Original Art Created By My Hands and My Heart

Privacy Policy

Privacy and Cookie Policy

We are committed to protecting and respecting your privacy. For the purposes of the General Data Protection Regulations (GDPR) and any subsequent UK legislation covering data protection, the Data Controller is ChrisGillGallery.

This Policy sets out why we collect personal information about individuals and how we use that information. It explains the legal basis for this and the rights you have over the way your information is used.

This Policy covers ChrisGillGallery in relation to the collection and use of the information you give us. We may change this Policy from time to time. If we make any significant changes we will advertise this on our website (chrisgillgallery.co.uk) or contact you directly with the information. Please check this page occasionally to make sure you are happy with any changes.

If you have any questions about this Policy or concerning your personal information, please contact us at info@chrisgillgallery.co.uk

What type of personal information we collect

The type and amount of information we collect depends on why you are providing it. This will usually include your name, email address, postal address and phone number for original art sales enquiries and online purchases from both chrisgillgallery.com and chrisgillgallery.co.uk

If you use your credit or debit card to make a purchase on the website, we will ensure that this is done securely and in accordance with the Payment Industry Data Security Standard. Your card details are processed securely by external payment gateways, and we do not receive, nor can we access or store your card details.

How we collect information

We may collect information from you when you contact us or have any involvement with us. For example, when you visit the website, buy a piece of artwork, sign up for email news updates or contact us in any way including online, email, phone, SMS, social media or post.

Where we collect information from

We collect information from you:

  • when you give it to us directly: You may provide your details when you ask for information or make an enquiry, sign up to a mailing list, order goods, or contact us for any other reason.

  • When you give it to us indirectly: Your information may be shared with us by other organisations and third parties such as Facebook. They should only do so in the way they have set out in their own Privacy Policy which you should check when you give your details.

  • When you have given other organisations permission to share it: Your information may be provided to us by other organisations if you have given them your permission. This might, for example, be a charity working with us or exhibition organiser. The information we receive from other organisations depends on your settings or the option responses you have given them.

  • When you use our Websites: When you use our Websites, information about you is recorded and stored. See the information about the use of cookies under that heading below.

  • When it is available on social media: Depending on your settings or the privacy policies applying for social media and messaging services you use, like Facebook, Instagram or Twitter, and only within the context of the services we offer, you might give us permission to access information from those accounts or services. We won’t share this information.

How we use your information

We will use your personal information in a number of ways which reflect the legal basis applying to processing of your data. These may include:

  • sending you email communications, with your consent, that may be of interest – using data we have transferred to our email subscription service provider, including marketing information about our products, services and activities

  • when necessary for carrying out your obligations under any contract between us, including sale of goods

  • seeking your views on the services or activities we carry on so that we can make improvements

  • maintaining our organisational records and ensuring we know how you prefer to be contacted

  • analysing the operation of our websites and analysing our websites’ behaviour to improve them and their usefulness.

Our legal basis for processing your information

The use of your information for the purposes set out above is lawful because one or more of the following applies:

Where you have provided information to us for the purposes of requesting information or requesting that we carry out a service for you, we will proceed on the basis that you have given consent to us using the information for that purpose, based on the way that you provided the information to us. You may withdraw consent at any time by emailing us at chrisgillgallery.com

This will not affect the lawfulness of processing your information prior to your withdrawal of consent being received and actioned.

It is necessary for us to hold and use your information so that we can carry out our obligations under a contract entered into with you or to take the steps you ask us to prior to entering into a contract.

It is necessary to comply with our legal obligations.

Where legitimate interest applies, i.e. where we may use your data in ways you would reasonably expect, and which have a minimal privacy impact, or where there is a compelling justification for the processing.

If you want to contact me about your marketing preferences, please email info@chrisgillgallery.co.uk

How we keep your information safe

We understand the importance of security of your personal information and take appropriate steps to safeguard it.

All personal data is stored securely in the GDPR-compliant cloud-based applications. For financial or technical reasons, the information you provide to us may be transferred to countries outside the European Economic Area (EEA), which are not subject to the same data protection regulations as apply in the UK. We meet our obligations under GDPR by ensuring that the information has equivalent protection as if it were being held within the EEA. We do this by ensuring that any third parties processing your data outside the EEA either benefits from an adequacy determination for GDPR purposes and/or, where appropriate, we have entered into a Data Processing Agreement which contains model EU clauses. We always ensure only authorised persons have access to your information, and that everyone who has access is trained appropriately to manage your information.

No data transmission over the internet can however be guaranteed to be 100% secure. So, while we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.

Who has access to your information?

  • Third parties who provide services to us, for example, Mailerlite by sending mailings. We select our third-party service providers with care and based on their compliance with data laws. We provide these third parties with the information that is necessary to provide the service and we will have an agreement in place that requires them to operate with the same care over data protection as we do.

  • Where necessary to complete a transaction or provide a service you have requested, we will need to pass on your details to third-parties. For example, when purchasing products from my online shop, we will need to pass on your name and address to a courier company to make the delivery.

  • Analytics and search engine providers that help us to improve our Website and its use.

  • We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.

  • Other than this, we will not share your information with other organisations without your consent.

Keeping your information up to date

We would appreciate if you let us know when your contact details change. You can do so by contacting us at info@chrisgillgallery.com

Our use of “Cookies”

What are Cookies?

As is common practice with almost all professional Websites, our websites use cookies, which are tiny files that are downloaded to your computer, to improve your experience.

How we use Cookies

Our Websites use cookies to help them work and to track information about how people are using them. We collect and retain information about your transactions with us so that we can process your transactions and deal with future queries.

Third Party Cookies

We also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through our site.

The sites use Google Analytics which is one of the most widespread and trusted analytics solutions on the Web for helping to understand how you use our sites and identify ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.

For more information on Google Analytics cookies, see the official Google Analytics page.
We use Mailerlite to manage all subscriptions to our mailing lists and to manage the creation and sending of emails to subscribers of those lists. Mailerlite uses a session cookie to track users through the Sign-Up process when they submit information via our Sign Up (subscription) form. For further information please read Mailerlite’s privacy policy.

Links

Any links on our Website may take you to third party sites over which we have no control. When linking to another Website, you should read the privacy policy stated on that Website. This policy does not cover the use of your personal data on any third-party Websites.

How long we keep your information for

We will hold your personal information for as long as it is necessary for the relevant activity.

Where we rely on your consent to contact you for direct marketing purposes, we will treat your consent as lasting for as long as it is reasonable to do so.

If you ask us to stop contacting you with marketing materials, we may keep a record of your contact details and limited information needed to ensure we comply with your request.

Your rights

You have the right to request details of the processing activities that we carry out with your personal information through making a Subject Access Request. Such requests should be made in writing. More details about how to make a request, and the procedure to be follow, can be found in our Data Protection Policy below. To make a request contact us at info@chrisgillgallery.com

You also have the following rights:

  • the right to request rectification of information that is inaccurate or out of date;

  • the right to erasure of your information (known as the “right to be forgotten”);

  • the right to restrict the way in which we are dealing with and using your information;

  • the right to request that your information be provided to you in a format that is secure and suitable for re-use (known as the “right to portability”); and

  • rights in relation to automated decision-making and profiling, including profiling for marketing purposes.

All of these rights are subject to certain safeguards and limits or exemptions, further details of which can be found in our Data Protection Policy. To exercise any of these rights, you should contact us at info@chrisgillgallery.com

If you are not happy with the way in which we have processed or dealt with your information, you can complain to the Information Commissioner’s Office. Further details about how to complain can be found here: https://ico.org.uk/concerns/

Changes to this Privacy Policy

This Policy may be changed from time to time. If we make any significant changes we will advertise this on our Website or contact you directly with the information.

Do please check this Policy each time you consider giving your personal information to us.

This Policy was last updated in March 2024.

Data Management Policy

Introduction

ChrisGillGallery needs to gather and use certain information about individuals. This can include clients, contacts, employees and other people the organisation has a relationship with or may need to contact.

This policy describes how this personal data must be collected, handled and stored to meet the organisation's data protection standards and to comply with the law.

This data management policy ensures ChrisGillGallery

  • complies with data protection law and follows good practice

  • protects the rights of clients, staff and partners

  • is transparent about how it stores and processes individuals’ data

  • protects itself from the risks of a data breach

Data protection law

The UK General Data Protection Regulation (GDPR) applies in the UK. It outlines that personal data must be:

  1. Processed lawfully, fairly and in a transparent manner in relation to individuals.

  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research or statistical purposes shall not be considered to be incompatible with the initial purposes.

  3. Adequate, relevant and limited to what’s necessary in relation to the purposes for which they’re processed.

  4. Accurate and, where necessary, kept up to date.

  5. Protected – every reasonable step must be taken to ensure that personal data that’s inaccurate, having regard to the purposes for which they’re processed, is erased or rectified without delay.

  6. Kept in a form that permits identification of data subjects for no longer than is necessary, and for the purposes for which the personal data is processed (personal).

  7. Stored for longer periods. For example, the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. This will also be subject to implementation of the appropriate technical and organisational measures required by UK GDPR in order to safeguard the rights and freedoms of individuals.

  8. Processed in a manner that ensures appropriate security of personal data. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

  9. Managed by a controller responsible for, and be able to demonstrate, compliance with the principles.

People and responsibilities

Everyone at ChrisGillGallery contributes to compliance with UK GDPR. Key decision-makers must understand the requirements and accountability of the organisation to prioritise and support the implementation of compliance.

  1. Documenting, maintaining and developing the organisation’s data protection policy and related procedures, in line with agreed schedule.

  2. Embedding ongoing privacy measures into policies and day-to-day activities, throughout the organisation. The policies themselves will stand as proof of compliance.

  3. Dealing with subject access requests, deletion requests and queries from clients, stakeholders and data subjects about data protection related matters.

  4. Checking and approving contracts or agreements with third parties that may handle the organisation's sensitive data.

  5. Ensuring all systems, services and equipment used for storing data meet acceptable security standards.

  6. Performing regular checks and scans to ensure security hardware and software are functioning properly.

  7. Evaluating any third party services the company is considering using to store or process data, to ensure their compliance with obligations under the regulations.

  8. Developing privacy notices to reflect a lawful basis for fair processing, ensuring that intended uses are clearly articulated. This will also ensure that data subjects understand how they can give or withdraw consent, or exercise their rights in relation to the company's use of their data.

  9. Ensuring that audience development, marketing, fundraising and all other initiatives involving processing personal information and/or contacting individuals abide by the UK GDPR principles.

Data Protection Officer (DPO), the person responsible for fulfilling the tasks of the DPO in respect of ChrisGillGallery, is Chris Gill (business owner).

Under UK GDPR organisations in certain circumstances are required to appoint a DPO. However, regardless of whether the UK GDPR requires a DPO, you must ensure that your organisation has sufficient staff and skills to carry out your requirements under the UK GDPR.

Best practice dictates that, regardless of individual circumstances, organisations should appoint a named individual as DPO to lead on ensuring that data protection requirements are met. The minimum tasks of the DPO are to:

  • inform and advise the organisation and its employees about their obligations to comply with UK GDPR and other data protection laws

  • monitor compliance with UK GDPR and other data protection laws – including managing internal data protection activities, advising on data protection impact assessments, training staff and conducting internal audits

  • be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, clients)

Scope of personal information to be processed

  1. The scope of the data we process is:

  • names of individuals

  • postal addresses of individuals

  • email addresses

  • telephone numbers

  • online identifiers

  • any other information relating to individuals

  1. This information is collected via online communication and stored in the cloud in order to fulfil obligations such as sales fulfilment and email subscription and Blog services.

  2. All information is kept to fulfil current obligation to that client and kept no longer than necessary to fulfil obligations via contract or online agreement (subscription services).

Uses and conditions for processing

Information is kept solely for the fulfilment of contract or online agreement as set out above.

Consent

We also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through our site.

The sites use Google Analytics which is one of the most widespread and trusted analytics solutions on the Web for helping to understand how you use our sites and identify ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.

For more information on Google Analytics cookies, see the official Google Analytics page.
We use Mailerlite to manage all subscriptions to our mailing lists and to manage the creation and sending of emails to subscribers of those lists. Mailerlite uses a session cookie to track users through the Sign-Up process when they submit information via our Sign Up (subscription) form. For further information please read Mailerlite’s privacy policy.

How we keep your information safe

We understand the importance of security of your personal information and take appropriate steps to safeguard it.

All personal data is store securely in the GDPR-compliant cloud-based applications. For financial or technical reasons, the information you provide to us may be transferred to countries outside the European Economic Area (EEA), which are not subject to the same data protection regulations as apply in the UK. We meet our obligations under GDPR by ensuring that the information has equivalent protection as if it were being held within the EEA. We do this by ensuring that any third parties processing your data outside the EEA either benefits from an adequacy determination for GDPR purposes and/or, where appropriate, we have entered into a Data Processing Agreement which contains model EU clauses. We always ensure only authorised persons have access to your information, and that everyone who has access is trained appropriately to manage your information.

No data transmission over the internet can however be guaranteed to be 100% secure. So, while we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.

Who has access to your information?

  • Third parties who provide services to us, for example, Mailerlite by sending mailings. We select our third-party service providers with care and based on their compliance with data laws. We provide these third parties with the information that is necessary to provide the service and we will have an agreement in place that requires them to operate with the same care over data protection as we do.

  • Where necessary to complete a transaction or provide a service you have requested, we will need to pass on your details to third-parties. For example, when purchasing products from my online shop, we will need to pass on your name and address to a courier company to make the delivery.

  • Analytics and search engine providers that help us to improve our Websites and their use.

  • We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.

  • Other than this, we will not share your information with other organisations without your consent.

Keeping your information up to date

We would appreciate if you let us know when your contact details change. You can do so by contacting us at info@chrisgillgallery.co.uk

Our use of “Cookies”

What are Cookies?

As is common practice with almost all professional Websites, our sites use cookies, which are tiny files that are downloaded to your computer, to improve your experience.

How we use Cookies

Our Websites use cookies to help them work and to track information about how people are using them. We collect and retain information about your transactions with us so that we can process your transactions and deal with future queries.

Third Party Cookies

We also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through our site.

This sites use Google Analytics which is one of the most widespread and trusted analytics solution on the Web for helping to understand how you use the sites and identify ways that we can improve your experience. These cookies may track things such as how long you spend on the sites and the pages that you visit so we can continue to produce engaging content.

For more information on Google Analytics cookies, see the official Google Analytics page.


We use Mailerlite to manage all subscriptions to our mailing lists and to manage the creation and sending of emails to subscribers of those lists. Mailerlite uses a session cookie to track users through the Sign-Up process when they submit information via our Sign Up (subscription) form. For further information please read Mailerlite’s privacy policy.

Links

Any links on our Websites may take you to third party sites over which we have no control. When linking to another Website, you should read the privacy policy stated on that Website. This policy does not cover the use of your personal data on any third-party Websites.

How long we keep your information for

We will hold your personal information for as long as it is necessary for the relevant activity.

Where we rely on your consent to contact you for direct marketing purposes, we will treat your consent as lasting for as long as it is reasonable to do so.

If you ask us to stop contacting you with marketing materials, we may keep a record of your contact details and limited information needed to ensure we comply with your request.

Your rights

You have the right to request details of the processing activities that we carry out with your personal information through making a Subject Access Request. Such requests should be made in writing. To make a request contact us at info@chrisgillgallery.co.uk

You also have the following rights:

  • the right to request rectification of information that is inaccurate or out of date;

  • the right to erasure of your information (known as the “right to be forgotten”);

  • the right to restrict the way in which we are dealing with and using your information;

  • the right to request that your information be provided to you in a format that is secure and suitable for re-use (known as the “right to portability”); and

  • rights in relation to automated decision-making and profiling, including profiling for marketing purposes.

To exercise any of these rights, you should contact us at info@chrisgillgallery.co.uk

Changes to this Privacy Policy

This Policy may be changed from time to time. If we make any significant changes we will advertise this on our Website or contact you directly with the information.

Do please check this Policy each time you consider giving your personal information to us.

This Policy was last updated in March 2024.

On Social Media

Privacy Policy

Terms and Conditions

© 2024. All rights reserved.

Socials:

For the latest prints of original Chris Gill paintings visit our sister site:

chrisgillgallery.com

Business Address:

ChrisGillGallery

61 Bridge St

Kington. HR5 3DJ