Privacy Policy

1st March 2018 (Version 1)

Contents

1. About this policy

2. About us

3. How to contact us

4. What types of data we hold about you

5. How we obtain your data

6. What we use your data for

7. Who we disclose your data to

8. Where we process your data

9. Data security and preventing unauthorised access

10. Cookies that we use

11. Your rights

12. Third Party Websites

13. Changes to this policy

14. Legal status of this policy

15. Meaning of words we use in this policy

1. About this policy

This is the privacy policy of ArtGallery Ltd, which sets out our policy in relation to data and information we collect and use in relation to our visitors, customers and members. We keep your data confidential (unless your data is supplied for the purpose of being viewed by others, such as forum posts), and only use it and share it as detailed in this privacy policy. We will comply with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) in relation to your data. We do not sell your data to third parties.

2. About us

We are a limited company registered in England and Wales with company number 07653540, and our registered office is at Millennium House, Brunel Drive, Newark, Nottinghamshire, England, NG24 2DE.

3. How to contact us

To contact us, please write to our principal office at Art Gallery, Millennium House, Brunel Drive, Newark, Nottinghamshire, England, NG24 2DE., or e-mail us at help@artgallery.co.uk

4. What types of data we hold about you

The data and information we hold and process about you consists of the following:

a. Information about you:
• Your account information
• Your name
• Your contact details, including address, telephone, mobile, fax, own website, and e-mail.
• Your account information, including each membership and other account you have registered for with us.
• Your account log-in details, including username and password.
• Your address book entries, including other shipping addresses that you provide.
• Any contact details and messages you provide when recommending a friend.
• Your account preferences and other account information.

b. Information relating to your orders
• Your purchase transactions
• Your purchase orders
• Your payment information and payment history
• Order delivery, fulfilment and returns information.

c. Your activity online
• Your content
• Your professional artist information, including, but not limited to personal details, galleries, portrait, biography, exhibitions, awards, tuition, media, and subjects.
• Messages that you exchange with other members using any service provided by us.
• Any other content that you supply.

d. Administration Information
• Communications between you and us, including queries, problems, support, and survey responses, and including via e-mails, web-forms, and telephone.

e. Technical information when you visit our website
• Web browser information including your browser brand (e.g. Internet Explorer, Firefox, Safari, Opera, Chrome),
• Operating system (e.g. Microsoft Windows, OSX, Android)
• IP address (a unique identifier allocated to your computer for your connection to the internet).
• Information relation to your use of our website, including where you visited our website from, and what pages you visit on our website.

5. How we obtain your data

We obtain your data through a variety of means, including:

a. Forms you fill in / data you provide.
• From forms which you complete and submit on our website
• From printed forms which you obtain from our website or us
• Data we collect face-to-face, or by means of e-mail or telephone

b. Other information you supply
• From the data, information and images you post, upload or otherwise provide to our website, including our forum.
• From any other information you supply from time to time, including through telephone calls, emails and other communications between you and us.
• From any information supplied by other users of our site and other customers.

c. Generated Information
• From information generated by us as a result of dealings, transactions and communications with you, including supplying any goods or services to you, providing the functionality of our website, operating competitions, and dealing with queries, support requests and complaints.

d. Technical Information
• From information which is automatically supplied by your web-browser when you visit our website.
• From information recorded by our server when you view any page on our website.

6. Data uses

We use your data for the following operational purposes:-

a. Operate and improve our website
• To provide our website and its features and functionality.
• To analyse the performance of and improve our website.
• To keep you informed with status or other administrative notices.

b. Supply of goods and services
• To perform each order from you for the supply of goods and services.
• To collect payments due from you.

c. Provision of membership accounts
• To provide, administer and manage your accounts and the associated services included in those accounts.
• To collect payment of all account fees.
• To pay commission on sales to artists.

d. General administration
• To monitor our staff.
• To communicate with you for administrative and support purposes.
• To manage complaints, disputes and claims.
• To enforce our contracts and terms and bring claims.

e. Marketing e-mails and communications
We will also use your data to send you marketing materials and newsletters relating to our website, products, services and events, but only where you have consented to this through the appropriate setting in your website account, and you have not withdrawn your consent. You may change your consent by adjusting the appropriate setting or informing us through our contact details in this policy.

f. Data we hold on you is done so on our secure computer servers. We hold this data to ensure that we are able to manage your account and provide details to you on previous purchases, wishlist items and your account preferences. If you require us to remove this information, please see section 11.

7. Who we disclose your data to

a. Public Data
Where, as part of the functionality of our website or as part of any service, competition, or event we provide or run, it is envisaged that certain of your data will be made available to the public in general, or to other members, then we may make that data available on such basis. For example, your forum posts, elements of your profile and professional-artist information, your galleries, tuition etc, may be made public. We will make it clear to you in our website, or in our communications with you, which elements of your data will be made available in this way. If our website settings allow you to control what elements of your data are made public, then we will honour the settings that you select.

b. Our contractors and suppliers
Where we use third parties to provide or supply any part of our website or any goods, services, events, insurance or other things, or to enforce or administer any contracts or terms, then we may provide your data to them as reasonably required for those purposes, including to the artists from whom work is purchased from, delivery agents, payment processors, and insurers.
Your data may be held by them as data processor on our behalf, in which case we will remain the data controller, and your data will only be held and used by them on our behalf and in accordance with our instructions and this policy. Your data will also only be held or as long as it is required to undertake their services, after which time it will be securely removed from their systems.
In some cases, your data may need to be provided to them to be used by them for their own purposes, as data controller, where this is reasonably necessary, for the purposes of provision of any goods, services, insurance, event etc. by them. In such case, they should inform you separately that they are holding your data as data controller.

c. Legal requirements
We may supply your data to a government authority where required to comply with a legal requirement, for the administration of justice, or where reasonably required to protect your vital interests.

d. Claims handling
We may disclose your identity to any third party who is making any claim against us in relation to any of your data that you have posted or uploaded to our website, including where it is claimed to breach their rights or privacy.

8. Where we process your data

We and our contractors and suppliers normally store and process your data in the United Kingdom. However, we and our contractors and suppliers may from time to time store and process your data elsewhere, including outside the European Economic Area. This may be because our contractor or supplier who carries out any order fulfilment or payment processing, for instance, may be based elsewhere.

If your data is to be stored or processed outside the European Economic Area, we will comply with, and take all reasonable steps to ensure our contractors and suppliers comply with, the rules under the Data Protection Act 1998 and General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) for processing personal data outside the European Economic Area.

9. Data security and preventing unauthorised access

a. Our security measures
We will take and use reasonable endeavours to ensure our contractors and suppliers take all reasonable steps and implement all reasonable measures, to keep your data secure and prevent unauthorised access to your data (except for those parts of your data intended to be made available to the public or other customers or members of ours, such as your public profile, forum entries, gallery etc.), and to prevent accidental loss or damage to your data.

b. Your passwords
You are responsible for keeping your username and password log-in details confidential and we would ask you not to share them with anyone.

c. Information Security Policy
All employees are responsible for ensuring confidentiality of sensitive information. Art Gallery recognises the importance of information security. The primary purpose of our information security is the protection of services to members and customers, and the customer information we are supplied with. It is the company’s aim to ensure that customers have confidence in our information security and are safe in the knowledge that we are responsive to their security concerns.

Art Gallery will adhere to all the requirements of PCI DSS in protecting customer card details. Everyone within Art Gallery has an important role to play and each member of staff has their own specific tasks and responsibilities. We expect our core behaviour of professionalism and customer focus to be reflected in our protection of customer information. We support staff efforts to secure information through policies, and staff training and awareness activities.

This policy is subject to review annually to ensure that at a strategic level it addresses the evolving information security threats and objectives needed for the organisation to be successful.

d. Payment Card Security
Art Gallery process payment cards through SagePay Payment Page, accessed from authorised PCs on a dedicated network segment. There shall be no access to this network segment from the Internet, or from other sections of Art Gallery. PCs and other devices on this network shall be configured to meet the requirements of PCI DSS, and may only be accessed by authorised users.

10. Cookies that we use

Cookies are small text files which a web page can save on your computer and read at a later date. We use cookies only where necessary for the purposes of the technical operation of our website, including for managing log-ins, shopping baskets, transactions and other functions of our website.

The table below lists the cookies we collect and what information they store.

Necessary (6)

Necessary cookies help make a website usable by enabling basic functions like
page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Name Provider Purpose Expiry Type
__cfduid feefo.com Used by the content network,
Cloudflare, to identify trusted web traffic.
1 year HTTP Cookie
ASP.NET_SessionId artgallery.co.uk Preserves the visitor's session state across page requests. Session HTTP Cookie
CookieConsent artgallery.co.uk Stores the user's cookie consent state for the current domain 1 year HTTP Cookie
f5_cspm pubmatic.com
Saves the address and port number of the web server that is managing the session. Used to improve the website's
performance security.
Session HTTP Cookie
ref artgallery.co.uk Unclassified Session HTTP Cookie
SESS# upravel.com Preserves users states
across page requests.
Session HTTP Cookie

Statistics (3)

Statistic cookies help website owners to understand how visitors interact with
websites by collecting and reporting information anonymously.

Name Provider Purpose Expiry Type
_dc_gtm_UA-# artgallery.co.uk Used by Google Tag
Manager to control the loading of a Google Analytics script tag.
Session HTTP Cookie
_ga artgallery.co.uk
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
2 years HTTP Cookie
_gid artgallery.co.uk
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Session HTTP Cookie

Marketing (97)

Marketing cookies are used to track visitors across websites. The intention is
to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third
party advertisers.

Name Provider Purpose Expiry Type
#.gif rlcdn.com Unclassified Session Pixel Tracker
__adroll d.adroll.com
Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.
1 year HTTP Cookie
__ar_v4 artgallery.co.uk
Optimises ad display based on the user's movement combined and various advertiser bids for displaying user
ads.
2083 days HTTP Cookie
_ansscnt adsnative.com Unclassified Session HTTP Cookie
_te_ artgallery.co.uk
Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.
Session HTTP Cookie
_uuid adsnative.com Unclassified 1 year HTTP Cookie
0 adform.net Unclassified Session HTTP Cookie
0123456789 visx.net Unclassified Session HTTP Cookie
27-0-0-1-0-9-6-47995-0/px2.png smct.co Unclassified Session Pixel Tracker
2c.cId artgallery.co.uk Unclassified 4 years HTTP Cookie
adrl outbrain.com Unclassified 3 months HTTP Cookie
ads/user-lists/# google.com Unclassified Session Pixel Tracker
APID advertising.com Unclassified 1 year HTTP Cookie
B yahoo.com
Collects anonymous data related to the user's website visits, such as the number of visits, average time spent on
the website and what pages have been loaded. The registered data is used to categorise the users' interest and
demographical profiles with the purpose of customising the website content depending on the visitor.
1 year HTTP Cookie
buid_# adsnative.com Unclassified 13 days HTTP Cookie
c [x2] bidswitch.net

rubiconproject.com

Regulates synchronisation of user identification and exchange of user data between various ad services.
1 year HTTP Cookie
cid adform.net
Optimises ad display based on the user's movement combined and various advertiser bids for displaying user
ads.
2 months HTTP Cookie
ck1 rlcdn.com
Collects anonymous data related to the user's visits to the website, such as the number of visits, average time
spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.
179 days HTTP Cookie
cm.gif adsnative.com Unclassified Session Pixel Tracker
cm/b/out d.adroll.com Unclassified Session Pixel Tracker
cm/l/out d.adroll.com Unclassified Session Pixel Tracker
cm/o/out d.adroll.com Unclassified Session Pixel Tracker
CMDD casalemedia.com
Collects anonymous data related to the user's visits to the website, such as the number of visits, average time
spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.
Session HTTP Cookie
CMID casalemedia.com
Collects anonymous data related to the user's visits to the website, such as the number of visits, average time
spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.
1 year HTTP Cookie
CMPRO casalemedia.com Unclassified 3 months HTTP Cookie
CMPS casalemedia.com
Collects anonymous data related to the user's visits to the website, such as the number of visits, average time
spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.
3 months HTTP Cookie
CMRUM3 casalemedia.com
Collects anonymous data related to the user's visits to the website, such as the number of visits, average time
spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.
1 year HTTP Cookie
CMSC casalemedia.com
Collects anonymous data related to the user's visits to the website, such as the number of visits, average time
spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.
Session HTTP Cookie
CMST casalemedia.com
Collects anonymous data related to the user's visits to the website, such as the number of visits, average time
spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.
Session HTTP Cookie
collect google-analytics.com
Used to send data to Google Analytics about the visitor's device and behaviour. Tracks the visitor across devices
and marketing channels.
Session Pixel Tracker
cookie_id adx1.com Unclassified 1 year HTTP Cookie
DigiTrust.v1.Identity digitru.st Unclassified 2 years HTTP Cookie
fr facebook.com
Used by Facebook to deliver a series of advertisement products such as real time bidding from third party
advertisers.
3 months HTTP Cookie
GLOBALID bttrack.com Unclassified 2 years HTTP Cookie
has_data postrelease.com Unclassified 1 year HTTP Cookie
i openx.net
Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user
has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same
ad network.
1 year HTTP Cookie
IDE doubleclick.net
Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the
advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the
user.
1 year HTTP Cookie
IDSYNC advertising.com Unclassified 1 year HTTP Cookie
KADUSERCOOKIE pubmatic.com
Registers a unique ID that identifies the user's device during return visits across websites that use the same ad
network. The ID is used to allow targeted ads.
3 months HTTP Cookie
khaos rubiconproject.com
Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user
has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same
ad network.
1 year HTTP Cookie
KRTBCOOKIE_# pubmatic.com
Registers a unique ID that identifies the user's device during return visits across websites that use the same ad
network. The ID is used to allow targeted ads.
29 days HTTP Cookie
obuid outbrain.com Unclassified 3 months HTTP Cookie
pb_rtb_ev contextweb.com
Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user
has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same
ad network.
1 year HTTP Cookie
PUBMDCID pubmatic.com
Registers a unique ID that identifies the user's device during return visits across websites that use the same ad
network. The ID is used to allow targeted ads.
3 months HTTP Cookie
PUBRETARGET pubmatic.com
Registers a unique ID that identifies the user's device during return visits across websites that use the same ad
network. The ID is used to allow targeted ads.
Session HTTP Cookie
PugT pubmatic.com Unclassified 29 days HTTP Cookie
put_# rubiconproject.com
Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user
has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same
ad network.
1 year HTTP Cookie
r/collect doubleclick.net Unclassified Session Pixel Tracker
rlas3 rlcdn.com
Collects anonymous data related to the user's visits to the website, such as the number of visits, average time
spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.
179 days HTTP Cookie
rpb rubiconproject.com
Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user
has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same
ad network.
29 days HTTP Cookie
rpx rubiconproject.com Unclassified 29 days HTTP Cookie
rtn1-z rlcdn.com Unclassified 179 days HTTP Cookie
rum casalemedia.com Unclassified Session Pixel Tracker
sa-user-id stackadapt.com Unclassified 5 years HTTP Cookie
sa-user-id-v2 stackadapt.com Unclassified 5 years HTTP Cookie
sess adnxs.com Used to
check if the user's browser supports cookies.
Session HTTP Cookie
smc_sesn artgallery.co.uk Unclassified 10 years HTTP Cookie
smc_spv artgallery.co.uk Unclassified Session HTTP Cookie
smc_tpv artgallery.co.uk Unclassified 10 years HTTP Cookie
smc_uid artgallery.co.uk Unclassified 10 years HTTP Cookie
smc_v4_414 artgallery.co.uk Unclassified 10 years HTTP Cookie
smc_v4_6677 artgallery.co.uk Unclassified 10 years HTTP Cookie
smc-dv2 smct.co Unclassified 6 days HTTP Cookie
smct_dyn_BasketCount artgallery.co.uk Unclassified Session HTTP Cookie
smct_dyn_BasketValue artgallery.co.uk Unclassified Session HTTP Cookie
smct_last_ov artgallery.co.uk Unclassified 29 days HTTP Cookie
smct_session artgallery.co.uk Unclassified Session HTTP Cookie
status postrelease.com Unclassified 1 year HTTP Cookie
sto-id-20480-bh contextweb.com
Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user
has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same
ad network.
Session HTTP Cookie
stx_user_id sharethrough.com Unclassified 1 year HTTP Cookie
suid/1011 postrelease.com Unclassified Session Pixel Tracker
sync/v1 sharethrough.com Unclassified Session Pixel Tracker
t_gid taboola.com Unclassified 1 year HTTP Cookie
taboola_usg taboola.com Unclassified 1 year HTTP Cookie
test_cookie doubleclick.net Used to
check if the user's browser supports cookies.
Session HTTP Cookie
tluid 3lift.com Unclassified 3 months HTTP Cookie
tr facebook.com Unclassified Session Pixel Tracker
tuuid [x2] bidswitch.net

visx.net
Registers whether or not the user has
consented to the use of cookies.
1 year HTTP Cookie
tuuid_last_update visx.net Unclassified 2 years HTTP Cookie
tuuid_lu bidswitch.net Unclassified 1 year HTTP Cookie
U [x2] adsymptotic.com

storygize.net

Collects unidentifiable data that is sent to an unidentifiable source. The source's identity is kept secret by
the company, Whois Privacy Protection Service, Inc.
3 months HTTP Cookie
uid adform.net
Registers a unique user ID that recognises the user's browser when visiting websites that use the same ad
network. The purpose is to optimise display of ads based on the user's movements and various ad providers'
bids for displaying user ads.
2 months HTTP Cookie
UID{32} visx.net Unclassified Session HTTP Cookie
ul_cb/sync visx.net Unclassified Session Pixel Tracker
um2 visx.net Unclassified 2 years HTTP Cookie
user_id upravel.com Unclassified 10 years HTTP Cookie
uuid2 adnxs.com
Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.
3 months HTTP Cookie
V contextweb.com
Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user
has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same
ad network.
1 year HTTP Cookie
VID mail.ru Unclassified 3 years HTTP Cookie
visitor postrelease.com Unclassified 1 year HTTP Cookie
w/1.0/sd openx.net Unclassified Session Pixel Tracker
xuid 3lift.com Unclassified Session Pixel Tracker
yandexuid yandex.ru Unclassified 10 years HTTP Cookie
zuid zemanta.com Unclassified 1 year HTTP Cookie

11. Your rights

a. Access to your data
You can see most of your data through your account web pages when logged in on our website. Under the Data Protection Act 1998 and General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), you are entitled to a copy of all personal data we hold about you. If you would like to exercise this right, please contact us via email at help@artgallery.co.uk, requesting a Subject Access Request Form.

b. Your right to stop marketing messages
If we are sending you marketing literature (including paper-based and electronic messages), you have the right to ask us to stop doing this. Please contact us using our contact details above.

c. Your right to stop use causing distress
You have the right to ask us to stop using any data for any purpose where that purpose is causing you substantial distress. If you have any concerns regarding our use of your data, please contact us using our contact details in this policy.

d. Your right to alter inaccurate data
You are entitled to ask us to change, erase, block or modify any inaccuracies in your personal data, by contacting us using our contact details above. We will respond to these requests within one month. In most cases you can do this yourself though your account web pages on our website, which let you change and update your data.

e. Your right to revoke consent at any time
You have the right to withdraw consent for us to use your data at any time. If this withdrawal means we are not able to provide a service to you, we will advise of this at the time of withdrawal.

f. Your right to erasure
If you wish to have all of your data that is held by Art Gallery erased, you should contact us on the details above, to which we will respond within one month.

12. Third-Party Websites

Links to third-party websites may appear on our website. Such third-party websites are not our responsibility, we do not endorse them and you visit and use them at your own risk. If you supply any data to them, you should read their own privacy policy.

13. Changes to this policy

We may at any time change this privacy policy by publishing a new version on our website. We will not be required to inform you of this. You are responsible for regularly reviewing our website stay up to date with the latest version of this policy. By continuing to use our website and services after any such change you will be considered to have accepted the change.

14. Legal status of this policy

This privacy policy is not intended to and does not create any contractual or other legal rights in or on behalf of any party other than such rights as already exist by law separately to this privacy policy.

15. Meaning of words we use in this policy

In this policy:

• personal data means any of your data which constitutes personal data under the Data Protection Act 1998 or General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), and in relation to which you are the data subject.
• we, our and us means Art Galley Ltd, trading as Artgallery.co.uk.
• you and your means you our guest, visitor, customer or member, including anyone who visits our website, registers for an account with us, purchases anything from us, uses our website forum, enters any competition through our website, registers for a professional account and becomes a full member of ours, any affiliated club and its members and any regional co-ordinator.
• your data means all data and information which you supply, or we otherwise hold, obtain, generate or process in relation to you from time to time, as further detailed in this policy.
• service means any service provided by us, whether free or paid-for, including our website any service, feature or functionality of our website.
• website means our internet website whose address is http://www.artgallery.co,uk and any additional or replacement website from time to time that we operate.