Last Updated 24th May 2018
We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) (‘GDPR’) and the UK Data Protection Act 2018 (‘DPA’) together with other applicable UK and EU laws that regulate the collection, processing and privacy of your Personal Data (together, ‘Data Protection Law‘).
3.1 We may collect and store the following types of information about you when you use the Site or by corresponding with us (for example, by e-mail). This includes information you provide when registering to use the Site or sharing any data via our social media functions. The Personal Data about you that we collect and use includes the following:
(a) Your name;
(b) Your contact information such as your address, email address, telephone number, billing address and delivery address (if applicable);
(c) If applicable, your payment details/ financial data;
(d) Information from accounts you link to us (e.g. Facebook, Twitter, Instagram);
(e) Information in relation to your purchase of our artworks or use of our services;
(f) Information about your personal preferences;
(g) Information related to your attendance of, and interest in, DATEAGLE ART’S exhibitions, events, artists, artworks, and services.
3.2 Please note that if you do not provide Personal Data when we ask for it, it may delay or prevent us from providing products or services to you.
4.1 We collect most of this Personal Data directly from you – in person, by email, telephone, post, through our social media, and via our website e.g. when you contact us with a query, make a purchase of any of our products or services, or ask that you are added to our mailing list. However we may also collect Personal Data from from articles or other information that has been published about you in the media.
5.1 Please ensure that any Personal Data you supply to us which relates to third party individuals is provided to us with their knowledge of our proposed use of their Personal Data.
6.1 Under Data Protection Law, we can only use your Personal Data if we have a proper reason for doing so e.g.:
(a) To comply with our legal and regulatory obligations;
(b) For the performance of a contract between us or to take steps at your request before entering into a contract;
(c) For our legitimate interests or those of a third party (where we have a business or commercial reason to use your Personal Data, so long as this is not overridden by your own rights and interests, including ensuring the successful continuing our business operations, updating our client and contact records, improving our offerings, marketing our offerings and preventing fraud);
(d) Where you have given consent.
6.2 If we process sensitive data as referred to above we will only do this with your explicit consent; or, to protect your vital interests (or those of someone else) in an emergency; or, where you have already publicised such information; or, where we need to use such sensitive data in connection with a legal claim that we have or may be subject to.
6.3 We may use your Personal Data for one or more of the following purposes:
(a) To fulfil requests, including providing products or services to you;
(b) Maintaining business operations, including updating client and visitor records, identifying areas for operational improvement, such as improving efficiency, training and quality control, getting to know you and your preferences in order to provide you with a more tailored service;
(c) Marketing, including adding you to our mailing list and providing you with direct marketing communications about what we are doing as well as products, services and/or events which may be of interest to you by post or phone. If required under applicable law, where we contact you by SMS, email, fax, social media and/or any other electronic communication channels for direct marketing purposes, this will be subject to you providing your express consent. You can object or withdraw your consent to receiving direct marketing from us at any time, by contacting us at firstname.lastname@example.org;
(d) To enforce and/or defend any of our legal claims or rights;
(e) For any other purpose required by applicable law, regulation, the order of any court or regulatory authority.
7.1 Except as expressly set out in this policy we will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We will only share your Personal Data as set out in this section 7, including sharing with:
(a) Third parties we use to help deliver our products and services to you, e.g. payment service providers and delivery and shipping companies;
(c) Other third parties we use to help us run our business;
(d) Third parties approved by you, e.g. social media accounts you choose to link your account with us to.
7.2 We only allow our service providers to handle your Personal Data if we are satisfied they take appropriate measures to protect your Personal Data. We also impose contractual obligations on service providers to ensure they can only use your Personal Data to provide services to us and to you.
7.3 We may also share personal information with external auditors in relation to the audit of our accounts, and we may disclose and exchange information with law enforcement agencies and regulatory bodies without telling you to comply with our legal and regulatory obligations if we are required by law to do so.
7.4 We may also need to share some Personal Data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
7.5 We may also need to share some Personal Data with other business entities – should we plan to merge with or be acquired by that business entity, or if we undergo a re-organisation with that entity.
9.1 DATEAGLE ART only retains Personal Data identifying you for as long as you have a relationship with us, as is necessary to perform our obligations to you (or to enforce or defend contract claims), or as is required by applicable law. This will involve us periodically reviewing our files to check that information is accurate, up-to-date and still required.
9.2 Personal Data we no longer need is securely disposed of and/or anonymised so you can no longer be identified from it.
10.1 We endeavour to take all reasonable steps to protect Personal Data from external threats such as malicious software or hacking. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of all data sent to us (including Personal Data).
11.1 In accordance with your legal rights under applicable law, you have a ‘subject access request’ right under which you can request information about the Personal Data that we hold about you, what we use that Personal Data for and who it may be disclosed to as well as certain other information. Usually, we will have a month to respond to such a subject access request.
11.2 Under Data Protection Law you also have the following rights, which are exercisable by making a request to us in writing:
(a) To request access to or a copy of any Personal Data which we hold about you;
(b) That we rectify Personal Data that we hold about you which is inaccurate or incomplete;
(c) That we erase your Personal Data without undue delay if we no longer need to hold or process it;
(d) To object to any automated processing that we carry out in relation to your Personal Data;
(e) To object to our use of your Personal Data for direct marketing;
(f) To object and/or to restrict the use of your Personal Data for purpose other than those set out above unless we have a legitimate reason for continuing to use it;
(g) That we transfer Personal Data to another party where the Personal Data has been collected with your consent or is being used to perform contact with you and is being carried out by automated means.
11.3 Any request from you for access to or a copy of your Personal Data must be in writing, and we will endeavour to respond within a reasonable period and in any event within one month in compliance with data protection legislation. We will comply with our legal obligations as regards your rights as a data subject. If you would like to exercise any of the rights set out above, please contact us at the address below.
We operate in accordance with current UK and EU data protection legislation. If you have any concerns about our use of your information, you also have the right (as a UK resident) to make a complaint to the Information Commissioner’s Office (ICO), which regulates and supervises the use of personal data in the UK, via their helpline on 0303 123 1113 – see https://ico.org.uk/.
Site by Our Place.