I am an artist/small business operating from home in Norfolk.
I sell original artwork, prints, greetings cards and other beautiful things. In this complicated digital world of connected computers, the use and retention of data is unavoidable, but I want you to know that I take great care to protect and safeguard your personal information. This policy document will set out and explain what data I collect and how I use it to fulfil my obligations to you.
If you have any worries or causes for concern over the use or collection of your data, I would like to politely request that in the first instance you contact me directly; I am here to help.
Within this document I may refer to myself as “I”, “we”, “us”, “our”, “the website”, “the company”, “NS”, “nikkistebbing.com” or just simply “Nikki Stebbing”.
1. Who Are We?
I am a private individual acting as a sole trader for the purpose of selling and distributing original artwork, prints, greetings cards, homeware, and other printed media only. This website is owned and operated by Nikki Stebbing, Water’s Edge, Low Road, Tasburgh, Norfolk, NR15 1AR.
2. What Data Do We Collect?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data includes (first name, last name, username, or similar identifier).
Contact Data includes (billing address, home address, email address and telephone numbers).
Financial Data includes payment card details.
Transaction Data includes details about products (and services) you have bought from us and when you have requested information or raised queries.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website/or any apps.
Profile Data includes your username and password, products/services bought by you, queries, feedback, and survey responses.
Usage Data includes information as to how you use our website.
Marketing and Communications Data includes your preferences as to whether you are happy to receive marketing from us and, if so, your communication preferences.
Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature or product. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We will not deliberately collect or process special categories of personal data about you, for example health, or racial or ethnic origin, although sometimes this is impossible to avoid. For example, buying a greetings card for a specific religious occasion might imply or suggest your interest in a particular faith. We never use this information, and we never store these kinds of implied associations.
3. How Do We Collect Your Data?
We collect data from and about you in different ways, including the following:
Your direct dealings with us.
You may give us your identity and contact data by filling in forms or by corresponding with us by post, phone, email, via this website, apps or on social media or otherwise.
This includes personal data you provide when you:
Subscribe to our newsletter.
Request a brochure or other promotional or marketing materials to be sent to you.
Register on our website.
Buy products and/or services from us in person, or at one of our outlets or vendors.
Buy products [and/or services] via our website.
Enter a competition or respond to a promotion or survey.
Give us some feedback.
Automated technologies or interactions.
As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
We may receive personal data about you from some third parties. Technical data from analytics providers such as Google or Facebook based outside the EU. Contact, financial and transaction data from providers of technical, payment and delivery services. From time to time our advertising or links may be displayed on other websites or online platforms and we may record the origins of these links.
4. How Will We Use Your Data?
We collect and use your data when the law allows us to.
We will use your personal data in the following circumstances:
To process an order you have placed.
To manage your online account.
Where we need to perform the contract we have entered into with you or when we are preparing to enter into a contract.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you. You have the right to withdraw consent at any time by contacting us or visiting your account page and navigating to your marketing consent options.
Purposes for which we might use your data.
Below is a list, of the ways we plan to use your personal data:
To respond to an enquiry from you.
To provide products or services to you, take payment for them and to keep records of our dealings with you.
To manage our relationship with you which will include:
Asking you for feedback by leaving a review or taking part in a survey.
Notifying you about orders or details relating to orders.
Reviewing or recording your usage of the website and your order history.
Where you have given permission, provide our newsletter/marketing materials/ promotions.
To run competitions, events or prize draws or other promotions.
To administer and protect our business including our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
To deliver relevant website content to you and measure or understand the effectiveness/usability of our website.
To use data analytics to improve our website, products, services, marketing, and customer relationships.
To deal with issues, complaints or disputes arising out of our relationship with you and to prevent or detect crime, including fraud.
We believe these uses of data to be necessary for our legitimate interests, to fulfil our contracts or business dealings with you and to comply with our legal obligations. We also consider our need to keep our records updated, to understand how customers use our services, what they think of our products and how we can improve them, a legitimate interest in which we are entitled by law to capture and process data. When we refer to legitimate interests, we mean the interest of our business in conducting and managing our business to enable us to give you the best service/product. We make sure we consider and balance any potential positive and negative impact on you and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). We will never undertake automated decision making using your personal data.
Disclosure of your personal data.
We may have to share your personal data with the categories of parties set out below for the purposes set out above:
Credit card companies and other payment providers
Business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you.
Analytics and search engine providers that assist us in the improvement and optimization of our services and website.
Professional advisers, including lawyers, banks, auditors, and insurers.
HM Revenue and Customs, regulators, and other authorities.
Organisations involved in credit checking and anti-fraud activities, crime prevention/detection, risk assessment and management and dispute resolution.
Where these third parties and other organisations are involved in processing or working with us to deliver our services both digitally and physically, we require them to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. The companies and partners we deal with to provide our products and services are, like us, subject to specific obligations under data protection law, and who will have their own privacy notices setting out how they deal with personal data.
5. How Do We Store Your Data?
We take regular backups of our website to protect our business interests and to secure our data from technical issues. These backups are stored in a secure encrypted format and kept offline for protection. Due to the nature of these backups, we cannot remove single or specific pieces of data from them, so whilst we will respect any request to delete or permanently remove personal data from our systems, it may not be possible to delete it from our backups – we will only keep backups for as long as is technically necessary. We have taken steps to implement security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. We keep the software, plugins, and systems, including our database as secure as possible but we cannot guarantee our systems are completely secure. Hacking of databases and theft of data is possible and you should be aware that transmission of information via the internet is not completely secure. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. Processors we appoint will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to notify you and any applicable regulator of a suspected personal data breach where we are legally required to do so.
6. Use Of Data for Marketing
Where you have agreed to receive marketing communications, we may use your identity, contact, technical, usage and profile data to send advertisements or offers which we believe may be of interest to you. We will only share your personal data for marketing purposes in accordance with your preferences/consent with our marketing providers and email marketing system Ascend. You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you. Alternatively, you can forward any marketing email to email@example.com with the word STOP in the subject line. If you have comments or specific concerns about our marketing practices and would prefer to chat with us, please use our published contact details to get in touch; we would be happy to discuss your concerns.
7. What Are Your Data Protection Rights?
You have the right to:
Request access to your personal data. Commonly known as a “data subject access request”. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing. If we are not able to comply with your request for erasure for specific legal reasons, we will tell you at the time of your request.
Object to processing of your personal data. Where we are relying on our legitimate interest and there is something about your situation which makes you want to object to processing because you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following situations:
if you want us to establish the data’s accuracy.
where our use of the data is unlawful, but you do not want us to erase it.
where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
8. What Are Cookies?
9. What Type Of Cookies Do We Use?
Some cookies used on the site remain on your device once you have left the site (though how long will depend on the lifetime of the specific cookie). These are often called persistent cookies. Persistent cookies are typically used on the site to help it recognize your device when you return to it, and to help us improve the structure of the site by compiling anonymous, aggregated statistics that allow us to understand how users use the site. The cookies used by the site can be grouped into three categories.
Strictly necessary cookies. These are cookies that are required for the operation of the site. They allow our web servers to respond to your actions on the site and whilst browsing it. The site will not work for you without these cookies.
Analytical cookies. These cookies allow us to see how visitors move around the site when they are using it. This helps us to improve the way the site works, for example, by ensuring that users are finding what they are looking for easily and to analyse the effectiveness of our marketing campaigns.
Functionality cookies. These are used to recognize you when you return to the site to remember your preferences and allow us to provide certain aspects of the site’s functionality.
10. How To Manage Your Cookies?
Most browsers allow you to refuse to accept cookies. Your browser may have a Help section or some other form of instructions which should explain how to do this. If you are using a smartphone, then the manufacturer should have instructions on its website explaining how to do this (for example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector). Useful guidelines on how to do this for several popular computer browsers can be found by browsing the Cookie Guidelines at Ico.org.
Please note that if you do disable any cookies this will almost certainly have a negative impact upon the usability of many websites, including this one. We rely on these tiny files to make our site work and to improve the experience of browsing the site.
11. Links & Buttons – Other Website Policies
Our website may include links to third-party websites (plug-ins and applications). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
12. Providing Us With False Information
Where we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide that data or you provide false information, we may not be able to fulfil the contract we have or are trying to enter into with you. For example, we need your address and contact information to dispatch goods. False information may mean we cannot complete your order, or you may not receive your goods. In this case, we may have to cancel a contract you have with us, but we will try to notify you if this is the case at the time. Please take care to check all the personal information you provide during the checkout process to make sure it is correct and completed in full.
This privacy notice was last updated on 20th March 2022. We will update this privacy notice from time to time and will try to notify you of any significant changes by updating this policy document. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
14. How To Contact Us?
Visit our Contact page to get in touch!