Privacy notice.

 

1. Who we are

Sophia Kisielewska (also known as Sophia Kisielewska-Dunbar and Sophia K-D) is a sole trader and artist based in London. By accessing the website at www.sophiakdshop.com (the “Website”), you acknowledge and consent to the information collection and use practices by us in our capacity as data controller as described below. Please read this Privacy Notice carefully and contact us if you have questions or concerns at sophiakdunbar@gmail.com

2. Personal Data

Personal data means data relating to natural persons who can be identified or who are identifiable, directly from the data in question or who can be indirectly identified from that data in combination with other data (“Personal Data”). 

We set out below the categories of Personal Data that we may process:

  • “Contact Data” includes data such as your delivery address, billing address, email address and telephone numbers;

  • “Identity Data” includes first name, last name, maiden name, username or similar identifier; 

  • “Financial Data” means data relating to your payment (such as credit or debit card number, bank account information, purchase amount, date of purchase, payment method and in some cases, information about your purchases); and

  • “Technical Data” includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you are using.

Most of the Personal Data is provided when you purchase an artwork from the Website, commission an artwork, fill in forms on the Website, including subscribing to the newsletter and signing up for and attending exhibitions and events. We may also collect Personal Data from correspondence with you over letters, emails, calls and social media. 

3. Purpose

We may use your Personal Data for the following purposes and reasons:

  • Consent: When you subscribe to the newsletter and enable us to send it to you on a monthly basis. You have the right to withdraw consent at any time, simply click the link provided in the newsletter. 

  • Legitimate Interests: To provide customer support and processing, including some marketing, and to administer, support, improve, optimize and develop our Website. We may process a previous customer’s Personal Data to personalise emails, send updates about us and the material changes in the Terms of Sale, Terms of Use or Privacy Notice, or for other purposes permitted by law. 

  • Contract: Where processing is necessary to carry out the pre-contract and contractual relationship between you and us (for example, the sale of an Artwork).

  • Legal Obligation: To comply with legal obligations, resolve disputes, or enforce terms or agreements with you.

We may also collect Personal Data to perform other functions that are not listed above, which will either be described to you when the Personal Data is collected or it may be collected if you have granted your consent for a particular purpose.

4. Third-Party Services

We use third-party platforms to support communications. We are not responsible for their privacy practices and you are encouraged to read their privacy notices. The third-party platforms currently used are set out below, but may change from time to time:

  • Squarespace Inc (“Squarespace”):  A software that facilitates the hosting and building of websites. We use Squarespace to build and host our Website. When you visit the Website Squarespace may process your Personal Data, particularly Identity Data and Technical Data. Squarespace has its own privacy notice which you can read here

  • Stripe Payments UK Ltd (“Stripe”):  An online payment processing and credit card processing platform for businesses. We use Stripe to facilitate payments for transactions on the platform, including payment of the registration fee when you register on the Website. Stripe may process your Financial Data, Identity Data and Contact Data that you provide according to its privacy notice here.

  • Mailchimp: A third party email platform to manage email marketing subscriber lists and send emails to subscribers. When you subscribe to the newsletter, Mailchimp may process your Personal Data, particularly your Contact Data and Identity Data. Mailchimp has its own privacy notice which you can read here. 

We will not share your Personal Data with third parties other than as necessary for the purposes outlined above and only with third party service providers that provide business, professional or technical support functions on our behalf or as required by law.


5. International Transfers

Your Personal Data may be transferred outside the UK and EU. For example, where we are sharing information with our third party service providers who operate outside the UK or EU. We only transfer your Personal Data outside of the UK and/or EU where we are satisfied that the transfer is in accordance with applicable data protection and privacy laws. 

6. Storage and Retention 

We take all necessary technical and organizational measures to protect the confidentiality and security of your collected Personal Data in our databases. While your Personal Data is protected through a variety of industry-standard access controls, including secure passwords and multi factor authentication, no electronic data transmission or storage of information can be guaranteed to be 100% secure. We will keep Personal Data for as long as reasonably necessary to fulfil the purposes it was collected for including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain Personal Data for a longer period in the event of a complaint or where there is a prospect of litigation. We will then securely dispose of your Personal Data that we hold on our databases by permanently deleting it and any back-up files. Personal Data shared with third party service providers is stored and deleted according to their privacy policies. 

7. Cookies

Like most websites, we receive and store Technical Data whenever you use the Website.  We use “cookies” to improve the Website. A cookie is a small file of letters and numbers that is stored on your browser or the memory of your computer or device. Cookies mean that a website will remember you and enable online transactions and help us understand how you use the Website. For more information on the cookies that we use on the Website, please see our Cookie Policy available on the Website.

8. Your Rights

Under the Data Protection Act 2018, you have rights including:

  • Right of Access: To ask for copies of your Personal Data. 

  • Right to Rectification: To ask to rectify inaccurate/incomplete Personal Data.

  • Right to Erasure: To ask for your Personal Data to be erased in certain circumstances.

  • Right to Restriction of Processing: To ask to restrict the processing of your Personal Data in certain circumstances. 

  • Your right to Object to Processing: To object to the processing of your Personal Data in certain circumstances.

  • Your right to Data Portability: To ask that your Personal Data be transferred to another organisation, or to you, in certain circumstances.

For more information or to exercise your data protection rights regarding our processing, please write to us at the email address or registered address listed above. We will try to respond to all legitimate requests within one month.   

If you are unhappy with any aspect of how we handle your Personal Data you can make a complaint to the information commissioner's office Information’s Commissioner Office here


9. Changes to the Privacy Notice

This Privacy Notice may be updated from time to time. All amendments will take effect immediately upon posting of the updated Privacy Notice on this Website. If the changes are material, we will post a notice on the Website before the changes go into effect. We encourage you to periodically review this Privacy Notice to stay informed about how we are helping to protect your Personal Data. 

This version of the Privacy Notice was last updated on 12 February 2024.