Your privacy is important to us and we are committed to protecting the confidentiality of your personal information.
The following policy explains how and under what circumstances we may use your data.
The GDPR forms part of the data protection regime in the UK, together with the new Data Protection Act 2018 (DPA 2018). The main provisions of this apply, like the GDPR, from 25 May 2018.
Follow this link to the ICO website
We are registered with the Information Commissioner’s Office as a Data Controller (Reg No. ZA021609) under the terms of the Data Protection Act 2018 and are compliant under GDPR regulations.
When do we collect your personal data
When you visit our website
When you make an online purchase and check out as a guest ( transaction data only )
When you create an account with us
When you engage with us on social media
When you contact us by email or telephone to make an enquiry or order
When you confirm agreement to our terms and conditions
What sort of personal data do we collect
Name, address, gender, date of birth, billing/delivery address, orders and receipts, email and telephone numbers and an encrypted record of your login password
Details of your orders including the artwork details
Details of your interactions with us online by email or social media
Details of your visits to our website
Details of payment method – If you pay on the website or by clicking the pay now button on our invoice the payment is processed by a third party (sagepay / Elavon). We do not hold the payment information on our computers. If you pay by giving us a card number over the telephone we use a remote terminal on sagepay to process the payment. We do not hold the payment information on our computers and any paper record of the card information is shredded after use.
How do we use your personal data and why
To process any orders taken by our website, by direct email and over the telephone. If we didn’t collect this information we wouldn’t be able to process your order and comply with our legal obligations.
To resend to your queries, refund requests and complaints
To protect our business and your account from fraud and other illegal activities
To process payments and to prevent fraudulent transactions
To enable future development of our products and services
To send you communications required by law to inform you of changes to the services we provide
To send you communications about new services, discounts or sale offers as they arise (we use mailchimp to manage our communications from which you can opt out at any time by clicking the unsubscribe button at the bottom of any of our notices)
How do we protect your personal data
We treat all our data very securely and take all reasonable steps to prevent it
We use https technology on our website and website security software to prevent hacking
Access to your account is password protected
We do not hold any payment information
We use the latest firewall and virus protection on our computers
We do store artwork information long term on gsuite servers which are run and protected by google.
We store emails on gsuite servers which are run and protected by google
How long will we keep your personal data
We keep all personal data indefinitely to help us manage further orders or reorders from past artwork
Who do we share your personal data with
We share your data with a few trusted third parties;
Workshop in order to process your orders
Web design company
We NEVER rent, sell or share personal information about you with anyone else.
What are your rights over your personal data
You have the right to request
to access the personal data we hold about you free of charge
to ask for correction of your personal data when incorrect, out of date or incomplete
to ask us to stop using your personal data for direct marketing
to withdraw consent for use of your data by clicking unsubscribe or direct email to firstname.lastname@example.org
We use google analytics software on our site to collect anonymous information about our visitors. Susan Rose China may use this information to customise the content you see and for technical web site administration purposes
Contacting the Regulator
If you feel your data has not been handled correctly please let us know so we can try and resolve the issue. If you are unhappy with our response you have the right to make a complaint to the Information Commissioner’s Office on 0303123113 or visit their website at www.ico.org.uk