The General Data Protection Regulation (GDPR), which came into law in the UK on 25th May 2018, mirrors our founding ethos of placing our clients at the heart of everything we do.
We are committed
to five key principles:
1. Put our clients first,
2. Respect privacy and meet our clients’ expectations,
3. Be honest, be fair, be transparent,
4. Exercise diligence
Take responsibility, be accountable.
Data protection reforms, including the GDPR, build on previous legislation, and provide more protections
for consumers. As the Information Commissioner says, “It’s evolution, not revolution.”₁
We have been
voluntarily registered as a Data Controller (Ref: Z3564199) with the Information Commissioner’s Office (ICO) since 25th February 2013, so our commitment to responsible data handling is clear and demonstrable.
We are a very small business with very big standards.
Under the GDPR we may hold your ‘personal data’ in order to:
1. Fulfil our contract
with you when you purchase our products (including the responsibility to maintain an effective record of limited edition print
numbers so as to validate your unique ownership),
2. Fulfil our legal obligations (e.g. record keeping for HMRC purposes),
3. Exercise our
legitimate business interest, as defined by ICO, in order to communicate with customers and/or prospective customers (including
through occasional and reasonable marketing activities*).
We hold personal data on our systems
for as long as necessary to fulfil the purposes for which we collected it.
We do not hold ‘special category data’.
not pass on (and have never passed on) any personal data to anyone, for any purpose, for any
reason – full stop.
data gathering methods on our website. Your visits to our website are welcomed, and are not recorded by us in any way other
than an anonymous traffic meter - no personal data is gathered at all unless an order is placed.
Paypal – if you pay for our products by credit or debit card or a Paypal account via our Paypal payments processing
service, we receive access to your name, address, email and telephone number (if provided). These are obviously required by
us in order to fulfil your order which was placed with us and to execute the contract between us. We do not have access to
card details or other payment details. These are kept by Paypal to protect your security. You therefore have a ‘data
Facebook – we have Facebook pages for our prints
and services. Facebook do not pass on your data to us, therefore you have a ‘data relationship’ with Facebook
eBay – we occasionally sell our products via eBay.
If you purchase our products via eBay you will most likely pay by using a credit or debit card or a Paypal account via our
Paypal payments processing service - as above. In addition, eBay may provide us with access to your name, address, email and
telephone number (if provided) in order that we may fulfil your order and execute our contract with you. You therefore have
*Our marketing activities are modest, and carried out
in a way our customers would reasonably expect. For example, we may email or contact customers or prospective customers up
to a maximum of 2 or 3 times per annum with special or seasonal offers, or details of new products we feel they may be genuinely
from our contact list; we act in a way which is proportionate, reasonable and achieves minimal privacy impact.
a GDPR compliant business, and have put in place procedures to deal with complaints, removal
of a person’s data upon request, provision of personal data upon request, and appointed a Data Protection Officer (DPO):
Mr Philip Lardner LLB(Hons), who holds an Honours Degree in Constitutional and Administrative Law from The University of Glasgow.
We maintain a GDPR folder outlining our policies and recording any relevant events. We are voluntarily registered as a Data
Controller (Ref: Z3564199) with the Information Commissioner’s Office (ICO). We are committed to reporting any suspected
or potential breaches of data protection to the ICO within 72 hours.
For any issues relating to GDPR, or data
protection generally, please contact our Data Protection Officer (DPO): Mr Philip Lardner LLB
(Hons), at Tholos Fine Art Publishing Limited, P.O. Box 19612, Erskine, Renfrewshire, United Kingdom, PA8 7WU, or by email
You may ask us to:
- ‘unsubscribe’ you from any emails or other contact from us,
- remove any personal
data we may hold which may belong to you (i.e. ‘forget me’),
- provide details of any data we may hold which may belong
register and deal with a complaint, enquiry or request of any nature relating to data protection and which you may feel is
If you are unhappy about the way your enquiry has been handled by us, or are concerned about any aspect of
how your personal data is being handled by us, then please contact the Information Commissioner’s Office (ICO) via the
ICO helpline on 0303 123 1113 (local rate), or the ICO website at https://ico.org.uk/for-the-public/ or write to:
The Information Commissioner's Office, Wycliffe House, Water
Wilmslow, Cheshire, SK9 5AF.
1. Elizabeth Denham,
Information Commissioner; foreword to “GDPR for marketers: The essentials” published by THE DMA (UK) LTD 2018.
Updated 25th May 2018 © Tholos Fine Art Publishing Limited 2018