Data Protection Policy 2018 (GDPR)

Introduction

Confidentiality and privacy of our customers, suppliers and employees are very important to us at Hangar Framing Ltd. We do not share any personal data we collect from suppliers, employees, websites, or customers with any other parties for any reason (except where detailed below for the purpose of conducting our business, or if required by Police in respect of a criminal investigation) and we are fully committed to meeting both the letter and the spirit of the Data Protection Act 1998, GDPR, and other relevant legislation.

What information do we collect from Employees?

From our employees at Hangar Framing, we collect the following information to enable us to carry out our statutory obligations including PAYE, National Insurance Contributions, pension scheme etc. We also have contact details to enable effective communications with staff and to have next of kin details in case of any emergencies.

  1. Personal contact details, such as name, title, address,
  2. Telephone numbers and personal email addresses.
  3. Date of Birth
  4. Emergency contact detail
  5. Government identification numbers, such as National Insurance
  6. Number or other identification number
  7. Bank Account details and Payroll information
  8. Salaries, annual leave and benefit information
  9. Performance Information
  10. Pension Information
  11. Start Date and Job Title
  12. Other details such as CV provided to us voluntarily

Information collected from our Suppliers and Exhibiting Artists

From our suppliers and exhibiting artists at Hangar Framing Ltd., we collect the following information to enable us to make payments, complete our VAT returns to HMRC and effective communication with all parties via email, postal service or telephone.

  1. Contact details such as name, title, address, telephone numbers and email address
  2. Bank account details.
  3. VAT registration numbers, where applicable.

What Information do we collect from Customers?

If customers opt to join our mailing list, either online or at our Gallery, then we will take their name, telephone number and email address.

If a customer makes a purchase in our gallery using a payment card, then the paper merchant receipt will record the full card number.

If a customer makes a purchase over the telephone then we will take their name, postal address, email address, telephone number, and payment card details.

If a customer places an order for bespoke picture framing then we will take your name and telephone number, and if appropriate your postal and email addresses.

If a customer makes a purchase on our website then we will take their name, address, email address, and telephone number.

Payment card details are handled securely by our payment processor – we have no access to customers’ payment card details in this case.

We do not collect a customer’s IP address when browsing, but our payment processor may do so if they make a purchase. We do not have access to this information.

How do we use the information we collect from customers?

If a customer is on our mailing list, we will send news of our upcoming exhibitions. We don’t bombard customers with emails, and we only send a newsletter when we have news to share, e.g. new work being exhibited. If a customer has also left their postal address we may send them postal invitations to our exhibitions.

We are required by HMRC and our payment card processors to retain paper merchant receipts for a period of six years.

If customers make a purchase over the telephone then we will process their transaction then securely destroy their card details by cross-cut shredding immediately. We will retain contact information as per orders for bespoke framing. We will not use customers’ details for marketing unless they ask us to.

If a customer places an order for bespoke picture framing then we retain their contact information so we can advise them when the customer’s order is ready, and so that we can match any future orders to frames they already have. We will not use customers’ details for marketing unless they ask us to.

If a customer makes a purchase on our website we will use their contact details only for the purposes of fulfilling their order. We will not use customer details for marketing unless they ask us to. Our payment processor will use your details to securely authorise customer transactions.

How do we secure the information we collect from you?

Our computers are all password protected, and our new mailing list file is password protected.

Our newsletters are sent via Mailchimp, and email addresses are stored on their servers which are currently located in North America. We are satisfied their security is industry standard and they comply with GDPR requirements, but if you do not agree with your email address being stored outside of EU please ask to be removed from our mailing list.

Paper merchant receipts are kept in a secure location and they are securely destroyed by incineration or cross-cut shredding after the retention period has expired.

Name and address information given in respect of online purchases is password protected.

We do not have access to card data given in respect of online purchases. This data is all handled by our payment processor, who is certified to the highest level of security by PCI auditors.

How long do we retain the information we collect from customers?

If customers have opted to join our mailing list then we will assume they wish to remain on it until they tell us otherwise. We may occasionally ask our mailing list members to re-confirm their consent to remain on the list, this may be approximately once every five years.

If a customer makes a purchase in our gallery using a payment card, then the paper merchant receipt will be retained for six years as required by HMRC.

If a customer places an order for bespoke picture framing then we will ask them if they would like us to retain their details. If we do, this will help us to match future framing orders for them, and we will retain their details until such time that they ask us to remove them.

How do we use cookies?

Our website uses cookies only where necessary to give customers the full experience we have designed, and to allow us to analyse activity on the website. We are only able to see a general summary of visitor traffic, time spent, etc., we are not able to identify individual customers. Tracking cookies will only be enabled if you agree by clicking “ok”.

Customer Rights

We are fully committed to meeting both the letter and the spirit of the Data Protection Act 1998, GDPR, and other relevant legislation. These acts give you a number of rights in law which we will not repeat in detail here, but in summary customers, employees and suppliers have the right to know what personal data we hold about them, the right to be removed from our marketing, and the right to be forgotten.

Note that GDPR is EU legislation which is expected to be retained by the UK after it leaves the EU, and the Data Protection Act 1998 will be replaced by the Data Protection Act 2018.

Our Data Controller

Suzie Worthington