Clementina Sketchbook – Privacy Notice
1.1 This privacy notice (Privacy Notice) sets out the ways in which Clementina Sketchbook (we, us, our), collect and use your personal information in connection with our business, including via our website https://www.clementinasketchbook.com/. It also explains what rights you have in relation to accessing or changing your personal information.
1.2 Our website is not intended for children. We do not knowingly collect or maintain the personal information of children under the age of 13. If you are under the age of 13, please do not access our website. We will take appropriate steps to delete the personal information of persons under the age of 13.
2. About us and contacting us
2.1 Clementina Sketchbook (sole trader) provides artwork and artistic services (including readymade, bespoke and personalised pieces)
2.2 If you would like to contact us for any reason in connection with our use of your personal information, please contact us at firstname.lastname@example.org.
2.3 We are committed to keeping your personal information safe, secure and confidential. Any information that you share with us will be processed in accordance with the terms of this Privacy Notice, data protection laws and, if we are required to do so, by other applicable laws. We will also not sell, distribute or lease personal information to third parties at any time unless we have permission to do so or are otherwise permitted or required by law to do so.
3. Information we may collect about you
3.1 We will collect, use, store and transfer different kinds of information that you may provide to us when you:
3.1.1 Make an enquiry, provide feedback, make a complaint or any other correspondence over the phone, by email or on our website.
3.1.2 Subscribe to our newsletter and/or mailing lists.
3.1.3 Create an account to access certain parts of the website and/or order products or services online.
3.1.4 Respond to questionnaires and surveys.
3.1.5 Submit reviews and comments on the website or interact with our social media accounts including Instagram.
3.1.6 Register to and/or attend our events.
3.1.7 Use our website generally. This means that we will collect certain information about how you use our website and the device that you use to access our website, even where you have not created an account or logged in. This information may include login data, IP address, page views, searches, requests, orders, pre-approvals, confirmations and other actions on the website, and may be collected by a third-party website analytics service provider on our behalf and/or may be collected using cookies or similar technologies. For more information on cookies please read the ‘COOKIES’ section below.
3.2 The information you provide to us will include (depending on the circumstances):
3.2.1 Identity and contact data: This includes titles, names, addresses, email addresses, phone numbers and other contact details you may provide to us.
3.2.2 Account profile data: if you are registering for an account you may also provide a username, password, job title/company and language preferences.
3.2.3 Financial data: If you are using the website to purchase products or services, you will also provide payment details, which may include billing addresses, credit/debit card details and bank account details.
3.2.4 Website and service feedback data: From time to time we might ask if you would be willing to participate in our surveys about the website, our products and our services.
3.2.5 Photographs and footage: we may capture images of you if we take photographs of or film an event we have hosted. Your image may be included in an image or video of the audience at an event and used for publicity purposes. We will endeavour to let you know, for example by notices at the events, if we will be photographing or filming. If you do not wish for your image to be used by us, you can let us know by using the contact details at the top of this Privacy Notice.
3.3 In certain circumstances, we will receive information about you from third parties such as:
3.3.1 Service providers: We may collect personal information from our website developers, IT support providers, customer service support providers, marketing services providers and payment services provider (who may be based inside or outside the UK and/or the EU).
3.3.2 Website security: We will collect information from our website security service partners (who may be based inside or outside the UK and/or the EU), about any misuse to the website, for instance, the introduction of viruses, Trojans, worms, logic bombs, website attacks or any other material or action that is malicious or harmful.
3.3.3 Publicly available sources: We may use publicly available sources, such as Companies House, to carry out identity and compliance checks.
3.3.4 We might also receive information about you from third parties if you have indicated to such third party that you would like to hear from us.
3.4 Once collected, we use your information for the following purposes:
3.4.1 Provide access to our website: To provide you with access to the website in a convenient and optimal manner.
3.4.2 To register your account: when you sign up to use our website, we will use the details provided on your account registration form to register and manage your account and online orders.
3.4.4 User and customer support: To provide users or customers support by dealing with enquiries or complaints about the website and share your information with our website developers, IT support providers, payment services provider, and security providers as necessary to provide the necessary support.
3.4.5 Marketing: To keep in contact with you about our news, events, new features, products or services that we believe may interest you, provided that, where necessary, we have the requisite permission to do so, or where it is in our legitimate interests to provide you with marketing communications where we may lawfully do so.
3.4.6 Social media interactions: to interact with users on social media platforms including Instagram, for example, responding to comments and messages, posting, ‘retweeting’ and ‘liking’ posts.
3.4.7 Research & Analytics: To carry out aggregated and anonymised research about general engagement with our website and to use data analytics to improve our website, products/services, marketing, customer relationships and experiences.
3.4.8 Compliance with policies, procedures and laws: To enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our staff and share your information with our technical and legal advisors.
3.5 Lawful grounds for using non-sensitive personal information: We will use your personal information for the purposes listed above on the basis of:
3.5.1 Performance of your contract with us and the provision of our services and/or products to you.
3.5.2 Your consent (where we request it).
3.5.3 Our legitimate interests or the legitimate interests of a third party (where appropriate).
3.5.4 Where we need to comply with a legal or regulatory obligation.
3.6 Legitimate interests: Where we use your information for our legitimate interests (or that of a third party), we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests (or those of a third party) do not automatically override yours and we will not use your information if we believe your interests should override ours, unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing, please refer to details of “YOUR RIGHTS” in paragraph 12 below.
3.7 Special Categories of personal information: We do not collect any “special categories” of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. Special categories of personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information.
4. Who we might share your information with
4.1 In connection with the purposes and on the lawful grounds described above, we may share your personal information, when relevant, with third parties such as:
(a) Development and hosting services;
(b) Payment services;
(c) IT, system administration and security services;
(d) Marketing and advertising services;
(e) Printing services; and
(f) Delivery service providers.
4.1.2 Regulators and governmental bodies: HM Revenue & Customs, regulators, governmental bodies and other authorities acting as processors or separate controllers who require reporting of processing activities in certain circumstances.
4.1.3 Marketing partners: any selected third party that you consent to our sharing your information with for marketing purposes.
4.1.4 Charity partners: our charity partner in connection with our charity collections where you have consented to our sharing your information with them in order to receive further information about their organisation and campaigns.
4.1.5 Prospective sellers and buyers of our business: any prospective seller or buyer of such business or assets, only in the event that we decide to sell or buy any business or assets.
4.1.6 Other third parties (including professional advisers): any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
4.2 We require third parties to maintain appropriate security to protect your information from unauthorised access or processing.
5. Sharing data directly with third parties
5.1 You might end up providing personal information directly to third parties as a consequence of your interactions with the website.
5.2 You may also provide your personal information directly to a third party if you attend an event hosted by us where you communicate personal information directly with other attendees. We are not responsible for how such third parties use personal information provided by you.
5.3 Please be responsible with personal information of others when using the website and the services available on it. We are not responsible for your misuse of personal information, or for the direct relationship between you and others.
6.1.1 Session cookies: These allow our website to link your actions during a particular browser session. These expire each time you close your browser and do not remain on your device afterwards.
6.1.2 Persistent cookies: These are stored on your device in between browser sessions. They allow your preferences or actions across the website to be remembered. These will remain on your device until they expire, or you delete them from your cache.
6.1.3 Strictly necessary cookies: These cookies are essential for you to be able to navigate the website and use its features. Without these cookies, the services you have asked for could not be provided.
6.1.4 Performance cookies: These cookies collect information about how you use our website, e.g. which pages you go to most often. These cookies do not collect personally identifiable information about you. All information collected by these cookies is aggregated and anonymous and is only used to improve how the website works.
6.1.5 Functionality cookies: These cookies allow the website to remember the choices you make (such as your user name, language, last action and search preferences) and provide enhanced, more personal features. The information collected by these cookies is anonymous and cannot track your browsing activity on other websites.
6.2 If you do not wish for cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser (or alternatively visit http://www.aboutcookies.org). Please note that, if you do set your Internet browser to reject cookies, you may not be able to access all of the functions of the website.
7. How long we keep your personal information
We will retain your information for as long as is necessary to provide you with the services that you have requested from us, or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do so.
8. Help keep your information safe
8.1 You can also play a part in keeping your information safe by:
8.1.1 Choosing a strong account password and changing it regularly.
8.1.2 Keeping your login and password confidential and avoiding sharing these with others.
8.1.3 Making sure you log out of the website each time you have finished using it, especially when using a shared computer.
8.1.4 Letting us know if you know or suspect that your account has been compromised, or if someone has accessed your account without your permission.
8.1.5 Keeping your devices protected by using the latest version of your operating system and maintaining any necessary anti-virus software.
8.1.6 Being vigilant to any fraudulent emails that may appear to be from us. Any emails that we send will always come from an email address ending in @clementinasketchbook.com .
9. International transfers of your information
9.1 We store and process your information in the UK.
9.2 Some of our third party service providers are based outside the UK and/or European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the UK and/or EEA.
9.3 Whenever we transfer your personal data out of the UK or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards are implemented:
9.3.1 We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
9.3.2 We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
9.3.3 If we are transferring to organisations in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
9.4 Please contact us using the contact details above if you would like further information on the specific mechanism used by us when transferring your personal data out of the UK or EEA.
10. Your rights to the information we hold about you
10.1 You have certain rights in respect of the information that we hold about you, including:
10.1.1 The right to be informed of the ways in which we use your information, as we seek to do in this Privacy Notice.
10.1.2 The right to ask us not to process your personal data for marketing purposes.
10.1.3 The right to request access to the information that we hold about you.
10.1.4 The right to request that we correct or rectify any information that we hold about you which is out of date or incorrect.
10.1.5 The right to withdraw your consent for our use of your information in reliance of your consent, where we have requested it.
10.1.6 The right to object to our using your information on the basis of our legitimate interests (or those of a third party) referred to in paragraph 3.5.
10.1.7 The right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format, in certain circumstances.
10.1.8 In certain circumstances, the right to ask us to limit or cease processing or erase information we hold about you.
10.1.9 The right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) as well as a right to lodge a complaint with the relevant authority in your country of work or residence.
10.2 Please note that we may need to retain certain information for our own record-keeping and research purposes. We may also need to send you important non-marketing, service-related communications relating to your user account even when you have requested not to receive marketing communications.
10.3 How to exercise your rights
10.3.1 You may exercise your rights above by contacting us using the details in paragraph 2.1 of this Privacy Notice, or in the case of preventing processing for marketing activities also by checking certain boxes on forms that we use to collect your data to tell us that you do not want to be involved in marketing.
10.3.2 Once you action your rights, we will comply with your request(s) unless we have a lawful reason not to do so. Where we have a lawful reason of not fulfilling your request, you will be entitled to the reasons why.
10.4 What we need from you to process your requests:
10.4.1 We may need to request specific information from you to help us confirm your identity and to enable you to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to someone who does not have the right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
10.4.2 You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
11. Third-party links
The website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
12. Changes to this privacy notice and your duty to inform us of changes
12.1 We may make changes to this Privacy Notice from time to time. We will post any changes to our website, or notify you of any material changes by e-mail.
12.2 It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us by updating your profile account information or contacting us via the contact details at the beginning of this Privacy Notice.
This Privacy Notice was updated on 7 April 2020.