Receive Invitations

Top Home ArtistsContact Us

Hayletts Gallery

Privacy Policy

1 Statement of intent

Hayletts Gallery is run by Sally Patrick as a sole trader. The business address is Hayletts Gallery, Oakwood House, 2 High Street, Maldon, Essex, CM9 5PJ.

"Hayletts Gallery", "us", "we", "are" operates the Hayletts Gallery website (the "Site").

The purpose of this policy is to be transparent about how we collect, use and protect the personal information you provide to us, whether via our Site, telephone, email, in letters or in any other correspondence.

Personal data is information that relates to identifiable living individuals. We will act in accordance with current legislation and meet current best practice in the processing of personal data. We are committed to safeguarding your personal information.

2 Collection of personal data

In any contact you have with us, you may provide certain personal data to us which we will compile and process in accordance with this privacy policy. By providing such information you agree to its use and storage in accordance with the provisions of this policy. For example, this might occur when you make a purchase from us, sign up to our email, or otherwise provide us with personal information.

When you are using our Site, we, like all businesses, are able to collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information.

3 Cookies

We use cookies, which are small text files transferred to your browser by our Site to identify data traffic patterns and support security. They do not provide any information which might disclose the identity of a specific person but they may potentially identify your computer, your browser and your internet settings. You may change the storing of cookies in your browser settings at any time by selecting "accept no cookies".

3.1 Google Analytics

Google Analytics is a web analytics service provided by Google, Inc. ("Google"). Google Analytics also places cookies on your computer, to enable Google to provide us with activity reports relating to our Site. Google uses this data only to provide us with information on how users use our Site and does not associate your IP address with any other data held by Google. The information generated by Google cookies about your use of the platform (including your IP address) will be transmitted to and stored by Google on servers in the United States. You may refuse these cookies by selecting the appropriate settings on your browser or by downloading and installing the browser plug-in available under

Read Google's Privacy and Terms:

3.2 MailChimp

We use MailChimp to send emails. MailChimp places cookies on your computer to provide activity reports relating to our Site. MailChimp uses this data only to provide us with information on subscription behaviour and user activity in relation to marketing emails. The information generated by MailChimp cookies (including your IP address) will be transmitted to and stored by MailChimp on servers in the United States. You may refuse these cookies by selecting the appropriate settings on your browser. You can also unsubscribe at any time.

We refer you to MailChimp's cookie statement for more details:

4 How we use your personal data

We shall only use your data for the purpose for which it is provided where there is a lawful basis to do so. For example, where we need to fulfil a contract with you, or where we have obtained your specific consent to use your information for a previously notified purpose, such as to send you email marketing, or to provide information at your request.

We balance our legitimate interests against your rights as an individual and make sure we only use personal information in a way or for a purpose that you would reasonably expect in accordance with this policy and that does not intrude on your privacy.

4.1 Email marketing

If you actively provide your consent to us along with your email address we may contact you for marketing purposes. By subscribing you grant us the right to use email to send you news and special offers about our products and our business.

5 Data processors

We may need to share your information with "data processors" such as third party service providers, who help us to prepare and send information relating to our products and business. These "data processors" will only act under our instruction and we will not allow these organisations to use your data for their own purposes and will take care to ensure that they keep your data secure.

The processors we use are:

5.1 Email

MailChimp is the world's leading email marketing platform for small business. MailChimp is US-based.

Read MailChimp's privacy policy:

5.2 Postal and courier services

We use the following services for delivery of our products:

Royal Mail Group includes Royal Mail and Parcelforce Worldwide

Transglobal Express

5.3 Payment processors

Our payment processor supplier is Card Saver Ltd. Our card machines are with Card Saver who use AIB Merchant services to process card payments.

Read Card Saver's privacy policy:

5.4 Debit and credit card information

If you use your credit or debit card to buy something from us we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard (PCI DSS). You can find out more information about PCI DSS here:

We do not store your credit or debit card details following the completion of your transaction. All card details and validation codes are securely destroyed once the payment has been processed. Only staff authorised and trained to process payments will be able to see your card details.

If we receive an email containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this. All purchases can be completed securely by calling 01621 851669.

5.5 International data transfers

We use data processors located outside the European Economic Area (EEA) only after taking such steps as are required to ensure that personal data they process on our behalf receives protection equivalent to that provided in the EEA. Our processors are either certified as compliant with the EU-U.S. Privacy Shield Framework where they are located in the USA or have entered into an agreement with us containing the model clauses approved by the European Commission as providing contractual protection equivalent to that provided by the data protection regulations applicable in the EEA. To learn more about the Privacy Shield program, please visit

6 Your rights in relation to personal data

You may opt-out of our marketing communications at any time by clicking the 'unsubscribe' link contained in all our emails.

You have the right to update and correct the personal data we hold. You also have the right to request from us all personal information that we hold that relates to you, to request restriction of the processing of that data and to request that we delete that data. Where allowed by applicable law there may be an administrative charge for supply of copies of data and we may also require you to provide us with appropriate identification before we comply with this request. You also have the right to object to our continued processing of your personal data. You may also have the right to data portability. If you have a complaint about the way in which we use your personal information you have the right to complain to the Information Commissioner

6.1 Data sharing and third parties

We will not sell your information. We will not share your information with any third party except as stated in this privacy policy or as required to operate our Site; provide our services to you; and administer your purchases.

6.2 Data security

We maintain technical and physical safeguards that are designed to protect the security and integrity of your personal data, and to guard it against accidental or unauthorised access, use, alteration or disclosure to unauthorised third parties. These measures include device encryption, firewalls and virus checking procedures.

Where we keep personal data files on local devices these devices are protected and accessible only to authorised employees. We regularly review our security systems to ensure that your personal data remains safe and secure.

6.3 Duration of storage

We will maintain records of your personal data for as long as you remain:

  • a subscriber to our mailing list


If you have not opened any email communication from us or interacted with us in any other way for 3 years we will regard you as an inactive subscriber and delete your details from our records except where retention is necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of the business.

6.4 Links to other websites

Our Site and emails may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for them. Please check their policies before you submit any personal data to other websites.

6.5 Changes to our privacy policy

We will update this privacy policy from time to time to reflect changes in our business. All such changes will be posted to our Site and if we consider it appropriate we will notify subscribers of any material changes by email.

7 Contacting us

Hayletts Gallery is the 'Data Controller' in respect of any personal data you submit to us or that we collect from or about you. Hayletts Gallery is run by Sally Patrick as a sole trader:

Sally Patrick
Hayletts Gallery
Oakwood House
2 High Street
Essex CM9 5PJ
01621 851669

If you would like to know what information we hold about you or if you have any other queries or complaints in relation to this privacy policy, or our Site, please contact us at the above address or email

Last updated May 2018

Due to the current circumstances we are operating as an online gallery. Please telephone us to arrange a viewing of an art work.

+44 (0)7947 012802