General Data Protection Regulation Policy

 

This Policy explains when and why we collect personal information about people who visit us, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.

Any questions regarding this Policy and our privacy practices should be sent to hello@lombardstreetgallery.co.uk or by writing to Lombard Street Gallery, 2 Lombard Street, Margate CT9 1EJ. Alternatively, you can telephone 01843 292779.

Who are we?

Lombard Street Gallery, 2 Lombard Street, Margate, Kent CT9 1EJ

How do we collect information from you?

We  only obtain information about you when you use our website, when you contact us about:

1.Our exhibiting programme or products for sale.

2.Leave us your details at the gallery.

3.If you register to receive one of our regular newsletters.

What type of information is collected from you?

The personal information we collect might include your name, address, email address &  IP web address. If you purchase a product from us, your card information is not held by us. Your card information is collected by our third-party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below.

How is your information used?

We may use your information to:

  • process orders that you have submitted;
  • to carry out our obligations arising from any contracts entered into by you and us
  • send you information about our exhibiting programme, our artists, artworks & products for sale, and any other information you have requested

We review our retention periods for personal information on a regular basis. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.

Who has access to your information?

We never sell or rent your personal information to third parties.

We will not share your information with third parties for marketing purposes.

We may pass your information to our third-party service providers, subcontractors and other organisations for the purposes of completing tasks and providing services to you on our behalf (for example to send you mailings). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and to ensure that they comply with the other requirements of the Data Protection laws.

When you purchase products from us your payment details are processed by a third-party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us.

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, or if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use. However, we will take steps to ensure that your privacy rights continue to be protected.

Your choices

You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us, then you can click the UNSUBSCRIBE link on any email or select your choices by ticking the relevant boxes on the online form on which we collect your information.

 

We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent.

How you can update your information

The accuracy of your information is important to us.

If you change email address, or any of the other information we hold is inaccurate or out of date, please email us at hello@lombardstreetgallery.co.uk or write to us at 2 Lombard Street, Margate CT9 1EJ or telephone us on 01843 292779.

Your rights

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

 

Security precautions in place to protect the loss, misuse or alteration of your information

Non-sensitive details (your email address etc.) are transmitted normally over the Internet and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Use of ‘cookies’

Like many other websites, our website uses cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. This helps us to improve our website and deliver a better more personalised service.

It is possible to switch off cookies by setting your browser preferences to disable Cookies. Turning cookies off may result in a loss of functionality when using our website. You can also clear cookies saved on your computer at any time.

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

 Review of this Policy

We keep this Policy under regular review. This Policy was last updated on 9th May 2018.

 

 

Record of Data Processing

 DEFINITIONS

“Personal Data” is any information (held manually or electronically) about an identified or identifiable living individual (e.g. names and addresses, email addresses, other contact details, sales records, personal opinions expressed by individuals which may be recorded).

“Sensitive Personal Data” is any information about the racial or ethnic origin of an Individual, his or her political opinions, religious or philosophical beliefs, trade union membership, and data concerning health or sex life.

“Processing” is any activity or set of operations involving Personal Data including (by way of example) collecting, recording, amending, deleting, destroying, disclosing, transmitting.

“Individual” is the living individuals whose Personal Data is being processed.

 

Name of company Lombard Street Gallery
Contact details 2 Lombard Street, Margate, Kent CT9 1EJ

01843 292779

hello@lombardstreetgallery.co.uk

Data Protection Officer Janet Williams
Date 9th May 2018

 

PROCESSING OF PERSONAL DATA  
1.            Different categories of individual personal data held

 

 

 

Staff – 3rd Party only e.g bank details

Marketing – 3rd Party e-mail list e.g mailchimp

Customers – 3rd Party e-mail e.g Ownart

3rd Party Web shop e.g Shopify

Suppliers – e-mail addresses

3rd Party bank details

2.            Categories of personal data collected & held about these Individuals

 

 

 

 

Staff: home address, contact details, next of kin, bank account, salary

Customers: name, contact details, email address, telephone number, bank details,

Marketing: email list

Suppliers (Sole Traders): name, contact details, email address, bank details

 

 

3.            Purposes of Processing

           

 

 

 

 

 

 

 

Staff: personnel administration including pay and benefits

Customers: order processing, direct marketing; audit

Marketing email list: direct marketing

Suppliers (sole traders): supplier administration; order management

Others: xxx

 

 

COLLECTION OF PERSONAL DATA  
4.            Personal Data collection method 

 

 

 

 

 

Marketing email list: website, shop/gallery

 

5.            Method of obtaining information                        

 

 

 

 

Directly via book in gallery
STORAGE OF PERSONAL DATA  
6.            Location of individuals Personal Data stored

 

 

 

 

Held on a computer database & files on private server

Held on physical paper in manual files.

7.            Persons with access to Personal Data

 

 

 

 

 

 

All employees & directors

 

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES  
8.            Personal data disclosed to third parties outside the business

 

 

 

 

 

None