Scope

This Privacy Policy applies to Lisa Oakley, Staffordshire Plein Air Artist and to the website www.lisaoakley.co.uk

Lisa Oakley is a sole trader.

The words ‘we’, ‘us’ and ‘our’ all refer to Lisa Oakley in this policy.

What is Personal Information?

Personal information (or data) is any information that identifies you, for example, name, address, email address, phone number.

What Personal Information Do We Collect?

We collect only that personal data from you that we need to help us to help you with your enquiry, order or commission of a painting. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.

Personal Data Provided by You

The personal data you give us may include name, address, email address, telephone numbers and a username and password.

You can give us your personal data, for example, by filling in contact forms on our website, by placing an order, by communicating them on social media, by corresponding with us by phone or email or by communicating them to us in person.

Personal Data that is Collected Automatically

We may automatically collect the following information:

Technical information, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and if you access our website via your mobile device we will collect your unique phone identifier.

Information about your visit, including, but not limited to the full Uniform Resource Locators (URL) and query string, clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as but not limited to,scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.

How Do We Use Your Personal Data?

We will only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation (from 25 May 2018)/UK Data Protection Act and the Privacy of Electronic Communication Regulation. Below are the main uses of your data.

Service Delivery

Your personal data may be collected and used to help us with your enquiry, to fulfill your order or to deliver our services to you.

Marketing Communications

We would like to use your details to communicate information to you that you may find relevant and useful.

Customers

We occasionally send you information about or related to our products and services by email that have been identified as being of interest to our customers and in our interests. We process your personal information under the ‘legitimate interest’ legal basis, in accordance with the ‘soft-opt-in’ – Regulation 22 of PECR (Privacy and Electronic Communication Regulation).

The marketing communications we send to clients will be relevant and non-intrusive and the type of information you would reasonably expect to receive from us. You will always have the option to opt-out/unsubscribe at any time.

If you would prefer not to receive the above-mentioned marketing and offers, please email Lisa Oakley at lisa.oakley@lottyblue.net or click the unsubscribe button in the footer of the last email we sent you.

N.B. Your privacy is important to us, so we’ll always keep your details secure.

Other Contacts

We would like to send our other contacts information about or related to our products and services by email, which may be of interest to you. We would only do this with your express consent. If you consent to us using your contact details for this purpose, you have the right to modify or withdraw your consent at any time by using the opt-out/unsubscribe options or by contacting us directly.

If you are receiving marketing communications from above, but no longer consent to receiving them, please email Lisa Oakley at lisa.oakley@lottyblue.net or click ‘unsubscribe’ in the footer of the last email we sent you.

N.B. Your privacy is important to us, so we’ll always keep your details secure.

Do We Share or Disclose Your Personal Information?

We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement.

If you choose to purchase online, the payment providers’ Privacy and Data Protection policies apply.

What Safeguarding Measures Do We Have In Place?

We take your privacy seriously and take every reasonable measure to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration or disclosure and have practical and technical security measures in place.

Do We Transfer Your Data Outside The EU?

Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data. We do transfer and store personal data outside the EU.

Therefore, when you use our website/send us an email etc., the personal information you submit may be stored on servers which are hosted in non-EU countries. Where this is the case, we will take steps to ensure that those providers use the necessary level of protection for your information and comply with the relevant data protection laws.

Where we transfer personal information for the above reasons, we utilise the below safeguarding measures and mechanisms to ensure that your personal data is always safe and secure. We check that software providers are:

  • GDPR compliant
  • EU/US Privacy Shield certified
  • Compliant with EU standard contractual clauses

Your Rights

Right to be Informed

You have the right to be informed of the data we hold about you and how we process that data. The security of your data is of paramount importance to us.

Right to Access

You have the right to access any personal information that we process about you and to request information about: –

  • What personal data we hold about you
  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients to whom the personal data has/will be disclosed
  • How long we intend to store your personal data for
  • If we did not collect the data directly from you, information about the source
  • We will respond to your request within one month of receipt of the request.

Right to Rectification

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.

Right to Object

It is your right to lodge an objection to the processing of your personal data if you feel the “grounds relating to your particular situation” apply.  The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claims.

Right to Data Portability

It is also your right to receive the personal data which you have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:

(a) The processing is based on consent or on a contract, and

(b) The processing is carried out by automated means.

Right to Erasure & Right to Restrict

You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information.

Rights in Relation to Automated Decision-Making & Profiling

We currently don’t use automated decision-making and profiling. But if we were to in the future, you have a right to be informed and to request to have a human reconsider automated decisions and profiling.

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

For all requests as outlined above, please contact us as follows:

By email: lisa.oakley@lottyblue.co.uk

 

How Long Do We Keep Your Data?

We only ever retain personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years (+1 year) after which time it will be destroyed.

Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.

Cookies

This website uses cookies. Cookies are text files placed on your computer, smartphone or other device to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org. You can set your browser not to accept (restrict or block) cookies and the above websites tell you how to remove cookies from your browser. To learn about controlling cookies on the browser of your mobile device please refer to your handset manual. N.B. Restricting or blocking cookies may mean some of our website features do not function as a result.

Types of Cookies

The length of time a cookie stays on your device depends on its type. We use two types of cookie on our website:

Session Cookies

A session cookie is stored in temporary memory and only exists during the time you use the website. This means that it is not retained after the browser is closed. Session cookies enable the website you are visiting to keep track of your movement from page to page so you don’t get asked for the same information you’ve already given to the site.

Persistent Cookies

Persistent (or permanent) cookies stay on your device after you have visited our website. These cookies help us to identify you as a unique visitor but do not contain information that could be used to identify you to another person. Persistent cookies also help our website to remember your information, preferences and settings when you visit them in the future.

We use persistent cookies on the www.lisaoakley.co.uk website, which are generated by:

Woocommerce – Woocommerce is a WordPress e-commerce plugin that allows customers to place orders on the website. The cookies it places remember the items in your cart and checkout to facilitate the order process.

General Cookies

This type of cookie is generated when you click on images and links. They help to track what you viewed on the website, giving you faster and more convenient access to the information you need when you revisit the website.

Complaints

If you feel that your personal data has been processed in a way that does not meet the GDPR, you have a specific right to lodge a complaint with the relevant supervisory authority.   The supervisory authority will then tell you of the progress and outcome of your complaint. The supervisory authority in the UK is the Information Commissioner’s Office.

Changes to our Privacy Policy

We keep our privacy policy under regular review and we will place any updates on this web page.  This privacy policy was last updated on 25th May 2018.

How to Contact Us

Please contact us if you have any questions about our Privacy Policy or information we hold about you:

By email: lisa.oakley@lottyblue.co.uk