Skip to content
Home » Privacy Policy

Privacy Policy

This privacy policy tells you how we use personal information collected at this site. Charlotte Thomson Morley – sole trader trading as Charlotte Thomson Creative Studio is committed to protecting and respecting your privacy. This is the privacy policy for

Please read this privacy policy before using the site or submitting any personal information. By using the site, you are accepting the practices described in this privacy policy. This privacy notice provides you with details of how we collect and process your personal data through your use of our site, our Etsy shop or Big Cartel shop, including any information you may provide when you purchase a product or service.

Charlotte Thomson-Morley is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).

Purpose of this Privacy Policy

This privacy policy aims to give you information on how We collect and process your personal data through your use of this website, including any data you may provide through this website when you sign up to our newsletter, when you purch or send us a commission enquiry.

This website is not intended for children and we do not knowingly collect data relating to children.

Contact Details

Full name of legal entity – Charlotte Thomson-Morley under the Sole Trader business name Charlotte Thomson Creative Studio.
Postal address: 83 Ringleas, Cotgrave, Nottingham NG123NF
Phone: +44 (0) 7825090304

Changes to the Data Policy and Your Duty to Inform Us of Changes

We keep our privacy policy under regular review. This version was last updated on 27 October 2021. It is important that the personal data we hold about you is current and accurate. Please keep us informed if your personal data changes
during your relationship with us.

Third-Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

What data do we collect about you?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the idenity has been removed (anonymous data).

We collect and use personal data only as needed to deliver products to you and complete commissioned art and design projects. We also keep a mailing list to continue to inform you of news.

The information we keep may include your name, address, telephone number, email address, photographs for portrait commissions and other data which may identify you.

We collect and hold data when:

  • You purchase an item through the online store or make an order in person which must be posted. We use this information to process your order. When you pay via Paypal, Big Cartel or via Etsy we do not have access to your payment details or bank information in these instances.
  • If you contact Charlotte Thomson-Morley by direct email to make an enquiry. We keep and use this in relation to your enquiry.
  • You sign up the newsletter either online or in person. We use these details to send you information about Charlotte Thomson-Morley events and news in the format you have requested.
  • You commission art or design work through us we collect your name, address and payment details where required to complete your commission and where legally required for tax purposes.
  • You commission portrait art that requires a likeness to be created, we collect photographs clearly identifying your face.

How do we collect your data?

Your data is collected in the following ways:

Newsletter Mailing list email sign-up which you must actively opt-in to or request sign up. We will never add you to our mailing list without your consent. Mailing data is maintained through Mailchimp, a secure 3rd party mailings website which is signed up to ‘Privacy Shield’ signalling their commitment to keeping your information secure. 

Third party retail websites that we use to sell products including Etsy and Big Cartel collect and process your data on our behalf to enable us to dispatch your orders.

Direct email – when you enter into a commission agreement with us our email chains will be retained for the purpose of completing the commissioned project and for future reference relating to our working relationship.

Website cookies.

How we use your data

We only use your data in relation to the operation of Charlotte Thomson Creative Studio in the manner you have specified (e.g. to process an order, to create and deliver commissioned artwork or to send you newsletter mailings)

How and where is your data stored?

The data that Charlotte Thomson-Morley collects from you is stored within the European Union. And is in compliance with GDPR Laws.

Commissions :
Data used to process personal commissions is stored on a password protected PC harddrive and backed up on password protected iCloud account. This data is only accessible to Charlotte Thomson-Morley and is accessed via PC and password protected iPad Pro. From the iPad personal data such as payment information and invoices are only viewed online, photographs may be localised to the iPad hard drive for the purpose of completing digital commissions and deleted from the iPad device upon completion of the commission.

If paying an invoice direct via BACS our bank account with Nationwide will hold records of your name, bank details or credit card and location.

When paying an invoice via Paypal we have no access to your payment information – For more insight, you may wish to read Paypal’s Terms & Conditions here and Privacy Statement here.

Retail customers using 3rd Party Sites :

We use RoyalMail click and drop services to dispatch our orders, your name and address is input into their website to enable us to print postage and stored on their secure servers for 12 months. View their Privacy policy here. Postage information may be downloaded for the purpose of printing postal labels and is deleted immediately after printing.
Etsy customer transactions are stored on Etsy secure servers.
Big Cartel customer transactions are stored on Big Cartel secure servers.
We store monthly Etsy transaction spreadsheets on our secure PC harddrive and iCloud back up, for the purposes of bookkeeping. These contain order numbers and order totals but no specific identifying data on individual customers (eg: names, address, payment methods).

Newsletter Mailing list :
Mailchimp mailing list data is stored on Mailchimps secure servers.

Direct email :
When contacting me at enquiries(at) your emails are stored on secure servers provided by my web hosting They are only accessed via password protected devices. When emailing direct your email address will never be added to my promotional mailing list unless explicitly requested.

How long is data stored for?

Personal or identifiable data is retained for as long as reasonable for legal or business purposes. These periods may include time for contract law or similar obligations, and to maintain adequate business and financial records. This includes client invoices.

Photographs relating to commissioned portraits will be deleted within 6 months of receipt of final payment for the commissioned artwork.

Digital copies of commissioned artwork featuring your likeness will be stored indefinitely under copyright law however you may request deletion.

Client phone numbers will be stored on our mobile phone only when this is the clients preferred method of communication and for the duration of our working relationship.

Direct emails, including attachments will be stored for the duration of the client working relationship.

Etsy GDPR data can be found here
Big Cartel legal data can be found here.

Mailchimp mailing list data is stored until you actively opt out or request removal from our mailing list by contacting enquiries(at) .

Transfer of Data Outside the European Economic Area (‘EEA’)

We are based in the UK but we use third parties such as PayPal, Etsy, Big Cartel and Mailchimp and iCloud, which are in countries outside the EEA. Accordingly, data obtained within our business in the UK could be processed outside the EEA.

The EU-US and Swiss-US Privacy Shield Frameworks were designed to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European
Union and Switzerland to the United States in support of transatlantic commerce.

How to request your personal data

You can find out what data we hold on you by making a ‘Subject Access Request’. Email enquiries(at)

We will endeavour to make this information available, subject to identity checks, within 30 days of your request.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. The up to date Privacy Policy will be posted online or can be requested by email to enquiries(at)


If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.