Privacy Policy

Introduction

This privacy policy is for this website and explains how we comply with the GDPR (General Data Protection Regulation), the DPA (Data Protection Act) and the PECR (Privacy and Electronic Communications Regulations).   It describes how and when we collect, use, and share information when you purchase an item from us, contact us, or otherwise use our services.  We will update this policy accordingly after the completion of the UK's exit from the European Union.

This Privacy Policy does not apply to the practices of third parties that we do not own or control - including (but not limited to) Shopify and MailChimp or any third-party services you access through those providers.

Section 1 – What Do We Do with Your Information

When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.

When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.

Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.

Section 2 - Consent

How do you get my consent?

When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

We also obtain information about you when you contact us about our gallery or products for sale, leave us your details when in the gallery or if you register to receive one of our regular newsletters or updates from specific artists or genres.

When you buy something from our website and fill in the contact form you will be asked if you’d like to receive our e-news bulletins which let you know about new products and what’s happening at the gallery with new work and artists.

You can also give sign up to our newsletter at the bottom of any page just by giving us your email address.  It is held on Mailchimp, who are legally obliged to follow the GDPR regulations and will enable us to then send you information in the future.

If you have previously bought something from us or have asked to be put on our email list we have also added your name to Mailchimp.  You can unsubscribe from our emails at any time by clicking on the ‘unsubscribe’ link at the bottom of our communications, or by sending an email directly to jmparker01@googlemail.com

We do not sell any personal information we receive to any third party.

How do I withdraw my consent?

If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at jmparker01@googlemail.com or mailing us at:

Oakland Collectibles
Spire Hill
Cook's Ln
Sturminster Newton
DT10 2SG

Section 3 - Information Sharing and Disclosure
Information about our customers is important to our business. We share your personal information for very limited reasons and in limited circumstances, as follows:

  • Shopify and MailChimp (see below).
  • Service providers. We engage certain trusted third parties to perform functions and provide services to our shop, such as delivery companies. We will share your personal information with these third parties, but only to the extent necessary to perform these services.
  • Business transfers. If we sell or merge our business, we may disclose your information as part of that transaction, only to the extent permitted by law.
  • Compliance with laws. We may collect, use, retain, and share your information if we have a good faith belief that it is reasonably necessary to: (a) respond to legal process or to government requests; (b) enforce our agreements, terms and policies; (c) prevent, investigate, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of our customers, or others.
  • If you violate our Terms of Service

Section 4 – MailChimp
We use MailChimp to manage our newsletter email lists and marketing campaigns. This means that when you choose to subscribe to receive newsletters from us your personal data is transferred to MailChimp and processed by MailChimp. MailChimp processes the collection (e.g., via sign-up forms) and storage of your personal data in order to allow us to create and use distribution lists, send marketing email campaigns, and place online advertisements, and personal data is transferred to certain of MailChimp’s sub-processors (who perform some critical services, such as helping MailChimp prevent abuse). For more insight, you may want to read MailChimp's legal policies (https://mailchimp.com/legal/)

Section 5 – Shopify
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.  Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

Payment:
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).

Section 6 – Third Party Services
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

Links
Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

Downloads & Media Files
Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third party anti virus software or similar applications.

We accept no responsibility for third party downloads and downloads provided by external third party websites and advise users to verify their authenticity using third party anti virus software or similar applications.

Google Analytics:
Our store uses Google Analytics to help us learn about who visits our site and what pages are being looked at. 

We have deliberately chosen to Anonymize IP addresses coming to our site at the point of collection.  This action tells Google not track IP data on our website.

You can read more about how Google uses your Personal Information here:  https://www.google.com/intl/en/policies/privacy/.  You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

Section 7 – Security
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption.  Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

Section 8 – Cookies
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.

Shopify

 _session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
PREF, persistent for a very short period, Set by Google and tracks who visits the store and from where

Google Analytics – Cookie name and timescale/usage

_ga - 2 years Used to distinguish users.
_gid - 24 hours - Used to distinguish users.
_gat - 1 minute - Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.
AMP_TOKEN - 30 seconds to 1 year - Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
__utma - 2 years from set/update - Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.
__utmt - 10 minutes - Used to throttle request rate.
__utmb - 30 mins from set/update - Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.
__utmc - End of browser session Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.
__utmz - 6 months from set/update - Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.
__utmv - 2 years from set/update - Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics._
gac_<property-id>.

Section 9 - Data Retention
We retain your personal information for as long as necessary to provide you with our services and as described in our Privacy Policy. However, we may also be required to retain this information to comply with our legal, tax and regulatory obligations, to resolve disputes, and to enforce our agreements. We generally keep your data for 6 years.

Section 10 – Age of Consent
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.

Section 11 – Changes to the Privacy Policy
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.

Section 12 - Your Rights, Questions and Contact Information 
If you reside in certain territories, including the EU, you have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. 

  • Access. You may have the right to access and receive a copy of the personal information we hold about you by contacting us using the contact information below.
  • Change, restrict, delete. You may also have rights to change, restrict our use of, or delete your personal information. Apart from in exceptional circumstances (like where we are required to store data for legal reasons) we will generally delete your personal information upon request.
  • Object. You can object to (i) our processing of some of your information based on our legitimate interests and (ii) receiving marketing messages from us after providing your express consent to receive them. In such cases, we will delete your personal information unless we have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
  • Complain. If you reside in the EU and wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact  jmparker01@googlemail.com or by mail at:

Oakland Collectibles
Spire Hill
Cook's Ln
Sturminster Newton
DT10 2SG