SAPPHO ART LTD – PRIVACY POLICY

At Sappho Art Ltd (a company registered in England and Wales, with company number, 15531591) (we, us or our), we understand that protecting your personal data is important. We are fully committed to complying with the UK General Data Protection Regulation (GDPR) and have implemented robust policies and safeguards to ensure GDPR compliance. This Privacy Policy sets out our commitment to protecting the privacy of personal data provided to us, or otherwise collected by us when providing our Sappho mobile application and website (Services) or when otherwise interacting with you.

It is important that you read this Privacy Policy together with any other detailed privacy notices we may provide when we are collecting or processing personal data about you so that you understand our privacy practices in relation to your data.

What data do we collect?

Personal data: is information that relates to an identified or identifiable individual.

We may collect, use, store and disclose different kinds of personal data about you which we have listed below:

  • Identity Details including first name, last name, title, date of birth, and images of you (optional).

  • Contact Details including billing address and email address.

  • Financial Details including bank account and payment card details through our third-party payment processor Stripe.

  • Transaction Details including details about payments to you from us and from you to us and other details of products and services you have purchased from us, or we have purchased from you.

  • Technical and Usage Details including internet protocol (IP) address, your login data, your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour, information about your access and use of our website, including through the use of Internet cookies, your communications with our website, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider.

  • Your Profile Details including your username and password for our Services, profile picture, purchases or orders you have made with us, support requests you have made, content you post, send, receive, and share through our platform, information you have shared with our social media platforms, your interests, preferences, feedback, and survey responses.

  • Your Interaction Details including information you provide to us when you participate in any interactive features of our Services, including surveys, contests, promotions, activities, or events.

  • Marketing and Communications Details including our preferences in receiving marketing from us and our third parties and your communication preferences.

  • Special Categories of Personal Data is a special category of personal data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not actively request special categories of data about you, nor do we collect any information about criminal convictions and offences. However, in the course of providing our Services, we may come across special categories of personal data, in different situations including where you purchase tickets to events or send messages to hosts, that may indicate your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership or information about your health. We will always only use such data as required by or authorised by law.

How we collect personal data?

We collect personal data in a variety of ways, including:

  • Directly: We collect personal details which you directly provide to us, including when you register for an account, through our mobile application or when you request our assistance via email, our website or over the telephone.

  • Indirectly: We may collect personal details which you indirectly provide to us while interacting with us, such as when you use our website, in emails, over the telephone and in your online enquiries.

  • From third parties: We collect personal details from third parties, such as details of your use of our website and mobile application from our analytics and cookies providers and marketing providers. See the “Cookies” section below for more detail on the use of cookies.

What are our legal bases for processing your data?

We take the privacy and security of your personal details very seriously. We only collect and use your data when we have a legitimate reason to do so, as allowed by law. To give you a clear picture, we've set out below how we plan to use your personal details and the legal bases we rely on for each use. Where applicable, we've also explained our legitimate interests. Keep in mind that for some purposes, we may rely on more than one legal basis. If you need any clarification or have additional questions, please don't hesitate to reach out to us.

  • To provide our Services to you: We process your identity, contact, and transaction details to allow you to access and use our mobile app, host, and register for events, and communicate with you about our Services. This processing is necessary for the performance of our contract with you.

  • To communicate with you: We process your identity and contact details to respond to any inquiries you make through our website or mobile application. This is based on our legitimate interest to provide the best client experience by answering your questions.

  • For administrative purposes: We process your identity, contact, financial, and transaction details for record-keeping, invoicing, billing, and debt recovery purposes. This is necessary for performing our contract, complying with legal obligations, and pursuing our legitimate interests in proper administration.

  • To improve our Services: We process details like your profile, identity, contact, financial, technical usage, and transaction details to analyse and develop our business, improve our Services and associated applications/platforms. This is based on our legitimate interests to keep our offerings relevant and aligned with our marketing strategy.

  • For marketing: We process details like your identity, contact, profile, and marketing details to send you promotional information about our events that may interest you. This is based on our legitimate interests in developing our Services and growing our business.

  • For promotions and additional benefits: We process details like your identity, contact, profile, interaction, and marketing details to run promotions, competitions, and offer additional benefits. This allows us to facilitate engagement and grow our business based on our legitimate interests.

  • For legal compliance: We process any relevant personal details as necessary to comply with our legal obligations.

You can change your mind about any consent provided at any time. If we process your data based on legitimate interests, you can object to such processing, although this may mean you can no longer use our services. More details on your rights are available below.

What third parties do we share personal data with?

We may disclose personal data to:

  • our employees, contractors and/or related entities;

  • IT service providers, data storage, web-hosting and server providers such as Squarespace, Algolia and Google Firebase;

  • marketing or advertising providers such as SendGrid;

  • professional advisors, bankers, auditors, our insurers and insurance brokers;

  • payment systems operators such as Stripe;

  • our existing or potential agents or business partners;

  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;

  • courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;

  • courts, tribunals, regulatory authorities, and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and

  • third parties to collect and process data, such as Google Analytics. To find out how Google uses data when you use third party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time, Meta Pixel or other relevant analytics businesses; and

  • any other third parties as required or permitted by law, such as where we receive a summons.

Google Analytics: We have enabled Google Analytics Advertising Features including Remarketing Features, Advertising Reporting Features, Demographics and Interest Reports, Store Visits, Google Display Network Impression reporting etc. We and third-party vendors use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together.

You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here.  To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device.

Overseas transfers

Where we disclose personal data to the third parties listed above, these third parties may store, transfer or access personal data outside of the United Kingdom. The level of data protection in countries outside of the United Kingdom may be less comprehensive than what is offered in the United Kingdom. Where we transfer your personal data outside of the United Kingdom, we will perform those transfers using appropriate safeguards in accordance with the requirements of applicable data protection laws and we will protect the transferred personal data in accordance with this Privacy Policy. This includes:

  • only transferring your personal data to countries that have been deemed by applicable data protection laws to provide an adequate level of protection for personal data; or

  • including standard contractual clauses in our agreements with third parties that are overseas.

Data retention

We will only keep your personal information for as long as we reasonably need it. This includes keeping it to fulfill the purposes we originally collected it for, as well as to comply with any legal, regulatory, tax or accounting requirements.

In some cases, we may need to keep your information for longer periods, such as if there is an unresolved complaint or we reasonably anticipate possible legal claims relating to our relationship with you.

When deciding how long to retain your personal information, we carefully consider the amount, type, and sensitivity of the data. We also look at the potential risk of unauthorized use or disclosure, the purposes for processing the data, and whether we can achieve those purposes through other means. We also take into account any applicable legal requirements for retention.

Our goal is to protect your privacy by only keeping your personal information for legitimate business reasons and as long as necessary.

What are your rights with respect to your personal data?

Under the UK GDPR, you have several privacy rights that you may be entitled to. We have explained these in more detail below.

Your Choice: This Privacy Policy explains how we collect, use, and protect your personal details. You don't have to provide us with your personal details, but if you don't, it may limit our ability to provide you with our Services.

Data From Others: If we receive your personal details from someone else, we'll protect it just as carefully as data you provide directly to us. If you share someone else's personal details with us, you confirm you have their consent to do so.

Access, correction, processing, and portability: You may request details of the personal data that we hold about you and how we process it (commonly known as a “data subject request”). You may also have a right in accordance with applicable data protection law to have your personal details rectified or deleted, to restrict our processing of that information, to object to decisions being made based on automated processing where the decision will produce a legal effect or a similarly significant effect on you, to stop unauthorised transfers of your personal details to a third party and, in some circumstances, to have personal data relating to you transferred to you or another organisation.

Opting Out: To unsubscribe from our emails or opt-out of any communications from us, simply use the unsubscribe link provided or contact us using the details below.

Withdrawing Consent: If we're processing your data based on your consent, you can withdraw that consent at any time. This won't affect any processing already completed, but it may mean we can't provide you with certain services going forward.

Complaints: If you have any complaints about how we handle your data, please let us know using the contact details provided, and we'll investigate promptly. You also have the right to complain to the Information Commissioner's Office (ICO) at www.ico.org.uk, but we'd appreciate the chance to address your concerns first.

Storage and security

We are committed to protecting the personal details you provide us. We use appropriate physical, electronic, and administrative safeguards to secure the data and prevent unauthorised access, use, modification, or disclosure. Some of the measures we take include:

  • encryption of data in transit and at rest;

  • regular cyber security assessments and penetration testing;

  • strict access controls and authentication requirements; and

  • comprehensive employee privacy training.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.

Cookies

We may use cookies on our website from time to time. Cookies are text files placed in your computer’s browser to store your preferences. For more information about the cookies we use, please refer to our Cookie Policy on our website. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

Links to other websites

Our website may contain links to other party’s websites. We do not have any control over those websites, and we are not responsible for the protection and privacy of any personal details which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Amendments

We may change this Privacy Policy from time to time. We will notify you if we make a significant change to this Privacy Policy, by contacting you through the contact details you have provided to us and by publishing an updated version on our website.

For any questions or notices, please contact us at:

Sappho Art Ltd, a company registered in England and Wales, with company number, 15531591.

Email: info@sapphoart.com

Last update: 21 June 2024

© LegalVision Law UK Ltd