This policy explains what personal information we collect when you visit or buy from alanreed.com, why we collect it, how we use it, and the rights you have under UK GDPR.
Our website address is https://alanreed.com. The site is operated by Alan Reed Art, an art studio and gallery based in Ponteland, Northumberland.
When visitors leave comments on the site, we collect the data shown in the comments form, and also the visitor's IP address and browser user-agent string to help with spam detection.
An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see whether you are using it. The Gravatar service privacy policy is available at https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
When you fill in a contact form on the site, we collect the name, email address and any message details you provide so that we can reply to your enquiry. This information is sent directly to the studio's email inbox and is also stored in the website database for a reasonable period in case we need to refer back to it. We do not use contact-form submissions for marketing without your explicit consent.
If you leave a comment on our site, you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine whether your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen-display choices. Login cookies last for two days, and screen-options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after one day.
Articles on this site may include embedded content (for example videos, images and articles). Embedded content from other websites behaves in exactly the same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction if you have an account and are logged in to that website.
We use Google Analytics to understand how visitors find and use our website. This helps us improve the site and the content we publish. Google Analytics sets cookies that record information such as the pages you visit, the time and duration of your visit, the device and browser you use, and an approximate (city-level) location based on your IP address. Where possible, IP addresses are anonymised before storage. We do not use analytics to identify individual visitors. You can opt out of Google Analytics at any time by installing the Google Analytics Opt-out Browser Add-on.
We do not sell, rent or trade your personal information. We share data only with the trusted service providers that we need to use in order to operate the site and fulfil orders:
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Order and invoice records are retained for at least six years in line with HMRC requirements for businesses.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal or security purposes.
Under UK GDPR you also have the right to:
Visitor comments may be checked through an automated spam-detection service. Where data is processed outside the UK or EEA (for example by analytics providers), we rely on appropriate safeguards such as Standard Contractual Clauses to protect your information.
If you wish to exercise any of the rights above, or have any questions about this policy, please contact the studio:
The website is served over HTTPS with an up-to-date TLS certificate, meaning data transferred between your browser and our server is encrypted in transit. Account passwords are stored in hashed form, not in plain text. Access to the website's back end is restricted to authorised administrators and protected by strong passwords. Backups are stored securely and access logs are retained to help detect unauthorised activity.
In the unlikely event of a data breach involving personal information, we will assess the risk to affected individuals and notify the UK Information Commissioner's Office (ICO) within 72 hours where required. Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
We may receive limited information from payment-processor or anti-fraud services when verifying a transaction (for example a confirmation that a payment has succeeded). We do not buy or otherwise obtain personal data from third-party data brokers.
We do not carry out any automated decision-making or profiling that has a legal or significant effect on you. Spam detection on comment submissions is the only automated check performed and does not affect any other dealings we have with you.
Alan Reed Art operates as a UK-based small business and is not subject to any sector-specific regulatory disclosure requirements beyond those imposed by UK GDPR and the Data Protection Act 2018.
Questions about this policy? Please contact the studio on 01661 820626 or email art@alanreed.com. You can also read our Terms & Conditions.