1st December 2011 Version
1. About this policy
The SAA is the trading name of Teaching Art Ltd. We are a limited company registered in England and Wales with company number 1976314, and our registered office is at 2nd Floor, 27 The Crescent, King Street, Leicestershire LE1 6RX.
To contact us, please write to our principal office at The SAA, PO Box 50, Newark, Nottinghamshire, NG23 5GY, or e-mail us at firstname.lastname@example.org
The data and information we hold and process about you consists of the following:-
a. Your account information
Your contact details, including address, telephone, mobile, fax, own website, and e-mail.
Your account information, including each membership and other account you have registered for with us.
Your account log-in details, including username and password.
Your address book entries, including other shipping addresses that you provide.
Any contact details and messages you provide when recommending a friend.
Your account preferences, loyalty points and other account information.
For affiliated clubs: club name, official contact, address, telephone details, club member names, nominated order person, nominated delivery address, and club payment information.
For regional society co-ordinators: car information, employment status, contact preferences for other members to contact you, your club / group membership, your biography and painting history, and information generated as a result of your activities as a regional society co-ordinator.
b. Your purchase transactions
Your purchase orders
Your payment information :-SAA maintains a high standard of compliance for credit cards payments and adheres to an approved token method which means no credit card details are held within its systems.
Direct Debt payment information is held in a secure encrypted form.
If you have opted for automatic renewal this information will be used each year to renew your annual membership subscription.
Order delivery, fulfilment and returns information.
c. Your content
Your forum posts
Your membership information, including profile, competition entries, clubs and groups.
Your professional artist information, including details, galleries, portrait, biography, exhibitions, awards, tuition, media, and subjects.
Messages that you exchange with other members using any service provided by us.
Any other content that you supply.
d. Administration Information
Communications between you and us, including queries, problems, support, and survey responses, and including via e-mails, web-forms, and telephone.
e. Technical information when you visit our website
Your web browser information including your browser brand (e.g. Internet Explorer, Firefox, Safari, Opera, Chrome), your operating system (e.g. Microsoft Windows, OSX, Android), your IP address (a unique identifier allocated to your computer for your connection to the internet).
Information relation to your use of our website, including where you visited our website from, and what pages you visit on our website.
We obtain your data through a variety of means, including:-
a. Forms you fill in / data you provide.
From forms which you complete and submit on our website
From printed forms which you obtain from our website or us, including our professional-associate member application form, club-affiliation application form, and regional- society co-ordinator form.
Data we collect face-to-face, or by means of e-mail or telephone.
b. Other information you or others supply
From the data, information and images you post, upload or otherwise provide to our website, including our forum.
From any other information you supply from time to time, including through telephone calls, emails and other communications between you and us.
From any information supplied by other users of our site and other members.
c. Generated Information
From information generated by us as a result of dealings, transactions and communications with you, including supplying any goods or services to you, providing the functionality of our website, operating competitions, and dealing with queries, support requests and complaints.
d. Technical Information
From information which is automatically supplied by your web-browser when you visit our website.
From information recorded by our server when you view any page on our website.
We use your data for the following operational purposes:-
a. Operate and improve our website
To provide our website and its features and functionality.
To analyse the performance of and improve our website.
To keep you informed with status or other administrative notices.
b. Supply of goods and services
To perform each order from you for the supply of goods and services.
To collect payments due from you.
c. Provision of membership accounts
To provide, administer and manage your accounts and the associated services included In those accounts.
To collect payment of all account fees, including annual renewals.
d. Run events, schemes etc.
To run any competitions or any other events in which you participate.
To operate our membership, club and regional-society co-ordinator schemes.
e. General administration
To monitor our staff.
To communicate with you for administrative and support purposes.
To manage complaints, disputes and claims.
To enforce our contracts and terms and bring claims.
f. Marketing e-mails and communications
We will also use your data to send you marketing materials and newsletters relating to our website, products, services and events, but only where you have consented to this through the appropriate setting in your website account, and you have not withdrawn your consent. You may change your consent by adjusting the appropriate setting or informing us through our contact details in this policy.
a. Public Data
Where, as part of the functionality of our website or as part of any service, competition, or event we provide or run, it is envisaged that certain of your data will be made available to the public in general, or to other members, then we may make that data available on such basis.
For example, your forum posts, elements of your profile and professional-artist information, your galleries, tuition etc., may be made public.
We will make it clear to you in our website or in our communications with you which elements of your data will be made available in this way.
If our website settings allow you to control what elements of your data are made public, then we will honour the settings that you select.
b. Our contractors and suppliers
Where we use third parties to provide or supply any part of our website or any goods, services, events, insurance or other things, or to enforce or administer any contracts or terms, then we may provide your data to them as reasonably required for those purposes, including to the suppliers from whom we obtain our goods, our delivery agents, payment processors, and insurers.
Your data may be held by them as data processor on our behalf, in which case we will remain the data controller, and your data will only be held and used by them on our behalf and in accordance with our instructions and this policy.
In some cases, your data may need to be provided to them to be used by them for their own purposes, as data controller, where this is reasonably necessary, for the purposes of provision of any goods, services, insurance, event etc. by them. In such case, they should inform you separately that they are holding your data as data controller.
c. Legal requirements
We may supply your data to a government authority where required to comply with a legal requirement, for the administration of justice, or where reasonably required to protect your vital interests.
d. Claims handling
We may disclose your identity to any third party who is making any claim against us in relation to any of your data that you have posted or uploaded to our website, including where it is claimed to breach their rights or privacy.
We and our contractors and suppliers normally store and process your data in the United Kingdom.
However, we and our contractors and suppliers may from time to time store and process your data elsewhere, including outside the European Economic Area. This may be because our contractor or supplier who carries out any order fulfilment or payment processing, for instance, may be based elsewhere.
If your data is to be stored or processed outside the European Economic Area, we will comply with, and take all reasonable steps to ensure our contractors and suppliers comply with, the rules under the Data Protection Act 1998 for processing personal data outside the European Economic Area.
a. Our security measures
We will take and use reasonable endeavours to ensure our contractors and suppliers take all reasonable steps and implement all reasonable measures, to keep your data secure and prevent unauthorised access to your data (except for those parts of your data intended to be made available to the public or other customers or members of ours, such as your public profile, forum entries, gallery etc.), and to prevent accidental loss or damage to your data.
b. Your passwords
You are responsible for keeping your username and password log-in details confidential and we would ask you not to share them with anyone.
c. Information Security Policy
All employees are responsible for ensuring confidentiality of sensitive information. SAA recognises the importance of information security. The primary purpose of our information security is the protection of services to members and customers, and the customer information we are supplied with. It is the company aim to ensure that customers have confidence in our information security, and are safe in the knowledge that we are responsive to their security concerns.
SAA Teaching Art will adhere to all the requirements of PCI DSS in protecting customer card details. Everyone within SAA Teaching Art has an important role to play and each member of staff has their own specific tasks and responsibilities. We expect our core behaviour of professionalism and customer focus to be reflected in our protection of customer information. We support staff efforts to secure information through policies, and staff training and awareness activities.
This policy is subject to review annually to ensure that at a strategic level it addresses the evolving information security threats and objectives needed for the organisation to be successful.
d. Payment Card Security
SAA process payment cards through Verifone Payment Page, accessed from authorised PCs on a dedicated network segment. There shall be no access to this network segment from the Internet, or from other sections of SAA Teaching Art. PCs and other devices on this network shall be configured to meet the requirements of PCI DSS, and may only be accessed by authorised users. SAA Teaching Art also process payment cards via standalone payment terminals (PDQs). PDQs may only be accessed by authorised employees.
The table below lists the cookies we collect and what information they store.
|COOKIE name||COOKIE Description|
|CART||The association with your shopping cart.|
|CATEGORY_INFO||Stores the category info on the page, that allows to display pages more quickly.|
|COMPARE||The items that you have in the Compare Products list.|
|CURRENCY||Your preferred currency|
|CUSTOMER||An encrypted version of your customer id with the store.|
|CUSTOMER_AUTH||An indicator if you are currently logged into the store.|
|CUSTOMER_INFO||An encrypted version of the customer group you belong to.|
|CUSTOMER_SEGMENT_IDS||Stores the Customer Segment ID|
|EXTERNAL_NO_CACHE||A flag, which indicates whether caching is disabled or not.|
|FRONTEND||You sesssion ID on the server.|
|GUEST-VIEW||Allows guests to edit their orders.|
|LAST_CATEGORY||The last category you visited.|
|LAST_PRODUCT||The most recent product you have viewed.|
|NEWMESSAGE||Indicates whether a new message has been received.|
|NO_CACHE||Indicates whether it is allowed to use cache.|
|PERSISTENT_SHOPPING_CART||A link to information about your cart and viewing history if you have asked the site.|
|POLL||The ID of any polls you have recently voted in.|
|POLLN||Information on what polls you have voted on.|
|RECENTLYCOMPARED||The items that you have recently compared.|
|STF||Information on products you have emailed to friends.|
|STORE||The store view or language you have selected.|
|VIEWED_PRODUCT_IDS||The products that you have recently viewed.|
|WISHLIST||An encrypted list of products added to your Wishlist.|
|WISHLIST_CNT||The number of items in your Wishlist.|
a. Access to your data
You can see most of your data through your account web pages on our website. Under the Data Protection Act 1998, you are entitled to a copy of any other personal data we hold about you, but we may charge a fee of no more than £10 for providing this information. If you would like to exercise this right, please contact us using the details above.
b. Your right to stop marketing messages
If we are sending you marketing messages, the Data Protection Act 1998 gives you a right to ask us to stop doing this. Please contact us using our contact details above.
c. Your right to stop use causing distress
You have the right to ask us to stop using any data for any purpose where that purpose is causing you substantial distress. If you have any concerns regarding our use of your data, please contact us using our contact details in this policy.
d. Your right to alter inaccurate data
Under the Data Protection Act 1998 you can ask us to change, erase, block or modify any inaccuracies in your personal data, by contacting us using our contact details above. In most cases you can do this yourself though your account web pages on our website, which let you change and update your data, and we would ask you to keep your data up to date.
In this policy:
"personal data" means any of your data which constitutes personal data under the Data Protection Act 1998, and in relation to which you are the data subject.
"we", "our" and "us" means Teaching Art Ltd, trading as The SAA.
"you" and "your" means you our guest, visitor, customer or member, including anyone who visits our website, registers for an account with us, purchases anything from us, uses our website forum, enters any competition through our website, registers for a professional account and becomes a full member of ours, any affiliated club and its members and any regional-society co-ordinator.
"your data" means all data and information which you supply or we otherwise hold, obtain, generate or process in relation to you from time to time, as further detailed in this policy.
"service" means any service provided by us, whether free or paid-for, including our website any service, feature or functionality of our website.
"website" means our internet website whose address is http://www.saa.co.uk and any additional or replacement website from time to time that we operate.
Copyright 2011, The SAA