We will use your personal data to ensure you have a great time visiting our website. It allows us to tailor the resources we share with you and give you an all round better experience. We respect all aspects of your privacy and ensure we meet strict regulatory requirements
1. About this policy
2. About us
The SAA is the trading name of Teaching Art Ltd. We are a limited company registered in England and Wales with company number 1976314, and our registered office is at Millennium House, Brunel Drive, Newark on Trent, Nottinghamshire, NG24 2DE.
3. How to contact us
To contact us, please write to our principal office at SAA, PO Box 50, Newark, Nottinghamshire, NG23 5GY, or e-mail us at email@example.com
4. What types of data we hold about you
The data and information we hold and process about you consists of the following:
a. Information about you:
• Your account information.
• Your name.
• Your contact details, including address, telephone, mobile, fax, own website, and e-mail.
• Your account information, including each membership and other accounts you have registered for with us.
• Your account log-in details, including username.
• Your address book entries, including other shipping addresses that you provide.
• Any contact details and messages you provide when recommending a friend.
• Your account preferences, loyalty points and other account information.
• For affiliated clubs: club name, official contact, address, telephone details, club member names, nominated order person, nominated delivery address, and club payment information.
b. Information relating to your orders
• Your purchase transactions.
• Your purchase orders.
• For Direct Debit, we hold bank details held in an encrypted form in our systems. We do not store card details for purchases.
• Order delivery, fulfilment and returns information.
c. Your activity online
• Your content including artworks you upload to our website.
• Your membership information, including profile, competition entries, clubs and groups.
• Your professional artist information, including details, galleries, profile picture and cover photo, biography, exhibitions, awards, tuition, media, and subjects.
• Messages that you exchange with other people using any service provided by us.
• Any other content that you supply.
d. Administration Information
• Communications between you and us, including queries, problems, support, and survey responses, and including via e-mails, web-forms, and telephone.
e. Technical information when you visit our website
• Web browser information including your browser brand (e.g. Internet Explorer, Firefox, Safari, Opera, Chrome).
• Operating system (e.g. Microsoft Windows, OSX, Android).
• IP address (a unique identifier allocated to your computer for your connection to the internet).
• Information related to your use of our website, including where you visited our website from, and what pages you visit on our website.
5. How we obtain your data
We obtain your data through a variety of means, including:
a. Forms you fill in / data you provide.
• From forms which you complete and submit on our website.
• From printed forms which you obtain from our website or us, including our professional-associate member application form, club-affiliation application form.
• Data we collect face-to-face, or by means of e-mail or telephone.
b. Other information you supply
• From the data, information and images you post, upload or otherwise provide to our website, including our forum.
• From any other information you supply from time to time, including through telephone calls, emails and other communications between you and us.
• From any information supplied by other users of our site and other members.
c. Generated Information
• From information generated by us as a result of dealings, transactions and communications with you, including supplying any goods or services to you, providing the functionality of our website, operating competitions, and dealing with queries, support requests and complaints.
d. Technical Information
• From information which is automatically supplied by your web-browser when you visit our website.
• From information recorded by our server when you view any page on our website.
6. What we use your data for
We use your data for the following operational purposes:-
a. Operate and improve our website
• To provide our website and its features and functionality.
• To analyse the performance of and improve our website.
• To keep you informed with status or other administrative notices.
b. Supply of goods and services
• To perform each order from you for the supply of goods and services.
• To collect payments due from you.
c. Provision of membership accounts
• To provide, administer and manage your accounts and the associated services included in those accounts.
• To collect payment of all account fees, including annual renewals.
d. Run events, schemes etc.
• To run any competitions or any other events in which you participate.• To operate our membership and club services.
e. General administration
• To monitor our staff.
• To communicate with you for administrative and support purposes.
• To manage complaints, disputes and claims.
• To enforce our contracts and terms and bring claims.
f. Marketing e-mails and communications
We will also use your data to send you marketing materials and newsletters relating to our website, products, services and events, but only where you have consented to this through the appropriate setting in your website account, and you have not withdrawn your consent. You may change your consent by adjusting the appropriate setting or informing us through our contact details in this policy.
g. We may share your data with other companies in our group for marketing and research purposes. This includes our subsidiaries AND/OR our holding company and its subsidiaries. These include Artifolk, Artcoe, ArtGallery.co.uk and Ready Steady Paint, which are all part of the Teaching Art Group.
h. Data we hold on you is done so on our secure computer servers. We hold this data to ensure that we are able to manage your account and provide details to you on previous purchases, wishlist items and your account preferences. If you require us to remove this information, please see section 11.
7. Who we disclose your data to
a. Public Data
Where, as part of the functionality of our website or as part of any service, competition, or event we provide or run, it is envisaged that certain aspects of your data will be made available to the public in general, or to other members, then we may make that data available on such basis. For example, elements of your profile, your galleries, tuition etc, may be made public. Professional member information is automatically made public. We will make it clear to you in our website, or in our communications with you, which elements of your data will be made available in this way. If our website settings allow you to control what elements of your data are made public, then we will honour the settings that you select.
b. Our contractors and suppliers
Where we use third parties to provide or supply any part of our website or any goods, services, events, insurance or other things, or to enforce or administer any contracts or terms, then we may provide your data to them as reasonably required for those purposes, including to the suppliers from whom we obtain our goods, our delivery agents, payment processors, and insurers. Your data may be held by them as data processor on our behalf, in which case we will remain the data controller, and your data will only be held and used by them on our behalf and in accordance with our instructions and this policy. Your data will also only be held or as long as it is required to undertake their services, after which time it will be securely removed from their systems. In some cases, your data may need to be provided to them to be used by them for their own purposes, as data controller, where this is reasonably necessary, for the purposes of provision of any goods, services, insurance, event etc. by them. In such case, they should inform you separately that they are holding your data as data controller.
c. Legal requirements
We may supply your data to a government authority where required to comply with a legal requirement, for the administration of justice, or where reasonably required to protect your vital interests.
d. Claims handling
We may disclose your identity to any third party who is making any claim against us in relation to any of your data that you have posted or uploaded to our website, including where it is claimed to breach their rights or privacy.
Parcel Hub – parcel delivery service
In its capacity of providing customer services, Parcelhub Limited (PHL) will on behalf of Teaching Art Ltd process information provided to it directly by you in order to respond to your specific enquiry.
In order to be able to respond to and fully handle customer service queries placed by Teaching Art Ltd customers, PHL is in addition supplied with access to the original purchase information of all orders including personal data, consisting of name and address, telephone number, email address, item purchased and price paid, and any delivery instructions provided. No financial information about you is supplied. This data is held and accessed on a Legitimate Interests basis in order to assist with the successful delivery of your order and also to assist you with any questions you submit regarding that. We access this information as a Data Controller for customer service reasons only where necessary and no access is made to, or use made of, information outside this.
Unit 6, Road No. 2
Colwick Quays Business Park
Distribution Centre: Parcelhub Limited
Little Tennis Street South
International: +44 (0)1159 503 018
Freephone 0808 168 6013
Your data may be accessed and used for the following reasons:
• If the tracking information relating to your order indicates a delivery problem, we may use your address information to research and provide additional information pertinent to locating your address to the delivery company to successfully complete delivery.
• If there is a possibility that your order is lost, we may be asked by the delivery company for a description of a parcel and its contents to aid with locating it. If so, we will obtain this information from your original purchase record and provide it to the delivery company.
• If you contact SAA customer service by email or other enquiry regarding the delivery of your order, we will use any data you supply to us in the course of that enquiry in order to assist with your requests and communicate with you regarding them.
• If you contact SAA by email or other enquiry regarding other matters such as product details, we will pass your enquiry to SAA to handle and take no further action with any data provided therein.
Communications with you and with delivery companies regarding your order, which may contain personal data, are recorded within PHL’s ticketing system. This information is anonymised 30 days after the conclusion of the process.
The information which we can access regarding you is held on SAA systems as outlined in their full privacy notice.
Additionally as a Processor of your data relating to SAA original shipping request, PHL will act according to the requirements of SAA (the data Controller) according to the terms of this processing agreement in its handling of your data: https://www.parcelhub.co.uk/data-processing-agreement/ This will include the passing of your data essential to the delivery of your order to the relevant shipping partner.
Data subjects have certain statutory rights, with which Parcelhub Limited are fully compliant, namely:
1. The right to be informed. We will tell you how we use and store your data (in this Privacy Notice and in the Data Policy available on our website), and will inform you if this changes in any way.
2. The right of access. You have the right to access any record we have of your personal data to verify that we are using it lawfully. Should you wish to do so, you can submit a ‘Subject Access Request’ to us.
3. The right to rectification. You should tell us if we hold any inaccurate or outdated information about you, and we undertake to correct it accordingly.
4. The right to erasure. You can require us to delete any personal data we hold about you, either in some of the ways listed above or by contacting us.
5. The right to restrict processing. As this notice outlines, we only use your data in very limited ways. If however, you would like us to keep your data but change the ways in which we use it, you can contact us to request this.
6. The right to data portability. If you wish us to provide you or another company with a copy of the information we hold about you, you have the right to request that we do so.
7. The right to object. Similarly to some of the above rights, you have the right to object to certain usages of your data on grounds relating to your particular situation or if you dispute our Legitimate Interests as stated above. Again, you should contact us should you wish to do so.
8. Rights in relation to automated decision making and profiling. We do not conduct this sort of activity in relation to your data.
9. The right to complain to a supervisory authority. If you are unhappy with how we are processing your data, you can lodge a complaint to the Information Commissioner’s Office (ico.org.uk).
In any case listed above where you are required to contact us, or with any other queries about our use and storage of your data, please email or write to us using the below details.
James Rhodes, Data Protection Officer, firstname.lastname@example.org
Parcelhub Limited, Unit 6, Colwick Quays Business Park, Nottingham, NG4 2JY, United Kingdom
8. Where we process your data
We and our contractors and suppliers normally store and process your data in the United Kingdom. However, we and our contractors and suppliers may from time to time store and process your data elsewhere, including outside the European Economic Area. This may be because our contractor or supplier who carries out any order fulfilment or payment processing, for instance, may be based elsewhere. If your data is to be stored or processed outside the European Economic Area, we will comply with, and take all reasonable steps to ensure our contractors and suppliers comply with, the rules under the Data Protection Act 1998 and General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) for processing personal data outside the European Economic Area.
9. Data security and preventing unauthorised access
a.Our security measures
We will take and use reasonable endeavours to ensure our contractors and suppliers take all reasonable steps and implement all reasonable measures, to keep your data secure and prevent unauthorised access to your data (except for those parts of your data intended to be made available to the public or other customers or members of ours, (such as your public profile, gallery etc.), and to prevent accidental loss or damage to your data.
b. Your passwords
You are responsible for keeping your username and password log-in details confidential and we would ask you not to share them with anyone.
c. Information Security Policy
All employees are responsible for ensuring confidentiality of sensitive information. Teaching Art recognises the importance of information security. The primary purpose of our information security is the protection of services to members and customers, and the customer information we are supplied with. It is the company’s aim to ensure that customers have confidence in our information security and are safe in the knowledge that we are responsive to their security concerns. Teaching Art will adhere to all the requirements of PCI DSS in protecting customer card details. Everyone within Teaching Art has an important role to play and each member of staff has their own specific tasks and responsibilities. We expect our core behaviour of professionalism and customer focus to be reflected in our protection of customer information. We support staff efforts to secure information through policies, and staff training and awareness activities. This policy is subject to review annually to ensure that at a strategic level it addresses the evolving information security threats and objectives needed for the organisation to be successful.
d. Payment Security
i. Card Payment
Teaching Art Ltd process payment cards for orders placed via the website and out of hours call centre through Worldpay. When you go through to pay, you’ll be taken to the Worldpay page to input your card details. We are then given an authorisation to collect the money from Worldpay. This provides PCI DSS compliance as your card details are never seen by us, we simply receive a token to collect payment.
Order placed with SAA Customer Service over the phone will use the Verifone payment gateway. PCs and other devices on this network shall be configured to meet the requirements of PCI DSS, and may only be accessed by authorised users. Teaching Art Ltd also process payment cards via standalone payment terminals (PDQs). PDQs may only be accessed by authorised employees.
When placing an order and at the point that you click on the ‘Confirm Order’ button in order to pay, you will be taken to the PayPal website and you will see that the URL address has changed to https://securepayments.paypal.com/. You are now on the PayPal website and your payment will be processed here. Once completed and authorised by your bank, PayPal will redirect you back to our website whilst advising us that your payment has gone through and that we may continue processing your order. At no point are your card details entered on the our website. If at any point a refund is needed we advise PayPal and they apply the refund to your card.
10. Cookies that we use
11. Your rights
a. Access to your data
You can see most of your data through your account web pages when logged in on our website. Under the Data Protection Act 1998 and General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), you are entitled to a copy of all personal data we hold about you. If you would like to exercise this right, please contact us via email at email@example.com, requesting a Subject Access Request Form.
b. Your right to stop marketing messages
If we are sending you marketing literature (including paper-based and electronic messages), you have the right to ask us to stop doing this. Please contact us using our contact details above.
c. Your right to stop use causing distress
You have the right to ask us to stop using any data for any purpose where that purpose is causing you substantial distress. If you have any concerns regarding our use of your data, please contact us using our contact details in this policy.
d. Your right to alter inaccurate data
You are entitled to ask us to change, erase, block or modify any inaccuracies in your personal data, by contacting us using our contact details above. We will respond to these requests within one month. In most cases you can do this yourself though your account web pages on our website, which let you change and update your data.
e. Your right to revoke consent at any time
You have the right to withdraw consent for us to use your data at any time. If this withdrawal means we are not able to provide a service to you, we will advise of this at the time of withdrawal.
f. Your right to erasure
If you wish to have all of your data that is held by Teaching Art erased, you should contact us on the details above, to which we will respond within one month.
12. Third-Party Websites
13. Changes to this policy
14. Legal status of this policy
15. Meaning of words we use in this policy
In this policy:
• personal data means any of your data which constitutes personal data under the Data Protection Act 1998 or General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), and in relation to which you are the data subject.
• we, our and us means Teaching Art Ltd, trading as SAA.
• you and your means you our guest, visitor, customer or member, including anyone who visits our website, registers for an account with us, purchases anything from us, uses our website forum, enters any competition through our website, registers for a professional account and becomes a full member of ours, and any affiliated club and its members.
• your data means all data and information which you supply, or we otherwise hold, obtain, generate or process in relation to you from time to time, as further detailed in this policy.
• service means any service provided by us, whether free or paid-for, including our website any service, feature or functionality of our website.
• website means our internet website whose address is http://www.saa.co.uk and any additional or replacement website from time to time that we operate.
Copyright 2021, SAA