Chris Down Art is brought to you by Needs To Be Seen Limited, a company incorporated and registered in England and Wales under company number 4775488 whose registered office address is at 23 Stanley Road, Alvaston, Derby, Derbyshire, DE24 0AB.
We are registered with the Information Commissioner’s Office (ICO). Our Registration Number is Z1536788. For more information, visit the ICO website. The Data Controller is Needs to be Seen Ltd of 23 Stanley Road, Alvaston, Derby, DE24 0AB.
Personal data that we collect from you
- Personal information that you provide about you, such as your name, email address, and telephone number, whenever you complete forms on the website, send feedback, post material, contact us for any reason and by any medium, share information via the website’s social media functions, enter a competition, complete a survey or report a problem with the website.
- Personal information that you provide when you make purchases through the website, such as your name, email address, telephone number and postal address.
- We may retain a record of any contact you make with us.
Information from third parties
Occasionally we may receive information about you from other sources which will be added to the information already held about you in order for us to help supply our services and products to you.
Information that will be collected automatically
- Telephone: Our telephone is provided by Voipfone (iNet Telecoms Ltd). Voipfone store information including caller telephone number, time, and call duration. Answer phone messages are also stored by Voipfone. We use Caller Line Identification (CLI) which shows the dialling telephone number.
- Device information: We may also collect information about your device each time you use the website. For example, we may collect information on the type of mobile device that you are using, the type of browser and operating system that you are using.
- Our website hosting server collects information about visitors to the website, for example the number of users viewing pages on the site, the IP address and time and date of visits to the website.
How your personal data will be used
We will use your personal data for the following purposes:
- provide you with access our website and to supply the goods, services or information you have requested;
- enable us to bill you and to contact you where necessary concerning your orders;
- fraud prevention and detection;
- enable you to participate in interactive features of our service, when you choose to do so;
- to notify you occasionally about important changes or developments to the website or our services;
- marketing: where you have consented, we may use your information to let you know via email about other products and services which we offer which may be of interest to you. See the ‘Marketing’ section below for further details.
What is our lawful basis or ground for using your personal data?
- Contract: for us to provide the goods and services we have agreed to provide to you;
- Consent: where you have given us your clear consent to use your data for a specific purpose. You have the right to withdraw your consent at any point and more details can found in the ‘Your Consent and Rights of Access’ section below;
- Legal obligation: for us to comply with the law;
- Legitimate interest: where necessary for our interests or the interest of a third party, but only after carefully considering any effect this may have on you, and in particular your rights and freedoms.
If you have provided your consent to receive newsletters, we use a third party provider, Mailchimp (The Rocket Science Group LLC), to deliver them. We gather statistics regarding email opening and clicks using industry standard technologies to help us monitor and improve our newsletter. For more information, please see Mailchimps’s privacy notice here: mailchimp.com/legal/privacy/.
Disclosure of your personal data
We do not sell, rent, trade or otherwise disclose your data, except as described in this Policy.
We may disclose your personal data to:
- third parties in order to fulfil and deliver orders, process credit card payments and provide support services on our behalf;
- other companies and organisations for the purposes of fraud protection;
- law enforcement and regulatory agencies in connection with any investigation to help prevent unlawful activity or as otherwise required by applicable law.
In the unlikely event that our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data, for example:
- where you create an account on the website, this will be controlled by a password and username that are unique to you;
- we will store your personal data on secure servers;
- payment details are encrypted using SSL technology.
- email: we use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us.
Transfers of data out of the EEA
Where we use data servers that may transfer data out of the EEA we will take steps to ensure adequate protections are in place to ensure the security of your information and give you remedies in the unlikely event of a security breach.
All information you provide to us is stored with secure data processors for the purposes of storing your data, accounting purposes and social media purposes for example.
Please note that we review all processors we utilise and ensure that there are adequate safeguards in place to protect your personal data, such as adherence to binding corporate rules or compliance with the EU-US Privacy Shield Framework, which is a mechanism that ensures compliance with EU data protection requirements when transferring personal data from the European Union to the United States. You can learn more about Privacy Shield here: www.privacyshield.gov/welcome
Your Consent and Rights of Access
We will collect and store information about you with your consent. You provide us with your consent by choosing to provide your personal details as detailed above in the ‘Personal data that we collect from you’ section, when you use our service and by reading and agreeing to this Policy.
You can change your mind or remove or add your consent at any time.
- You have the right of access to your personal records or other information that we hold about you. There is no administrative charge for this service.
- You have the right to rectify any errors in the data we hold about you. If any data or information we hold about you is inaccurate or out of date, please contact us and we will correct this immediately.
- You have the right to have the data we hold about you erased.
- If you wish us to continue to store your information but keep your data separate and not process it in any way, please let us know.
- You have the right to ask us to stop processing your personal data for direct marketing purposes.
- You have the right to data portability. If you wish to obtain your data for your own purposes across different services, we will provide this information to you in a CSV file. There is no administrative charge for this service.
To revise your consent, access, amend or remove your records or assert any of your rights set out above, please contact us. You may need to provide proof of identity, and you will need to specify the personal data you want access to, amended or removed.
How long we will store your data
We retain a record of your data to provide you with a high quality of service. We will only retain your data in accordance with the law and we will only retain it for as long as is necessary. The data may be deleted in the following circumstances:
- You have withdrawn your consent to data processing;
- The original purpose for processing the data is no longer relevant or cannot be performed any more;
- The data is no longer up to date or accurate.
Cookies are small files stored on a visitors computer. There are two types: ‘session cookies’, that are maintained for the duration of a browsing session, and then destroyed when the user closes the browser window, or ‘persistent cookies’, which are saved on a users’ hard drive in order to identify either the user, or information about the user, the next time they log onto a website.
This website uses both session and persistent cookies. It uses persistent cookies to help our users stay logged in to our website, track how our visitors use this website, and enable users to interact with social networks they are already logged in to.
Links to third party websites
All comments, queries and requests relating to our use of your information are welcomed, please contact us.
Data Protection Supervisory Authority
The Data Protection Supervisory Authority in the UK is the Information Commissioner’s Office. Should you have any complaints about the way we handle your data, you may direct them to the ICO. More information on the ICO can be found on their website here: ico.org.uk