Natalia Fernandez Glass Art Customer Privacy Notice

This privacy notice tells you what to expect us to do with your personal information.

Contact Email

natalia@nataliafernandezglass.co.uk

What information we collect, use, and why

We collect or use the following information to provide services and goods, including delivery:

Names and contact details

Addresses

Purchase or account history

Payment details (including card or bank information for transfers and direct debits)

Account information

Website user information (including user journeys and cookie tracking)

Information relating to compliments or complaints

We collect or use the following information for service updates or marketing purposes:

Names and contact details

Addresses

Marketing preferences

Purchase or viewing history

Records of consent, where appropriate
We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page.

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights, which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

Your right of access - You have the right to ask us for copies of your personal information. You can request other information, such as details about where we get personal information from and who we share personal information with. There are some exemptions, which means you may not receive all the information you ask for. Read more about the right of access.
Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.
Your right to erasure - You have the right to ask us to delete your personal information. Read more about the right to erasure.
Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.
Your right to object to processing - You have the right to object to the processing of your personal data. Read more about the right to object to processing.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.
Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide services and goods are:

Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
Legal obligation - Processing is required to comply with a legal obligation to which the we are subject, for example, for tax purposes.

Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
- The information is collected to provide you with the goods and services you purchase, including delivery of purchased products, payment for these, and any refund process that may be required.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for service updates or marketing purposes are:

Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
- We collect information to keep you up to date with the latest products available and to inform you of any changes to our website or services/ goods provided.
- Aggregated data is used to support the growth of the business by ensuring we continue to place resources where customers will benefit the most.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Where we get personal information from

Directly from you. We will only acquire your data through the channels that you consent to and give to us for the purposes listed in this policy.

Cookies

What are cookies?

A cookie is a small text file that is placed on your device (computer, phone, or tablet) when you visit our website. Cookies help us to remember your preferences and provide a better browsing experience.

How we use cookies

We use cookies for several purposes, including:

Strictly Necessary Cookies: These cookies are essential for our website to function properly and cannot be switched off. They are usually set in response to actions made by you, such as setting your privacy preferences or logging in.
Analytics Cookies: These cookies help us understand how visitors interact with our website, such as which pages are most popular, how long visitors spend on each page, and how they navigate the site. This information helps us improve our website and your experience.
Marketing Cookies: These cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user.
Managing your cookie preferences We use Consentik to manage our cookie banner and to ensure we collect your consent in compliance with the GDPR. When you visit our website, the Consentik banner allows you to control which categories of cookies are placed on your device. You can choose to accept all cookies, decline them, or customize your preferences. You can also change your preferences at any time by clicking on the 'Cookie Settings' link (or similar) which is [Insert the location of your cookie settings link, e.g., "typically found in the footer of our website"].

How long we keep information

Customer and Order Data

What it includes: Name, address, email, phone number, and order history.
Why we need it: To process and ship orders, handle customer service inquiries, and track sales for our business records.
Retention period: 6 years. This is a common and recommended period for small businesses in the UK. It aligns with the legal requirement from HMRC (HM Revenue & Customs) to keep business records for at least six years after the end of the last company financial year. This covers our need to access sales data for accounting and tax purposes.

Marketing Data

What it includes: Email addresses and names for our newsletter and/or mailing list.
Why we need it: To send marketing communications to people who have consented to receive them.
Retention period: Until you unsubscribe or withdraws your consent. If you wish to unsubscribe to our marketing emails, simply click on the “unsubscribe” link on the bottom of our email. You can also contact us on the email above using the subject Unsubscribe.

Payment Data

What it includes: Payment details like credit card numbers or bank details.
Why we need it: To process a one-off payment.
Retention period: Zero. We will not store your payment information for any longer than it takes to process a payment for your new art. We only need to retain the transaction record from our payment processor for accounting purposes, which is covered under the 6-year retention period for order data.

Communication and Inquiry Data

What it includes: Emails or messages from potential customers who have not placed an order.
Why we need it: To respond to inquiries.
Retention period: 1 year. If you do not purchase an item with us, we will delete any identifiable personal information from your communication with us. We may keep anonymised information in order to help us improve our services and product lines.

Who we share information with

Data processors

Wix.com Ltd. / Website provider and host: This data processor does the following activities for us: Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services. User data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store user data on secure servers behind a firewall.

Third-Party Services

To operate our website and provide our services, we use several third-party processors. These services are used to help us analyse traffic, manage marketing, and ensure data protection compliance. They only process data in accordance with our instructions and applicable laws.

Consentik: We use Consentik as our Consent Management Platform (CMP). This service helps us to display a cookie banner, manage user cookie preferences, and record your consent choices in a way that is compliant with GDPR and other privacy regulations. Consentik Cookie is an IAB TCF v2.2-approved CMP with CMP ID 451, ensuring compliance with industry standards for transparency and consent management. Verify this on the official IAB TCF page: IAB TCF CMP List

Others we share personal information with

Organisations we’re legally obliged to share personal information with

Sharing information outside the UK

Where necessary, our data processors may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation name: Wix.com Ltd

Category of recipient: Website provider and host

Countries the personal information may be sent to: United States of America, Ireland, South Korea, Taiwan, Israel

How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clauses (SCCs)

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint