Privacy Policy
(1) INTRODUCTION
This privacy notice provides you with details of how we collect and process your personal data on www.cerysbailey.co.uk and any subdomains we use on this site for the purpose of providing our services. Cerys Bailey Art may change this policy at any time. If we do so, the changes will be represented here on the policy page in Bold Red, and we will post a prominent message on our website.
This policy is active from the 25th of May 2018 and complies with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018). Cerys Bailey Art are the Data Controller represented in this policy (we may refer to ‘We’, ‘Us’ or’ Our’ in this privacy policy). If you need to contact us about this privacy policy and how we handle your data, you can do so by clicking HERE to use our contact form (please enter the subject ‘Privacy’), or you can write to us at ‘Gwelfryn, Gwalchmai, Holyhead, LL65 4RR’.
If you need us to change the data we hold about you, please contact us using the methods described in the last paragraph. We may need to contact you from time to time to check that the personal data we hold about you is accurate.
The following policy highlights in detail how we only ever use your data for our business relations with you and how that is achieved, and how we do not pass this information onto a third party (like payment processors) without your consent. The policy also highlights how we absolutely and without fail, never collate and sell your data under any circumstances.
(2) WHAT DATA WE MAY COLLECT ABOUT YOU
We may collect the following data in the course of providing our services:
• Your name
• Your email address
• Your home/business address
• Your date of birth
• Your phone number
• Your business name
• Your website address
• Your financial details
(Only relevant if we take card details, as financial information is anonymised through Paypal.)
• Any personal data posted to our website (application and order forms)
• Your marketing and email preferences
• Information provided by you for the purpose of proving our services. This may be content information for websites/print media/marketing campaigns and information relating to the order of domain names on your behalf.
• Technical data such as the IP address used to connect to our website (this is usually your ISP IP address and not your personal IP) and anonymised data relating to the amount of time spent on our website, which pages are clicked, time zones and country of origin.
• Any other information you provide to us in the course of doing business.
(3) HOW WE MAY PROCESS YOUR DATA
Your data may be used by us for the following reasons:
• To enable us to enter into a contract with you in relation to providing our services at your request.
• To process transactions relating to you ordering services from us.
• To send customer communications relating to products or services bought from us.
• To reply to any query made about the products and/or services we offer.
• To personalise your experience while using our services.
• To keep records of orders placed with us and communication in relation to those orders.
• To send you marketing emails, where permitted (we very rarely do this).
• To manage our business.
• To obtain professional advice.
• To maintain legal obligations under the law.
• To comply with government organisations where required to do so.
• To keep records of communications.
• To bring legal claim where necessary in relation to a breach of contract, abuse of services or a non payment.
• To deliver relevant website content and advertisements to you.
• To comply with any service you have asked us to perform on your behalf.
(4) LAWFUL DATA PROCESSING
Under the GDPR legislation, we are only permitted to process personal data if we have lawful grounds for doing so. Our lawful grounds for processing are specific to the following areas of business and follow the GDPR principles of lawfulness, fairness and transparency.
• We may process your data in relation to any contractual obligation we have to you, which may include any of our specific services, or any services that have been tailored (bespoke) to you, at your request. Where a legal contract exists, our data processing under this basis, will only ever be in line with our contract with you. This includes providing support services.
• We may process data prior to any contract, when we have been asked to do so by yourself only. This applies when we may use data to provide you with a quote or an estimate relating to any services listed on our website, or that you may enquire about. We may process this data whether you make your enquiry with us by email, through our website form, by telephone or in person. Where it is possible for us to know, we will never process data supplied to us by a third person.
• We may process your data in relation to any request from government or law enforcement services, but only where required to do so by the law and in response to a proper request.
• We may process your data in relation to book keeping and managing our business in a responsible way and where we have a legal obligation for compliance.
• We may process your data in relation to our site analytics, which are used by us to monitor site traffic and usage. This data is anonymised and only used to find errors on our website, and to monitor the use and misuse of our services. Data sets collected are: worldwide region, pages visited, bandwidth used, clicks made on our website, time spent on our website, images loaded, ISP IP addresses (these are not personal IP addresses), file types viewed, downloads from our site, both operating systems and browsers used to view our content (to let us see how our site is performing and to maintain compliance), external links connecting to us and error reporting.
• We may process data we have obtained through our website cookie system, which is used to maintain our website/databases and our services, ensuring our content is relevant to you, for analytics, to ensure the security of our site, to allow you to login to our services and to personalise our services to you.
• We may process data in relation to obtaining insurance or professional services. This data processing is for our legitimate interests in order to protect and grow our business.
We do not collect any personally sensitive interests about you. When we say sensitive data, we mean any data that relates to your sexual orientation, gender identity, race, ethnicity, philosophical or religious beliefs, politics, trade union membership, genetics, bio-metrics or health.
(5) HOW WE COLLECT YOUR PERSONAL DATA
We may collect your data when it is directly supplied to us by yourself, either by email, telephone call, using our website form or by personal contact. We collect data only for processing your request for a quote or information from us in relation to services, or for processing orders. Data is also collected by cookies in relation to logging in to our services and for maintaining the security and function of our website.
We may also receive data from both Facebook and Google advertising and analytics platforms, which are both located outside of the EU.
(6) MARKETING COMMUNICATIONS
We have lawful grounds for sending out marketing emails to you, which may either be your consent, or legitimate interests on our part (business growth).
We may only send you marketing communications if, (a) you agreed to receive marketing communications from us and haven’t up until the point we send them to you, opted out of such communications, (b) if you made a purchase from us or asked about good and services, or (c) if you are a Limited Company, we may send you communications without your consent, however you can still then opt out of marketing emails at any time.
(7) DISCLOSURES OF YOUR PERSONAL DATA
We unconditionally, and without condition, never sell your personal data.
We may have to share your personal data however for legitimate reasons.
These may include:
• Sharing data with government agencies as required, whether reporting processing activities, or otherwise being asked to legally disclose your personal data.
• Professional advisors, including auditors, accountants, insurers and lawyers.
• Fraud Prevention Agencies
(8) DATA SECURITY
To protect personal data, we have security measures in place to prevent data being accidentally lost, used, altered, disclosed or accessed without authorisation. Private password data is always encrypted on our servers and not accessible in any other form. Access to data is strictly limited to the people who may need to know such details. These are business partners (carrying out services on our behalf), or our employees.
We have procedures in place to notify you and any applicable regulator in case of any suspected personal data breach as we are required to by law.
(9) DATA RETENTION
For tax purposes, we are required by law to keep basic customer information (contact information, identity, financial and transaction data), for six years after you stop being our customer.
Otherwise, we will only retain your customer data for as long as is necessary for us to fulfill the purposes we collected it for, which includes for the purposes of satisfying any legal, reporting or accounting requirements. When looking at the amount of time that’s correct for us to keep data, we take into account the amount of data, its nature and sensitivity and the potential harm from unauthorised use or disclosure.
The law states that we may make personal data anonymous for research and statistical usage, whereby we may use this information indefinitely and without further notice to you.
(10) YOUR LEGAL RIGHTS
Under current data protection legislation, you have the right to request to access, erasure, correction, restriction, transfer, to object to processing, to portability of data and (where the law allows for consent based processing), withdrawal of that consent.
If you wish to exercise any of the rights above, please use our contact form, HERE.
You have the right to ask us to show you what we hold in data form about yourself. This is called Subject Access and you can file a Subject Access Request with us either in writing to us using our contact form, or verbally. Subject Access requests will not be charged for, unless your request is unfounded, repetitive or excessive. We may also choose to refuse your request under these circumstances. Subject Access Requests are usually processed within a month, however if we are unable to do this, we will notify you.
We may need to request further information from you in some cases, to ensure we are passing on data to the right person and not to someone who is ineligible to receive it. This is a security measure. We may also contact you to gather further information in order to speed up your request.
If you are not happy with how we collect your data, please contact us so that we may resolve any issue, however you also have the right to complain to the Information Commissioner’s Office (ICO), the supervisory body for data protection issues. You can find them at (www.ico.org.uk)
(11) COOKIES
By using our website, you agree to our use of Cookies as described in our Cookie Policy
You can read our cookie policy HERE