Office Wall Art respects the privacy of all our customers and as such we are dedicated to protecting your privacy only collecting information from you that we require to provide the requested service.
The information that we collect from you in order to provide you the level of service that you require is:
Your requested delivery address
Your email address
Your phone number
Your images/words forwarded to us for your product
No Credit/Debit card information is held by us as payments are collected and encypted by a third party payment provider. The third party provider is regulated and under strict criteria and obligation to keep your personal data secure.
Images may be retained for further orders from you. If you specifically wish images/personal details to be deleted from our system please email at firstname.lastname@example.org.
All information held by us is stored securely.
All information held is provided by you, and is as accurate as you supply.
We may decide to run marketing campaigns or promote new products by contacting existing customers, customers have the option to opt out of any marketing emails that we may send.
We do not share your data with any other companies, nor do we pass your information to any third party.
Cookies are small text files that are placed on the device you use to access our website, in which some information is stored for the purposes described on this page.
We are Squark Design t/a Office Wall Art, a Limited Company registered at Companies House under the Company Number 09236673.
The information generated by the cookie about your use of the website (including your IP address) will be directly transmitted to and stored by Squark Design t/a Office Wall Art Limited on servers in the United Kingdom and the European Economic Area. Responsibility for this data corresponds exclusively to Squark Design t/a Office Wall Art Limited and, according to the terms and conditions of the service, will be used for the purpose of tracking your use of the website and compiling reports for website and internet activity.
Squark Design t/a Office Wall Art Limited may transfer said information to third parties where required to do so by law, or where such third parties process the information on Squark Design t/a Office Wall Art Limited’s behalf.
This tool does not gather data on users’ names or surnames or the postal address from which they connect. The information it gathers is related, for example, to the number of pages visited, the language, the city in which the IP address users access the website from is located, the number of users that visit us, the frequency and reoccurrence of visits, the length of the visit, the browser used and the operator or type of device through which the website is accessed.
We use this information to improve our website, detect new needs and assess the improvements to be made in order to provide a better service to our users.
You can allow, see, block or delete the cookies placed on your device in your browser settings.
SQUARK DESIGN t/a OFFICE WALL ART (OWA) Limited, the business address being 1st Floor, 28 Market Place, Grantham NG31 6LR, under company number 09236673, is committed to its obligations under the law and this document describes how SD is committed to meeting its data protection commitments and obligations. This policy sets out the lawful basis on which SD stores and processes personal data.
The Data Protection Act 1984 introduced basic rules of registration for users of data and rights of access to that data for the individuals to which it related. These rules and rights have been revised and superseded by the Data Protection Act 1998 which came into force 1st March 2000. These are superseded by the EU General Data Protection Regulation (GDPR) that come into force May 25th 2018.
SD’s Lawful Basis for Processing Data For all Business to Business, client to Business and Business to client communications (generally via email) Policy is to fully comply with the EU General Data Protection Regulation in line with the Information Commissioners Office guidelines.
SD is committed to being fully transparent about the data it collects and processes and to meeting its data protection obligations. This policy documents SD’s purpose of processing activities for all Business to Business, client to Business and Business to client communications (generally via email).
Should you have any questions or complaints regarding this policy please contact Squark Design t/a Office Wall Art via email at .
DEFINITIONS UNDER THE ACTS / REGULATIONS
A data controller is the person who determines the purposes for which and the manner in which any personal data is, or is likely to be, processed as part of the Data Protection Act 1998.
Under GDPR, a data controller determines how and why personal data is collected and where from.
A data “processor” acts on behalf of the “controller” to process data according to their guidelines. SD is both a controller and a processor.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
DATA PROTECTION PRINCIPLES
SD will comply with the 8 principles of the schedule 1 to the Data Protection Act, namely that personal data should be:
1. Processed lawfully, fairly and in a transparent manner in relation to the data subject ('lawfulness, fairness and transparency');
2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes ('purpose limitation');
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimisation');
4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are accurate, having regard to the purposes for which they are processed, are erased or rectified without delay ('accuracy');
5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject ('storage limitation');
6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ('integrity and confidentiality').
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
JUSTIFICATION OF PROCESSING
In order for data to be processed lawfully, under the first principle, SD has considered all legal bases for the collection of personally identifiable information via Business to Business, client to Business and Business to client communications (generally via email) that;
- We understand our responsibility to protect the individual’s interest;
- We believe that there is a limited privacy impact on the individual;
- We believe that the individual should reasonably expect us to use their data for business purposes and we do not want to bother them with disruptive consent requests when they are unlikely to object to the processing;
- We have identified the legitimate interests;
- We have checked that the processing is necessary and there is no less intrusive way to achieve the same result;
- We only use individual’s data in ways they would reasonably expect unless we have a very good reason;
- We are not using people’s data in ways they would find intrusive or which could cause harm unless we have a very good reason;
- We have considered safeguards to reduce impact where possible;
- We have considered whether we can offer an opt out;
- We keep our Legitimate Interests Assessment under review if circumstances change amend or change accordingly;
We have therefore decided that we justify processing and storing of personal data obtained via Business to Business, client to Business and Business to client communications (generally via email) on the grounds of legitimate interests and that legitimate interest is the commercial interest of SD.
SD has put in place adequate security measures to safeguard personal data from destruction, loss, unauthorised access or disclosure, for example, security against hacking on any website that collects visitors’ e-mail addresses.
RIGHTS OF INDIVIDUALS
SD affords the following rights to data subjects, in accordance with their application under the GDPR;
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
An individual may request access to all personal data of which he or she is the subject and which SD is processing. Requests of this nature may be submitted via the email address .
If SD discovers that there has been a breach of any personal data that poses a risk to the rights and freedoms of individuals, it will report it to the Information Commissioner within 72 hours of discovery. SD will record all data breaches regardless of their effect. If the breach is likely to result in a high risk to the rights and freedoms of individuals, it will tell affected individuals that there has been a breach and provide them with information about its likely consequences and the mitigation measures it has taken.
SD reserves the right to change this policy at any time by updating this page. This policy is effective from 21 May 2018.