This policy outlines how we obtain, store, use and share your personal information
What Does This Policy Cover?
1. Our Commitment To Your Privacy
Your privacy is important to us and we are committed to protecting your personal information. To better protect your privacy, we provide this policy explaining our online information practices and the choices you can make about the way your information is collected and used.
2. Relevant Legislation:
Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
4. Who Are We?
This policy explains our role as a data controller when we use your personal information in order to fulfil the orders you place with us or interact with us through our website.
5. What Information Do We Collect About You And Where Do We Store It?
This Policy applies to all information we collect or is voluntarily submitted on the Jackson’s Art website. This website collects and uses personal information for the following reasons:
We collect the personal information you voluntarily provide to us, which includes your name and email address in order to subscribe to our newsletter, receive our free content, comment on our blog, and/or purchase services or online products.
If you make an online purchase of our products and/or services, subscribe to our newsletter, comment on our blog, make requests or leave feedback then we will collect the following information;
This information is held securely on our servers.
Website Visitor Tracking
Like most websites, our website uses Google Analytics. This tool collects information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. We use this information to better understand how visitors find us and how they interact with our website. We can use this to make adjustments to our website, to deliver a better user experience.
We also use tracking from Facebook and Pinterest so that we can better understand how visitors are interacting with our site via social media and to track the effectiveness of any adverts we place on social media.
Our website uses software that tracks your IP data. When you visit our site, we may automatically log your IP address, a unique identifier for your computer or other access device. We will not use your IP address to identify you, the individual, in any way.
When you visit our site, we may automatically log your IP address, a unique identifier for your computer or other access device. We will not use your IP address to identify you, the individual, in any way
We use IP addresses for the purpose of restoring your basket information or changing the language of currency.
Contact Forms and Email Links
Should you choose to contact us using the contact form on our Contact Us Page, none of the data that you supply will be stored by this website or passed to / be processed by any of the third-party data processors defined in section below. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.
We store information on our own secure servers
6. How Do We Use The Information We Collect About You?
We collect information about you to understand your needs and provide you with a better service. Specifically, we use your information for:
The legal basis for this type of processing is either consent or our legitimate interests in growing our business.
We may send you such communications if you requested it and/or if you agreed to receive such communications. You can opt-out of these emails at any time through the ‘unsubscribe’ button in each email or contacting us via email.
We will only share your information with trusted 3rd parties if necessary to provide support in running this Website. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
We use the information you provide about yourself when placing an order only to complete that order. We do not share this information with outside parties except to the extent necessary to complete that order.
We use the information you provide about someone else when placing an order only to ship the product and to confirm delivery. We do not share this information with outside parties except to the extent necessary to complete that order.
We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties. We undertake not to retain any of your personally identifiable data any longer than necessary. Data will be retained for the purposes already mentioned in this policy until such time as it becomes no longer valid or you specifically request its removal.
Finally, we never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses. We will always provide you with a simple way to later opt out later should you change your mind.
We never transfer any of your personally identifiable information outside of the EU.
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third-party data processor (see Third-Party Processors below).
Third-Party - Data Disclosure
The Information Commissioner's Office states that:
Third party, in relation to personal data, means any person other than –
(a) the data subject,
(b) the data controller, or
(c) any data processor or other person authorised to process data for the data controller or processor
Jackson's Art Supplies will never give any customer data to any third-party.
You should be aware that if we are requested by the police or any other regulatory or government authority investigating suspected illegal activities to provide your personal information and/or user information, we are entitled to do so.
7. The Legal Basis For Processing Personal Data
These are the following legal reasons for processing personal data:
8. Data Breaches
We will report any unlawful data breach of this website’s database or the database(s) of any of our third-party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
A cookie is a piece of code that allows the web server to identify and track activity of the web browser. They are widely used in order to make websites work more efficiently, as well as to provide information to the owners of the website.
You can enable or disable your Cookie settings via your own web browser. See our Cookies Policy for more details.
For further details please consult the help menu in your browser or visit www.allaboutcookies.org
10. Our Third-Party Data Processors
11. Data Controller
12. Our Commitment to Data Security
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Our website environment is secured behind strict firewall rules and a virtual private network to place the environment behind public facing networks. Threat detection at infrastructure level is provided by AWS Guard Duty, continuously monitoring for malicious activity. For the public facing elements of the website CloudFlare provides malicious detection and blocking.
Our third-party payment acquirer and payment providers also conduct quarterly vulnerability scans to check the web hosting environment for known threats.
Though we have these procedures in place we can’t be held responsible for any intercepted information shared through our website without our knowledge or permission.
Credit Card Security
We do not see or touch your credit card number and we do not store it anywhere within our systems or our web servers.
Your credit card number is sent in encrypted form to our credit card processor.
The data is not entered into our website.
The payment will be taken directly from our payment providers processing page.
If a malicious threat actor/hacker intercepts your payment internet traffic they will not be able to do anything with the data as the card number is scrambled during the upload process. No one can read the data except our credit card processing company.
We use secure servers (SSL) and extra strong encryption.
Payment via PayPal
Payment via debit/ credit card
13. Our Commitment to Children's Privacy
Protecting the privacy of the young is especially important. For that reason, we never collect or maintain information at our website from those we actually know are under 16, and no part of our website is structured to attract anyone under 16.
14. How You Can Access Your Information
You can request a copy of the data we have collected from you (order history, personal details…) by submitting a request to our Data Protection Officer at Jackson’s Art Supplies, Unit J, Edison Close, Waterwells Business Park, Quedgeley, Gloucester, GL2 2FN or 01452 228482. We will then be committed to emailing you a PDF detailing the data.
To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections.
15. How to Contact Us
Should you have other questions or concerns about these privacy policies, please call our Data Protection Officer at 01452 228482.
In the extremely unlikely event that you are dissatisfied with any way that we handle your data requests, you are able to raise your issue with the ICO.
16. Data Retention
The Company shall not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed.
When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay.
For full details of the Company’s approach to data retention, including retention periods for specific personal data types held by the Company, please refer to our Data Retention Policy.
17. Your Rights
Your rights under data protection laws include the right to access, erase, correct, restrict, and/or object to our use and processing of your personal data, as well as the right to portability of the data.
You have the right to confirmation as to how and where we process your data. To the extent that the legal basis for our processing consents, you have the right to withdraw at any time.
If you consider our processing to infringe data protection laws, you have the right to lodge a complaint with a supervisory authority.
15/11/22 - Policy updated regarding our third-party data processors and ecommerce payment providers