Privacy Notice

 

I take protecting your data and your privacy very seriously.

As you visit my website, get in touch with me, or commission works of art, I will collect information. This enables me to provide my service to you.

However you interact with me, I will never share your information with another organisation other than outlined below.

This policy explains how I collect, use and store your personal information. If you have any questions about this policy or how your data is handled, please contact me.

This policy covers my website (sophiecole.co.uk), and all communications between us.​

1. WHAT INFORMATION DO I COLLECT AND WHY DO I COLLECT IT?

The main reason I will use personal information is to help me effectively carry out your order to commission a portrait. However I may also use your personal data for marketing and to obtain feedback.

I will always try to be clear, honest and open with you whenever I collect and use your personal data. The overview below summarises the different reasons why I may collect and use your data. I won’t necessarily use your personal information for all of these purposes, it will depend on the nature of your relationship with me.

a) Fulfilling your order to commission a portrait: I will need to record your personal information in order to fulfil any order you make for a portrait.

The information I will collect may include;

  • your contact information (name, email, phone number, address)

  • information about the subject of the portrait you are commissioning (name, age, gender)

  • payment information (credit/debit card details, bank account details, amounts paid)

b) Marketing: I may ask if you would like to receive marketing information about my work. If so, the information I will collect may include;

  • your contact details and preferences

  • details of previous orders

  • your comments or feedback about my work

Sensitive personal information: Under data protection law, certain categories of personal information are recognised as sensitive, including health information, race, religious beliefs, and political opinions (‘sensitive personal data’). I will not collect any sensitive personal information.

2. LAWFUL PROCESSING

Under data laws, I need a lawful basis to collect and use personal data. The law allows for six legitimate purposes which organisations can rely on to legally process people’s personal data. Of these, only two are relevant to us for the type of activities listed above:

  • Information is processed based on an individual’s consent.

  • Information is processed on it being a legitimate interest for me to do so.

a) Consent

Where you give me consent to process your data, I will always keep a clear record of how and when this consent was obtained.

Marketing: I will always ask for your consent to send you marketing by email, SMS or other digital means. I will also ask you for your consent before contacting you by telephone for the purpose of marketing.

b) Legitimate interests

The law allows personal data to be legally collected and used by a party if it is necessary for a legitimate business interest of that party - as long as its use is fair and balanced and does not unduly impact the rights of the individual concerned. This basis covers the majority of the personal information I collect.

What are my legitimate interests?

Portrait Commissions:

  • Personal information relating to the discussion of or commissioning of a portrait

Financial management and control:

  • Processing of order payments and refunds, and maintaining financial controls.

  • Enforcement of legal claims.

Publicity and marketing:

  • Conventional direct marketing by direct mail and other forms or marketing, publicity or advertisement.

  • Unsolicited communications to other organisations in order to publicise my work.

  • Personalisation, analysis, targeting and segmentation to develop marketing strategy and improve communication efficiency.

Operational management:

  • Physical, IT and network security.

  • Processing for historical, research or statistical purposes.

Administrative purposes:

  • Responding to any solicited enquiry from any customer / potential customer.

  • Delivery of orders.

  • Providing 'thank you' communications and receipts.

  • Maintaining 'do not contact' lists

When I use your personal information, I will always consider if it is fair and balanced to do so and whether it would be within your reasonable expectations that I would use your data in this way.

I will balance your rights and my legitimate interests to ensure that the way in which I use your data never goes beyond what you would expect and is not unduly intrusive or unfair.​

3. DATA RETENTION

I remove personal data in line with the data retention policy below. The length of time each category of data will be retained will vary on how long I need to process it, the reason it is collected, and in line with any statutory requirements. After this point the data will either be deleted or rendered anonymous.

Portrait Commissions: I will keep personal information relating to portrait commissions for 12 months after a commission has been paid for and delivered, so that I can respond to any follow-up enquiries.

Financial Transactions: I will keep financial records for a period of up to 6 years in order to comply with tax and accounting rules.

Marketing records: I will keep the contact details of those who have consented to receiving news and updates from me until they tell me that they no longer which to receive such information.

​4. DATA SHARING

I will only share your personal data with others in very limited situations.

The most common occasion I may need to share personal information is where I use third party suppliers - for example to process payments or to send out emails or marketing information. I will always ensure that these providers are compliant with data protection regulations, and I will delete information from these suppliers as soon as possible when it’s no longer needed. If you have any questions please contact me.

The only other circumstances in which I will share your personal data is if I am compelled to do so by a legal authority acting in compliance with the law.

I will never sell your personal information to anyone.

I will never share your personal information with an external organisation for their own marketing purposes.

​5. YOUR DATA RIGHTS

Where I am using your personal information based on your consent, you have the right to withdraw that consent at any time. You also have the right to ask me to stop using your personal information for direct marketing purposes.

The law also gives you a number of other rights in relation to your personal data. Contact me and I will amend your details accordingly.

Right to be Informed: You have the right to be told how your personal information will be used. This policy document is intended to be a clear and transparent description of how your data may be used.

Right of Access: You can write to me asking what information I hold on you and to request a copy of that information. I have 30 days to comply once I am satisfied you have rights to see the requested records and I have successfully confirmed your identity.

Right of erasure: In certain circumstances you have the right to be forgotten (i.e. to have your personally identifiable data deleted). In many cases however, I am required by law or other regulations to retain your data. If this applies, I will ensure that your data remains secure and is not used for any purpose other than those allowed. Please contact me if you have any questions about this.

Right of rectification: If you believe my records are inaccurate you have the right to ask for those records concerning you to be updated.

Right to restrict processing: In certain situations, you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.

Right to data portability: Where I am processing your personal data under your consent the law allows you to request data portability from one service provider to another. This right is largely seen as a way for people to transfer their personal data from one service provider to a competitor and is unlikely to be relevant to your relationship with me.

Right to object: You have an absolute right to stop the processing of your personal data for direct marketing purposes.

Right to object to automated decisions: In a situation where a data controller is using your personal data in a computerised model or algorithm to make decisions 'that have a legal effect on you', you have the right to object. I do not use your data in such a way and so this right is not relevant in your relationship with me.

6. COOKIES

I may collect data using cookies. A cookie is a text file that is sent from my website/s as soon as you visit the site. It is stored on your computer’s hard drive and helps me to identify your computer (not you) and collects information in an aggregate, anonymous way.

Cookies may be used to collect information about your visit to my website/s, for example, traffic data, location data, device information, the date and time of your visit and the pages that you visit. The use of cookies is an industry standard for most websites.

The cookie data that I collect I may use to:

  • Customise the content on my website/s and to help me understand visitor’s current and future needs

  • Process any requests, applications or transactions you may make

  • Aid administration and analysis

Managing cookies: Most browsers allow you to turn off the cookie function. To do this you can look at the help function on your browser.

Third party cookies: I sometimes work with third party suppliers who set cookies on my website to enable them to provide me with services e.g. processing payments for portrait orders.

I may use websites such as YouTube and Vimeo to embed videos and you may be sent cookies from these websites. I do not control the setting of these cookies, so I suggest you check the third-party website for more information about their cookies and how to manage them.

As some of these services may be based outside of the UK and the European Union, they may not fall under the jurisdiction of UK courts. If you are concerned about this you can change your cookie settings (see above).