Privacy Policy
1. Introduction
At Fiona Graham-Mackay, accessible via fionagraham-mackay.com, we are committed to safeguarding the privacy and protection of personal data for all visitors, users, and customers. Your trust is of paramount importance to us, and we are dedicated to handling your personal information in a secure, lawful, and transparent manner. This Privacy Policy outlines how we collect, use, and process your personal data in accordance with applicable data protection regulations, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data collected through fionagraham-mackay.com and any related services or communications. For the purposes of applicable data protection legislation, the data controller responsible for your personal information is Fiona Graham-Mackay. Any inquiries regarding the processing of your personal data may be directed to [email protected].
3. Categories of Data Processed
We may collect, use, store, and transfer various categories of personal data depending on your interactions with the website:
a. Usage Data – including but not limited to your browser type and version, device ID, language preferences, IP address, access times, referring pages, and clickstream data.
b. Account Data – includes your full name, postal address, email address, telephone number, and any credentials used to register for an account or service.
c. Profile Data – such as user settings, behavioral data, browsing and purchase history, artist preferences, and other information voluntarily provided to personalize your experience.
d. Communication Data – includes the history of correspondence with us, such as customer service inquiries, survey responses, and submissions via contact forms.
e. Technical Data – including device type, operating system, Internet service provider, screen resolution, and system configurations relevant to functionality and troubleshooting.
f. Transaction Data – information pertaining to purchases and payment history, billing and shipping addresses, payment method identifiers (e.g., last four digits of credit card number), and order confirmations.
g. Preference Data – includes marketing preferences, newsletter opt-ins, language selections, and interest data (e.g., favorite artworks or events).
4. Legal Bases for Processing
We process personal data only when lawful bases under the GDPR and CCPA apply, including:
– Consent: When you explicitly opt in to marketing communications, newsletter subscriptions, or third-party data sharing.
– Contractual Necessity: When data is required for us to fulfill our obligations under a contract, such as processing your purchases or providing requested services.
– Legitimate Interest: Where processing is necessary for our legitimate business interests – for instance, to improve site performance, prevent fraud, or deliver relevant content – and is not overridden by your rights.
– Legal Obligation: When we are required to process or retain personal data to comply with applicable laws or legal proceedings.
5. Your Rights
Under the GDPR and CCPA, you have the following rights regarding your personal data:
– Right of Access: You may request confirmation as to whether we process your personal information and, if so, obtain a copy of such data.
– Right to Rectification: You may request that inaccurate or incomplete data be corrected or supplemented.
– Right to Erasure: You may request deletion of your personal data, provided there is no legal basis requiring its continued retention.
– Right to Restriction: You may request the limitation of processing under specific conditions prescribed by law.
– Right to Data Portability: You may request transmission of your data to you or a third party in a structured, commonly used, and machine-readable format.
– Right to Object: You may object to certain forms of processing, such as direct marketing or profiling.
– Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting prior processing.
Residents of California may additionally exercise the rights to know what categories of data we collect, delete personal data, and opt out of certain sales of personal information, where applicable.
To exercise any of these rights, you may contact us at [email protected].
6. Security Measures
We implement appropriate technical and organizational security measures to ensure the confidentiality, integrity, and availability of your data. These include, but are not limited to:
– SSL/TLS encryption of the website and all communications
– Role-based access controls and authentication protocols
– Regular encrypted off-site data backups
– Staff training on data protection policies and responsibilities
– Ongoing internal audits and vulnerability assessments
7. International Transfers
Where your personal data is transferred outside the European Economic Area (EEA) or the United Kingdom, we ensure that such transfers are conducted in accordance with relevant legal safeguards, including Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner’s Office. We shall take all necessary steps to ensure that data transfers comply with applicable privacy legislation irrespective of where the data is processed.
8. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected or to comply with applicable legal, tax, or regulatory obligations. Specific retention periods include:
– Account Data – retained for the duration of your account and up to 3 years following closure
– Transaction Data – retained for 7 years for financial auditing and compliance
– Communication Data – retained for 2 years from the last contact for service-related matters
– Preference and Marketing Data – retained until you withdraw your consent or unsubscribe
– Technical and Usage Data – retained for up to 12 months unless anonymized
Following expiration of the retention period, personal data is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar tracking technologies to enhance your browsing experience and improve the functionality of fionagraham-mackay.com. Cookies fall into the following categories:
– Essential Cookies: Necessary for site functionality and secure access. These cannot be disabled.
– Functional Cookies: Support enhanced features like user preferences and login retention.
– Analytics Cookies: Allow us to measure traffic, usage trends, and performance, using tools like Google Analytics in an anonymized capacity.
– Performance Cookies: Help track error messages, load times, and technical navigation metrics.
10. Cookie Management and Compliance
Pursuant to GDPR and CCPA regulations:
– Consent is obtained before non-essential cookies are placed on your device.
– You have the ability to manage cookie settings via our cookie management tool.
– You may also control cookies through your browser settings or device permissions.
– California residents may utilize our “Do Not Sell My Personal Information” mechanisms if applicable, though we do not sell personal data in the conventional sense.
11. Protections for Children Under 13
This website is not intended for nor knowingly directed at children under the age of 13. We do not knowingly collect personal data from children. If we become aware that a minor has submitted personal information without verifiable parental consent, we will take reasonable steps to delete such information promptly.
12. Policy Updates and User Notifications
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. Where such changes materially affect your rights or the way in which your data is processed, we will endeavor to notify you via prominent notice on our website or direct communication channels.
13. Contact
Should you have any questions, concerns, or requests related to this Privacy Policy or our data processing practices, please contact:
Email: [email protected]
We are committed to full compliance with all applicable data protection laws and to transparency in our data processing practices. If you have concerns about your privacy while using fionagraham-mackay.com, please contact us and we will address your request promptly and in accordance with applicable laws.