Our Privacy policy and Data Protection policy - updated 13th August 2023

The General Data Protection Regulation (GDPR), which came into law in the UK on 25^th May 2018, mirrors our founding ethos of placing our clients at the heart of everything we do.

We are committed to five key principles:

1. Put our clients first,

2. Respect privacy and meet our clients’ expectations,

3. Be honest, be fair, be transparent,

4. Exercise diligence with data,

5. Take responsibility, be accountable.

Data protection reforms, including the GDPR, build on previous legislation, and provide more protections for consumers. As the Information Commissioner says, “It’s evolution, not revolution.”₁

We have been voluntarily registered as a Data Controller (Ref: ZB578721) with the Information Commissioner’s Office (ICO) since 7th August 2023, so our commitment to responsible data handling is clear and demonstrable. We are a very small business with very big standards.

Under the GDPR we may hold your ‘personal data’ in order to:

1. Fulfil our contract with you when you purchase our products (including the responsibility to maintain an effective record of limited edition print numbers so as to validate your unique ownership),

2. Fulfil our legal obligations (e.g. record keeping for HMRC purposes),

3. Exercise our legitimate business interest, as defined by ICO, in order to communicate with customers and/or prospective customers (including through occasional and reasonable marketing activities*).

We hold personal data on our systems for as long as necessary to fulfil the purposes for which we collected it.

We do not hold ‘special category data’.

We do not pass on (and have never passed on) any personal data to anyone, for any purpose, for any reason – full stop.

We do use cookies on our website. Our website builder and hosting provider (Fasthosts Internet Limited) utilises cookies to make our website work. Your visits to our website are welcomed – we do not utilise personal data unless an order is placed, and even then, only to the extent that we can fulfil and deliver your order for you.

Paypal – if you pay for our products by credit or debit card or a Paypal account via our Paypal payments processing service, we receive access to your name, address, email and telephone number (if provided). These are obviously required by us in order to fulfil your order which was placed with us and to execute the contract between us. We do not have access to card details or other payment details. These are kept by Paypal to protect your security. You therefore have a ‘data relationship’ with Paypal. Their Privacy Policy can be found on the Paypal website, and via this link: https://www.braintreepayments.com/en-gb/legal/braintree-privacy-policy

Stripe – if you pay for our products by credit or debit card via our website payments processing service, we receive access to your name, address, email and telephone number (if provided) from Stripe payment processing. These details are obviously required by us in order to fulfil your order which was placed with us and to execute the contract between us. We do not have access to card details or other payment details. These are kept by Stripe to protect your security. You therefore have a ‘data relationship’ with Stripe. Their Privacy Policy can be found on the Stripe website, and via this link: https://stripe.com/gb/privacy

Facebook – we have Facebook pages for our prints and services. Facebook do not pass on your data to us, therefore you have a ‘data relationship’ with Facebook if you like or share our Facebook pages or posts. Facebook’s Privacy Policy can be found on their website, and via this link: https://newsroom.fb.com/news/2018/04/new-privacy-protections/

eBay – we occasionally sell our products via eBay. If you purchase our products via eBay you will most likely pay by using a credit or debit card or a Paypal account via our Paypal payments processing service - as above. In addition, eBay may provide us with access to your name, address, email and telephone number (if provided) in order that we may fulfil your order and execute our contract with you. You therefore have a ‘data relationship’ with eBay. Their Privacy Policy can be found on the eBay website, and via this link: https://www.ebayinc.com/our-company/privacy-center/gdpr/

*Our marketing activities are modest, and carried out in a way our customers would reasonably expect. For example, we may email or contact customers or prospective customers up to a maximum of 2 or 3 times per annum with special or seasonal offers, or details of new products we feel they may be genuinely interested in. We always offer a link to our Privacy Policy and an easy and transparent means of ‘unsubscribing’ from our contact list; we act in a way which is proportionate, reasonable and achieves minimal privacy impact.

We are a GDPR compliant business, and have put in place procedures to deal with complaints, removal of a person’s data upon request, provision of personal data upon request, and appointed a Data Protection Officer (DPO): Mr Philip Lardner LLB(Hons), who holds an Honours Degree in Constitutional and Administrative Law from The University of Glasgow. We maintain a GDPR folder outlining our policies and recording any relevant events. We are voluntarily registered as a Data Controller (Ref: Z3564199) with the Information Commissioner’s Office (ICO). We are committed to reporting any suspected or potential breaches of data protection to the ICO within 72 hours.

For any issues relating to GDPR, or data protection generally, please contact our Data Protection Officer (DPO): Mr Philip Lardner LLB (Hons), at Tholos Fine Art, 27 Parkinch, Erskine, Renfrewshire, United Kingdom, PA8 7HZ, or by email at sales@tholos.co.uk

You may ask us to:

- ‘unsubscribe’ you from any emails or other contact from us,

- remove any personal data we may hold which may belong to you (i.e. ‘forget me’),

- provide details of any data we may hold which may belong to you,

- register and deal with a complaint, enquiry or request of any nature relating to data protection and which you may feel is appropriate.

If you are unhappy about the way your enquiry has been handled by us, or are concerned about any aspect of how your personal data is being handled by us, then please contact the Information Commissioner’s Office (ICO) via the ICO helpline on 0303 123 1113 (local rate), or the ICO website at https://ico.org.uk/for-the-public/ or write to:

The Information Commissioner's Office, Wycliffe House, Water Lane,
Wilmslow, Cheshire, SK9 5AF.

Thank you.

References:   1. Elizabeth Denham, Information Commissioner; foreword to “GDPR for marketers: The essentials” published by THE DMA (UK) LTD 2018.

Updated 13th August 2023    © Tholos Fine Art 2020