Charlotte Thomson-Morley is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
This website is not intended for children and we do not knowingly collect data relating to children.
Full name of legal entity – Charlotte Thomson-Morley under the Sole Trader business name Charlotte Thomson Creative Studio.
Postal address: 83 Ringleas, Cotgrave, Nottingham NG123NF
Phone: +44 (0) 7825090304
Changes to the Data Policy and Your Duty to Inform Us of Changes
during your relationship with us.
What data do we collect about you?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the idenity has been removed (anonymous data).
We collect and use personal data only as needed to deliver products to you and complete commissioned art and design projects. We also keep a mailing list to continue to inform you of news.
The information we keep may include your name, address, telephone number, email address, photographs for portrait commissions and other data which may identify you.
We collect and hold data when:
- You purchase an item through the online store or make an order in person which must be posted. We use this information to process your order. When you pay via Paypal, Big Cartel or via Etsy we do not have access to your payment details or bank information in these instances.
- If you contact Charlotte Thomson-Morley by direct email to make an enquiry. We keep and use this in relation to your enquiry.
- You sign up the newsletter either online or in person. We use these details to send you information about Charlotte Thomson-Morley events and news in the format you have requested.
- You commission art or design work through us we collect your name, address and payment details where required to complete your commission and where legally required for tax purposes.
- You commission portrait art that requires a likeness to be created, we collect photographs clearly identifying your face.
How do we collect your data?
Your data is collected in the following ways:
Newsletter Mailing list email sign-up which you must actively opt-in to or request sign up. We will never add you to our mailing list without your consent. Mailing data is maintained through Mailchimp, a secure 3rd party mailings website which is signed up to ‘Privacy Shield’ signalling their commitment to keeping your information secure.
Third party retail websites that we use to sell products including Etsy and Big Cartel collect and process your data on our behalf to enable us to dispatch your orders.
Direct email – when you enter into a commission agreement with us our email chains will be retained for the purpose of completing the commissioned project and for future reference relating to our working relationship.
How we use your data
We only use your data in relation to the operation of Charlotte Thomson Creative Studio in the manner you have specified (e.g. to process an order, to create and deliver commissioned artwork or to send you newsletter mailings)
How and where is your data stored?
The data that Charlotte Thomson-Morley collects from you is stored within the European Union. And is in compliance with GDPR Laws.
Data used to process personal commissions is stored on a password protected PC harddrive and backed up on password protected iCloud account. This data is only accessible to Charlotte Thomson-Morley and is accessed via PC and password protected iPad Pro. From the iPad personal data such as payment information and invoices are only viewed online, photographs may be localised to the iPad hard drive for the purpose of completing digital commissions and deleted from the iPad device upon completion of the commission.
If paying an invoice direct via BACS our bank account with Nationwide will hold records of your name, bank details or credit card and location.
When paying an invoice via Paypal we have no access to your payment information – For more insight, you may wish to read Paypal’s Terms & Conditions here and Privacy Statement here.
Retail customers using 3rd Party Sites :
Etsy customer transactions are stored on Etsy secure servers.
Big Cartel customer transactions are stored on Big Cartel secure servers.
We store monthly Etsy transaction spreadsheets on our secure PC harddrive and iCloud back up, for the purposes of bookkeeping. These contain order numbers and order totals but no specific identifying data on individual customers (eg: names, address, payment methods).
Newsletter Mailing list :
Mailchimp mailing list data is stored on Mailchimps secure servers.
Direct email :
When contacting me at enquiries(at)charlottethomson.co.uk your emails are stored on secure servers provided by my web hosting Cymbiant.com. They are only accessed via password protected devices. When emailing direct your email address will never be added to my promotional mailing list unless explicitly requested.
How long is data stored for?
Personal or identifiable data is retained for as long as reasonable for legal or business purposes. These periods may include time for contract law or similar obligations, and to maintain adequate business and financial records. This includes client invoices.
Photographs relating to commissioned portraits will be deleted within 6 months of receipt of final payment for the commissioned artwork.
Digital copies of commissioned artwork featuring your likeness will be stored indefinitely under copyright law however you may request deletion.
Client phone numbers will be stored on our mobile phone only when this is the clients preferred method of communication and for the duration of our working relationship.
Direct emails, including attachments will be stored for the duration of the client working relationship.
Mailchimp mailing list data is stored until you actively opt out or request removal from our mailing list by contacting enquiries(at)charlottethomson.co.uk .
Transfer of Data Outside the European Economic Area (‘EEA’)
We are based in the UK but we use third parties such as PayPal, Etsy, Big Cartel and Mailchimp and iCloud, which are in countries outside the EEA. Accordingly, data obtained within our business in the UK could be processed outside the EEA.
The EU-US and Swiss-US Privacy Shield Frameworks were designed to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European
Union and Switzerland to the United States in support of transatlantic commerce.
How to request your personal data
You can find out what data we hold on you by making a ‘Subject Access Request’. Email enquiries(at)charlottethomson.co.uk
We will endeavour to make this information available, subject to identity checks, within 30 days of your request.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.