Privacy Policy

This Privacy Policy describes how Tom Leamon collects and uses personally identifiable information (“Personal Data”) in accordance with the EU General Data Protection Regulation (“GDPR”). 

It is important for you (as an individual who provides us with Personal Data) to understand how we use (or “process”) Personal Data, including that which we collect about you during your visit to this Website and our other websites, and which we process more generally pursuant to this Policy. 

Tom Leamon is the Data Controller of all such Personal Data.

Our aim always is to process Personal Data fairly, lawfully and transparently. However, if you are unhappy with the information provided in this Policy or have any broader questions or concerns please email mail@tomleamon.com. If you remain dissatisfied you may raise any issue directly with the Information Commissioner’s Office (who can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or via www.ico.org.uk).

1 Personal Data Collection

When you submit your Personal Data on this Website you are agreeing to the processing and transfers of your Personal Data as set out in this Privacy Policy. This includes when you subscribe to our mailing list for information, invites and updates.

More generally, and subject to this Policy, we may also obtain Personal Data when you correspond with or visit Tom Leamon directly, through his representatives at Frameless Gallery or when attending an event or gallery show.

The types of Personal Data we collect and process may include: 

(1) basic information (name, address, date of birth, nationality, gender, etc)

(2) contact information (address, telephone, and e-mail addresses)

(3) financial information (certain limited bank account or credit card details)

(4) website information (IP address, location information, weblogs etc)

Sensitive Personal Data is neither requested nor collected by us generally. Sensitive Personal Data includes for example information relating to race or ethnic origin, religious beliefs, and health. If you do provide us with Sensitive Personal Data because we have agreed between us that such disclosure is necessary, you must also explicitly consent to us using it for the purposes for which it has been provided.

Cookies and Google Analytics

Cookies are small pieces of information stored by your browser on your computer’s hard drive.  If you want to know more about cookies and how they work, please refer to the following websites: http://www.allaboutcookies.org and http://www.youronlinechoices.com.

If you are a registered user of the Site, we will use a cookie for the duration of your visit to the Site for the purposes of allowing you to save items so that you can find them again easily. After you close your browser, this cookie will expire.

Through our Website we store the IP addresses of users in order to increase the session security. The IP address is only logged when you put something into your basket. If you return to the Website you are not identifiable until the point when you log-in as a registered user with an active account.

We also use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses cookies to collect information about details of our users’ visits to the Site (including IP addresses) and the resources they access on it. Google Analytics provides us with reports based on this information in order to us to help us understand how visitors engage with the Site.  Google Analytics will not transfer the information it collects to any third party except where required to do so by law. Please note that we will not use Google Analytics to collect any information from which you can be personally identified, and we will not associate the information provided to us by Google Analytics with Your Information. Google Analytics’ cookies will remain on your computer for between thirty minutes and two years from being set / updated, unless you delete them before they expire. For more information about Google Analytics, please visit http://www.google.com/intl/en/analytics/privacyoverview.html.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. Unless you do this, cookies will be issued when you use our Site, but you can delete them via your browser at any time. If you do not accept cookies, or decide to delete them, you will still be able to access and use the Site but you won’t be able to save any items. You can also install the Google Analytics Opt-Out Browser Add-On to prevent Google Analytics cookies being set, which is available for download here

2 Personal Data Use

Except as otherwise disclosed in this Privacy Policy, we will process Personal Data only for the purposes of:

1. facilitating client projects, customer orders for goods and services, customer and guest visits, reservations, bookings, cancellations and refunds, and for the purposes of responding to any related comments, questions and other interactions; and

2. business purposes, such as engaging suppliers, generating statistics, measuring performance and Website usage, service improvement and marketing plans.

In accordance with the GDPR, we have identified below the relevant lawful basis for the processing of various types of Personal Data for different purposes:

(1) We are entitled to process Personal Data, including basic customer details, as required in order to fulfil our obligations under any order or purchase you make, or in advance of that contract.

(2) We may process Personal Data on the basis that it is in our legitimate interests and/or the legitimate interests of a third-party to do so. We have a legitimate business interest for example in offering services, projects and products to customers and clients, and in undertaking such work when agreed, and our customers and clients likewise have a legitimate interest in receiving the same. We may also process Personal Data on the basis that it is necessary for our legitimate interests in the effective management and running of the business, which may include, but is not limited to: engaging suppliers, ensuring that systems and premises are secure and running efficiently, for legislative compliance, auditing and reporting, for insurance purposes, and to protect our legal rights. We are satisfied that all such processing is not unwarranted because of any prejudicial effect on your rights and freedoms or your legitimate interests. 

(3) In certain circumstances, we may process your Personal Data in order to comply with our legal obligations. This includes processing Personal Data for tax and accounting purposes and to fulfil our statutory obligations. 

(4) Where you have provided your consent, we may also use your Personal Data to tell you about our products, promotions and special offers that may be of interest to you. This may include receiving such further information by telephone, email, SMS and other forms of electronic communication as approved by you at the time you gave us your consent. However, these decisions may be reversed at any time by opting-out of such communications or by emailing us, and we will process your request as soon as possible.

We will retain Personal Data for the length of time required for the specific purposes for which it is processed, as set out in this Privacy Policy. However, we may also keep your Personal Data for a longer period, for example, where required by our legal and regulatory obligations or in order to ensure we have effective back-up systems. In such cases, we will ensure that your Personal Data will continue to be subject to this Policy, restrict access to any archived Personal Data and ensure that all Personal Data is held securely and kept confidential.

3 Transfers of Personal Data to Third Parties

We may share Personal Data with our affiliates, our business partners and our licensors, as well as our fulfilment houses (these are companies which coordinate mailings or distribute products on our behalf, or which provide payment services). If we sell or buy any business or assets we may also disclose or transfer Personal Data to the prospective seller or buyer. We will ensure that there is a legal basis for all such transfers of Personal Data under the GDPR and that the related processing activities are as set out in this Privacy Policy.

We may also retain other companies and individuals to perform functions on our behalf in relation to the processing of Personal Data as explained in this Privacy Policy. Examples include credit/debit card validation and authorisation agencies, data analysis firms, customer support specialists, webhosting companies and IT services providers. Such third parties may process Personal Data if needed to perform their functions and on our instructions, but will be subject to appropriate contractual safeguards and may not use such Personal Data for any other purpose.

Such third parties may be located in countries both inside and outside the European Economic Area (“EEA”). Although countries outside the EEA may not require the same level of protection of Personal Data as those within the EEA and as is the case in the UK, we always demand that our third party processors adhere to the same procedures that we follow ourselves with respect to your Personal Data and that adequate safeguards are in place in advance of any transfer outside the EEA.

We may disclose any information, including Personal Data, we deem necessary to comply with any applicable law, regulation or governmental request.

4 Protecting Personal Data

We implement various security measures to protect the security of your Personal Data.

In connection with payment processing which is managed by our financial fulfillment house, we only record the last four digits of any credit cards (including to enable us to process refunds) and do not store security codes or issue/expiry. Your Personal Data will be processed by the financial fulfillment house outside the EEA, though subject to adequate safeguards as noted above in this Policy.

We have security arrangements in place to guard against unauthorised access, improper use, alteration, destruction or accidental loss of your Personal Data. In accordance with the GDPR, we take appropriate organisational and technical security measures, including specific information security standards for the protection of Personal Data.

5 Your Rights and Responsibilities

The GDPR generally provides individuals with rights to access, to object to the processing of, to rectify, to erase, to restrict and to port their Personal Data. You can exercise any of these rights by contacting us at any time at mail@tomleamon.com.

We have specific procedures in place to enable you to request that we provide you with details of your Personal Data which we process and a description of how we process it. 

You have the right to unsubscribe from any marketing emails we send you. You can do this by clicking on the link at the bottom of every email we send to you or by contacting us by email. You can also request that your Personal Data is deleted from our systems at any time, though please note that we may be entitled to continue to store such Personal Data in accordance with the law and with this Policy.

We will take reasonable steps to create an accurate record of any Personal Data submitted through the Website or otherwise processed by us. However, we do not assume responsibility for confirming the ongoing accuracy of your Personal Data and so please let us know if corrections and updates are required. 

6 Changes to this Privacy Policy

This Privacy Policy is effective from August 2021. 

We may revise this Privacy Policy from time to time and will post the revised version here. As we may make changes at any time without notifying you, and the Policy governing our processing of your Personal Data will be the one in place at the time of the processing in question, we suggest that you periodically consult this Privacy Policy.