At Kathryn Thomas Original Oil Paintings, we take your privacy very seriously and are committed to protecting the privacy and security of our customers. We fully appreciate and respect the importance of data protection and security on the Internet.
This Site is run by Kathryn Thomas Original Oil Paintings. For the purposes of applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”) (as amended or superseded) Kathryn Thomas Original Oil Paintings is the “controller” of the personal information collected through the Site or by phone.
How do we collect information from you?
We will collect personal information that you provide to us when you:
We will also collect certain information automatically when you visit our Site, in particular:
How we use your information
We will use your information in the following ways:
For the performance of a contract between you and us:
Where we have a legitimate interest in using your personal information
If you have consented to receive marketing information from us, we may use your information in the following ways:
How we share your information
We share your information with our core service providers and third-party platforms as required for our business to function; for example, picking, packaging and processing orders, fulfilling deliveries, customer support, fraud detection, credit risk reduction checks, IT systems support, and internal audits.
Your information may be processed by a third party in order to maintain the functionality of our Site and database.
How long we keep your information
We retain the information you provide for the following periods:
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We take the protection of your data very seriously. From the moment we receive your information we employ several industry-standard security measures and features to keep it secured and to prevent unauthorised access.
All pages on our website are secured using the “https” communication protocol, which encrypts transferred information using “transport layer security” (TLS).
Sensitive personal information
We do not seek to collect sensitive personal information (i.e. information relating to race or ethnic origin, political opinions, religious or other beliefs, trade union membership, physical or mental health, sexual orientation or criminal records). We ask that you do not provide such information to us.
Rights you may have
You may have certain rights in relation to personal information that we hold about you. These include the right to request access to your personal information, to request that it is erased, that its processing is restricted, or that any inaccurate personal information is rectified. You may also have the right to object to the processing of your personal information, or in some circumstances to obtain a copy of the personal information in a machine-readable format. You also have the right to complain about the use of your personal information to the Information Commissioner’s Office.
Changes to this Policy
We may change this Policy from time to time. If we make changes, we will notify you by revising the date at the top of this Policy, and if the changes are significant, we may provide you with additional notice such as adding a statement to the homepage of the Site or sending you an e-mail with the update.
Please check this Policy regularly to stay informed about our information practices and the ways you can help protect your privacy.