Data Protection Policy for Stuarts Originals
With effect from 25th May 2018 changes in data protection regulations came into force. This policy is designed to meet the new requirements
Martin Stuart Moore is the Data Controller as a Partner of Stuarts Originals. The lawful basis for collecting and storing data is for the purpose of a contract with our customers and contact for other purposes is subject to individual informed consent.
Every individual on my database will give specific consent to the storage of their data by responding positively to an email message asking for consent and informing them of their rights to opt-out freely, request their data, or have their data deleted. Those who do not reply or reply in the negative under GDPR do not have their data stored. Where we rely on consent to process personal data, you have the right to withdraw or decline your consent at any time.
A record of all consent given by each individual will be stored for future reference. Consent can be withdrawn at any time by an individual and the data will be deleted. Requests for detail of data will be actioned.
If you buy prints from the website, we collect your name, email address, and postal address. This information is retained for four years for accountancy purposes, after that it is deleted.
I hold the following information:
Names, addresses, and email addresses protected by anti-virus software and a firewall. The time limit for customers data to be held is 4 years for contractual needs and 4 years where consent has been granted without a contractual relationship. This period can be modified at the request of the individual.
Requests about information stored
If a customer requests access to personal data, the following steps will be taken:
We will examine the request and verify whether or not data is being stored in any form regarding that individual. If so, the request of the individual will be implemented. If not, a response will be provided outlining what steps have been taken to check the data is held to verify this. A record of the request will be kept. The partners have a copy of this policy and we understand the requirements.
Data from the website and financial information
Anonymous information on visitors to the website is collected via Google and used to develop marketing policies, similar information is collected from the advertising campaigns on Google Adwords, but this again is anonymous. Google’s privacy policies explain their data useage.
We do not directly handle payment card details. Payments are handled by our card payment service provider PayPal
Deletion and Right to be Forgotten
You can ask us to delete all your personal data by emailing firstname.lastname@example.org The request will be actioned within 30 days. Some data will become anonymous or de-identified once the account is removed. That data may be kept and used in aggregate to report on the service and business performance. For example, anonymised purchase records must be retained for reporting purposes.
Search engines and similar services may retain a cache of any content that you made public for much longer, and these are outside our control.
Right to Object, Limit or Restrict Use of Data
You can ask us to stop using some or all of your personal data, for example if we have no legal right to keep using it, or it is inaccurate, or unlawfully held. Contact the Data Controller Martin Stuart Moore.
The supervisory authority will be:
Information Commissioner’s Office – Wales
2nd Floor, Churchill House,
Tel: 029 2067 8400
Contacting Stuarts Originals