Data Usage and Data Protection Statement
Purpose of Policy
This policy describes how Artist Gill Northcott collects and processes your personal data as part of the task of providing the service of creating and selling oil paintings and traditional acrylic artworks from the artist’s base in North Wales.
It is important that you read this policy together with any other data related notice that may declared elsewhere at exhibitions, galleries, etc.
Data Controller and Data Processor
Why Artist Gill Northcott Processes Personal Data (the “Purpose”)
Personal data, or personal information, is any information about an individual from which that person can be identified. Personal data does not include information where the identity has been removed or is anonymous.
Gill Northcott collects and processes (stores, transfers, archives, updates and uses) different kinds of personal data, which is outlined as follows:
- Gill Northcott customer/client data. Contact data: The personal data collected and processed is: name, postal address, landline phone number, mobile number and email address;
- Electronic mail and contact form enquiries data. Contact data: If the website contact form is used, the personal data collected and processed is: name, a telephone number (optional) and email address. If Artist Gill Northcott is contacted directly via electronic mail then the name and email address (at the very least) will be collected and processed;
- Website Comments Data. Comments made into the new blog section of the website will be recorded into the database. Web users who want to comment need to subscribe. The personal data collected and processed is as follows: email address, IP address (minimal data profile), and optionally the personal data profile can also include name and subscriber’s website address (if they have one);
- Website Functional Data. Various procedures are in place to protect the website from malicious online activities. Personal data will be recorded and processed as a consequence. Statistical data is also recorded, this may include IP address and which pages have been visited and online documents downloaded. Use and content of contact form submissions is recorded for a limited time. Use and commenting on blog articles is recorded for a limited time.
How Artist Gill Northcott Processes Personal Data
Personal data from customers/clients is collected using temporary paper-based forms or within an electronic text-based file. This information is transferred and processed within a more permanent electronic file system on a secure (password and firewall protected) desktop computer at the home address of the artist.
With the website contact form an email is generated and sent to the data processor’s computer email application. With direct email communication, the email message is also sent to the data processor’s computer email application. Messages are stored on a password protected and firewall protected computer.
Website comments data and website functional data is stored in a MariaDB database. The website data controller will be alerted by email when a new subscriber account request is made (blog commenting). Quality assured WordPress plugins are used to record and monitor website activities to ensure no malicious online activities take place. The WordPress plugins used to collect and process website-based data are: statistical add-on “WP Statistics”; security add-on “Wordfence”; electronic mail logger add-on “WP Mail Log” and; website auditing logger add-on “WP Security Audit Log”.
The website files and MariaDB database are stored and maintained on a secure shared hosting server, located within the EU, provided by an established UK web hosting company.
The Lawful Basis for Collecting & Processing Personal Data
The Law states Artist Gill Northcott must tell you the following:
Artist Gill Northcott holds clients’ data because it is in its legitimate interest to do so. Without holding the data Artist Gill Northcott cannot work effectively.
Artist Gill Northcott holds website functional data because it is in its legitimate interest to do so. Without collecting, processing and monitoring web-based data (which may include personal data such as IP address) the website would be vulnerable to cyber-attacks and other malicious online activities.
How Personal Data is Used
With client/customer contact data, your personal data is only used for contact purposes between you and Artist Gill Northcott regarding the task of providing the service of creating and selling oil paintings and traditional acrylic artworks on order. Artist Gill Northcott may ask you if you’d like to opt in to a newsletter subscription containing offers and promotions from Artist Gill Northcott in the future.
With enquirer contact data, your personal data is only used for contact purposes between you and Artist Gill Northcott regarding the possible future task of providing the service of creating and selling oil paintings and traditional acrylic artworks.
With the personal data processed in relation with the Artist Gill Northcott website operations, it is the task of Artist Gill Northcott to maintain a website that is safe to use by all, that is uncompromised by malicious online activities, and is data secure for those using the website, be it using the contact form, downloading documents, reading the news blog, or even commenting on articles. Website activities and statistics are recorded for a maximum of 12 months and then automatically deleted.
Change of Personal Data Purpose
Artist Gill Northcott will only use your personal data for the purposes for which it was originally collected for (as previously outlined). If another reason arises for which Artist Gill Northcott needs to use your personal data you will be contacted first to gain your consent.
Note that Artist Gill Northcott may further process your personal data without your knowledge or consent where this is required or permitted by law, such as requests from government bodies, e.g. HMRC.
Disclosure of Personal Data
Artist Gill Northcott do not sell, distribute or otherwise make personal data commercially available to any party, except as described in this policy or with your prior consent.
Protection of Your Personal Data
Artist Gill Northcott take the security of the personal data held seriously, both customer/client personal data and website based personal data. Policies and procedures are in place to safeguard it from loss and misuse.
Artist Gill Northcott also have procedures to deal with any suspected personal data breach and will notify you of breach when legally required to do so.
Good security practices are in places, namely: strong passwords; updated antivirus and firewalls; up to date Windows operating system installations, up to date Microsoft Office applications, and up to date WordPress installation and latest plugins in use at all times.
Length of Time Processed Personal Data Is Stored
Customers/clients contact data: Some personal data will be stored for up to 7 years as per the requirements stated by HMRC for income related purposes.
Enquirer contact data: Personal data will be held for the length of the enquiry. Relating emails and the data held within will be deleted in a timely manner (within weeks of the initial enquiry). Personal data from an online enquiry will never be transferred to another data process in the event the enquiry does not produce a sale.
Web-based Personal data: Contact form messages are recorded by the WP Mail Log plugin and stored for a maximum of 30 days. The web activities stored by the WP Security Audit Log plugin are kept for 12 months. Blog comments, if deemed helpful to an article, will be kept online indefinitely, but the owner (blog “subscriber”) of the comment will always be able to remove it at any time. If a subscriber wishes to delete their account, they can do so themselves at any time. Deletion of an account will automatically delete all their own comments from the blog as well.
Your Legal Rights
Artist Gill Northcott assume responsibility for keeping an accurate record of personal data once you have submitted the information. Please inform Artist Gill Northcott of any changes to your information, or in the case of the blog, subscribers must update their email address by logging in at any time to the website user interface.
You are entitled to:
- Request access to your personal data;
- Request the correction or deletion of your personal data;
- Object to the processing of your personal data;
- Request a restriction of processing your personal data;
- Withdraw consent at any time, where Artist Gill Northcott is relying on consent to process your personal data.
Concerns About Artist Gill Northcott Data Processing?