your personal data?
Visiting this website: We do not log the IP address, geographical location, browser type / version and operating system or timestamp of your visit. Our website host, Weebly.com does record visits, but does not retain data unless you submit your details using a Contact Form. Contact Form or Newsletter signup form on our website: We use a Contact Form on our website where you can provide details to join our mailing list or the make a query. If you subscribe to our newsletter signup form on our website or by supplying your details for our mailing list 'in store', you give us permission to store your forename, surname & email address to contact you via email regarding new exhibitions, events and workshops at the gallery.
Email: If you send us an email, the email will contain meta data (this may include name, email address, along with a time stamp) and any other information you choose to share with us. It is your responsibility to make sure that your email and attachments are virus free and sent from a reputable provider.
Personal Contact: If you contact us and supply us with your details with regards to a commission, enquiry about work, etc, we will hold your details for the duration of our business with you. We will ask if you would like to be added to our newsletter, but if you decline, we will not retain your details once our business is concluded.
2. How we use your personal data:
Consent: We process personal data to provide you with our email newsletter in accordance with your consent. You may withdraw your consent at any time using the opt out links provided in each email or by sending an email with the subject 'Unsubscribe' to email@example.com
Contractual Necessity & Legitimate interests: We will process your personal data for certain legitimate business interests which may include: a) Reasonable expectation to receive a call or email to follow up an enquiry or commission. b) IP addresses are logged (by Weebly.com) when visiting the website for monitoring and security of our website. We will process your personal data for the performance of a contract between you and us and/or taking steps (e.g. providing a quote), at your request, to enter into such a contract to provide services or products. It is up to you to provide this information but please note that in turn we may not be able to provide you with goods and services.
Legal obligation: We process personal data in order to comply with our legal obligations for HMRC. This includes internal record keeping such as diaries, customer accounts, invoices and purchase data. This applies to you only if you buy or commission work through Made in the Marches Gallery.
3. Providing your personal data to third parties:
Emails: We do not authorise any third parties to access our emails. Our emails are hosted by a third party in the UK. Although we cannot make guarantees against cyber information theft, we will do all we can to ensure the security of your email and details, including password protection and physical safeguarding of our computer systems.
Contacting us through Social Media: If you contact us or interact with us through social media (private or direct message) it may be stored by that social media platform.
Suppliers or subcontractors: With your express permission, we may disclose the personal data that you provide to us directly to an artist or maker with whom you would like to discuss a commission. The artist/maker is only permitted to use your data to perform the required business function necessary in providing the service or product you commission from them.
Legal obligation: In addition to the specific disclosures of personal data set out in Section 3, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
4. Retaining and deleting personal data:
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. We store your data digitally, in secure files. Hard copies of documents, if your business with us requires, will be stored where only authorised personnel have access. If you ask us to delete your details, we will edit all digital records so that your details are removed, we will destroy any contact cards in our possession, or obscure relevant sections of documents if we consider them too important to destroy. Necessary exceptions are as follows: Legal obligation: If you commission work through the gallery, or make a purchase via the phone/email etc, your details will be kept for 8 years to comply with HMRC tax reporting and record keeping obligations.
5. Security We use an SSL (secure socket layer) certificate on our website (you can see this by the “green padlock” in your browser). This encrypts the link between the website server and the end user. Our emails are sent using SSL connection over SMTP. However emails cannot be 100% secure, this is due to the way the internet works. We cannot accept responsibility as it’s out of our control.
6. Amendments to this policy We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy.
7. Your rights In this Section 7, we have summarised the rights that you have under data protection law.
The right to access your personal data: You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data.
The right to rectification: You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
The right to erasure: In some circumstances you have the right to the erasure of your personal data without undue delay. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
The right to restrict processing: In some circumstances you have the right to restrict the processing of your personal data. Those are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
The right to object to processing: You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
The right to data portability: To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
The right to complain to a supervisory authority: If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority. In the UK it is the Information Commissioners Office – https://ico.org.uk/ who are responsible for data protection enforcement. You may exercise any of your rights in relation to your personal data by written notice to us.
9. Our details Made in the Marches Gallery 12 Church St, Kington, Herefordshire, HR5 3AZ firstname.lastname@example.org