Policies & Privacy Statement

Overview:
The following policies have been updated in accordance with GDPR as of the 25th of May 2018.
GDPR (the General Data Protection Regulation) is designed to strengthen and unify data protection, as it applies to anyone living within the European Union. The regulation was adopted in April 2016 and comes into law in all EU countries in May 2018. Our appointed GDPR staff member is Mrs Antonia Disney. For the purposes of the Data Protection Act 1998 Mrs Antonia Disney is the data controller.

These policies set out the basis on which we FOCUS GALLERY LIMITED (and Nottingham Jewellery School, trading under Focus Gallery Ltd) will process any requests and personal data we collect from you, or which you provide to us, in the course of using our site www.focusgallerynottingham.com, our bricks and mortar premises of 108 Derby Road, Nottingham, NG1 5FB, and any associated products. 
FOCUS GALLERY LIMITED may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25/05/18.

Listed below are the scenarios in which we have opportunity to obtain or use your data.
Please refer to the individual category for more details on how we use your information to optimise and facilitate our business operations. These categories also serve to explain our general policies and business conduct. If you have any queries at all or would like to request an audit of any data we hold on you please get in touch with us using the information at the bottom of this page.

1. Our Mailing List & Mailchimp
2. Online Purchases,  Shopify, & Delivery Information
3. In Store Purchasing,  Payment Processing & PayPal
4. Customer Orders, Workshop Bookings, & Artists’ Details
5. CCTV and Photography in the Gallery & Jewellery School
6. Fire Registers, Emergency Contact Forms & Accident Book
7. Website Analytics Data & Cookies
8. Social Media Data Handling & Privacy Policy
9. Staff Code of Conduct

A short summary of our Data Protection policy for your ease of reading is as follows:
We take Data Protection as seriously as we do our trusting relationship with our customers and always strive to maintain the highest standard of security for any personal information entrusted to us. FOCUS GALLERY LIMITED complies with all applicable UK and EU data protection legislation in force in respect of any personal information you submit to us. The personal details you submit to us will only be used for the specified purposes indicated to you and will not be passed onto unauthorised third parties without your explicit consent. Details on any third parties we use can be found below. We take pride in being selective with the persons and companies we work with to offer you our services, but ultimately cannot accept any liability for mishandling of data passed onto them with your permission. For more information you are encouraged to refer to their individual policies. You can contact us to amend or remove any information we retain about you. If you want to unsubscribe from newsletters then click on the 'unsubscribe' link which can be found at the bottom of every mail out. More detailed information can be found in the main body of this document.

Other topics covered in this document are as follows:
10. Artist & Gallery Copyright
11. About Our Website/IT Services
12. Links to third Party Websites
13. How to Contact Us

1. Our Mailing List & Mailchimp
We use MailChimp to send out our monthly mail outs, which is a secure third party mailings website which is signed up to ‘Privacy Shield’ signalling their commitment to keeping your information secure.
We will only be asking customers to sign up to our mailing list via the appropriate channels i.e: a MailChimp-hosted signup form on our website (www.focusgallerynottingham.com) or our official Facebook pages (www.facebook.com/FocusGalleryNottingham and www.facebook.com/NottinghamJewellerySchool), and not via handwritten response. Anyone who wishes to sign up in store can do so via an appropriate and secure Mailchimp form on the gallery iPad. This keeps our need to handle your data personally to an absolute minimum – therefore keeping it securely held only with MailChimp and only ever accessible by members of our staff that have been entrusted with MailChimp’s login details.
We will NEVER use emails collected in this way to contact you personally. We will NEVER pass on details collected in this way to any third parties outside of MailChimp.
Any mailing list subscriptions will now have a two-step varication process for your security and authenticity.
We always have an unsubscribe button on every email we send out so feel free to use it if you wish to no longer receive our emails. Please see the following link regarding MailChimp’s privacy policy https://mailchimp.com/legal/privacy/
We will no longer be collecting mailing list subscriptions via Shopify. If you believe your data was collected before this point please refer to their privacy policy here and raise any queries with Shopify themselves: https://www.shopify.com/legal/privacy
After the 25th of May our old mailing list will be deleted and you will be able to sign up to our new GDPR-friendly mailing list via our website (www.focusgallerynottingham.com) or the ‘Newsletter’ tab on one of our Facebook pages (www.facebook.com/FocusGalleryNottingham  and www.facebook.com/NottinghamJewellerySchool ).

2. Online Purchases, Shopify, & Delivery Information
For the background mechanics of our online shop we use Shopify and they are our third party that deals with our online transactions from you (the customer) should you purchase through our online shop. We do not personally handle your payment information. The only personal information we handle is for postal purposes – your name and address.
Shopify (and PayPal if you use their checkout option) handle your payment details. More about PayPal can be found below.
Please see the following links regarding Shopify’s privacy policy detailing their commitment to keeping your information safe and being GDPR compliant: https://www.shopify.com/legal/privacy and https://www.shopify.com/legal/dpa
On occasion we may offer the opportunity to pay for workshops or products via PayPal. Again this means that we never personally handle your financial data and are never in a position to share it. Please see the following link regarding PayPal’s privacy policy https://www.paypal.com/gi/webapps/mpp/ua/privacy-prev
Postage and packaging costs have been included in the total online price and will not be charged extra at the checkout. Delivery to UK mainland accepted only at this current time, for delivery further afield please contact us. All orders are insured and sent via Royal Mail recorded or special delivery depending on the purchase value. We aim to dispatch within 3-8 working days, but as we are a small independent company and our bricks and mortar shop is closed on Mondays, all orders placed after 4pm on a Friday will be dispatched the following Tuesday.
Each product is handmade by UK based artists and therefore unique and small variations will occur, resulting in slight differences from any photographs or items in stock. We are also aware that variations in monitor, browser or software calibrations on your browsing device may cause variations in image and colour of items shown. For this we cannot accept responsibility.
If for any reason you are not entirely satisfied with your purchase we offer an exchange or refund within 14 days as long as all item(s) are returned as sold in a resalable condition. Purchases exempt from both the refund and exchange policies, unless they are structurally faulty, are: Earrings (due to hygiene reasons) and sale / reduced items.
We are unable to accept responsibility for the non-arrival of returned  goods and therefore recommend that item(s) are sent by insured Recorded or Special Delivery. Focus Gallery will not be liable for the delivery cost of returned goods. In the interests of fraud prevention, your refund will be issued by the same method by which you paid within 28 days of receipt of the return.

3. In Store Purchasing, Payment Processing & PayPal
Recently we have changed our in store card machine. Previously we used First Data’s Payment Sense Machine, as part of which we ran regular scans to be PCI compliant and maintain a high standard of security for our customers. This machine also produced merchant receipts featuring card details. These were stored securely under lock and key in a staff only area and then shredded after 3 months.
As of the 26th of May we will be using a PayPal card reader connected to an iPad. On this occasion the responsibility of PCI compliance resides with Paypal, which you can find out more about here (see topic 16): https://www.paypal.com/uk/webapps/mpp/how-to-use-paypal-here/faqs#faq-se... . They use end-to-end encryption software to ensure your payment data is completely secure and not handled by us directly.
This PayPal card reader is able to email or text a receipt to you to help us to save paper and store less data. We do not handle this email/phone number personally. It is only used for the purposes of sending you a receipt and will be deleted as soon as not needed. If you would like to join our mailing list during your transaction you can do so as detailed above by enquiring with a member of staff.
If for any reason you are not entirely satisfied with your purchase we offer an exchange or refund within 14 days as long as all item(s) are returned as sold in a resalable condition. Purchases exempt from both the refund and exchange policies, unless they are structurally faulty, are: Earrings (due to hygiene reasons) and sale / reduced items. In the interests of fraud prevention, your refund will be issued by the same method by which you paid. You will not need a receipt as we keep proof of purchase records onsite.

4. Customer Orders, Workshop Bookings, & Artists’ Details
In the event of a customer placing an order with us in the gallery, or booking onto a workshop within the gallery we will take down a certain amount of personal information on paper. This can include one or all of the following details: Name, email address, postal address, phone number, dietary requirements.

If you have booked a workshop through Facebook or Eventbrite, please refer to their policies here: https://www.eventbrite.co.uk/security/
All your payment details are encrypted, and the only details handled by FOCUS GALLERY LIMITED are your Name, email address (used only for giving you more information relevant to the course), and any dietary requirements (so we can pick up suitable cake and refreshments).

As far as the DISCLOSURE OF YOUR INFORMATION is concerned – it is then passed on to the relevant artist(s) or workshop tutor, and stored within the gallery until it is no longer needed, at which point it will be shredded. FOCUS GALLERY LIMITED will not be liable for any mishandling of information by artists or tutors, the customer should refer to the privacy policy of the individual for information on how their data is handled once passed on.

Artist / tutor details are never given out to customers without express consent from the artist/tutor. Often this consent is given via the SOR agreement. If you are one of our artists please refer to your NEW SOR agreement for complete information on how your data is handled and get in touch with us using the details at the bottom of this page with any queries or to request an audit of any data we hold of yours.

5. CCTV and Photography in the Gallery & Jewellery School
Justifying use of CCTV is paramount for GDPR compliance. As CCTV collects personal data in the form of image, it is in no way immune. Within the gallery space we use CCTV to collect this data in case of theft. Should an item be stolen, images and/or video of the thief during the theft will be captured and shared with law enforcement. This may include disclosing the images/video to other companies and organisations in the area that may be affected by the perpetrator. This will not be shared in the public domain. We do our best to exclude our rightful customers from these images but this is not always possible.
CCTV in the Jewellery School space is used primarily for safety purposes, should someone get injured and we need to use the footage to reflect on the event and prevent such happening in future. On the rare occasion there is any theft from this space the above policy applies.
Any images used for promotional purposes that include people (e.g: jewellery workshop photographs) are collected with express consent before the workshop. Any parties who wish not to be included are to make this known to staff who will exclude them from any images. If there is an image of yourself on any of our public channels that you would prefer to have taken down please contact us.
Any images of artists’ work are taken with consent, for more details see below.

6. Fire Registers, Emergency Contact Forms, & Accident Book
As part of our commitment to workshop safety, certain data may be collected when the Jewellery School is in use. Emergency contact forms are primarily for members of staff, tutors, and artists who are frequent visitors, but all attendees must sign the Fire Register & Safety Declaration to take part in any workshops due to the heightened risk when the school is in use. The names and signatures collected as part of the agreement are kept on site for one month, should a participant come back to us claiming to have contracted any illness related to the workshop. Should anybody be injured during the workshop it will be recorded in the accident book. The accident book forms will also be filled in in the event of an injury being sustained elsewhere within the business. Once completed these forms will then be handed to the duty manager and stored securely in a staff only area, as they contain the personal data of the injured party and the witness (whoever fills in the form).

7. Website Analytics Data & Cookies
Our website may place cookies on your computer to collect analytics data processed via Google. This is anonymous and impersonal data that is used to help us understand our customers. It tells us which pages on our website are most visited, which countries those visits originate from, and the time of day during which our site is busiest. We only use this information for statistical analysis purposes and then the data is removed from the system.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
You can read about Google’s privacy and security settings here: https://support.google.com/analytics/answer/6004245?hl=en
And our full cookie policy here: http://www.focusgallerynottingham.com/cookie-policy

8. Social Media Data Handling & Privacy Policy
We use various social media sites to help keep in touch with you, our customers, and to help us to connect with prospective clients. You are welcome to contact us through these channels but we encourage you to view the privacy & security policy of each site before sending any personal data. We will not be liable for any breach of data protection where data has been transmitted through these sites. You use them at your own risk. We would always recommend you send us any sensitive data via email or phone, where it will be processed by our trusted staff and/or our outlook email host. If you are able to come into our bricks and mortar store and let us process your information there that’s even better, as your data remains under our supervision and is never passed on to us via a third party.
For Facebook’s privacy policy see here: https://www.facebook.com/about/privacy
For Twitter’s privacy policy see here: https://twitter.com/en/privacy
For Instagram’s privacy policy see here: https://help.instagram.com/519522125107875?helpref=page_content
For Youtube’s privacy policy see here: https://support.google.com/youtube/topic/2803240?visit_id=1-636616351246...
We will NEVER ask you to send personal data via these channels. Should you choose to interact with us on these sites it is at your own risk and subject to the individual policies of these sites.

9. Staff Code of Conduct
We expect our staff to behave in a friendly, professional manner, and to assist you politely during your visit. Should you have any questions at all about the artwork, the gallery, or the local area please do ask, as our staff often come from a local creative background and can offer guidance upon request. We are supported by a group of wonderful volunteers who get specialised on the job training to bring you the best service.
WHEN HANDLING YOUR DATA we expect our staff to do so with the same care they would if it was their own. Whether that’s taking it down on a customer order/workshop booking form in the gallery and storing it securely in a staff only area until your order has been processed, or sending off an online order / custom delivery request. This Is in accordance with all of our policies listed above.
Every member of staff has been trained personally by the managing director Mrs Antonia Disney to uphold the high standard of data security and brilliant customer service as detailed above.
If you feel a member of staff has breached any of the above policies please contact us using the information found below. 

10. Artist & Gallery Copyright
Within the gallery photography is not permitted unless by gallery staff or with their express permission. This is to protect the copyright held by each artist. Within their SOR agreement, each artist consents to have images of their work shared for promotional purposes by the gallery. All content displayed on this site is the property of FOCUS GALLERY LIMITED unless otherwise stated. Content may be shared with the given consent of the gallery and with the relevant artist(s). If you are one of our artists and wish to share/reproduce any content created by the gallery and shared on this site in collaboration with your work then please refer to your NEW SOR guidelines or get in touch with the gallery using the details at the bottom of this page.

11. About Our Website/IT Services
Our website is created and maintained by an independent web designer and updated by our staff. It uses a Drupal interface. This website does not hold or process any data about customers; it is purely for Focus Gallery data (including any information published about our artists in accordance with the SOR guidelines). Please see the following link regarding Drupal’s privacy policy. https://www.drupal.org/privacy
Our hosting for our website is handled by a local independent company. This hosting site does not hold or process any data about customers; it is purely for Focus Gallery data.
Our Domain name for the gallery is supplied by Gandi.net and has no website hosting requirements set at this time so no information is passed through this site other than our registration and gallery owner data. https://news.gandi.net/en/

12. Links to third Party Websites
Please note that if you click on, or follow, any links from our site or our social media accounts to external websites, the above privacy policies will no longer apply. Please check the privacy policies of any such external site before submitting any personal data, as we cannot accept any responsibility or liability in relation to them.

13. How to Contact Us
If you have any queries about our policies do get in touch.
You have the right under the Data Protection Act 1998 as a customer/artist/staff member to ask what information we hold about you and what we use it for and to ask for it to be amended or deleted at any time.

Contact us on info@focusgallerynottingham.com, or call 0115 837 5570 and speak to Antonia Disney or Sophie Clark.

You can also contact us in writing to
Focus Gallery Limited
108 Derby Road
Nottingham
NG1 5FB