This Policy sets out the obligations of Lynne Blundell Creative Art regarding data protection and the rights of users in respect of their personal data under the EU Regulation 2016/679 General Data Protection Regulation (GDPR).
I respect and value the privacy of everyone who visits my website, Lynne Blundell Art and those who order products and/or use my services. This Policy is effective from 25 May 2018 onwards and is described below to explain and make transparent my obligations and your rights under the law. If you have any queries about information held in this policy, please do not hesitate to contact me via the email address below.
1. Information About Lynne Blundell Creative Art
This Policy sets out the obligations of Lynne Blundell Creative Art
Email address: email@example.com
Telephone number: (+44) 7935220049
2. What Does This Policy Cover?
3. What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”.
Therefore, personal data is any information about you that enables you to be identified, such as your name and contact details, but it also covers other information such as electronic location data, and other online identifiers. It includes any personal data that you give to me via my website, by email, post, in person or through other third-
4. What Are Your Rights?
The GDPR aims to protect the user (you) and give you more control of your data. It provides new and strengthened individual rights with regard to your data.
• Rights to be informed – you have the right to be informed about the collection and use of your personal data
• Right of access – you have the right to access your personal data.
• Right to rectification – you have a right to have any inaccurate personal data rectified or completed if it is incomplete.
• Right to erasure (right to be forgotten) – you have the right to have your personal data erased.
• Right to restrict processing – in certain circumstances you have the right to request the restriction or suppression of personal data.
• Right to data portability – you have the right to obtain and reuse your personal data for your own purposes. Allowing to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way.
• Right to object – in certain circumstances you have the right to object to processing of your personal data. You have an absolute right to stop your data being used for direct marketing.
• Rights related to automated decision-
5. What Personal Data Do I Collect?
I might collect some or all of the following personal data and any other necessary data which allows me to provide my services or deliver any art or products bought either through my website or directly from me:
• Full Name;
• Email address;
• Telephone number;
• IP Address
6. How Do I Use Your Personal Data?
To comply with GDPR, I must always have a lawful and fair basis for using your personal data and I must make transparent any personal data that I hold about you. This may be data that is necessary to deliver a product to you, that you have bought, or to engage in a commissioning consultation or contract. In these cases, you consent to me using your personal data for one or more of the following purposes:
• To deliver my art, art products and/or artistic services to you.
• To enable me to engage in consultations for art commission requests.
• To carry out an art commission contract as mutually agreed by you the customer and with me the artist/business.
• To communicate with you by email, telephone or written correspondence to carry out any services or delivery of products. This may also be to ensure that any products are personalised to meet your needs prior to delivery.
• To provide you with information by email, text message or post that you have requested.
• To email you with news, offers or updates about my business if you subscribe to my newsletter. You are able to unsubscribe as and when you wish to by clicking unsubscribe in my newsletter or emailing me with your request.
• For me to request that you provide a review of my services and/or products within a reasonable time frame of delivery of said products or services.
7. How Long Will I Keep Your Personal Data?
I will not use your personal data for any longer than is necessary to carry out the delivery of products or services that you have agreed to. I will only keep and store your data for legal and accountancy purposes for the advised period of time, which is for 6 years.
8. How and Where Do I Store or Transfer Your Personal Data?
I use a variety of systems to process and store data, including double-
9. What about sharing Your Personal Data?
I only share your personal data where absolutely necessary to carry out the facilitation and delivery of products or services by trusted sources. Therefore, I may share your information with:
• Third parties used to facilitate payment transactions, e.g. Paypal
• Third parties where you have a relationship with that third party and you have consented to me sending information through them (for example social media sites)
• Third parties to facilitate delivery; delivery companies.
• Any third party in the context of actual or threatened legal proceedings, provided I can do so lawfully (for example in response to a court order);
• Any third party in order to meet my legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts;
10. How Can You Access, Rectify or Erase Your Personal Data?
To access information about the personal data that I keep about you or to rectify incorrect information, or to have your information deleted from my records, you can email me at firstname.lastname@example.org with your request.
I will respond to your request within 28 days and provide you with the necessary information, confirmation of rectification of your details or confirmation of erasure.
11. Links to other websites
12. What happens if there is a Data Breach?
I ensure that your personal data is stored securely and in full compliance with GDPR. However, should there be a breach of data that is likely to result in a risk to your rights and freedoms, I will inform the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach of data.
If the breach is likely to result in a high risk of adversely affecting your rights and freedoms, I will also inform you without undue delay.