It is important for you (as an individual who provides us with Personal Data) to understand how we use (or “process”) Personal Data, including that which we collect about you during your visit to this Website and our other websites, and which we process more generally pursuant to this Policy.
Tom Leamon is the Data Controller of all such Personal Data.
Our aim always is to process Personal Data fairly, lawfully and transparently. However, if you are unhappy with the information provided in this Policy or have any broader questions or concerns please email firstname.lastname@example.org. If you remain dissatisfied you may raise any issue directly with the Information Commissioner’s Office (who can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or via www.ico.org.uk).
1 Personal Data Collection
More generally, and subject to this Policy, we may also obtain Personal Data when you correspond with or visit Tom Leamon directly, through his representatives at Frameless Gallery or when attending an event or gallery show.
The types of Personal Data we collect and process may include:
(1) basic information (name, address, date of birth, nationality, gender, etc)
(2) contact information (address, telephone, and e-mail addresses)
(3) financial information (certain limited bank account or credit card details)
(4) website information (IP address, location information, weblogs etc)
Sensitive Personal Data is neither requested nor collected by us generally. Sensitive Personal Data includes for example information relating to race or ethnic origin, religious beliefs, and health. If you do provide us with Sensitive Personal Data because we have agreed between us that such disclosure is necessary, you must also explicitly consent to us using it for the purposes for which it has been provided.
Cookies and Google Analytics
Cookies are small pieces of information stored by your browser on your computer’s hard drive. If you want to know more about cookies and how they work, please refer to the following websites: http://www.allaboutcookies.org and http://www.youronlinechoices.com.
If you are a registered user of the Site, we will use a cookie for the duration of your visit to the Site for the purposes of allowing you to save items so that you can find them again easily. After you close your browser, this cookie will expire.
Through our Website we store the IP addresses of users in order to increase the session security. The IP address is only logged when you put something into your basket. If you return to the Website you are not identifiable until the point when you log-in as a registered user with an active account.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. Unless you do this, cookies will be issued when you use our Site, but you can delete them via your browser at any time. If you do not accept cookies, or decide to delete them, you will still be able to access and use the Site but you won’t be able to save any items. You can also install the Google Analytics Opt-Out Browser Add-On to prevent Google Analytics cookies being set, which is available for download here.
2 Personal Data Use
1. facilitating client projects, customer orders for goods and services, customer and guest visits, reservations, bookings, cancellations and refunds, and for the purposes of responding to any related comments, questions and other interactions; and
2. business purposes, such as engaging suppliers, generating statistics, measuring performance and Website usage, service improvement and marketing plans.
In accordance with the GDPR, we have identified below the relevant lawful basis for the processing of various types of Personal Data for different purposes:
(1) We are entitled to process Personal Data, including basic customer details, as required in order to fulfil our obligations under any order or purchase you make, or in advance of that contract.
(2) We may process Personal Data on the basis that it is in our legitimate interests and/or the legitimate interests of a third-party to do so. We have a legitimate business interest for example in offering services, projects and products to customers and clients, and in undertaking such work when agreed, and our customers and clients likewise have a legitimate interest in receiving the same. We may also process Personal Data on the basis that it is necessary for our legitimate interests in the effective management and running of the business, which may include, but is not limited to: engaging suppliers, ensuring that systems and premises are secure and running efficiently, for legislative compliance, auditing and reporting, for insurance purposes, and to protect our legal rights. We are satisfied that all such processing is not unwarranted because of any prejudicial effect on your rights and freedoms or your legitimate interests.
(3) In certain circumstances, we may process your Personal Data in order to comply with our legal obligations. This includes processing Personal Data for tax and accounting purposes and to fulfil our statutory obligations.
(4) Where you have provided your consent, we may also use your Personal Data to tell you about our products, promotions and special offers that may be of interest to you. This may include receiving such further information by telephone, email, SMS and other forms of electronic communication as approved by you at the time you gave us your consent. However, these decisions may be reversed at any time by opting-out of such communications or by emailing us, and we will process your request as soon as possible.
3 Transfers of Personal Data to Third Parties
Such third parties may be located in countries both inside and outside the European Economic Area (“EEA”). Although countries outside the EEA may not require the same level of protection of Personal Data as those within the EEA and as is the case in the UK, we always demand that our third party processors adhere to the same procedures that we follow ourselves with respect to your Personal Data and that adequate safeguards are in place in advance of any transfer outside the EEA.
We may disclose any information, including Personal Data, we deem necessary to comply with any applicable law, regulation or governmental request.
4 Protecting Personal Data
We implement various security measures to protect the security of your Personal Data.
In connection with payment processing which is managed by our financial fulfillment house, we only record the last four digits of any credit cards (including to enable us to process refunds) and do not store security codes or issue/expiry. Your Personal Data will be processed by the financial fulfillment house outside the EEA, though subject to adequate safeguards as noted above in this Policy.
We have security arrangements in place to guard against unauthorised access, improper use, alteration, destruction or accidental loss of your Personal Data. In accordance with the GDPR, we take appropriate organisational and technical security measures, including specific information security standards for the protection of Personal Data.
5 Your Rights and Responsibilities
The GDPR generally provides individuals with rights to access, to object to the processing of, to rectify, to erase, to restrict and to port their Personal Data. You can exercise any of these rights by contacting us at any time at email@example.com.
We have specific procedures in place to enable you to request that we provide you with details of your Personal Data which we process and a description of how we process it.
You have the right to unsubscribe from any marketing emails we send you. You can do this by clicking on the link at the bottom of every email we send to you or by contacting us by email. You can also request that your Personal Data is deleted from our systems at any time, though please note that we may be entitled to continue to store such Personal Data in accordance with the law and with this Policy.
We will take reasonable steps to create an accurate record of any Personal Data submitted through the Website or otherwise processed by us. However, we do not assume responsibility for confirming the ongoing accuracy of your Personal Data and so please let us know if corrections and updates are required.