Privacy Policy

Version 1.3 (updated 20-05-2018)

Purpose of this policy

This policy is designed to help you understand how we collect, store and use your data.

Changes to this policy

We reserve the right to amend this policy at any time.

Amendments and clarifications will take effect immediately upon their posting on this page.

We will notify you of any material changes to this policy by posting on this page and may, at our discretion, email you to notify you of any changes.

Collecting and using your information

When you browse our store, we automatically receive your computer’s internet protocol (IP) address. This helps us to learn about your browser and operating system and will not be used to identify you in any way.

We will ask you to provide your name and email address when you purchase something from our online store, sign up for our newsletter or respond to an external promotion. We ask for these details to stay in touch with you regarding your orders and to send you reasonable and relevant marketing and communications about the brand that we believe you may be interested in, such as updates about our store, new products, or amendments to our policies. By providing your details, you consent to us using these details in line with this policy.

We will ask you for further personal data in order for you to complete a transaction, verify your credit card, place an order, arrange a delivery or return a purchase. We will require your address, telephone number and bank details for these purposes.

At any time you may withdraw your consent to your data being used in any way by emailing whereforeart.artwork@gmail.com. To withdraw your consent to email marketing, you can also follow an unsubscribe link in an email newsletter.  at. This will not affect the legality of processing before your consent was withdrawn. Please note that if we need to use your data to complete a purchase, delivery or refund, we will continue to process the data under the lawful basis of completing a contract between us and you. Otherwise, we will not be able to process the payment or deliver your purchase to you. You can find out more about your rights at the end of this policy.

 

Transferring your information

Excluding name and email address, we will use your information for the specific reason it was provided and may transfer the information to a third party for this purpose (e.g. providing the artist with your delivery address).

In the event that our store is acquired or merged with another company, your information may be transferred to the new owners.

Disclosing your information

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

Storing your information

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

We will keep data pertaining to fulfilment of orders for no longer than one year after the order has been placed. After this time, data will be anonymised to prevent identification of individuals but may be retained in aggregate.

We will retain name, email address and purchase history for as long as required for marketing purposes unless you withdraw consent for email marketing. Every 5 years, we will email you an updated privacy policy for you to review your consent.

Third Parties

We may, at our discretion, provide links to third party websites on our website. These sites will have their own privacy policies and we encourage you to read these.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

Shopify platform

Our store is hosted on Shopify Inc., who provide us with the online e-commerce platform that allows us to sell our products and services to you. Therefore, your data will be transferred to Shopify. Shopify is registered in Canada, which the EU has determined offers an adequate level of data protection. Additionally, Shopify complies with the EU-U.S. Privacy Shield Framework, in case data is shared with its US subsidiaries.

Shopify has its own Privacy Policy and Terms of Service, which can be found at https://www.shopify.com/legal/privacy and https://www.shopify.com/legal/terms respectively.

Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption.  Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

Age restriction

By using this site, you represent that you are at least the age of majority in your country of residence, or that you are the age of majority in your country of residence and you have given us your consent to allow any of your minor dependents to use this site.

Cookies

Our platform, Shopify Inc., uses a number of cookies to enhance your browsing and shopping experience on our website.

We have listed out the cookies used (as at August 2017) here for clarity:

  • _session_id, unique token, sessional, Allows Shopify to store information about your session (inc. referrer, landing page)
  • _shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
  • _shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
  • cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
  • _secure_session_id, unique token, sessional
  • storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.

To opt-out of any of these cookies, please email us at whereforeart.artwork@gmail.com

Your Rights

Under the General Data Protection Regulation ((EU) 2016/679) you at all times retain the following rights, which you can exercise by contacting us at whereforeart.artwork@gmail.com. Please note it may take up to 5 working days for us to follow your instructions.

  • Restriction of processing: please let us know if you want us to stop collecting, storing or using your data in a certain way;
  • Erasure: please let us know if you would like us to delete data that we hold about you;
  • Access: you can request a copy of the information that we hold about you. We charge a fee of £10 for information requests to cover our costs in meeting the request and ask that you submit a scanned copy of two suitable identification documents (including but not limited to driving license, passport, recent utility bill, recent bank statement;
  • Rectification: if you believe that any of the data we hold about you is inaccurate, please let us know so that we can change it;
  • Right to data portability: please let us know if you would like us to transfer your information to a third party;
  • Objection to processing: please let us know if you are unhappy with the way we are handling your data and we will resolve this;
  • If you are unhappy with how we handle your data, you can also contact the Information Commissioner’s Office.