2. Personal data which I collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
I collect just few information about my wonderful customers (you!).This personal data falls into these categories:
Identity Data includes title, first name and last name. If you interact with me through social media, this may include your social media user name.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Financial Data includes PayPal payment details.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from me.
Remember, if you choose not to share personal data with me, or refuse certain contact permissions, I might not be able to provide the products and services you’ve asked for.
3. How is your personal data collected?
I use different methods to collect data from and about you including through:
Direct interactions. You may give me your Identity, Contact and Financial Data by filling in forms or by corresponding with me by post, phone, email or through chat or social media.
This includes personal data you provide when you:
- make enquiries or request information be sent to you;
- order my products or services;
- ask for marketing to be sent to you;
- engage with me on social media;
- enter a competition, promotion or survey;
- contact through contact page; or
- leave comments or reviews on my products or services (please be kind!).
4. How I use your personal data
Generally, I do not rely on consent as a legal basis for processing your personal data other than where the law requires it. Where our legal basis is consent, you have the right to withdraw consent any time.
See Explaining the legal bases we rely on to process personal data to find out more about the types of lawful basis that we will rely on to process your personal data.
5. Advertising, marketing and your communications preferences
I may carry out direct marketing by email, phone, text or post. For example, you might have the letter hit your inbox or a cool promotion land on your door mat.
Of course, there are lots of different ways you’ll see adverts for artgabriela.com out and about, and not all of these are based on using personal data – sometimes I just buy good old-fashioned advertising space in the real world and websites and social media. If you see artgabriela.com adverts on websites and in social media, these may not be directed specifically at you, I might just have bid for the space. But here’s some things I may do that may be specifically directed at you:
- emails, for example me writing you about the project;
- text messages on social media if you prefer using a social media platform;
- promotions by post, such as great money off shipping offers; and/or
- phone calls, to tell you something that might be relevant to you and your business.
7. Disclosures of your personal data
I may share personal data with the following categories third parties:
- suppliers and service providers (such as technology service providers, payment processing and fraud prevention providers, manufacturers and post and courier services);
- auditors and professional advisers like bankers, lawyers, accountants and insurers; and
- government, regulators and law enforcement.
I require all third parties to respect the security of your personal data and to treat it in accordance with the law.
8. Payment information
Artgabriela.com uses third party payment processor PayPal to process payments made for products and services. All online payments will be conducted in accordance with Payment Card Industry (PCI) data security standards (which are high!) and your billing information (which is only used by these payment processors for the purpose of performing fraud protection) is encrypted before being communicated to them. Subject to the below exceptions, your credit card details are communicated directly from your browser to these payment processors – I never (ever!) see your full Permanent Account Number (PAN).
9. International transfers
Whenever we transfer your personal data out of the EEA, we will comply with applicable data protection law. Some of the mechanisms we may choose to use when undertaking an international transfer are:
- The transfer of your personal data is to a country that has officially been deemed to provide an adequate level of protection for personal data by the European Commission.
- We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe (called the “EU Model Clauses”).
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. If the provider is not EU-US Privacy Shield certified, we may use the EU Model Clauses.
10. Data security
I have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. I will never reveal your contact information to other
11. Data retention
I will only keep your personal data for as long as necessary to fulfill the purposes I collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.I also make a promise to you that you can contact me up to 5 years after creating the graphic, to re-provide you the materials if lost.In some circumstances you can ask me to delete your data; see Your legal rights below for further information.
12. Your legal rights
If the General Data Protection Regulation applies to you because you are in the European Union, you have rights under data protection laws in relation to your personal data:
- The right of access – that’s a right to make what’s known as a ‘data subject access request’ for copy of the personal data I hold about you;
- The right to rectification – that’s a right to make me correct personal data about you that may be incomplete or inaccurate;
- The right to erasure – that’s also known as the ‘right to be forgotten’ where in certain circumstances you can ask me to delete the personal data I have about you (unless there’s an overriding legal reason I need to keep it);
- The right to data portability – that’s a right for you to ask me for a copy of your personal data in a common format (for example, a .csv file);
- The right to object – that’s a right for you to object to me processing your personal data (for example, if you object to me processing your data for direct marketing); and
If you wish to exercise any of the rights set out above, please contact me.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, I may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, I may refuse to comply with your request in these circumstances.
I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. I may also contact you to ask you for further information in relation to your request to speed up my response. I try to respond to all legitimate requests within one month.
You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). I would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact me in the first instance.
13. How to contact me about privacy