“I”, “our”, “us”, “we” “the company”, “DFA”, refer to the business, Department for Art. “You”, “the user” refers to the person or persons using this website. GDPR means General Data Protection Regulation.
How we obtain your information
We will never buy or sell your data. We obtain your data through a variety of means, predominantly from yourself directly, either via written correspondence, web entries, face-to-face or by means of email or telephone contact. Certain data may be supplied to us by other customers, for example if we are asked to ship an item to a third-party address.
What information we hold
When you register and use this site you will be asked to provide certain information such as your contact details. We will use this data to fulfil our agreement with you. The data and information we hold and process about you consists of the following, if applicable:
- Your name and contact details.
- Your account information, including your username, password and preferences, if you have registered. This applies to each account you have registered for with us.
- Your address book entries to include any shipping or billing address you provide.
- Your historic orders and current shopping basket together with your payment information and payment history, including any returns.
- Any correspondence between you and Department for Art in any format.
What we do with your information and our legal basis for processing
We may use information that you provide or that is obtained by us, and may share this information with our third-party service partners:
- To register you with our website and to administer our website service.
- For assessment and analysis, e.g. market, customer and product analysis to enable us to review, develop and improve the services which we offer and to enable us to provide you and other customers with relevant information through our marketing programme. You may change your consent by adjusting the appropriate setting or informing us through our contact details in this policy.
- To record your attendance of and interest in future product launches.
- To provide shipping, packaging and delivery services.
- For invoicing purposes – to invoice you in accordance with the goods and / or services rendered.
- To report any potential insurance claims – these may include special categories of personal data; to discharge our legal obligations or to process and/or defend a claim.
- For the supply of goods and services; to collect payments due from you and to make payments due to you.
- We may also share information with relevant third parties in order to undertake credit checks to minimise our exposure to default, prevent fraud, and to comply with our legal obligations.
If we process any ‘special categories’ of personal data (for example any information relating to your health, religious beliefs, sexual orientation, etc), we will usually rely on receiving your specific consent at the time, unless there is otherwise a legal requirement for us to process such information.
Where your data is held
Department for Art has in place appropriate security measures which ensures that hard copy personal data is kept in lockable storage and filing areas with controlled access. We also have a designated officer who is in charge of keeping all information safe both online and in hard copy form. These measures include:
- Keeping all personal data in lockable storage with either key and/or number-lock-controlled access.
- Storing and password-protecting all personal data held electronically on a server accessible only by relevant and pre-approved Department for Art employees.
- Placing any computers or terminals, that show personal data in a secure location, so that they are not visible except to authorised staff.
- Ensuring that computer screens are not left unattended without a password protected lock-screen being used.
We endeavour to take all reasonable steps to protect your personal information. However, we cannot guarantee the security of any data you disclose online. Due to the inherent security risks of providing information and dealing online, you will not hold us responsible for any breach of security unless due to our negligence or wilful default.
Please be aware that our website may link to other websites which may be viewed through our website. We are not responsible for the data policies or procedures and content of these linked websites.
How long we hold your data, and how it can be deleted
In addition, Department for Art has put in place appropriate measures for the deletion of personal data where it is held by us; manual records will be shredded or disposed of as ‘confidential waste’ and appropriate contract terms have been put in place with any third parties undertaking this work. Hard drives of redundant computers will be wiped clean before disposal or if that is not possible, destroyed physically. A log will be kept of the records destroyed. This information will be held by the Company for as long as we both are parties to a contract or transaction, or until such a time as you withdraw your consent for us to hold it. Accounting information will be retained for the suggested time period as recommended by government legislation following the termination of the contract or transaction for record-keeping purposes in relation to tax.
If you have reason to believe that a child under the age of 16 has provided personal information to Department for Art, please contact us and we will delete that information from our databases.
Where we process your data
We and our third-party service providers normally store and process your data in the United Kingdom. However, we and third-party service providers may from time to time store and process your data elsewhere, including outside the European Economic Area. This may be because our contractor or supplier who carries out any order fulfilment or payment processing, for instance, may be based elsewhere.
If your data is to be stored or processed outside the European Economic Area, we will comply with, and take all reasonable steps to ensure our contractors and suppliers comply with, the rules under the Data Protection Act 1998 and General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) for processing personal data outside the European Economic Area.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
- Access to your data
You can see most of your data through your account web pages when logged in on our website. You are entitled to a copy of all personal data we hold about you. If you would like to exercise this right, please contact Department for Art in writing at its office address.
- Your right to stop marketing messages
If we are sending you marketing literature (including paper-based and electronic messages), you have the right to ask us to stop doing this. Please contact Department for Art in writing at its office address.
- Your right to alter or erase data
You are entitled to ask us to alter or erase your personal data, by contacting the us in writing at our office address. We will respond to any written request within one month of receipt. If this withdrawal means we are not able to provide a service to you, we will advise of this at the time of withdrawal.
Department for Art is exempt from ICO (Information Commissionaires Office) registration as we are only processing personal data for our core business purposes.
Department for Art whose business runs from:
PO Box 667
This policy was created in August 2018.