PRIVACY POLICY

Kat Designer and Illustrator is committed to protecting the privacy of my visitors.

What data do I collect and for what purpose?
In order to deliver my products to my customers, I ask for personal information such as names, email addresses, postal addresses and payment information. I am committed to recording data accurately and storing it securely to ensure all communications are limited to the intended recipient.

Email addresses and phone numbers will be used to provide delivery updates and notifications and will only be used for marketing purposes if you opt-in to those services.

I only collect data under the following lawful bases:
(a) Consent: the individual has given clear consent for us to process their personal data for a specific purpose. This relates to any customer ordering products from me and anyone that has opted in to receive my marketing messages.

(b) Contract: the processing is necessary for a contract I have with the individual, or because you have asked us to take specific steps before entering into a contract.
This relates to my wholesale and retail customers only.

I also use cookies to collect data on how our website is being used and to help us improve our customer experience in the future.

How it is processed and stored
All of the electronic data is held within our secure environment which is password protected and access to that environment is limited. My website operates under an SSL Certificate providing a secure connection for its users.

Third party systems
Kat Designer and Illustrator will not provide third parties (other than as is necessary to provide the services) with your information unless legally required to do so or if we believe in good faith that it is appropriate to do so.

Any information provided by you in connection with any financial details will be processed and stored by our payment gateway providers, Stripe and Paypal, and may be used by us to facilitate any future transactions with you. For details on our payment providers data policies, please visit:

Stripe and PayPal

I use certain tracking software that allows us to monitor how our site is used. For example, I am able to track how many times a certain page is viewed. I do not use tracking software to gather personal information about our visitors.

The website is brought to you by Squarespace, an international website platform with their own privacy rules and terms of service. To read their full privacy statement please click here.

We may link to third party sites although we are not responsible for the content of those pages or their privacy practices.

How I protect your data
I am committed to keeping your data safe and secure.

Should any issues be detected in terms of the use or security of our data, I will firstly ensure that corrective measures are taken to prevent any further breaches. Once the breach has been contained, the event will be fully documented and I will analyse the severity. If the breach is considered to be of low severity and pose little risk to individuals, I will ensure it is documented and appropriate measures are taken to prevent a repeat occurrence.

If the breach is considered to of high severity and have a risk to individuals rights and freedoms, I will take all measures noted above in addition to notifying the individuals affected and notify the ICO within 72 hours.

How long we keep your data?
I will only keep data for as long as is deemed necessary. The data we collect is used to fulfil orders and to communicate with customers that have indicated they would like to hear from me in the future. I will perform annual data cleanses to assess the relevance and purpose of the data we hold. Any data considered to be no longer relevant will be securely deleted and this process will be documented.

Your rights
Under GDPR you, as an individual, have the following rights:
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.

For more information on your individual rights, please visit: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

To discuss a subject access request, please contact kathryn.philpott@icloud.com If the request is fair and appropriate, I will provide the requested information within one month of the request, free of charge. I reserve the right to refuse or charge for requests that are manifestly unfounded or excessive. In both cases we will communicate with the individual(s) to explain the reasonings and if a fee is to be charged, the fee will be based on the administrative cost of providing the information requested.

International
I operate the majority of our business within the EEA and therefore our governing body is the ICO and our data practices have been developed with ICO guidelines and GDPR practices in mind. Any data associated with International orders will be processed, stored and protected in the same way as EEA orders as noted in this policy.

Queries
If you have any queries relating to data or privacy, please contact kathryn.philpott@icloud.com