PRIVACY POLICY

This policy outlines how we obtain, store, use, and share your personal information.

1. Our Commitment To Your Privacy

Your privacy is important to us and we are committed to protecting your personal information. To better protect your privacy, we provide this policy explaining our online information practices and the choices you can make about the way your information is collected and used.

2. Relevant Legislation

Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:

- UK Data Protection Act 2018 and the retained EU law version of the General Data Protection Regulation 2016/679 (UK GDPR). 

- California Consumer Privacy Act 2018 (CCPA) and its amendment The California Privacy Rights Act (CPRA) 2018

- Virginia Consumer Data Protection Act 2023 (VCDPA)

- Colorado Privacy Act 2023  (ColoPA)

3. Our Privacy Policy Principles

-  You may opt in or out of our email communications at any time

-  You have the right to remove any information we may hold on you

-  We will never sell, rent, make public or distribute your personal information

-  Data is a liability and therefore should only be collected and processed when absolutely necessary

4. Who Are We?

- Our Registered Office is at 1 Farleigh Place, London, N16 7SX, United Kingdom

- Our Company Registration Number is UK 3913002

- Our Chief Privacy Officer (CPO) is Stuart Small, Operations Director who can be can be contacted at Jackson’s Art Supplies, Unit J, Edison Close, Waterwells Business Park, Quedgeley, Gloucester, GL2 2FN, United Kingdom  or +44 (0)1452 228482

This policy explains our role as a data controller when we use your personal information in order to fulfil the orders you place with us or interact with us through our website.

5. What Information Do We Collect About You And Where Do We Store It?

This Policy applies to all information we collect or is voluntarily submitted on the Jackson’s Art website. This website collects and uses personal information for the following reasons:


Online Forms

We collect the personal information you voluntarily provide to us, which includes your name and email address in order to subscribe to our newsletter, receive our free content, comment on our blog, participate in our Affiliate Program, and/or purchase services or online products. 


Customer Data

If you make an online purchase of our products and/or services, subscribe to our newsletter, comment on our blog, make requests or leave feedback then we will collect the following information.

-  Name

-  Address (billing and delivery)

-  Email address

-  Contact phone number

-  Delivery instructions

This information is held securely on our servers.


Website Visitor Tracking

Like most websites, our website uses Google Analytics. This tool collects information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. We use this information to better understand how visitors find us and how they interact with our website. We can use this to make adjustments to our website, to deliver a better user experience.  

We also use tracking on some social media platforms so that we can better understand how visitors are interacting with our site via social media and to track the effectiveness of any adverts we place on social media.

This data is all anonymised but you can opt out of this tracking at any time via your own browser settings. See our Cookie Policy for more details.

Our website uses software that tracks your IP data. When you visit our website, we may automatically log your IP address, a unique identifier for your computer or other access device. We will not use your IP address to identify you, the individual, in any way.

When you visit our website, we may automatically log your IP address, a unique identifier for your computer or other access device. We will not use your IP address to identify you, the individual, in any way.

We use IP addresses for the purpose of restoring your basket information or changing the language of currency.


Contact Forms and Email Links

Should you choose to contact us using the contact form on our Contact Page, none of the data that you supply will be stored by this website or passed to / be processed by any of the third-party data processors defined in section below. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP).

Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.

We store information on our own secure servers.

6. How Do We Use The Information We Collect About You?

We collect information about you to understand your needs and provide you with a better service. Specifically, we use your information for:

-  Internal record keeping

-  Improving our services

-  Providing you with offers relating to our products or services

-  The legal basis for this type of processing is either consent or our legitimate interests in growing our business.

We may send you such communications if you requested it and/or if you agreed to receive such communications. You can opt-out of these emails at any time through the ‘unsubscribe’ button in each email or by contacting us via email.

We will only share your information with trusted 3rd parties if necessary to provide support in running this website. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

We use the information you provide about yourself when placing an order only to complete that order. We do not share this information with outside parties except to the extent necessary to complete that order.

We use the information you provide about someone else when placing an order only to ship the product and to confirm delivery. We do not share this information with outside parties except to the extent necessary to complete that order.

We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties. We undertake not to retain any of your personally identifiable data any longer than necessary. Data will be retained for the purposes already mentioned in this policy until such time as it becomes no longer valid or you specifically request its removal.

Finally, we never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses. We will always provide you with a simple way to opt out later should you change your mind.


Google Analytics

Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.

Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third-party data processor (see Third-Party Processors below).

GA makes use of cookies, details of which can be found on Google’s developer guides. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.


Third Party-Data Disclosure

The Information Commissioner's Office states that:

Third-party, in relation to personal data, means any person other than –

(a) the data subject,

(b) the data controller, or

(c) any data processor or other person authorised to process data for the data controller or processor

Jackson's Art Supplies will never give any customer data to any third-party.

You should be aware that if we are requested by the police or any other regulatory or government authority investigating suspected illegal activities to provide your personal information and/or user information, we are entitled to do so.

These are the following legal reasons for processing personal data:

-  For the performance of a contract with you

-  Internal record keeping for statutory purposes

-  For the legitimate interests in growing our business

-  For the purpose of furthering Jackson’s legitimate interests including providing better products and services

-  For marketing purposes where you opted in to receive marketing communications from us, we will process your personal data and provide you with marketing communications in line with the preferences you have provided

8. Data Breaches

We will report any unlawful data breach of this website’s database or the database(s) of any of our third-party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

9. Cookies

A cookie is a piece of code that allows the web server to identify and track activity of the web browser. They are widely used in order to make websites work more efficiently, as well as to provide information to the owners of the website.

You can enable or disable your Cookie settings via your own web browser. See our Cookies Policy for more details.

For further details please consult the help menu in your browser or visit www.allaboutcookies.org

Cookies may be used to keep track of the contents of your shopping cart for example. You can turn off cookies within your browser by going to 'Tools | Internet Options | Privacy' and selecting to block cookies. If you turn off cookies, you will be unable to place orders or benefit from the other features that use cookies such as logging on or creating an account.

10. Our Third-Party Data Processors

We use a number of third-parties to process personal data on our behalf. These third-parties have been carefully chosen and all of them comply with the legislation set out in the Privacy Policy.

Google (Privacy Policy)

-  Dotmailer (Privacy Policy)

-  Royal Mail (Privacy Policy)

-  Whistl (Privacy Policy)

-  Direct Link (Privacy Policy)

-  DPD (Privacy Policy)

-  DHLGroup / Deutsche Post (Privacy Policy)

-  APC (Privacy Policy)

-  Parcel Force (Privacy Policy)

-  Boxberry (Privacy Policy)

-  FedEx (Privacy Policy)

-  Yodel (Privacy Policy)

-  Award Force (Privacy Policy)

-  WordPress (Privacy Policy)

-  Trustpilot (Privacy Policy)

-  PayPal (Privacy Policy)

Worldline (Privacy Policy)

-  Checkout.com (Privacy Policy)

11. Data Controller

The data controller of this website is: 

- Jackson’s Art Supplies Limited, a UK Private Limited Company

- Our Registered Office is at 1 Farleigh Place, London, N16 7SX, United Kingdom

- Our Company Registration Number is UK 3913002

- Operating Office: Unit J, Edison Close, Waterwells Business Park, Quedgeley, Gloucester, GL2 2FN, United Kingdom

12. Our Commitment to Data Security

To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

Our website environment is secured behind strict firewall rules and a virtual private network to place the environment behind public facing networks. Threat detection at infrastructure level is provided by AWS Guard Duty, continuously monitoring for malicious activity. For the public facing elements of the website CloudFlare provides malicious detection and blocking.

Our third-party payment acquirer and payment providers also conduct quarterly vulnerability scans to check the web hosting environment for known threats.

Though we have these procedures in place we can’t be held responsible for any intercepted information shared through our website without our knowledge or permission.

Further reading:

-  https://aws.amazon.com/guardduty/

-  https://www.cloudflare.com/products/bot-management/


Credit Card Security

We do not see or touch your credit card details and we do not store your card details anywhere within our systems or our web servers.

Your payment card details are sent in encrypted form to our credit card processor.

The payment card details are not entered into or stored on our website or servers

Your payment will be taken directly from our payment providers secure payment processing page.

If a malicious threat actor/hacker intercepts your payment internet traffic they will not be able to do anything with the payment data as the payment card number is scrambled during the upload process. No one can read the data except our payment card processing company.

We use secure servers (SSL) and extra strong encryption.  


Payment via PayPal 

Website takes the the user to PayPal to login or ‘one-time’ payment system

When payment has been completed, the user is taken back to the website to complete the order and confirm all details 


Payment via Debit/Credit Card

-  Website takes the user to "our" payment platform (Checkout.com) to complete the order payment 

When the payment has been completed, the user is taken back to the website to an order confirmation message

13. Our Commitment to Children's Privacy

Protecting the privacy of the young is especially important. For that reason, we never collect or maintain information at our website from those we actually know are under 16, and no part of our website is structured to attract anyone under 16.

14. How You Can Access Your Information

You can request a copy of the data we have collected from you (order history, personal details…) by submitting a request to our Data Protection Officer at Jackson’s Art Supplies, Unit J, Edison Close, Waterwells Business Park, Quedgeley, Gloucester, GL2 2FN, United Kingdom or +44 (0)1452 228482.

To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections.

15. How to Contact Us

Should you have other questions or concerns about these privacy policies, please call our Chief Privacy Officer on +44 (0)1452 228482.

In the extremely unlikely event that you are dissatisfied with any way that we handle your data requests, you are able to raise your issue with the 

United Kingdom's Information Commissioner's Office (ICO) at:

Live Chat: https://ico.org.uk/make-a-complaint/

Telephone Helpline: +44 (0)303 123 1113

16. Data Retention

The Company shall not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed.

When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay.

For full details of the Company’s approach to data retention, including retention periods for specific personal data types held by the Company, please refer to our Data Retention Policy. 

17. Your Rights

Your rights under data protection laws include the right to access, erase, correct, restrict, and/or object to our use and processing of your personal data, as well as the right to portability of the data. 

You have the right to confirmation as to how and where we process your data. To the extent that the legal basis for our processing consents, you have the right to withdraw at any time.

If you consider our processing to infringe data protection laws, you have the right to lodge a complaint with a supervisory authority.

18. Changes to Our Privacy Policy

This privacy policy may change from time to time in line with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes. Specific policy changes and updates are mentioned in the change log below.