1. Roles and Definitions
Data Controller: We act as the Data Controller for personal data collected through the Site. This means we determine why and how your personal data is used (as outlined in this Policy). Such personal data is processed by third parties on our behalf, as explained below, and references to ‘we’, ‘our; or ‘us’ below should be construed accordingly.
- WordPress. This Site is hosted on the WordPress.com online platform, which allows us to sell our products and services to you. We have instructed WordPress to store and process personal data on our behalf. Automattic’s “Privacy Notice for Visitors to Our Users’ Sites” governs the terms on which WordPress processes personal data, see: https://automattic.com/privacy-notice/
- Teemill processes the personal data required for their ordering and fulfilment services of CoolArt2021 Clothing, Tote Bags, Posters, Mugs and other products available from time to time via the Teemill Store tab on the Site or direct from the coolart2021.teemill.com site (“Teemill Products”): Teemill’s policies and terms and conditions govern all purchases of Teemill Products. See links to:
Please contact Teemill direct about all Teemill Product purchases, queries, cancellations, returns, refunds, exchanges and any other customer issues relating to the CoolArt2021 Teemill website at email@example.com or by post at: Teemill Tech Ltd., Hooke Hill, Freshwater Isle of Wight, PO40 9BG.
Mailchimp processes the personal data required to send out email marketing on our behalf to our customers and others subscribing to our marketing communications. MailChimp also captures data about your interactions with our emails and the Site. The Inuit Global Privacy Statement governs all Inuit Services (as defined in the Statement), including Mailchimp’s processing of personal data on our behalf. See links below to Inuit Global Privacy Statement and the Data Processing Addendum and Privacy Rights Requests information applicable to Mailchimp:
- Intuit Global Privacy Statement.
- Mailchimp Data Processing Addendum
- Mailchimp Privacy Rights Requests
Definitions: "Data Controller”, “Data Processor” and “personal data” have the meanings set out in the UK General Data Protection Regulations (“GDPR”). “personal data” includes the Personal Information” defined below.
“Mailchimp” means The Rocket Science Group LLC doing business as Mailchimp. Mailchimp offers an online marketing platform, which is part of the platform operated by the Intuit group of companies, whose parent entity is Intuit Inc.
“Teemill” means Teemill Tech Ltd (together with its payment providers and other affiliated companies and subsidiaries worldwide).
Personal Information” means both Customer Information and Device Information (as defined in Section 3).
“WordPress” means wordpress.com (together with its parent company, currently automattic.com and any of automattic.com's subsidiary and affiliated companies worldwide), which from time to time provide the services and software solutions required to operate the Site, including (but not limited to) WooCommerce and WooPayments.
2. Contact Details
3. Personal Information we collect
We collect the following types of Personal Information about you:
- Information you enter on the Site or provide about yourself in any other way, for example if you contact us directly including via email, post, phone or direct message. When you make or attempt to make a purchase on the Site, such information includes your name, contact details, delivery address, order details and payment information such as credit, debit card or Paypal information (together “Customer Information”);
- Certain technical information, which is automatically collected from your device when you visit the Site including information about your web browser, IP address, and some of the Cookies (see 5 below) installed on your device. As you browse the Site, we also automatically collect information on individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site (together “Device Information.”)
4. How we use your Personal Information
4.1 We will only process your Personal information if there is a reason to do so and we have a lawful basis under applicable data protection law including as follows. We will use your Customer Information to:
- process and fulfil any orders you place through the Site;
- collect payment from you;
- screen our orders for potential risk or fraud;
- comply with any applicable laws and regulations; or
- provide you with information or advertising relating to our products or services in line with any marketing preferences you have selected. You can unsubscribe from marketing communications at any time by using the link in all our marketing communications or by emailing us at info@CoolArt2021.co.uk
4.2 We will use your Device Information to:
- help us screen for potential risk and fraud (in particular, your IP address);
- improve and optimise our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
5.2 The types of cookies used by WordPress on our Site are:
|These cookies are essential for our Site to perform basic functions such as security, verification of identity and network management. They are necessary for the Site to function and cannot be disabled.
|Analytics and Performance
|These cookies help us understand how visitors interact with our site, discover errors and provide better overall analytics. These cookies collect data to remember choices users make to improve and give a more personalised experience.
|These cookies are set to provide you with relevant content and to understand that content’s effectiveness. They may be used to collect information about your online activities over time, to predict your preferences and to display more relevant advertisements to you. These cookies also allow a profile to be built about you and your interests and enable personalised ads to be shown to you based on your profile.
6. Sharing your information
6.1 We share your Personal Information with certain third parties to help us provide our services and to enable them to use your Personal Information as described above. These include:
- Our Data Processors;
- Payment providers (principally Stripe and Paypal) provide services including processing debit and credit card and Paypal payments and carrying out fraud checks; and
- Royal Mail, their international partners and other carriers for the purpose of delivering your order to its recipient.
6.2 We may also share your Personal Information:
- if we are under a duty to disclose or share your Personal Information to comply with (and/or where we believe we are under a duty to comply with) any legal obligation or regulatory requirement, including exchanging information for fraud protection and prevention purposes;
- to enforce our contractual terms with you;
- to protect our rights and the rights of our service providers, suppliers or others, including to prevent fraud; and
- with such third parties as we reasonably consider necessary to prevent crime, e.g. the police.
7. Third Party Sites and Services
7.1 This Site contains features, or links to websites and services, provided by third parties (“Third-Party(ies)”), including (but not limited to) those integrated into the Site and social media networks. In addition to WordPress these currently include:
- Teemill (see Section 1) which is responsible directly or through third parties for fulfilment services of Teemill Products.
- Mailchimp (see Section 1) which we use to send out email marketing on our behalf to our customers and others who subscribe, via our website or otherwise, to receive our newsletters and other marketing information.
7.2 Any information you provide to any Third-Party (including WordPress, Teemill, Mailchimp or Thortful) via its platform, website or otherwise is provided directly to their operators. Your use of such platform or site(s), the provision by you of information to and any orders placed with or fulfilled by, such Third Parties are subject to all their policies and procedures, including those, if any, governing terms and conditions of use of their services, privacy, security, the collection, storage and processing of personal data, order fulfilment, cancellations and returns (“Third-Party Policies”), even if accessed through our Site.
7.3 We have no control over the contents nor operation of any Third Party platforms or websites, nor the operation or quality of their services, nor any Third Party Policies. We cannot accept responsibility or liability for your use of, or any orders placed on or via, a Third Party platform or website, nor any orders fulfilled by any Third Party. We encourage you to be aware when you leave our Site and to read the privacy, security and data processing policies of each and every website and service you visit before providing any personal information. See links in this Policy including in Section 1 and Section 8.
8. Data Storage and Security
8.1 For information on our Data Processors’ storage and security measures see the following links:
- WordPress keeps the Site and personal data safe and secure using the measures set out in: “ Keep your Site Safe and Secure”. These measures include encryption by default, firewalls, monitoring of suspicious activity, security testing and data backup and recovery systems. WooCommerce stores non-payment data (such as name, address and country) on the Site’s Word Press database. This data is stored separately from payment form data, which is not stored directly on the Site. See Section 8.2.
- MailChimp’s servers are based in the United States, so your information may be transferred to, stored, or processed in the US. MailChimp annually certifies its compliance with the EU-US Data Privacy Framework (DPF) Principles, including the UK extension to the EU-US DPF. See information on Additional Protocols in link:https://mailchimp.com/gdpr/
8.2 Stripe and Paypal process payments for purchases on this Site via the WooPayments service. Each of these payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information. See links to:
8.3 Unfortunately, the transmission of information via the internet is not completely secure. Although we, our Data Processors and payment processors take steps to protect your Personal Information, we cannot guarantee the security of your data transmitted through the Site; any transmission is at your own risk. By using this Site and any linked Third Party sites, you agree to the adequacy of the organisational, technical and security measures implemented by our Data Processors and payment processors to protect your Personal Information.
8.4 Where you have chosen a password to access certain parts of the Site, you are responsible for keeping this password confidential and you must not disclose it to any third party.
8.5 The Site is not aimed at anyone under the age of 13 (“Children"). We do not knowingly collect personally identifiable information from Children. If you are a parent or guardian and you are aware that your Child has provided us with Personal Information, please contact us. If we become aware that we or our Data Processors on our behalf have collected Personal Information from Children without verification of parental consent, we will take steps to remove that information.
9. Retention of your Personal Information
9.1 Personal Information collected pursuant to the Policy will only be retained for as long as necessary to fulfil the purposes outlined in this Policy, in line with our legitimate interest or for a period specifically required by applicable laws or regulations.
9.2 When determining information retention periods, we will take into account factors including:
- our contractual obligations and rights in relation to the information involved;
- legal obligation(s) under applicable law to retain data for a certain period of time;
- applicable statute(s) of limitations;
- (potential) disputes; and
- guidelines issued by relevant data protection authorities.
- Otherwise, we securely erase your Personal Information when we no longer require it for the purposes collected.
10. Your Rights
10.1 Under data protection law, you may have a number of rights concerning your Personal Information. If you wish to exercise any of these rights, please contact us (see Section 2).
- The right to receive a copy of your Personal Information free of charge;
- The right to receive certain Personal Information in an electronic format that can be given to another provider (a portability request);
- The right to have Personal Information corrected if it is inaccurate or incomplete;
- The right to ask us to stop processing or object to processing under certain circumstances;
- The right to ask us to erase Personal Information in certain circumstances;
- The right to lodge a complaint about the way we handle or process your Personal Information with the national data protection authority;
- The right to withdraw your consent at any time to us processing your Personal Information. Withdrawing consent will not make unlawful our prior use of your Personal Information.
10.2 We will liaise with our Data Processors for assistance in fulfilling these obligations in accordance with their policies and procedures - (see Sections 1 and 8). You also have the right to lodge a complaint with the Information Commissioner’s Office in the UK. Details of how to contact them can be found at ICO.org.uk.
12. Governing Law and Jurisdiction