We are not considered a Processor of Data but a Controller of data as defined by GDPR: (EU) 2016/679 General Data Protection Regulation.
The use of external data is limited, however, we take our data responsibilities seriously and ensure we are compliant to the above regulations.
We are only interested in data that conforms to the provision of our services: i.e. clients, suppliers and administrators.
WHEN DO WE COLLECT DATA ABOUT YOU?
We collect data about you only when you register and log into the website to create lightboxes.
We collect data if you are a signed artist, our Artist Portal data is recorded as above also.
We collect data provided for the fulfilment of orders and or the Performance of a Contract.
We collect all other data provided by you.
Other than the data that you manually input and provide yourself, we record the date and time information, payment information and conversation records.
WHAT WE DO NEXT …
Our site data is reported to the sales agents so that they can assist you in your search. If the data is not from a professional body, organisation or business, we do not contact them. Your art collections and lightboxes are held and saved on our secure servers. You may be contacted and asked if you require further assistance as part of our finders and agency service.
We retain this data indefinitely, you may have this information deleted or reported to you as required by GDPR regulations.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way.
The more confidential the material, the higher the restricted access to your data. Only senior staff are allowed to access sensitive or confidential data. For example, Special Categories of Personal Data, as defined by GDPR, are accessible by senior managers only.
If you are a contracted artist, your data held on our secure servers are accessed by employed staff in accordance with your Artist Agreement.
We do not hold credit card information.
Data required for the fulfilment of orders is shared with our accounts teams and the group of companies as detailed, here: https://accountsadmin.com/
CARE OF DATA
We have developed systems and processes to access and process your data with in the GDPR regulations. For example, a simple program has been developed to ascertain the GDPR compliant case to contact you. Variables include location, client status, opt in and mail subscription.
If you are an existing client and you have not opted out of our subscriptions, we believe we have the right to market to you over a 2 year period as you have chosen to use our finders or connection service.
We may also contact you as part of the Performance of Contract. This means processing your data where it is necessary for the performance of your contract or order.
We have legitimate interest for holding your data. This means the interest of our company in conducting and managing our business, enabling us to give the best service.
We comply with a legal or regulatory obligation. This means processing your personal data where it is necessary for compliance, with a legal or regulatory obligation that we are subject to in various global jurisdictions.
If you are a Represented Artist, we use your data to win you work in accordance with our artist agreement. You can also delete your profile and bank details directly from your Artist Portal.
WHAT WE DON’T DO…
We don’t market to you when there is not a GDPR compliant case to do so.
We don’t market to you when you unsubscribe.
We do not sell your data.
We do not contact persons under 18 or for non- businesses purposes. (Unless to warn you of site terms.)
We don’t withhold data requests made by you; please give us up to a month to respond.
WHO WE MAY SHARE DATA WITH…
We may have to share your personal data with Internal Third Parties. For example, agencies or contractors.
We may share your data with External Third Parties Services, for example:
Providers acting as processors who provide I.T and system administration service.
Professional advisers acting as processors including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services, regulators and compliance and other authorities acting as processors or joint controllers who require reporting of processing activities.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
Except for essential cookies, all cookies will expire once you close your browser
Your rights are governed by GDPR regulations. Please use the following link to refer to the code which we fully comply to: https://gdpr-info.eu/
This is not limited to how we audit, train, review or handle data breeches.
We continually review, audit and access our policies to ensure we meet with GDPR compliance. We will update this policy if changes occur.
HOW TO CONTACT US
Email firstname.lastname@example.org If this does not resolve a complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can phone them on 03031231113, or email them at https://ico.org.uk/global/contact-us/email/.
Their address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England, UK.