Privacy policy
This document explains how My Art Project handles data we receive either digitally or hard copies, personal or otherwise, and consists of 3 Parts.
Part 1: Refers to handling of data collected via our website and online shop.
Part 2: Refers to handling of data provided by schools or other settings for the purposes of running an Art Project with us.
Part 3: How to contact My Art Project with questions, queries or requests.
PART 1 - WEBSITE BROWSING, ENQUIRY FORM SUBMISSIONS, ONLINE ORDERING & PAYMENTS
SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?
Collection of Data:
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system. Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
Use of your personal information:
We use the Order Information that we collect generally to fulfil any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
- Communicate with you;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
Behavioural advertising:
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
SECTION 2 - CONSENT
Getting my consent:
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only. If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
Withdrawing my consent:
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at info@myartproject.co.uk or mailing us at: My Art Project Ltd, Unit 4, Block A, Crab Apple Way, Vale Business Park, Evesham. WR11 1AE.
SECTION 3 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
Payment: If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers. In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act. Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.
Links When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 - COOKIES
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not. _session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc). _shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits _shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer. cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart. _secure_session_id, unique token, sessional storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
SECTION 8 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
SECTION 9 - CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
PART 2 - SCHOOL & STAFF, PROJECT CO-ORDINATOR, PTA MEMBERS, PUPIL NAMES, CLASSES & ARTWORK
General Data Protection Regulation (GDPR)
This element sets out how My Art Project Ltd uses & protects any information provided to us when registering and running one of our Projects.
My Art Project respects all privacy and is committed to protecting all personal data. This privacy policy will inform you as to how we look after the personal data of all persons involved in an art project.
Your consent:
By using our Company and our website, you consent to our Privacy Policy.
Information collected by My Art Project:
We collect personal information from you when you register for one of our projects. When doing so, you will be asked to provide personal information such as your name, e-mail address, mailing address and a phone number.
We collect this information (and have a lawful legitimate interest to do this), so that we can send you information about running a project with us, or for us to manage and support you for the duration of a fundraising project you have registered with us.
When you use our website we use cookies and collect IP addresses to improve your experience. We utilise temporary cookies, which means once your ‘session’ on our website or using our ‘chat’ facility ends, we do not retain your IP address or details.
Your personal data is NOT shared with any third parties.
Fundraising Projects – Children’s Names, Classes and Drawings:
When you sign-up to run a fundraising project with My Art Project you will send us drawings, children’s names and class information to process a project for you. As you are collecting this information and sending it to us for processing, you act as a data controller in this transaction and we act as a data processor for you.
All drawings are stored at our premises in Evesham, WR11 1AE and are either returned or shredded after your project has finished. Electronic records of artwork, names and classes are stored on our internal servers for as long as they are required to manage your order. This is to allow us to process corrections, updates and replacements after your project finishes. After 5 years this data is permanently deleted from our systems.
The children’s personal data is not shared with any third parties.
We do not collect any Special Categories of Personal Data (this includes details about race or ethnicity, religious or philosophical beliefs, political opinions, health, genetic or biometric data etc.).
However, you can contact us at any time to have the data edited or deleted.
Fundraising Projects – Co-ordinator(s), school staff, PTA member data:
We will retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
The personal data we hold on our system may be held indefinitely (see above for an exception for children’s names, classes and drawings which are periodically deleted from our system) whilst an account is held with us, e.g. where schools and other organisations register art projects with us every year.
Marketing Communication from us:
You may receive marketing communications from us if you have requested information from us previously, provided you have opted in to receive marketing.
You can ask us to stop sending you marketing messages at any time by following the ‘unsubscribe’ link on any marketing message sent to you.
We will never share your personal data with any company outside of My Art Project for marketing purposes or otherwise.
Protecting your information:
We have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.
Our internal (on site) servers and database are maintained by a well-established IT company: Celcius Software Ltd.
Celcius Software Ltd complies with all Physical Security & Data Transfer legal requirements.
In addition, we limit access to your personal data to those employees and third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
Printed Information:
All confidential paper based data is archived on site for a maximum period of 12 months, after which it is shredded and disposed of appropriately.
Disclosure of information to outside parties:
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties named above, who assist us in operating our website & managing our database. Those parties have agreed to keep this information confidential.
We may also share your information where disclosure is required or permitted by law (for example to government bodies, HMRC and law enforcement agencies).
Cookies:
Cookies are small files that a site transfers to your computer through your web browser (if you allow) that enables the sites or service providers systems to recognise your browser and capture and remember certain information.
My Art Project use of cookies:
We use Cookies to compile anonymous data about site traffic and site interaction so that we can offer better site experiences in the future.
Third Party Cookies on our website:
Please note that during your visits to the www.myartproject.co.uk website you may notice some cookies that are not related to us. When you visit a page with content embedded from, for example, Facebook or Twitter, you may be presented with cookies from these websites. My Art Project Ltd does not control the dissemination of these cookies. You should check the third party websites for more information about these.
Cookies can be disabled in your browser options (please note that in these instances some functions of our website might be unavailable to you).
Changes to our Privacy Policy:
If we decide to change our privacy policy, we will post those changes on this page.
PART 3 - QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, please contact our Privacy Compliance Officer.
Full name of legal entity: My Art Project Ltd
Email address: privacy@myartproject.co.uk
Address: My Art Project Ltd, Unit 4, Block A, Crab Apple Way, Vale Business Park, Evesham. WR11 1AE
Telephone number: 01386 898464
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.