Data Protection Policy for Stuarts Originals
With effect from 25th May 2018 changes in data protection regulations come into force. This policy is designed to meet the new requirements
Martin Stuart Moore is the Data Controller/Processor as a Partner of Stuarts Originals. The lawful basis for collecting and storing data is for the purpose of a contract with our customers and contact for other purposes is subject to individual informed consent.
Every individual on my database will give specific consent to the storage of their data by responding positively to an email message asking for consent and informing them of their rights to opt-out freely, request their data, or have their data deleted. Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time.
The details of those who do not reply or those who reply in the negative before the new regulation takes effect are deleted from the database. Those who do not reply or reply in the negative under GDPR do not have their data stored at all.
A record of all consent given by each individual will be stored for future reference. Consent can be withdrawn at any time by an individual and the data will be destroyed, and requests for detail of data will be responded actioned.
If you buy prints from the website, we collect your name, email address, and postal address. This information is retained for four years for accountancy purposes, after that it is destroyed.
I hold the following information:
Names, addresses, and email addresses protected by anti-virus software and a firewall. The time limit for customers data to be held is 4 years for contractual needs and 12 months where consent has been granted.
Requests about information stored
If a customer requests access to personal data, the following steps will be taken:
We will examine the request and verify whether or not data is being stored in any form regarding that individual. If so, the request of the individual will be implemented. If not, a response will be provided outlining what steps have been taken to check the data is held to verify this. A record of the request will be kept. The partners have a copy of this policy and we understand the requirements.
Data from the website and financial information
Anonymous information on visitors to the website is collected via Google and used to develop marketing policies, similar information is collected from the advertising campaigns on Google Adwords, but this again is anonymous. Google’s privacy policies explain their data useage.
We do not directly handle payment card details. Payments are handled by our card payment service provider PayPal
There are no cookies on the Stuarts Originals website so your data is not being extracted for later use.
Deletion and Right to be Forgotten
You can ask us to delete all your personal data by emailing firstname.lastname@example.org The request will be actioned within 30 days. Some data will become anonymous or de-identified once the account is removed. That data may be kept and used in aggregate to report on the service and business performance. For example, anonymised purchase records must be retained for reporting purposes.
Search engines and similar services may retain a cache of any content that you made public for much longer, and these are outside our control.
Right to Object, Limit or Restrict Use of Data
You can ask us to stop using some or all of your personal data, for example if we have no legal right to keep using it, or it is inaccurate, or unlawfully held. Contact the Data Controller Martin Stuart Moore.
The supervisory authority will be:
Information Commissioner’s Office – Wales
2nd Floor, Churchill House,
Tel: 029 2067 8400
Contacting Stuarts Originals