This privacy notice tells you what to expect when you visit or submit information through this website or via email. The information below will apply unless during any transaction, or other interaction, you have been advised of anything different that supersedes it.
Who are you?
miniaturepainting.co.uk is owned by Richard Harris, based near Swansea, I have been painting miniatures professionally since 2010. As a sole trader in the UK, I am the data controller for all personal data related to my business. I can be contacted at firstname.lastname@example.org.
Why are you processing my data?
I only process personal data for the purposes of:
- keeping accounts relating to my business;
- deciding whether to accept anyone as a customer or supplier;
- keeping records of purchases, sales or other transactions to ensure the relevant payments, deliveries or services take place; or
- making financial or management forecasts to help me carry out my business.
The individuals I hold information about are restricted to anyone whose personal information needs to be processed for my accounts and records (e.g. past, existing or present customers or suppliers) and the information I hold is restricted to personal information that is necessary for my accounts and records e.g. (name, address and email address).
I am therefore not required to register with the ICO, pay the Data Protection Fee or designate a Data Protection Officer (however, I do have the Practitioner Certificate in Data Protection – PC.dp and act as a Data Protection Officer for another organisation).
What is your legal basis for processing my data?
My legal basis for processing your personal data for sales and commissions is that the processing is necessary for the performance of a contract to which you (the data subject) are party or in order to take steps at your request prior to entering into a contract. You are therefore obliged to give me the information in order for me to communicate with you about the work to be undertaken, process payment and ship the completed work to you.
What data do you process?
I do not process any personal data that has been obtained from a source other than the data subjects themselves.
Who will you share my data with?
I may put your email address through PayPal Invoice but I am open to discussing a different payment method if you would prefer. When I use PayPal, they are data controllers in their own right. For information on how PayPal handles your data, please view their privacy information here.
This website and associated email are hosted by Paragon Internet Group Ltd (trading as Tsohost) whose servers are based solely in the UK.
How long will you keep my data?
I have a legal obligation to retain business records for 5 years after the 31st January self-assessment submission deadline following the relevant tax year in case HMRC carry out a Tax Compliance Check. In practice, this means that I must keep records of business transactions for up to 6 years and 10 months but no longer.
What rights do I have?
- The right to be informed
- You have the right to be informed about how I use your personal data. This privacy notice should give you all the information you need but if you have any further queries, please contact me at email@example.com.
- The right of access
- You have the right to make a Subject Access Request (SAR) to find out what personal data I have on you and some supplementary information about how I process it in order to be aware of and verify the lawfulness of the processing. If you want to make a request, you can contact me at firstname.lastname@example.org.
- The right to rectification
- You have the right to have any data I hold about you corrected or completed. To request this, you can contact me at email@example.com.
- The right to erasure
- You have the right to have your personal data erased in certain circumstances, however, where this data is required to fulfil a contract or a legal obligation, this right will not apply. To explore this possibility, you can contact me at firstname.lastname@example.org.
- The right to restrict processing
- You have the right to restrict processing of personal data, however, this also only applies in certain circumstances. To explore this possibility, you can contact me at email@example.com.
- The right to data portability
- You have the right to obtain a copy of your personal data to be transferred to another data controller. To request this, you can contact me at firstname.lastname@example.org.
- The right to object
- You have the right to object to certain processing activities, however, I do not currently perform any activities that this would apply to.
- Rights in relation to automated decision making and profiling
- This right also does not apply to any activities for which I process personal data.
- The right to withdraw consent
- None of my current processing activities are based on consent, therefore this right does not apply.
I don’t think that my data is being handled appropriately, what can I do?
I take data protection very seriously and do my upmost to comply with legislation and best practice. If you think that your data has been mishandled, please contact me with your concerns at email@example.com. You also have the right to lodge a complaint with a supervisory authority, which for the UK is the Information Commissioner’s Office (ICO).
What cookies are you storing on my computer?
This website will only store two cookies on your computer:
- ‘DYNSRV‘ is a ‘session’ cookie which is created by the host server for load balancing purposes. This is a very standard practice where clusters of servers are used and does not impact on your privacy as it only identifies the server you are connected to and not you. When you close your web browser, this cookie will be removed from your computer.
- ‘euCookie‘ is a ‘persistent’ cookie which records that you have acknowledged this cookie information and prevents the banner you just clicked on from displaying on subsequent visits. This cookie is set to expire after 365 days and again it does not identify you in any way.
These are both ‘first party cookies’ which are a small amount of text stored on your computer that are created by this website as a result of your visit.
Neither of these cookies amount to personal data as defined by the General Data Protection Regulation as neither identify you personally nor allow any kind of tracking of your activity and this website does not use any third party cookies.