Last updated: 4 April 2023
Sculpture House Collective CIC (“us”, “we”, or “our”) operates https://sculpturehousecollective.com (the “Site”). This page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of the Site.
We use your Personal Information only for providing and improving the Site. By using the Site, you agree to the collection and use of information in accordance with this policy.
Information Collection And Use
While using our Site, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to your name, email, address, telephone number (“Personal Information”).
Like many site operators, we collect information that your browser sends whenever you visit our Site (“Log Data”).
This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics.
We use the information provided by Google Analytics and Log Data to see how effective our website is and how to make changes to improve your experience. Google Analytics provides options to limit the amount of time data is retained and these are currently set to 26 months.
Google complies with the Safe Harbor principles and subscribes to the Safe Harbor programme operated by the U.S. Department of Commerce.
In the event that you do not wish data on your website visit to be forwarded to Google Analytics, you can download and install the Google Analytics Opt-out Browser Add-on.
The legal basis for holding your details
We hold and process your data under lawful basis of “Contract”, “Consent” and “Legitimate interest”. When you place an order with us we are under contract to deliver those goods or services to you and inform you of the process of your order. You have the option of signing up to our newsletter when you register for an account with us. If you have purchased from us we will assume you are interested in our products and services and let you know our range of services.
Your data and your right to access Personal Information
The safe storage of your Personal Information is very important to us. We respect your right to privacy and your rights to access information held about you.
You have the right, under the GDPR, to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request a correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information, ensuring your ‘right to be forgotten’. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below). You should be aware that, for legal reasons, we may be unable to erase certain information.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
If you would like to make a request, please email us at firstname.lastname@example.org and we will answer and deal with your request within fourteen working days. You will not have to pay a fee to access your personal information. However, we may have to charge a small fee if your request for access is agreed to be unfounded or excessive.
We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that you may be interested in.
We will only use your Personal Information to contact you with newsletters and information about your purchase. Your name and email address will be stored securely with MailChimp on servers in the United States. MailChimp may not supply this information to third parties unless there is a legal obligation to do so.
MailChimp lawfully transfers EU/EEA personal data to the U.S. pursuant to our Privacy Shield Certification. MailChimp also complete a SOC II Type 2 examination on an annual basis for the Trust Principal Criteria of Security, Processing Integrity, Confidentiality, and Availability.
Stripe payment gateway
Our website uses Stripe as it’s payment gateway. Stripe’s services in Europe are provided by a Stripe affiliate—Stripe Payments Europe Limited (“Stripe Payments Europe”)—an entity located in Ireland. In providing Stripe Services, Stripe Payments Europe transfers personal data to Stripe, Inc. in the US. To ensure the adequate protection of personal data, Stripe have certified to the EU-U.S. and Swiss-U.S. Privacy Shield Framework. View the Stripe Privacy Shield Policy.
In addition to Privacy Shield, Stripe continues to employ additional compliance measures to ensure an adequate level of protection of personal data transferred outside the European Economic Area.
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.
Like many sites, we use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.
The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
In the event of a breach of security we pledge to notify you within three days of its discovery with a plan of action to help you to take any necessary steps if your data has been compromised.