1 Statement of intent
Hayletts Gallery is run by Sally Patrick as a sole trader. The business address is Hayletts Gallery, Oakwood House, 2 High Street, Maldon, Essex, CM9 5PJ.
"Hayletts Gallery", "us", "we", "are" operates the Hayletts Gallery website (the "Site").
The purpose of this policy is to be transparent about how we collect, use and protect the personal information you provide to us, whether via our Site, telephone, email, in letters or in any other correspondence.
Personal data is information that relates to identifiable living individuals. We will act in accordance with current legislation and meet current best practice in the processing of personal data. We are committed to safeguarding your personal information.
2 Collection of personal data
When you are using our Site, we, like all businesses, are able to collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information.
3.1 Google Analytics
Google Analytics is a web analytics service provided by Google, Inc. ("Google"). Google Analytics also places cookies on your computer, to enable Google to provide us with activity reports relating to our Site. Google uses this data only to provide us with information on how users use our Site and does not associate your IP address with any other data held by Google. The information generated by Google cookies about your use of the platform (including your IP address) will be transmitted to and stored by Google on servers in the United States. You may refuse these cookies by selecting the appropriate settings on your browser or by downloading and installing the browser plug-in available under tools.google.com/dlpage/gaoptout?hl=en-GB.
Read Google's Privacy and Terms: policies.google.com/technologies/ads
We use MailChimp to send emails. MailChimp places cookies on your computer to provide activity reports relating to our Site. MailChimp uses this data only to provide us with information on subscription behaviour and user activity in relation to marketing emails. The information generated by MailChimp cookies (including your IP address) will be transmitted to and stored by MailChimp on servers in the United States. You may refuse these cookies by selecting the appropriate settings on your browser. You can also unsubscribe at any time.
We refer you to MailChimp's cookie statement for more details: mailchimp.com/legal/cookies/.
4 How we use your personal data
We shall only use your data for the purpose for which it is provided where there is a lawful basis to do so. For example, where we need to fulfil a contract with you, or where we have obtained your specific consent to use your information for a previously notified purpose, such as to send you email marketing, or to provide information at your request.
We balance our legitimate interests against your rights as an individual and make sure we only use personal information in a way or for a purpose that you would reasonably expect in accordance with this policy and that does not intrude on your privacy.
4.1 Email marketing
If you actively provide your consent to us along with your email address we may contact you for marketing purposes. By subscribing you grant us the right to use email to send you news and special offers about our products and our business.
5 Data processors
We may need to share your information with "data processors" such as third party service providers, who help us to prepare and send information relating to our products and business. These "data processors" will only act under our instruction and we will not allow these organisations to use your data for their own purposes and will take care to ensure that they keep your data secure.
The processors we use are:
MailChimp is the world's leading email marketing platform for small business. MailChimp is US-based.
5.2 Postal and courier services
We use the following services for delivery of our products:
Royal Mail Group includes Royal Mail and Parcelforce Worldwide www.parcelforce.com/privacy/.
Transglobal Express www.transglobalexpress.co.uk/privacy-policy.
5.3 Payment processors
Our payment processor supplier is Card Saver Ltd. Our card machines are with Card Saver who use AIB Merchant services to process card payments.
5.4 Debit and credit card information
If you use your credit or debit card to buy something from us we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard (PCI DSS). You can find out more information about PCI DSS here: www.card-saver.co.uk.
We do not store your credit or debit card details following the completion of your transaction. All card details and validation codes are securely destroyed once the payment has been processed. Only staff authorised and trained to process payments will be able to see your card details.
If we receive an email containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this. All purchases can be completed securely by calling 01621 851669.
5.5 International data transfers
We use data processors located outside the European Economic Area (EEA) only after taking such steps as are required to ensure that personal data they process on our behalf receives protection equivalent to that provided in the EEA. Our processors are either certified as compliant with the EU-U.S. Privacy Shield Framework where they are located in the USA or have entered into an agreement with us containing the model clauses approved by the European Commission as providing contractual protection equivalent to that provided by the data protection regulations applicable in the EEA. To learn more about the Privacy Shield program, please visit www.privacyshield.gov.
6 Your rights in relation to personal data
You may opt-out of our marketing communications at any time by clicking the 'unsubscribe' link contained in all our emails.
You have the right to update and correct the personal data we hold. You also have the right to request from us all personal information that we hold that relates to you, to request restriction of the processing of that data and to request that we delete that data. Where allowed by applicable law there may be an administrative charge for supply of copies of data and we may also require you to provide us with appropriate identification before we comply with this request. You also have the right to object to our continued processing of your personal data. You may also have the right to data portability. If you have a complaint about the way in which we use your personal information you have the right to complain to the Information Commissioner ico.org.uk/your-data-matters/.
6.1 Data sharing and third parties
6.2 Data security
We maintain technical and physical safeguards that are designed to protect the security and integrity of your personal data, and to guard it against accidental or unauthorised access, use, alteration or disclosure to unauthorised third parties. These measures include device encryption, firewalls and virus checking procedures.
Where we keep personal data files on local devices these devices are protected and accessible only to authorised employees. We regularly review our security systems to ensure that your personal data remains safe and secure.
6.3 Duration of storage
We will maintain records of your personal data for as long as you remain:
- a subscriber to our mailing list
If you have not opened any email communication from us or interacted with us in any other way for 3 years we will regard you as an inactive subscriber and delete your details from our records except where retention is necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of the business.
6.4 Links to other websites
Our Site and emails may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for them. Please check their policies before you submit any personal data to other websites.
7 Contacting us
Hayletts Gallery is the 'Data Controller' in respect of any personal data you submit to us or that we collect from or about you. Hayletts Gallery is run by Sally Patrick as a sole trader:
2 High Street
Essex CM9 5PJ
Last updated May 2018