Privacy Policy

We are committed to protecting your privacy and personal information and will never abuse your trust. 

​This Privacy Policy explains:

  • what information is collected

  • how information is stored

  • how information is used

It also provides links to the Privacy Policies of organizations providing web-ware used by this website.

In compliance with GDPR, you are entitled to 8 rights:

  • 8 rights under GDPR

    • To be informed: We have made our best efforts to be transparent about our data processing in this Privacy Policy.

    • Of access: We let individuals access any data we’ve processed from them which can be shared upon request via the contact form on our page.

    • Of rectification: We let individuals rectify incomplete or inaccurate data.

    • To erasure: We grant individuals an option to delete their data from our systems and data processors.

    • To data portability: Individuals can reuse their data for other services

    • In relation to automation: Individuals are protected from automated decision-making processes
       

Cookies

Cookies are collected via our website host and developer Squarespace.
Information on how Squarespace uses cookies can be found here.

 

What is personal data?

This is the definition provided to us by the Information Commission

The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

 

This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organizations collect information about people.

 

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.

What information do we collect?

When you contact us:

  • Personal data you provide about yourself (for example, your name and contact details e.g. an email)

  • If you provide a name and an email address when making a comment on a blog post or submitting a form. We do not ask for any other details. What you provide is up to you.

  • You may disclose information about your business - however, this is not personal information which for the purposes of the GDPR only relates to the personal data of individuals

When a third party contacts us on your behalf:

  • Personal data provided by a third party such as your name, contact details, and specific circumstances.

When you visit this website or interact with this site or us via social media:

  • Your IP address and browsing preferences and choices;

  • Your name and username and any comments that you make.

When you commission us to do work for you:

  • Your name and email address. We will also ask you for your normal mailing address for our invoice. Depending on the assignment you may disclose various other data but this will vary from client to client and will not apply to all. What you disclose is your choice.

 

How do we collect information?

Your personal information may be collected from a number of sources. These include:

  • From you when you contact or interact with this site by email or when you communicate through social media;

  • From forms you may complete;

  • From public sources of data (e.g. the contacts details you have chosen to make public on your website or social media)

  • From organizations/bodies you are connecting to or are affiliated with when they provide your information to us

  • When you make a purchase on our website from our store

  • When you sign up for our newsletter

 

Why do we collect it?

  • In relation to newsletters, the information we hold is based on you having given your consent. For example, in relation to newsletters you have provided the email and then verified that it should be stored and used for the purpose of sending you emails via MailChimp.

  • Data relating to any business transaction arises out of a contractual necessity e.g. so we are both are fulfilling the obligations set out in supplier terms and conditions or any contract that may be in place.

How do we use your information?

We process your data in order to:

  • Record any correspondence or products We receive and respond accordingly;

  • Send out information relating to news updates

  • Enter into contracts with customers

  • Maintain relationships with individuals and organizations and send messages from time to time

  •  

How is it stored?

Your personal data is stored in a number of ways:

  • In software systems which are managed by Webware provided by a third party supplier. (details below)

 

  • If you register for our newsletter, your information will be held on a secure server and the data will be shared with MailChimp only for our newsletter. This is mandatory for sending you our newsletter.

  • By PayPal or Stripe, DPI and Squarespace when you make a purchase on our website for order processing and shipment. This is mandatory for processing orders.

  • By Gmail when you make an inquiry on our website through our contact form. This is mandatory for you to contact us and for us to respond.

 

Who do we share your information with?

We may share your data with and/or obtain information from some third parties:

  • our website service in relation to the use of forms on this website;

  • Other organizations where we are required to by law or by a public authority.

We are committed to protecting your privacy. Under no circumstances do we rent, trade or share your email address without your consent.

 

How do we protect your data?

We take the security of your data very seriously. Your data cannot be accessed by third parties other than those providing services as identified below.

We engage reputable service providers to process your data on our behalf for the purposes of email correspondence, website and order processing. They are all under a duty of confidentiality and are legally obliged to implement appropriate technical and organizational measures to ensure the security of data in line with the relevant legislation.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

 

How long do we keep your personal data?

Nothing is kept indefinitely. Your personal data is kept under review.

  • Correspondence: We periodically delete contacts and associated emails.

  • Forms: We store your consent for data use and storage within MailChimp when you sign up for the newsletter, within Squarespace when you make a purchase and PayPal and/or Stripe will store your data when you make a purchase. Please refer to their Privacy Policies (further down on this page) for more information on how they store your data.

  • Newsletter: Emails are stored on in our dedicated MailChimp account. If the email is not verified for this use within one month of it being received by MailChimp we delete it. You may unsubscribe from this online newsletter at any time by clicking Unsubscribe at the bottom of any email you receive from us.

  • Personal data and business correspondence in relation to all business contracts involving payment are retained for a minimum of seven years after the end of the tax year in line with the requirements of the Internal Revenue Service.
     

Privacy of Email Addresses

Our Privacy Policy in relation to e-mail addresses is simple.

We rely on your consent for us to know and use the personal data you supply - such as name and email address.  Your data is always kept safe and secure.

Below we describe the processes and details the links to the Privacy Policies of the services we use when you supply your email to us.

  • Use of Forms: email addresses can be collected by this website - using MailChimp forms. These are ONLY used for correspondence relating to the page where you submitted your email address for our Newsletter.  Your email address is stored the MailChimp servers until deleted by us. This is the Squarespace Privacy Policy. If you use a contact form on our website then your information is collected and stored on the Squarespace server and your inquiry or comment then goes to our Gmail account.
     

  • Marketing: We may use your email address for marketing purposes but we will never share it with anyone else except our data processors for our own purposes. We will never sell your information.

  • What we do with your emails:
    Emails are stored in our dedicated Gmail account and can be removed at any time per your request through the contact page on our website.
     

If you have any queries you can contact us via the contact forms on this website or via the contact information on our contact page.

 

You are also assured of privacy relating to data collected for statistical purposes - however, I am dependent on the privacy policies of third parties in this respect.
 

All statistical data collected via this site is initially collected, stored and analyzed by third parties.

Squarespace provides us with basic statistics.  I get more information using two statistical packages - see below

In addition, this is Google's statement about How Google uses data when you use our partners’ sites or apps.

Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt-Out page or by using the Google Analytics Opt-Out Browser
Opting out:add-on.

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. – See more at

According to CalOPPA, we agree to the following:
Users can visit our site anonymously.
Once this privacy policy is created, we will add a link to it on our homepage or as a minimum, on the first significant page after entering our website.
Our Privacy Policy link includes the word ‘Privacy’ and can be easily be found on the page specified above.

You will be notified of any Privacy Policy changes:
• On our Privacy Policy Page
Can change your personal information:
• By logging in to your account

How does our site handle Do Not Track signals?
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Does our site allow third-party behavioral tracking?
It’s also important to note that we do not allow third-party behavioral tracking.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

We do not specifically market to children under the age of 13 years old.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify you via email
• Within 1 business day

We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

CAN-SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:
• Send information, respond to inquiries, and/or other requests or questions
• Process orders and to send information and updates pertaining to orders.
• Send you additional information related to your product and/or service
• Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

To be in accordance with CAN-SPAM, we agree to the following:
• Not use false or misleading subjects or email addresses.
• Identify the message as an advertisement in some reasonable way.
• Include the physical address of our business or site headquarters.
• Monitor third-party email marketing services for compliance, if one is used.
• Honor opt-out/unsubscribe requests quickly.
• Allow users to unsubscribe by using the link at the bottom of each email.

Contact information and further advice

The Camozzi Art Studio is responsible for ensuring compliance with data protection legislation and is named as Data Controller. If you have a query please contact us in the first instance.

If you have concerns about the use of your personal data, the FTC has made itself America’s de facto Data Protection Authority (DPA) through aggressive use of Section 5 of the FTC Act, which prohibits unfair or deceptive trade practices. They can be contacted through

  • their website: https://www.ftc.gov/ or

  • their phone number +1 (202) 326-2222

  • in writing to Federal Trade Commission
    600 Pennsylvania Ave, NW
    Washington, DC 20580
     

Last edited on 23 July, 2019 4:18 pm