Effective from may 25th 2018
Thank you for visiting The Art of Hannah Rose Shaw.
I respect your privacy. I am GDPR compliant.
1. Key terms
- "Personal data" refers to information that directly or indirectly allows for personal identification.
3. What Personal Data do I collect?
I collect the following Personal Data:
- Squarespace Analytics collect Usage Data, including page views, conversion rates, sales, referrers, popular content and IP address.
- Squarespace are GDPR compliant. Squarespace are compliant with the Privacy Shield.
- I will use your email address to respond to you if you have contacted me, or if you have made a purchase from my Etsy shop and I need to contact you regarding your purchase in order to fulfil my service.
- I do not keep a record of email addresses. I will never use your email address for marketing purposes.
- I will keep your correspondence for up to 6 months after service has been fulfilled, incase you would like any alterations to work or further work. After 6 months your correspondence will be permanently deleted from my Gmail account.
- If you contact me, I will respond using my email address, firstname.lastname@example.org, which is powered by Gmail.
- Google are GDPR compliant.
- This website links to my Etsy shop, where you can purchase from me.
- Personal Data is collected from anyone who visits my Etsy store or makes a purchase.
- Personal Data is collected from Etsy Conversations. I will correspond with you using Etsy Conversations, if you have contacted me, or if I need to contact you about an order or purchase in order to fulfil my service. I will never send unsolicited messages. I will keep your correspondence for up to 6 months after service has been fulfilled, incase you would like any further work or alterations to work created. After 6 months your correspondence will be permanently deleted from Etsy Conversations.
- If you purchase from my Etsy shop, I will receive Personal Data in order to send you your product, including your address, name, country, email address, payment method and ZIP/ postal code.
- I collect data from Etsy Analytics, including page views, item views, and favourites.
- Etsy require certain Personal Data from customers in order to fulfil their service. This includes name, address and email address.
- Etsy are GDPR compliant.
- For full details, please view Etsy's Cookies Policy.
- When you visit our Facebook Page, Facebook Analytics collect Personal Data, including name, age, gender, location and device usage.
Messages that you send to us via Facebook Messenger will be stored in Facebook Messenger. We will keep your correspondence for up to 6 months, after which time we will delete it. We will only use Facebook Messenger to respond to your inquiries, and will never send you a message that is unsolicited.
We do not sell directly from Facebook or use Facebook advertising.
- Facebook are GDPR compliant.
- For full details please visit Facebook’s Data Policy.
- Messages that you send to us via Twitter Messages will be stored in Twitter Messages. We will keep your correspondence for up to 6 months, after which time we will delete it. We will only use Twitter Messages to respond to your inquiries, and will never send you a message that is unsolicited.
- When you visit our Instagram Account, Instagram Analytics collect Personal Data, including name, age, gender, location and device usage. Instagram are GDPR compliant. For full details please visit Instagram's Data Policy.
4. How do I collect Personal Data?
I collect Personal Data when:
It is provided by you directly, such as when you place an order.
It is recorded automatically when you use our services, such as visiting our shop or viewing our social media.
It is received from a Third Party, such as if you make a payment using a payment processor.
5. Whose Personal Data do I collect?
Data is collected from anyone who:
- Visits this website.
- Visits our shop or social media links from this website.
6. Why do I collect Personal Data?
To fulfil our services
- Collecting Personal Data allows me to fulfil a service, by allowing you to contact and purchase from me. It allows you to create and manage your Account, purchase my services, process payments and contact me.
To communicate with you
- I will communicate with you if you contact me. I will never send unsolicited emails.
To meet our legal obligations:
- If you purchase from my Etsy store, I will collect your name, address, contact details and order details for record keeping and tax purposes.
- This data will be stored or 6 years to comply with UK legal tax requirements. After 6 years the data will be destroyed.
- All data is stored digitally in a secure, password protected and encrypted environment.
For enhanced security
- Processing Personal Data allows me to ensure the security and integrity of our services.
Third Party relationships
- Processing Personal Data allows me to maintain Third Party relationships.
7. When do I collect Personal Data?
I will process your Personal Data for the uses described in section 6. when:
I have a legal obligation
- For example, to comply with tax and government regulations or to comply with a binding law enforcement request.
- You have given your consent for me to use your Personal Data. When you consent, you can change your mind at any time.
I need to fulfil a service or contract
- If I need to use your Personal Data in order to provide you with the services and products requested by you.
- If I we need to use your Personal Data to communicate with you or respond to your inquiries.
- If I need to use your Personal Data so that we can perform a contract with you or take steps at your request before entering into a contract with you.
There is legitimate interest to do so
- I have legitimate interest in operating my business and providing you with a service and communication.
- I have legitimate interest in monitoring the safety and securing of my website, protecting against fraud, spam and abuse.
- I have legitimate interest in providing and improving my website.
Others legitimate interest:
- It may be important to protect a Third Party's legitimate interest. For example, my partners who have a legitimate interest in delivering quality products to you via fast and professional services.
8. How do I share your Personal Data?
I will not sell, trade, or otherwise transfer your Personal Data to outside parties without your consent. With your consent, Personal Data may be provided to Third Parties for fulfilment of services. They are as follows:
- Our emails are sent via Gmail and G Suite.
- Google are GDPR compliant.
- If you make a purchase from me via my Etsy store, your Personal Data is transmitted via an encrypted connection to Etsy Payments or PayPal.
- If you make a purchase from me via my Etsy store, I will ship your item/s to you using Royal Mail's services.
- Royal Mail are GDPR complaint.
9. Where do we store Personal Data?
- I store all Personal Data in encrypted and password protected environments.
- Emails are protected with strong passwords and two-factor authorisation.
- I do not store any Personal Data as paper records.
10. How do I protect your Personal Data?
- Websites powered by Squarespace are scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible. Websites powered by Squarespace use regular Malware Scanning.
- Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
- I implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your Personal Data.
- All transactions are processed through a Payment Provider and are not stored or processed on my servers.
- All my accounts are protected with strong passwords and two-factor authentication.
11. Gaining your consent
- I do not keep a record of email addresses. I do not send our marketing emails or newsletters. I will never use your Personal Data to contact you about anything that isn't necessary to fulfil my services.
- I will never supply your contact details to any Third Party without your consent.
12. Subject Access Requests and Right to Erasure
- You may have the right to access, update, change or delete your Personal Data. If you would like to know what Personal Data I hold relating to your identity, or would like me to erase your Personal Data from my records, please email email@example.com to request these changes.
- I will ask you to confirm your identity by checking your information against my records. If your identity can be verified, I will erase your Personal Data from my records within 48 hours.
- My Cookies Policy explains how you can manage Cookies on this site.
14. How to contact us
Hannah Rose Shaw
PO Box 6945