During late May 2018, you may have received emails from websites with which you transacted business. These correspondences were about their updated Privacy Policies. In simple terms, new regulations were put in place to protect the privacy and personal information of citizens within the EU (European Union). Known as "General Data Protection Regulation" (GDPR), the regulations aim to give control to citizens and residents over their personal data and to simplify the regulatory environment for "international Businesses" by unifying the regulations within the EU.
Who is affected by this?
The short answer is only citizens of the EU. If you are a citizen of the EU and you find my site by way of a Search Engine, a pop-up screen will alert you and require you to consent to cookies to be enabled or declined. Cookies are important to the proper functioning of a website. They are used by online merchants to enable the shopping cart function, retain log-in details as well as provide a secure log-in. To view my website from anywhere in the EU, you must consent and agree to this. Otherwise, you will have no access granted to my site if you decline.
I have the utmost respect for your privacy and take the protection of any data you provide seriously. I only collect data you provide when voluntarily signing up for my occasional newsletters, or through the procuring and shipment of artwork to your destination. I do not distribute or share any information you provide. The following is a breakdown of the various kinds of information and data collected, the general purpose, and how it is used.
Tracking Website Visitors
Google provides a tool called Google Analytics for all online merchants to use, big and small. It show us the volume of website visitors we get, how visitors to the site interact, for how long, and if they return. I am able to use this generic data to better understand client needs, likes and dislikes etc. As an example, the data shows me if visitors "bounce" from my website (leave it) within moments of opening the site and what page they did it from. Google Analytics does this by using "cookies". The data collected by Google Analytics in no way personally identifies you to me. You are able to disable cookies from your web browser to block Google Analytics from tracking your visit to my website, or any website for that matter.
You have the ability to start your own account on my website, identify favorite artwork for future possible ownership, and assign yourself a password. You are able to provide name, email, and phone contact, and a site "username" that you create. This information stays under lock and key and is saved within the website database, which is hosted by Art Storefronts. You can change your password as many times as you like. Having your own account is a useful tool if you plan to procure a painting at a later date.
When you follow through on a transaction online using my website, Stripe works with me to facilitate payments as a third party and takes payment on my behalf. I am in no way privy to your choice of payment method or details or Stripe or PayPal information.
The Contact Form
If you contact me using my contact form for any reason, the data is retained as a record of your inquiry and as a way to return your correspondence for reference. This data is never shared or sold.
Emailed Newsletter Signups
Signing up for my newsletters is voluntary. If you sign up for my occasional newsletters (promotions / events / new works), the email address you submit is forwarded to MailChimp which acts as a third party processor. MailChimp is a marketing platform designed for small businesses such as mine to send emails (newsletters) or promotional information, a way to advertise and connect our e-commerce websites for some, and a way to help build our brand. Virtually any time you receive a sale offer from a merchant you used online, they are using MailChimp or a similar service.
If at ANY time you wish to have your email address removed from the database, simply click the unsubscribe button on my newsletters (be sure you are using the email address you subscribed with) to explicitly request the removal. MailChimp never tells the merchant who unsubscribed.
This Website Server
Is hosted by Art Storefronts. This website is HTTPS secure.
Our Third Party Data Processors
Sarah Pollock Studio and Sarah Pollock (collectively referred to as "Company," "we," or "us") respect your privacy. This Policy describes the ways we collect information from and about you, and what we do with the information, so that you may decide whether or not to provide information to us. By accessing our website or purchasing our products or services you agree to this Privacy Statement in addition to any other agreements we might have with you.
Collection of your Personal Information
The information we collect may include your personal information, such as your name, contact information, IP addresses, product and service selections and other things that identify you. We collect personal information from you at the certain points, including but not limited to the following:
when we correspond with you as a customer or prospective customer;
when you visit our website;
when you register as an end-user of our services and an account is created for you;
when you contact us for help;
when you attend our customer conferences or webinars; and
when the site sends us error reports or application analytics data.
Our Use of your Personal Information
Our Company may use information that we collect about you to:
deliver the products and services that you have requested;
provide you with customer support;
perform research and analysis about your use of, or interest in, our products, services, or content, or products, services or content offered by others;
communicate with you by e-mail, postal mail, telephone and/or mobile devices about products or services that may be of interest to you
develop and display content and advertising tailored to your interests on our site;
verify your eligibility and deliver prizes in connection with promotions, contests and sweepstakes;
enforce our terms and conditions;
manage our business;
transfer personal information to third parties for any legally permissible purpose in our sole discretion.
Disclosure of your Personal Information to Third Parties
We may share your personal information with third parties in the following ways:
we may provide your information to our agents, vendors or service providers who perform functions on our behalf or who help us provide and support our Services. For example, if it is necessary to provide you something you have requested. Examples of our Vendors and Service Providers include payment processors, hosting services and content delivery services, such as Stripe, PayPal, Google, Drip, Mailchimp and Intercom;
third party contractors may have access to our databases. Usually these contractors sign a standard confidentiality agreement;
we may share your data with any parent company, subsidiaries, joint ventures, other entities under a common control or third-party acquirers. We expect these other entities will honor this Privacy Statement;
as required by law enforcement, government officials, or other third parties pursuant to a subpoena, court order, or other legal process or requirement applicable to our Company; or when we believe, in our sole discretion, that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our agreements or Company policies; and
sometimes, we share your information with our third-party Service Providers,
we may, from time to time, offer surveys, contests, or other promotions on our Websites or through social media (collectively “Our Promotions”). Participation in our Promotions is completely voluntary. Information requested for entry may include personal contact information such as your name, address, date of birth, phone number, email address, username, and similar details. We use the information you provide to administer Our Promotions. We may also, unless prohibited by the Promotion’s rules or law, use the information provided to communicate with you, or other people you select, about our Services. We may share this information with our affiliates and other organizations or Service Providers in line with this policy and the rules posted for the Promotion.
other third parties with your consent or direction to do so.
Please note that these third parties may be in other countries where the laws on processing personal information may be less stringent than in your country.
We have a public blog on our web site. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Information appears on our blog and you want it removed, contact us at www.sarahpollock.com or click the "unsubscribe" link found at the bottom of every email.
Social media platforms and widgets. Our web site includes social media features. These features may collect information about your IP address and which page you are visiting on our Website, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our Website. We also maintain presences on social media platforms including Facebook, YouTube, Pinterest, and Instagram. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves.
Our Security Measures to Protect your Personal Information
Our Company uses industry-standard technologies when transferring and receiving data exchanged between our Company and other companies to help ensure its security. This site has security measures in place to help protect information under our control from the risk of accidental or unlawful destruction or accidental loss, alteration or unauthorized disclosure or access. However, "perfect security" does not exist on the Internet. Also, if this web site contains links to other sites, our Company is not responsible for the security practices or the content of such sites.
Web Beacons. Our Company and third parties may also use small pieces of code called “web beacons” or “clear gifs” to collect anonymous and aggregate advertising metrics, such as counting page views, promotion views, or advertising responses. These “web beacons” may be used to deliver cookies that conform to our Company’s cookie requirements.
We may create links to other websites. We will make a reasonable effort to link only to sites that meet similar standards for maintaining each individual’s right to privacy. However, many other sites that are not associated with or authorized by our Company may have links leading to our site. Our Company cannot control these links and we are not responsible for any content appearing on these sites. Since this website does not control the privacy policies of third parties, you are subject to the privacy practices of that third party. We encourage you to ask questions before you disclose any personal information to others.
Our Company websites may use third parties to present or serve the advertisements that you may see at its web pages and to conduct research about the advertisements and web usage. This Privacy Statement does not cover any use of information that such third parties may have collected from you or the methods used by the third parties to collect that information.
Our Retention of your Personal Information
We will retain any personal information only for as long as is necessary to fulfill the business purpose it was collected. We will also retain and use your personal information for as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Your Right to Opt-Out or Unsubscribe from Communication
If you do not want to receive communication from us in the future, please let us know by sending us e-mail through this web site. If you supply us with your postal address online, you will only receive the information for which you provided us your address.
International Transfers of your Personal Information
Information collected from you may be stored and processed in the United States or any other country in which our Company or agents or contractors maintain facilities, and by accessing our sites and using our services, you consent to any such transfer of information outside of your country. European Union or Swiss individuals may refer to the Privacy Shield statement with regard to the transfer of their personal data.
Merchants and Partners
The GDPR also applies to the merchants and partners of Sarah Pollock Studio and Sarah Pollock who operate in the EU/EEA (European Union/European Economic Area) or Switzerland and offer goods or services to residents of the EU/EEA or Switzerland. While Sarah Pollock Studio (www.sarahpollock.com) is performing action to be compliant with GDPR, and to provide its merchants with tools to help its merchants comply, each merchant is ultimately responsible for ensuring that their business complies with the laws of the jurisdictions in which they operate or have buyers. Using Sarah Pollock Studio or www.sarahpollock.com does not guarantee that a merchant or partner complies with GDPR.
Merchants and Partners Access to and Updating or Deletion of your Personal Information
The GDPR also gives certain rights to identified or identifiable persons (referred to as data subjects), including Sarah Pollock Studio and www.sarahpollock.com merchants. These include the right to request at no cost;
Deletion of personal data
Correction of their data
Access to their data
An export of their data in a portable format
The GDPR also gives certain rights to identified or identifiable persons (referred to as data subjects), including buyers visiting stores belonging to Sarah Pollock Studio and www.sarahpollock.com merchants. These include the right to request:
Deletion of personal data
Correction of their data
Access to their data
An export of their data in a portable format
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
We do not specifically market to children under the age of 13 years old.
Changes to our Privacy Statement
Our Company may amend this Privacy Statement at any time by posting a new version. It is your responsibility to review this Privacy Statement periodically as your continued use of this website represents your agreement with the then-current Privacy Statement.
If you have any questions about this Privacy Statement, the practices or concerns of this site, or feel that the site is not following its said policy, please contact us through this web site.
Privacy Shield Statement
Sarah Pollock Studio and www.sarahpollock.com complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.
"Personal Data" means information that (1) is transferred from the EU/EEA or Switzerland to the United States; (2) is recorded in any form; (3) is about or pertains to a specific individual; and (4) can be linked to that individual.
"Sensitive Personal Information" means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.
Sarah Pollock Studio and www.sarahpollock.com may receive Personal Data from its own personnel as well as from its affiliates and other parties located in the EU/EEA. Such information may contain names, addresses, email addresses and payment information and may be about customers, clients of customers, business partners, consultants, employees, and candidates for employment and includes information recorded on various media as well as electronic data.
Other than its own human resources data, Sarah Pollock Studio and www.sarahpollock.com generally does not collect Personal Data directly from individuals. Sarah Pollock Studio and www.sarahpollock.com, however, acting as a data processor may receive Personal Data via its customers.
Personal Data Collection Principles:
1. We shall inform an individual of the purpose for which we collect and use their Personal Data and the types of third parties to which our Company discloses or may disclose that Personal Data. Our Company shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to our Company, or as soon as practicable thereafter, and in any event before our Company uses or discloses the Personal Data for a purpose other than for which it was originally collected. Sarah Pollock Studio and www.sarahpollock.com may be required to disclose Personal Data in response to lawful request by public authorities, including to meet national security or law enforcement requirements.
2. Individuals have the opportunity to choose (opt out) whether their Personal Data is (1) to be disclosed to a non-Agent third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual by contacting us. Agents, technology vendors and/or contractors of Sarah Pollock Studio or www.sarahpollock.com or its affiliates may have access to an individual’s Personal Data on a need to know basis for the purpose of performing services on behalf of Sarah Pollock Studio and www.sarahpollock.com or providing or enabling elements of the services. All such agents, technology vendors and contractors who have access to such information are contractually required to keep the information confidential and not use it for any other purpose than to carry out the services they are performing or as otherwise required by law.
3. Accountability for Onward Transfer. Prior to disclosing Personal Data to a third party, we shall notify the individual of such disclosure and allow the individual the choice (opt out) of such disclosure.
Limit the data you share with your partners and vendors to only that data you have permission to share.
Proactively confirm that your partners and vendors understand purpose limitations.
Ensure partners and vendors will make reasonable efforts to comply with the purpose limitation and appropriate protection of that data.
Ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles.
Take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles.
Upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing.
4. Data Security. We shall take reasonable steps to protect the Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. Our Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Personal Data from loss, misuse, unauthorized access or disclosure, alteration or destruction. However, our Company cannot guarantee the security of Personal Data on or transmitted via the Internet.
5. Data Integrity and Purpose Limitation. We shall only process Personal Data in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, our Company shall take reasonable steps to ensure that Personal Data is accurate, complete, current and reliable for its intended use.
6. Access and Recourse. We acknowledge the individual’s right to access their Personal Data. We shall allow an individual access to their Personal Data and allow the individual the opportunity to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. Individuals may contact our Privacy Officer via email to request access.
a. Human Resources Data. Sarah Pollock Studio and www.sarahpollock.com would generally not collect human resources data. If there was reason to collect such information and there was a complaint it would be addressed within a timely period. If your complaint is not satisfactorily addressed by Sarah Pollock Studio and www.sarahpollock.com, and your inquiry or complaint involves human resource data, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel established by the EU data protection authorities (“DPA Panel”), and for Swiss Data Subjects, the Swiss Federal Data Protection and Information Commissioner (“FDPIC”). To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work. Sarah Pollock Studio and www.sarahpollock.com agree to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel and the FDPIC. The services of EU DPAs are provided at no cost to you.
b. Independent Recourse - Non-Human Resources Data. Sarah Pollock Studio and www.sarahpollock.com has further committed to refer unresolved Privacy Shield complaints to EU data protection authorities (“DPA Panel”) and The Swiss Federal Data Protection and Information Commissioner (“FDPIC”), an alternative dispute resolution provider located in the (the EU, or Switzerland, as applicable). If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit: EU DPA Contact: https://ec.europa.eu/info/departments/justice-and-consumers_en#contact Phone number+32 2 299 11 11 (Commission switchboard) Postal address: Directorate-General for Justice and Consumers European Commission 1049 Bruxelles/Brussel Belgium FDPIC Contact: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection---switzerland.html Data Protection and Information Commissioner of Switzerland Tell. +41 58 462 43 95; Fax +41 58 462 99 96 Please note that if your complaint is not resolved through any of the above channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
c) Amendments This Privacy Statement may be amended from time to time consistent with the requirements of the Shield Frameworks. We will post any revised policy on this website.
d) Information Subject to Other Policies We are committed to following the Principles for all Personal Data within the scope of the Privacy Shield Frameworks. We are committed to following the Principles for all Personal Data within the scope of the Privacy Shield Frameworks. However, certain information is subject to policies of Sarah Pollock Studio and www.sarahpollock.com that may differ in some respects from the general policies set forth in this Privacy Statement.
Updated: September 9, 2022