Last update: 14th July 2020 by Charles Burns
We have long recognised the importance of data: of keeping it securely and not abusing it. We take pride in our artistic and creative communications with existing and potential clients. However, we also realise that those who entrust us with their contact details do so in the expectation that we will use it judiciously and will not bombard them with ‘spam’. We have never sold contact details to any third party.
This policy identifies the main sources of data we hold, what we use it for and how we may eventually delete it. It also describes the means by which we use, and process data.
A. Data Audit
Having carried out a comprehensive data audit we have identified the following types of data we hold, and the manner in which we collect and store it:
- Clients and enquirer details. Those who have contacted us with an enquiry for a commission or other purchase, whether by phone, email or website form. Their contact details remain in our email archives, calendar archives and in any paperwork relating to the enquiry, whether or not the commission is confirmed.
- Mailing list subscriber details. All who visit our website, whether or not they contact us, are offered the option to sign up to our mailing list. Those who do so will have their email addresses stored in our website mailing list database.
- Website user login details. Clients have the option to create a user account on our website to help keep track of orders. Those who do so will have the personal information they provide stored in their user profile on our website.
- Website comments. Those who leave comments on our studio day and announcement posts will have this data recorded together with IP address and other metadata.
- Physical addresses. Clients who order physical goods, or who take part in studio days will need to supply a mailing address for delivery of silhouettes and other goods. These addresses are stored in the order records and in studio-day spreadsheets.
- Phone numbers. We ask clients placing an order or registering for online events to supply a phone number in case we need to contact them about their orders. These numbers are stored in the order records and in studio-day spreadsheets.
- Regular contacts. In addition to the above records, regular clients may also also have their contact details entered into our principle contact database for ease of access.
- Silhouette Duplicates. White-paper copies of each silhouette cut by Charles Burns often (but not always) accompanied by a unique identifying number. They are sorted by date and eventually pasted into a series of archive folios, together with whatever jottings Charles added to them on the day. Metadata for each silhouette includes the date cut and silhouette number.
- Photographs and videos. These are occasionally recorded during studio events and online parties, and may include clients at those events. Some photos are taken by the artist, usually as a screenshot, others are taken by a photographer physically at the studio and yet others are sent to us afterwards by clients. Metadata held includes whatever data was recorded by the camera device at the time (date, time, GPS location, etc.). They are stored in the Mac application ‘Photos’ and/or email archives. Photographs stored in ‘Photos’ are automatically backed up in Apple’s iCloud.
- Website cookies. Our website uses a number of cookies. These are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. Those who visit our login page receive a temporary cookie to determine if their browser accepts cookies. This cookie contains no personal data and is discarded when closing the browser.
- User login cookies. When registered users log in, several cookies are set to save their login information and screen display choices. These login cookies last for two days, extending to two weeks if users select “Remember Me”. When users log out these login cookies are removed. Screen option cookies last for a year.
- Email metadata. The email programs we use employ tracking facilities. These allow us to track the opening and forwarding of emails, the clicking of links within emails, and the times, dates and frequency of such activity.
B: Third-party Services
We use the following third-party services to help us manage our business, all of whom collect and manage data on our behalf. Those with questions about the handling of such data would do well to refer to the privacy policies of these companies. This is not an exhaustive list, but lists the services we currently most use.
- Apple: Apple Mail, Calendar, Contacts and other applications are used for day-to-day management of the business. All data is backed up to Apple’s iCloud service.
- MailChimp: used to manage our website mailing lists and other website-generated emails.
- WordPress: used to construct our website and manage user login details.
- WooCommerce: used to process all website orders and delivery details.
- Casual studio help: used to paste duplicate silhouettes into albums including numbers and other metadata attached to or written on the silhouettes.
- Spink and Thackeray: used to scan and digitise silhouette duplicates.
- FooEvents: used to manage tickets sales and preregistration for virtual studio days
- GiftUp!: used to sell, manage and keep track of used and unused gift cards.
- Stripe: used to process online payments.
- Paypal: also used to process online payments.
- Gravatar: used to manage website comments and identify previously-approved commenters.
- Zoom: used to run our virtual studio days.
C: Uses of Data
We have identified the following principle uses for the above data:
- Welcome emails. Those who subscribe to our MailPoet mailing list will receive an initial series of welcome emails containing snippets of information about silhouettes. The exact number and frequency of these emails will vary, but they could be daily and last for a week or more. At the end of the welcome period those who enjoyed these emails will be given the option to receive more.
- E-mail newsletter and studio notifications. These are sent on an ongoing basis to all contacts in the above mailing list. The newsletter is sent not more than once a month, while studio-day notifications are sent as and when they occur.
- Email metadata (eg: subscriber open and click rates) are used to determine which subscribers are engaging with our content. We will attempt to reengage users who who appear disinterested, but may eventually unsubscribe them.
- Phone numbers collected during studio-day registration may be used to contact clients in the event that they are late for a studio-day appointment. Those collected when ordering other goods are rarely if ever used.
- Delivery. Postal addresses collected during the ordering process are used for delivery of silhouettes, artwork and other items ordered by our clients.
- Postal updates. Clients may also receive occasional postal updates, if they have requested to do so, but not more than once a year.
- Artistic and copyright records. Silhouette duplicates cut by Charles Burns are kept as a personal artistic record and to preserve the artist’s copyright for each silhouette cut. They allow Charles to monitor the development of his own skills as an artist, and to check ‘bad cutting habits’ when and if they develop.
- Reproduction of silhouettes. Duplicate silhouettes are also available to our clients should they wish to order a copy. They can be identified in our archive folios by their number and the date on which they were cut.
- Social media. Images, including silhouette duplicates, photographs and video, are used in our various social-media campaigns, principally on Instagram and Facebook. Client silhouettes used in this way are anonymised, unless we have the express permission of the subject to identify them.
- Christmas cards. Regular clients may receive a hand-made silhouette Christmas card each year.
Our communications, outside of those relating to a specific purchases or online events, are sent on the basis that we have a legitimate interest in doing so. Any such communications are limited, tailored and only sent to clients or those people who we reasonably believe would be interested in receiving that particular communication.
The following systems are in place to obtain and record permissions for use of data:
- Each newsletter includes a footnote with a reminder that the recipient is receiving our newsletter because they have signed up to our mailing list. This is followed by clear and simple unsubscribe instructions should they have changed their minds, and a link to the current version of this policy (ie: this page).
- Our newsletter is currently sent out using MailPoet. This program handles all unsubscribe requests automatically. It retains a record of all unsubscribed emails to ensure that they are not accidentally re-subscribed in the future.
- Whenever possible we obtain permission to use photographs in social media. However, this is only possible if the subject’s name is known, which is not always the case. Photographs containing images of children or vulnerable adults are never used in this way.
- Since silhouettes are regarded as being by nature anonymous, and since the artist retains copyright of such images, we use silhouette duplicates freely in social media. We do not include names (where these are known) without at least the verbal permission of the subject.
- Any request to take down a particular image from social media, whether a photograph or silhouette, is complied with without question.
- Original paper silhouettes are presented on printed cards. Each card includes the copyright symbol “©” and the name of the artist. This acts as a reminder that an artist automatically retains copyright of their own work and that recipients should seek permission from the artist to use the image, particularly for commercial use. Implicit in this copyright is also the artist’s right use to use the image in any reasonable way.
- We do not share personal data with any third parties without express permission, and have a policy of never selling personal data to any third party whatsoever.
- No permission is sought to send Christmas cards to clients.
The following notes apply to the security of your data:
- Most of the information we receive will be transmitted electronically, e.g. information provided via our website or by email. We would remind clients and suppliers that information transmitted via the internet is not completely secure. Although we do our best to protect any information transmitted in this way, we cannot guarantee its complete security.
- We have put in place appropriate security measures, including password protection (using complex passwords) and physical security measures at our premises, to prevent personal data being accidentally lost, accessed or used in an unauthorised way, altered or disclosed.
- All information provided to us is stored in the United Kingdom. No information is transferred to, or stored at, a destination outside the European Economic Area.
- In addition, we limit access to personal data to staff members and third-party suppliers who have a business need to know. They will only use data in accordance with our instructions and they are subject to a duty of confidentiality.
- We have put in place procedures to deal with any suspected personal data breach. We will notify those affected, and any applicable regulator, of a breach where we are legally required to do so.
F: Data Rights
Everybody, in summary, has the right to:
- Request access to their personal data (commonly known as a “data subject access request”).
- Request correction of personal data that we hold about them.
- Request erasure of their personal data.
- Object to processing of their personal data where we are relying on a legitimate interest (or those of a third party) and there is something about their particular situation which makes them want to object to processing on this ground as they feel it impacts on their fundamental rights and freedoms.
- Request restriction of processing of their personal data.
- Request the transfer of their personal data to themselves or to a third party.
- Withdraw consent at any time where we are relying on consent to process personal data.
- Complain to the Information Commissioner about the way in which we collect and use personal data (although we hope this will not be necessary). They can be contacted at www.ico.org.uk/concerns or by telephone on 0303 123 1113.
G: Deletion of Data
We will delete personal data in accordance with the following guidelines:
- Email addresses can easily be removed from our newsletter database via the unsubscribe link at the bottom of each newsletter. We make sure these are easy to use and do work. By default, MailPoet keeps a copy of unsubscribed email addresses. It does this solely to ensure they are not accidentally re-subscribed in the future and will not be used for any other purposes. They can be manually deleted on request.
- Some people may prefer to unsubscribe by sending a brief email asking us to do so. These requests need to actioned manually and we will endeavour to do so before our next newsletter goes out. Such requests are also retained to prevent accidental re- subscription and shall not be used for any other purpose.
- Information submitted via a website form or contact by any other means (e.g. email or telephone) which does not lead to an instruction or the individual being added to our marketing database will be deleted and destroyed between one and seven years after receipt.
- Information relating to any purchase will be deleted after seven years, unless there is a legal reason for retaining it longer.
- Any emails which do not fall within any of the above categories will be deleted during periodic clear outs, not more than ten years after the date they were sent or received.
- Website visitor comments and their metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue. This data can be deleted on request.
- Users that register on our website can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit this information.
- Hard-copy and digital duplicates of silhouettes cut by Charles Burns, together with their metadata, are kept as a personal artistic and historic record, as well as to preserve the artist’s copyright for each image. They are therefore kept indefinitely.
Please note we cannot delete data we are obliged to keep for administrative, legal, or security purposes
H: Contacting Us
This is the data-protection policy of @silhouettist, a sole-trader entity run by Charles Burns
To contact us about any of the above matters please use one or more of the following:
- Post: @silhouettist, Mays Barn, Emmer Green, Reading, RG4 8UA
- Telephone: call +44 118 947 6637 or text +44 7803 085637
- Email: firstname.lastname@example.org
- Website: silhouettist.uk
This policy is effective from the date above. We may change this policy from time to time by updating this webpage.
I: Newsletter Signup
Having read all the above, if you would still like to sign up to our newsletter you may do so here