It's important stuff, for both you and me. so please take time to read it carefully. I hate jargon, so I've tried to make it a little easier to read for everybody.
- What information I collect and why I collect it,
- How I use that information,
- The choices you have and your rights, including how to access and update information.
Changes to Data Protection Law
The law relating to Data Protection changed on 25th May, 2018 when the General Data Protection Regulation (GDPR) came into force in the United Kingdom and across Europe.
1. Who I am and how you can contact me
When I refer to my website, I mean my website at https://www.juliabrownart.com
2. Where I collect your personal information from
I may collect, store, and transfer personal information about you in the following ways:
Data you give to me:
- When you register to use my services, or buy my products
- When you talk to me on the phone, via Zoom, or via Skype
- When you use my website or web chat
- When you email me or write a physical letter to me for any reason at all
- When you engage with me on social media, using your social media username, if you do talk to me through social media channels
- If you take part in any of my competitions or promotions
- When you give me feedback, comments, testimonials, and product reviews
- When you book any kind of appointment with me
- When you send me photos or images of yourself
Data I collect when you use my services:
- I use several products to analyse traffic to my website to understand my visitors' needs and keep improving my site and content for them. I only collect anonymous, aggregate statistics – e.g. I never tie a specific visit to a specific IP address.
- I use technology to collect and store information about the device or browser you use when you visit my website. This may include using cookies or similar technology to identify your device or browser.
- When you give me feedback.
- When you use my website and subscribe to my newsletter, or buy a product or service, or register to take part in any competition or campaign.
Data from third parties I work with:
- Companies that introduce you to me
- Social networks
- Agents or agencies working on my behalf
- Government and law enforcement agencies
- Identity and contact data from publicly available sources
3. Data I collect about you
I may collect, use, store, and transfer different types of personal information about you which I've grouped together like this:
- Identity data: name, username, title, gender, date of birth, marital status, photographs.
- Contact data: email address, telephone numbers, billing address, delivery address, social media addresses.
- Technical data: internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access my website.
- Profile data: feedback, testimonials, and survey responses.
- Usage data: information about how you use my website.
- Marketing and communications data: how you want to receive marketing from me and my third-party providers, and your communications preferences.
I also collect and share aggregated data like statistical or demographic data for any purpose. Aggregated data may be derived from your personal data, but it's not considered to be personal data under the law because it doesn't directly or indirectly reveal your identity. For example, I may aggregate your usage data to work out the percentage of people accessing a specific feature of my website.
I do not collect any special categories of personal info about you. This includes details about race or ethnicity, sex life, sexual orientation, religious or philosophical beliefs, political opinions, trade union membership, information about your health, and genetic and biometric data.
4. How I use your personal information
I'm only allowed to use your personal information if it's legal. I will only process your data where I have a legal basis under the GDPR to do so. My use of your personal data will always have a legal basis, because:
- It is necessary for our performance of a contract with you
- You have consented to our use of your personal data
- We are complying with a legal obligation
- It is necessary in pursuit of our legitimate interests – detailed below
Where my processing of your data is based on my legitimate interests, I will have made sure such processing is necessary and I will not do so where my interests are overridden by yours.
My legitimate interests include:
- Selling and supplying my products and services to customers and potential customers.
- Handling customer and potential customer contacts, queries, complaints, or disputes.
- Understanding my customers’ (or potential customers’) behaviour, activities, and preferences.
- Improving my products and services, including developing new products and services.
- Promoting, marketing, and advertising my goods and services.
You can ask me or third parties* to stop sending you marketing messages at any time by contacting me at email@example.com or you can write to me at Sculpture Lounge Studios, Holmbridge Mill, Bank Lane, Holmfirth, West Yorkshire, HD9 2NE, United Kingdom. *Or you can click the 'unsubscribe' link at the bottom of my marketing emails at any time.
Change of Purpose
I'll only use your personal information for the purposes I collected it for, unless I reasonably consider I need to use it for another reason, and that reason is compatible with the original purpose. If you want me to explain how the processing for the new purpose is compatible with the original purpose, please contact me at firstname.lastname@example.org or write to me at Sculpture Lounge Studios, Holmbridge Mill, Bank Lane, Holmfirth, West Yorkshire, HD9 2NE, United Kingdom.
If I need to use your personal information for an unrelated purpose, I'll notify you and explain the legal basis which allows me to do so.
Please note that I may process your personal information without your knowledge or consent, in compliance with the rules above, where this is required or permitted by law.
5. Whom I share your personal information with
I may have to share your personal information with the parties and organisations listed below for purposes explained above.
- My business partners and collaborators, where you've signed up to receive a product or service created by us.
- IT companies which support my website and other business systems based in the UK or EEA.
- Organisations that help me manage enquiries and responses to you via email, which are based in the USA. I have adequate measures in place where they will not be storing or processing data outside the EEA. (See section 8 below for more information.)
- Operational companies like delivery couriers based in the UK or EEA.
- Direct marketing companies which help me manage my communications with you in the UK and EEA.
- Professional advisors like accountants, lawyers, bankers, and insurers based in the UK or EEA who provide accountancy, consultancy, banking, and legal services.
- HM Revenue & Customs, regulators, and other authorities based in the UK who require reporting of processing activities in certain circumstances.
I expect and require all third-parties to respect your personal information's security and to treat it in accordance with the law. I do not allow any of my third-party service providers to use your personal information for their own purposes. I only allow them to process your personal information for specific and specified purposes and in accordance with my instructions.
6. Failing to provide personal information
If I need to collect your personal information by law, or in order to fulfil a contract with you, and you fail to provide that data when I ask for it, I may not be able to provide you with the goods or services you want. If this is the case, I may have to cancel a product or service you have with me. I'll let you know at the time if this happens.
7. Third-party links
8. Transferring your personal information outside the EEA
The EEA is the European Economic Area, comprising the EU Member States, Iceland, Liechtenstein, and Norway.
I don't transfer your data outside the EEA. However, I may use third-party service providers which do. In that case, if they do transfer your personal information outside the EEA, I'll make sure it's protected in the same way as if it was being used in the EEA, and I'll make sure adequate safeguarding measures are in place.
Please contact me if you want more information about the specifics of what happens if your personal information leaves the EEA.
9. Data security
I've put appropriate security measures in place to prevent your personal information being accidentally lost, used or accessed without authorisation, altered, or disclosed. Additionally, I limit access to your personal information to those agents, contractors, and other third-parties who have a business need to know. They will only process your personal information on my instructions and they are subject to a duty of confidentiality.
I've put procedures in place to deal with any suspected personal information breach and will notify you and any applicable regulator (including the ICO) of a breach, where I'm legally required to do so.
10. How long I keep your personal information for
I'll only keep your personal information for as long as I need it to fulfil the purposes I collected it for, including the purpose of satisfying any accounting, legal, or reporting requirements.
I consider the amount, nature, and sensitivity of the personal information when deciding how long to keep it for. I also look at the potential risk of harm from unauthorised use or disclosure, the purposes I process your information for, and whether I can achieve the purposes by some other method, and the legal requirements that apply to all this.
Sometimes, I may anonymise your personal information (so it can no longer be associated with you) for research or statistical purposes. If I do this, I may use the information indefinitely without notifying you further.
I may use your personal information to tell you about relevant goods and services, and any upcoming offers or events.
I can only use your personal information to send you marketing messages if I have either your consent, or a legitimate interest to do so.
You can ask me to stop sending you marketing messages any time – just click on the 'unsubscribe' links at the bottom of any marketing emails you receive, or email me at email@example.com.
In the unlikely event I decide to share information, I'll get your express opt-in consent before I share your personal information with any company for marketing purposes.
When you opt out of receiving marketing messages from me, this won't apply to personal information you give me as a result of buying my goods or services, or any other transaction between us.
My website is not intended for children under the age of 16 and I do not knowingly collect data relating to children. I encourage parents and legal guardians to monitor children's internet use.
If you believe a child under the age of 16 has given personal information to me through my service, please contact me at firstname.lastname@example.org or you can write to me at Sculpture Lounge Studios, Holmbridge Mill, Bank Lane, Holmfirth, West Yorkshire, HD9 2NE, United Kingdom.
13. Your rights
Under the General Data Protection Regulation (GDPR), you have a number of rights regarding your personal data, which this policy and our use of your data has been designed to uphold:
- Right to be informed – you have the right to be informed about my collection and use of your personal data.
Right of access – you have the right to request a copy of the information I hold about you. You can do this by contacting me using the details above.
- Right of rectification – if I hold data about you that's inaccurate or incomplete, you have a right to correct it.
- Right to be forgotten – in certain circumstances you can ask me to erase the data I hold about you from my records.
- Right to restriction of processing – where certain conditions apply, you have a right to restrict my processing.
- Right of portability – you have the right to transfer the data I hold about you to another organisation.
- Right to object – you have the right to object to certain types of processing (such as direct marketing).
- Rights in relation to object to automated processing and profiling – you also have the right not to be subject to legal effects of automated decision making and profiling.
If you have cause for complaint about my use of your data, or you would like to exercise any of your rights, please contact me using the details provided in Section 1 and I will do my best to solve the problem for you.
If I'm unable to help, or you aren’t satisfied with my response, you also have the right to lodge a complaint with the UK’s supervisory authority – The Information Commissioner’s Office (ICO). You can contact the ICO:
- By post – The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
- By telephone – 0303 123 1113
- Via its website – www.ico.org.uk