Privacy Policy

Privacy policy

1. Introduction
This Privacy Notice explains in detail the types of personal data I may collect about you when you interact with me.
It also explains how I’ll store and handle that data, and keep it safe.

I know that there’s a lot of information here, but I want you to be fully informed about your rights, and how I use your data.
I hope the following sections will answer any questions you have but if not, please do get in touch with me.


2. The legal bases I rely on.
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:

Consent

In specific situations, I can collect and process your data with your consent.

For example, when you tick a box to receive email newsletters.



By using my website or submitting any Personal Information, you consent to the collection, transfer, storage, disclosure, and use of your Personal Information in the manner set out in this Privacy Policy. If you do not consent to the use of your Personal Information in these ways, please stop using this website.

Contractual obligations

In certain circumstances, I need your personal data to comply with our contractual obligations.


For example, if you order an item from me for home delivery, I’ll collect your address details to deliver your purchase, and pass them to my delivery service. 



Legal compliance

If the law requires me to, I may need to collect and process your data.

For example, I can pass on details of people involved in fraud or other criminal activity to law enforcement.



Legitimate interest
In specific situations, I require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.



For example:
I will use information you have provided for personalised details on prints requiring them. 



3. Security
I take the utmost care and take all appropriate steps to protect your data.
I use industry best practices to keep any information collected and/or transmitted secure. This includes the use of HTTPS with TLS (Transport Layer Security), which encrypts all transmitted data. All transactional areas of our websites operate as secure access only, using HTTPS technology and follow all guidelines from my payment gateway providers.

My website is hosted and operated by SupaDupa (SupaDupa.me) who regularly monitor their systems for possible vulnerabilities and attacks, and carry out regular testing to identify ways to further strengthen security.

4. When do I collect your personal data?
When you visit our websites and purchase products or services.
When you make an online purchase.
When you engage with me on social media.
When you contact me by any means with queries, complaints etc.
When you sign up to my mailing list.

5. How long do I keep your data?
Whenever I collect or process your personal data, I’ll only keep it for as long as is necessary for the purpose for which it was collected.



When you place an order, I’ll keep the personal data you give us for at least five years so I can comply with our legal and contractual obligations. 

At the end of that retention period, your data may be retained or deleted completely.

6. How and why do I use your personal data
I use your personal data for the following general purposes:
To process any orders that you make through the website.
I will need to collect some personal data from you during the checkout process.

The data I require may include - but not limited to - your name, delivery details, phone number, email address, billing information including billing name and address, credit card number, among other personal data.

To comply with legal obligations
To be able to provide some of my products and services to you, I may be required by law to request and hold some personal data.

Additionally, I may use the order details to:

Communicate with you
Screen our orders for potential risk or fraud
When in line with the preferences you have shared with us, provide you with information or advertising relating to additional products or services that might be of interest to you.


You can opt out of providing this additional information by simply not entering it when asked or you could stop using this website.

Remember, if you choose not to share your personal data with me, or refuse certain contact permissions, I might not be able to provide you with the products or services you have asked for.


7. The data I receive or collect
When you use this website, place orders or communicate with us, we collect some personal data about you such as:

First name and Last name
Email address
Shipping & delivery address
Your billing details and any necessary other information to complete any financial transaction. When making purchases through the checkout, we may also collect your credit card or PayPal information
Your IP Address and, when applicable, timestamp related to your consent and confirmation of consent
Information I may receive relating to communications you send me, such as queries or comments concerning my products or services

8. Cookies and trusted third-parties
I use a number of trusted third-party services or companies to enhance or personalise your journey through our website. For these services to work, I sometimes share your personal data with them.
I provide only the information they need to perform their specific services.

These services may use cookies to track and identify you as you use the website. This is so they can deliver the enhancements they are contracted with us to provide.

For example, I use SupaDupa to power this website.
You can read more about how SupaDupa handles your data in the SupaDupa privacy policy: http://info.supadupa.me/privacy.

These are the third-party services I currently work with that will process your personal data as part of their contracts with us:

SupaDupa - I use the SupaDupa ecommerce platform to power this website and online checkout.
You can read more about how SupaDupa handles your data in the SupaDupa privacy policy: http://info.supadupa.me/privacy.

Google Analytics - I use Google Analytics to monitor site traffic and user behaviour.
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
You can learn more about privacy at Google and to opt-out of this feature by installing the Google Analytics Opt-out Browser Add-on.

Mail chimp - I use mailchimp to send emails from my mailing list.
You can read more about mail chimp privacy policy at https://mailchimp.com/legal/privacy


9. Where your personal data may be processed
Sometimes I will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA), such as Australia, Canada or the USA.

The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. I may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA. For example, this might be required in order to fulfil your order, process your payment details or provide support services. If I do this, I have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA.

SupaDupa, the service that powers this website, is a British company with its head-office located in London, England. For the purposes of EU data protection law, the United Kingdom is considered a country which provides adequate protections for Personal Information, as confirmed by the European Commission in Commission Decision 2002/2/EC.
The service is run mainly from their offices in London. However, by the very nature of the service, the data that is viewed, collected, stored or posted on or through their platform also needs to flow from wherever you are located in the world, to where they are storing the data (i.e. in most cases, in the United States). In addition, SupaDupa also uses third-party service providers (such as managed hosting providers, card processors, sub-processors of Customer Content and technology partners) to provide the necessary hardware, software, networking, storage and other services that we use to operate their services. These third party providers may process, or store, the same Customer Content on servers outside of the EEA, including in Canada or the US.

By continuing to use this website, or submitting any personal data, you authorise SupaDupa and its authorised service partners to use and process your Data (including any personal information you provide) in these countries. Please be aware that the privacy protections and the rights of authorities and Government agencies to access your personal information in some of these countries may not be equivalent to those in your country. You can read more about SupaDupa’s privacy policy at https://info.supadupa.me/privacy


10. How “Do Not Track” requests are handled
This website does not support "Do Not Track" requests.
To determine whether any of the third-party services I use honor the “Do Not Track” requests, please read their respective privacy policies.


11. Your rights
If you are a EEA resident, you have the right to access personal information I hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact me through the contact information below.
You have the right to contact us to obtain a copy of the personal information I hold about you. Please note that certain personal information may need to be retained for a period of time following cancellation of your account where this is necessary for our legitimate business purposes or required or authorised by applicable law.
Additionally, if you are a EEA resident I note that I am processing your information in order to fulfill contracts I might have with you (for example if you make an order through the website), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of the EEA, including to Canada and the United States.


12. Data retention
When you place an order through the website, I will maintain your Order Information for our records unless and until you ask us to delete this information.


13. Changes to this privacy policy
I reserve the right to make changes to this privacy policy at any time by giving notice to the website users on this page. I may also include notices of changes within the website itself. Where technically and legally feasible to do so, I may notify you of the changes directly as well. It is strongly recommended that you check this page often.


14. How to contact me
If you have any questions or would like to make a complaint, you can contact us using the details below:
Email: glyn@glynwestdesign.co.uk
Letter: Glyn West Design 11 Marlborough Street Bath BA1 2TX United Kingdom