Last updated: 14 October 2018
We take your privacy very seriously. We are mindful that you are identifiable by the information you give us and give full regard to taking all reasonable steps to protect your privacy. Please read this Policy before purchasing, if you are concerned about your privacy.
What this Privacy Notice covers
This notice covers how www.carinlavery.com operated by artist Carin Lavery ("us", "we", or "our") treats personal information that it collects in order to operate and provide services through the www.carinlavery.com website (the "Service").
The notice covers:
- Information we collect and
- How we use information collected
1. Information We Collect
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you.
2. How We Use Information Collected
We use your Personal Information to provide and improve the Service. We collect personal information (eg your name, address, phone number, email address etc) to carry out the purposes of the website. These uses include:
- Processing your artwork order
- Contacting you about your artwork order
- Informing you if there is a problem with any aspect of the Service
- Updating you on new artworks, unless you unsubscribe from the mailing list
We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
- The www.carinlavery.com website:
- Payments for artworks purchased on www.carinlavery.com are processed by Stripe and Paypal . These are both specialist online payment companies.
- We use Australia Post and in some cases, courier companies for delivery of the artwork.
- We use a specialist printer for the production of the canvas prints, which are delivered directly from them to you.
We may also collect information that your browser sends whenever you visit our Service ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.
In addition, we may use third party services such as Google Analytics that collect, monitor and analyze this type of information in order to increase our Service's functionality. These third party service providers have their own privacy policies addressing how they use such information.
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive.
We use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.
Compliance With Laws
We may disclose personal information in special situations where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring or interfering (intentionally or unintentionally) with our rights or property, users or anyone else who could be harmed by such activities. We will disclose your Personal Information where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.
Compliance with 'The GDPR, or General Data Protection Regulation'
The GDPR, or General Data Protection Regulation, went into effect on May 25, 2018, in the European Union and regulates how EU personal data can be collected, used, and processed.
The GDPR is a major overhaul of the current law under the existing Data Protection Directive (Directive 95/46/EC).
This regulation applies to my website carinlavery.com because I collect, record, store, use, or erase personal data from customers or contacts in the EU, as part of my website subscription service.
- Notifying customers that I use MailChimp to distribute communications about my artwork
- My signing Mailchimp’s updated ‘Data Processing Addendum (DPA). This sets out my and Mailchimp’s obligations with respect to data protections and security when processing personal information. You can see my signed document here.
- Enabling GDPR fields in my relevant mailchimp lists.
You can read about the obligations for Mailchimp and for me, as their customer, as a result of the GDPR here.
The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside Australia and choose to provide information to us, please note that we transfer the information, including Personal Information, to Australia and process it there.
Access and Correction
Australian Privacy Principle 6 of the Privacy Act 1988 (Cth) allows you to get access to, and correct, the personal information we hold about you in certain circumstances. If you would like to obtain such access, please contact us on the details set out above.
Changing and deleting the information we have about you
If you wish to change the personal information we hold about you because it is inaccurate or out of date or you wish to have your personal information deleted, please contact us. We will take all reasonable steps to change or delete information in response to such a request. If there is a reason that we cannot make that change or deletion, we will inform you of that reason.
Australian Privacy Principle 1 of the Privacy Act 1988 (Cth) allows you to make a complaint about any alleged breaches of privacy. In order to lodge a complaint with us, please contact us using the details above with the following information:
- Your name and address;
- Details of the alleged breach of privacy; and
- URL link to the alleged breach of privacy (if applicable).
Please allow us 30 days to investigate your complaint, after which we will contact you immediately to resolve the issue.
Retention of Information
We may hold your information in a number of formats, for example electronically or hard copy. We will take reasonable steps to protect any personal information which we hold about you against misuse, destruction or loss and against unauthorised access, modification or disclosure.
We retain information for as long as required, allowed or we believe it useful, but do not undertake retention obligations. We may dispose of information in our discretion without notice, subject to applicable law that specifically requires the handling or retention of information. You must keep your own, separate back-up records.
Links To Other Sites
We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Our Service does not address anyone under the age of 18 ("Children").
We do not knowingly collect personally identifiable information from children under 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from children under 18 without verification of parental consent, we take steps to remove that information from our servers or replace it with the Personal Information of the Children’s parent or guardian.