Privacy Policy Notice
I am strong believer in online data privacy and that people viewing and using my website to place orders deserve to have their details treated with the utmost respect. This Privacy Policy as served by me, Tina Macnaughton Illustrations under the website www.tinamacnaughton.com and www.tinamacnaughton.co.uk set out what I see as my duty of care to customers of my website to ensure that they are fully informed of how I and my team handle and hold their personal information and data.
My team and I view holding data as a big responsibility and only collect and use information from you that is required and absolutely necessary to place and process orders and to hold a record of orders made, to give you the best service we possibly can and allow you to enjoy viewing and using my website(s).
I get a lot of spam mail which I detest as much as you do and I can wholeheartedly say that I or any of my team will never give, sell, or distribute your personal information to anyone not directly involved in processing your data, order, or dealing with you in anyway.
The purpose of this policy is to explain to you how I and my team control, process, handle and protect your personal information through the business and while you browse or use this website. If you do not agree to the following policy you may wish to cease viewing / using this website, and or refrain from submitting your personal data to us.
Policy key definitions:
- “I”, “our”, “us”, or “we” refer to the business, Tina Macnaughton Illustrator and my team.
- “you”, “the user” refer to the person(s) using this website.
- GDPR means General Data Protection Act.
- PECR means Privacy & Electronic Communications Regulation.
- ICO means Information Commissioner’s Office.
- Cookies mean small files stored on a user’s computer or device.
Key principles of GDPR:
My privacy policy embodies the following key principles; (a) Lawfulness, fairness and transparency, (b) Purpose limitation, (c) Data minimisation, (d) Accuracy, (e) Storage limitation, (f) Integrity and confidence, (g) Accountability.
Applicable Legislation
My team and I have done everything within our powers to design my website to comply with the following legislation with regard to data protection, cookie control and privacy:
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
We will strive to ensure that any changes to the above legislation will be implemented along with the adoption also of any new privacy legislation applicable. If you feel we are not compliant or there is any issue that you would like to talk to us about please contact my data protection officer as per the details below:-
Basil Bahrani – Manager – B.Eng (Hons) C.Eng MICE MCIWEM C.WEM MAPM CPM RPP
Email: basil@tinamacnaughton.com
Information Collected and Why?
My website uses various bits of off the shelf software that let me and my team build, operate, manage, and maintain the site, plus collects and uses personal information for the following reasons:
Tracking
Like most websites, my site uses Google Analytics to track your interaction. We use this data to determine the number of people visiting and using our site, to better understand how visitors find and use my web pages, which pages get the most views, and to see their journey through the website. This information can help us make improvements to the site and your experiences / journey in the future too.
Google Analytics does store data such as your geographical location, device, internet browser and operating system. It does not give us any information that enables us to personally identify you in any way. In common with all other sites that use Google Analytics, Google itself does hold a record of your computer’s IP address which could be used to personally identify you to them, but they do not grant us access to this information. Google are therefore considered to be a third party data processor. Please see section below on third party data processors.
Google Analytics makes use of cookies, details of which can be found on Google’s developer guides. By disabling cookies on your internet browser you will be able to stop Google Analytics from tracking any part of your visit to pages within my website.
Site Security
I know that most of the visitors to my site are genuine people and I hope you enjoy the content that we have be you a budding illustrator, author or someone that accidently stumbled onto the site. Unfortunately, there are people out there that have written nasty software that every now and then poses as a threat and people out there who try to damage websites around the world. To help protect us from such activity, we use site security tools provided by third parties. These tools make use of publicly available information regarding your published IP address to assess threat levels to the site. No personally identifiable information is ever provided to us from them, or to them from us.
Customer Orders
To allow us to send you your order we feel it is quite essential that we have your contact details, which we ask you for at checkout. Not sure how we could do this online otherwise?
When you add products to your shopping cart, we use cookies to keep track of your cart contents while you’re browsing the rest of the site. Once you place an order, we ask you for key information regarding your billing address and delivery details in order to fulfil your order. This information is stored only on our UK based server service provider and is only shared with our payment processing gateway, PayPal, in order to take payment. I chose PayPal as one of the most well known payment service providers and we use their off the shelf services so they too are considered to be a third party data processor. Please see section below on third party data processors.
In order for us to provide replacement certificate(s) of authenticity for a minimal charge, we store your name, email address, postal address and delivery information on our systems. We are looking at the possibility of a registration scheme allowing gifted and/or resold prints to be re-registered, however, no such system is currently in place.
At the point of order confirmation, you also have the option to create a user account on our site. By doing so, you also agree to our terms and conditions and this privacy policy.
As part of the user account creation process, your name, email address, postal address and delivery information will be stored as a unique account with your email address and password of your choice on our server service provider’s servers and you can delete your own account at any time by visiting the “my account” section on the website.
In order for me and my team to track how effective our advertising methods are in relation to sales etc., we will at times also make use of off the shelf service providers’ systems and tracking cookies to measure campaign performance. Just as with Google Analytics, any services we use will be a third party data processor. Please see section below on third party data processors.
My Blog
I always enjoy reading comments on my Blog so please keep making them. You should, however, know that when you choose to add a comment to any posts that I have published on my Blog, the name and email address you enter with your comment will be saved to our website’s database, along with your computer’s IP address and the time and date that you submitted the comment.
This information is stored in the UK in our datacentre and not shared with any other service. It is only used to identify you as a contributor to the comment section of the respective blog post and is not passed on to any of the third party data processors detailed below. Only your name will be shown on the public-facing website.
Your comment and it’s associated personal data will remain on this site until we see fit to either 1.) Remove the comment. Or 2.) Remove the blog post. Should you wish to have the comment and it’s associated personal data deleted, please contact me or my website manager (details below) from the email address that you commented with, sending a link to the comment and blog post in question.
If you are under 18 years of age you MUST obtain parental consent before posting a comment on our blog.
You should avoid entering personally identifiable information to the actual comment field of any blog post comments that you submit on this website.
Contact Forms and eMail Links
If you decide to contact me using the contact form on my Contact page or email link, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors. Instead, the data will be collated into an email and sent to me just like a normal email would.
Please note that not all mail servers are secured by encryption etc. so we would, therefore, suggest that you always consider email as an insecure medium and not include personal, confidential or otherwise sensitive information within an email.
Email Newsletter
If you choose to join our email newsletter (when I eventually get around to setting it up that is!), the email address that you submit to us will be forwarded to MailChimp who provide us with email marketing services. We consider MailChimp to be a third party data processor (please see section below on third party data processors). The email address that you submit will not be stored within our own database or in any of our internal computer systems.
Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us from the email account that is subscribed to the mailing list.
If you are under 18 years of age you MUST obtain parental consent before joining our email newsletter.
While your email address remains within the MailChimp database, you will receive periodic (approximately one per month) newsletter-style emails from us.
Your Individual Rights
Under the GDPR your rights are as follows below. You can read more about your rights in detail on the Information Commissioner’s Office (ICO) website ico.org.uk and by clicking here;
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO, www.ico.org.uk, if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
Internet cookies
We use cookies on this website to provide you with a better user experience. We do this by placing a small text file on your device / computer hard drive to track how you use the website, to record or log whether you have seen particular messages that we display, to keep you logged into the website where applicable, to display relevant content or refer you to a third party website.
Some cookies are required to enjoy and use the full functionality of this website.
We use a cookie control system which allows you to accept the use of cookies, and control which cookies are saved to your device / computer. Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.
Data Security and Protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
Fair & Transparent Privacy Explained
We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.
Affiliate Links and Links to Other Websites
It is not my intention to have any adverts on my site. There will be some affiliate links and links to other websites on some pages such as to my publishers and retailers / online shops such as Amazon, etc. These are typically served through third party providers such as Amazon Affiliates, or are self served through our own means. We only use trusted service providers who are each committed to having high standards of user privacy and security. Clickable affiliate links / other links may be displayed as a website URL like this; www.littletigerpress.com or as a titled text link like this: Book People, or in the form of an icon.
Clicking on any sponsored or affiliate links may track your actions by using a cookie saved to your device. If you have any concerns about this we suggest you do not click on any sponsored or affiliate links found throughout the website.
Please be aware that we are not responsible for the privacy practices or the content of any third-party websites that have links to from my website, as well as any information they might collect, advertising that they may have even though my name or images may appear on those sites. I encourage you to be aware when you leave my site and to read the Privacy statements of each and every website that you visit, as the privacy policy of those sites may differ from ours.
Email Marketing Messages & Subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Information Collected and Why?” section above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, you can also unsubscribe from all MailChimp lists, by following this link, otherwise contact the EMS provider.
We hold the following information about you within our EMS system;
- Email address
- I.P address
- Subscription time & date
Third Party Data Processors
We use a number of third parties to process personal data on our behalf. These third parties have been chosen as well established providers of their services and we understand them to be compliant with current UK/EU legislation. We may use other third party services from time to time and these will be selected with the same basis in mind to ensure that they too are compliant with current UK/EU legislation. If any of these third parties are found to be none-compliant or in breach of current UK/EU legislation we will seek to find alternative providers as soon as reasonably practical.
- Google (Privacy policy)
- Mailchimp (Privacy policy)
- PayPal (Privacy policy)
Data Protection Manager and Controller
All data protection and privacy queries can be sent to my Data Protection Manager / Data Controller of this website who is:-
Basil Bahrani – Manager – B.Eng (Hons) C.Eng MICE MCIWEM C.WEM MAPM CPM RPP
Email: basil@tinamacnaughton.com
Data Removal
You have the right to request the inspection and/or removal of all personally identifiable information we hold about you.
In the case of our third party processors, an application for such inspection or removal should be made directly to them.
For removal or inspection requests from our website, these should be made by email to the Data Controller using the email address that was provided at the point you placed an order, made a blog comment, or registered for an account. All requests will be responded to as soon as practical or within 21 days.
Please note that if you have made a purchase, the removal of all data we hold about you as a customer will prevent us from being able to offer any replacement certificates of authenticity or track your print(s) and therefore invalidates our commitment to do so from that point.
Changes To Our Privacy, Data and Cookie Policy
This privacy policy may change from time to time in line with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes.
Data Breaches
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
Resources & Further Information
- Overview of the GDPR – General Data Protection Regulation
- Data Protection Act 2018
- Privacy and Electronic Communications Regulations 2003
- The Guide to the PECR 2003
- Twitter Privacy Policy
- Facebook Privacy Policy
- Google Privacy Policy
- Linkedin Privacy Policy
- Mailchimp Privacy Policy