1. Who We Are

Ian Higginson
Website: www.ianhigginson.org
Email: info@ianhigginson.org
Data Controller: Ian Higginson

We determine how and why your personal data is processed.

2. Personal Data We Collect

We may collect and process the following information:

Information you provide to us

  • Name

  • Email address

  • Phone number (if provided)

  • Shipping and billing address

  • Payment information (processed securely via third-party providers)

  • Messages or enquiries sent via our contact form

  • Preferences relating to types of prints or custom order requests

Information collected automatically

When you use our website, we may collect:

  • IP address

  • Browser type and device information

  • Pages visited and time spent on the site

  • Cookies and tracking data (see section 7)

Information from lead forms or subscriptions

  • Marketing preferences

  • Interests (e.g. type of prints you like)

  • Your responses to optional questions

We do not collect any special category personal data.

3. How We Use Your Personal Data

We use your data for the following purposes:

To process orders:

  • Fulfilling your purchase

  • Sending order confirmations and updates

  • Delivering your prints

To provide customer support:

  • Responding to enquiries

  • Managing custom print requests

For marketing and communication (only with consent):

  • Sending newsletters

  • Announcing new prints

  • Offering discounts or promotions

  • Providing updates about the shop

You may opt out at any time.

For website analytics and improvement:

  • Understanding how visitors use the site

  • Improving user experience and performance

Legal basis for processing:

  • Performance of a contract

  • Consent

  • Legitimate interests

  • Legal obligations

4. Sharing Your Data

We do not sell or trade your personal information.

We may share your data with trusted third parties, such as:

  • Payment processors (Stripe, PayPal, etc.)

  • Shipping carriers

  • Email marketing platforms (e.g. MailChimp, Klaviyo)

  • Website hosting and analytics providers

All third-party processors comply with GDPR and only handle your data as instructed by us.

5. Data Retention

We retain your personal data only for as long as necessary:

  • Order information: up to 6 years (legal accounting requirement)

  • Marketing data: until you withdraw consent

  • Analytics data: typically 12–26 months (depending on provider settings)

We securely delete or anonymise data when it is no longer needed.

6. Your Rights Under GDPR

You have the following rights:

  • Right to access – Request a copy of the data we hold about you.

  • Right to rectification – Correct inaccurate or incomplete data.

  • Right to erasure (“right to be forgotten”) – Request deletion of your data.

  • Right to restrict processing – Limit how we use your data.

  • Right to data portability – Receive your data in a readable format.

  • Right to object – Stop marketing communications at any time.

  • Right to withdraw consent – You can withdraw permission at any time.

To exercise these rights, contact us at:
[Insert email address]

7. Cookies & Tracking Technologies

Our website uses cookies to:

  • Improve site performance

  • Enable shopping cart functionality

  • Collect analytics data

  • Personalise your browsing experience

You can manage or disable cookies through your browser settings.
A detailed Cookie Policy can be provided upon request.

8. Payment Security

We do not store or process full payment card details ourselves.
All payments are handled securely by PCI-DSS compliant payment providers.

9. How We Protect Your Data

We use multiple safeguards, including:

  • SSL encryption

  • Secure servers

  • Access restrictions

  • Encrypted data transmissions

  • Regular security checks

We take all reasonable steps to protect your information from unauthorised access.

10. International Transfers

Some third-party processors may store data outside the UK.
When this occurs, we ensure GDPR-compliant safeguards, such as:

  • Standard Contractual Clauses (SCCs)

  • UK Data Protection Addendums

  • Providers with recognised data protection frameworks

11. Changes to This Policy

We may update this Privacy Policy occasionally.

12. Contact Us

For any questions about this Privacy Policy or your data rights, contact us at:

Ian Higginson
Email: info@ianhigginson.org
Website: www.ianhigginson.org