Who we are
Website address is: https://nataliejcheetham.art.
This website is owned by NatalieJCheetham.Art; NZBN 9429049538298; Natalie J Cheetham is a New Zealand Sole Trader.
Our email address is email@example.com; postage address is 36 Russell Road, Seacliff, 9471, New Zealand. NatalieJCheetham.Art (‘we’ or ‘us’) is a ‘data controller’ for the purposes of the General Data Protection Regulation (‘GDPR’) where we control the purposes for which we process your personal information e.g. when we take your personal information to supply you with our goods. Otherwise we are the data processor. We will take all appropriate steps to ensure compliance with the GDPR and all other laws which protect your personal data (the ‘Legislation’).
Any questions about our data protection policy or how we handle your personal data should be addressed to us at NatalieJCheetham.Art. (See ‘How to contact us’ below.)
This webpage is hosted by Hostinger.com (https://www.hostinger.com/privacy-policy) and created using WordPress.org (https://en-nz.wordpress.org/about/privacy/)
What personal data we collect and why we collect it
We collect personal information about you (such as your name, delivery address, email address and telephone number, your credit card or payment details through our third party payment processor), when you contact us via our website or purchase goods from us. We also collect personal information when you visit our website as explained below in the Cookies section. To provide the best possible service and fulfil your orders we may also collect details of products and services we have provided to you and/or that you have enquired about, and our response to you; your browser session and geo-location data, statistics on page views and sessions and/or browsing behaviour.
How we collect personal information
We collect personal information in a variety of ways, including:
Directly: We collect personal information which you directly provide to us, including when you sign up to our newsletter, order products, fill out any of our forms on our website or when you request our assistance via email.
Indirectly: We may collect personal information which you indirectly provide to us while interacting with us, such as when you use our website, in emails, over the telephone and in your online enquiries.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Any comments you make on these social media platforms in general must be not offensive, insulting or defamatory. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use.
Marketing and email newsletter
We use any information submitted to us by you to provide you with further information by email about the goods [and services] we offer which you have requested and/or which may be of interest to you. You can choose to unsubscribe at any point by clicking on the link at the bottom of the email.
Email marketing campaigns published by us may contain tracking facilities within the actual email. Subscribed activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include: the opening of emails, forwarding of emails, the clicking of links within the email consent, times, dates and frequency of activity (this is by no means a comprehensive list).
Embedded content from other websites
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our online Services.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
How will we use the information about you?
While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 7 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We will also store comments or reviews, if you choose to leave them.
The reasons why we process your personal data are listed above and the lawful basis for such processing is one or more of the following:
- it is necessary for us to perform the contract you wish to enter into with us or in order to take steps you have requested us to take prior to entering into a contract with us (eg using our forms to enquire about particular services)
- it is necessary for us to comply with a legal obligation
- it is in our legitimate business interest to carry out such processing (eg reminding you of an “abandoned on-line cart”) except where such an interest is overridden by your interests or fundamental rights and freedoms which require your personal data to be protected)
- you have given your consent for one or more specific purposes.
Who we share your data with
We shall only share your personal information with third parties in order to fulfill orders and process payments on our behalf and to improve our services and website usage. We may also send information about you to law enforcement agencies in connection with any investigation to help prevent unlawful activity.
In the event of any unlawful action we may disclose personal information to:
courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
any other third parties as required or authorised by law.
Overseas disclosure: For the purposes above, we may transfer your personal information to parties located outside New Zealand which may not have an equivalent level of data protection laws as those in New Zealand. Before disclosing any personal information to an overseas recipient, we will comply with Information Privacy Principle 12 and only disclose the information if you have authorised the disclosure after we expressly informed you that the overseas recipient may not be required to protect the personal information in a way that, overall, provides comparable safeguards to those in the Privacy Act, or we believe the overseas recipient is subject to the Privacy Act, or we believe that the overseas recipient is subject to privacy laws that, overall, provide comparable safeguards to those in the Privacy Act, or we believe that the overseas recipient is a participant in a prescribed binding scheme, or we believe that the overseas recipient is subject to privacy laws in a prescribed country or we otherwise believe that the overseas recipient is required to protect your personal information in a way that, overall, provides comparable safeguards to those in the Privacy Act (for example pursuant to a data transfer agreement entered into between us and the overseas recipient).
Third Parties we use and why
For the purpose of processing orders through our online shop we use the following third parties: WooCommerce, Stripe, PayPal and Printify.
WooCommerce: They may collect the following information from you during the checkout process on our store:
- Collecting additional personal data, such as city and zip code to calculate shipping rates
- Sharing data with external services, such as billing address to process a payment
Stripe: We use Stripe to process payments made through our webpage. They may collect the following information to process payments:
- payment method information (such as credit or debit card number, or bank account information),
- purchase amount, date of purchase, and in some cases, some information about your purchases.
- Different payment methods may require the collection of different categories of information. The payment method information that they collect will depend upon the payment method that you choose to use from the list of available payment methods that are offered to you at the time of check-out.
- They may also receive your name, email, billing or shipping address and in some cases, your transaction history to authenticate you.
PayPal: We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.
Printify: We only share neccessary data with Printify to fulfill your order; they only process your data to help them provide their service to us, or in accordance with our instructions, or as required by law. This data may include the following:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name and shipping information.
MailChimp: When subscribing to our newsletter your data will be shared with MailChimp, who we use to help us tailor our newletters for the right audience. When shopping, MailChimp keeps a record of your email and the cart contents for up to 30 days on their server. This record is kept to repopulate the contents of your cart, if you switch devices or needed to come back another day.
LiteSpeedCache: This site utilizes caching in order to facilitate a faster response time and better user experience. Caching potentially stores a duplicate copy of every web page that is on display on this site. All cache files are temporary, and are never accessed by any third party, except as necessary to obtain technical support from the cache plugin vendor. Cache files expire on a schedule set by the site administrator, but may easily be purged by the admin before their natural expiration, if necessary. We may use QUIC.cloud services to process & cache your data temporarily.
Please see https://quic.cloud/privacy-policy/ for more details.
We may also share information to shipping providers and third party embeds. Visitor comments may be checked through an automated spam detection service.
Storage and security
We are committed to ensuring that the personal information we collect is secure. We have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
Your rights and controlling your personal information
Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.
Access and Correction: Subject to certain grounds for refusal set out in the Privacy Act, you may request access to, and correction of, the personal information that we hold about you. Please contact us using the details below. We will deal with your request in accordance with the Privacy Act.
Retention: We will not keep your personal information for longer than is required for the purposes for which your personal information may lawfully be used.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint.
GDPR Consumer Rights
The right to access. Individuals may request access to their personal data. They may also ask about how their data is used, processed, stored, or transferred to other organizations. You must provide an electronic copy of the personal data, free of charge if requested.
The right to be informed. Individuals must be informed and give free consent (not implied) before gathering and processing their data.
The right to data portability. Individuals may transfer their data from one service provider to another at any time. The transfer must happen in a commonly used and machine-readable format.
The right to be forgotten. If users are no longer customers or withdraw their consent to use their personal data, they have the right to have their data deleted.
The right to object. If a user objects to your use or processing of their data, they can request that you stop. There are no exceptions to this rule. All processing must stop as soon as the user makes their request.
The right to restrict processing. Individuals can ask you to stop processing their data or stop a certain kind of processing. Their data can remain in place if they choose.
The right to be notified. Individuals have the right to be notified in the event of a personal data breach that compromises their personal data. This must happen within 72 hours of your first learning of the breach.
The right to rectification. Users can request that you update, complete, or correct their personal data.
As you can see, these rights give individuals considerable power over their data. They now have a number of tools to limit and prohibit you from using their personal information.
“Do Not Track” Preference Under the California Online Privacy Protection Act (CalOPPA)
We do not support Do Not Track (DNT), which is a preference you can set in your web browser to inform websites that you do not want your online actions monitored. You can enable or disable the DNT feature by visiting your web browser’s Preferences or Settings page.
Links to other websites
For any questions or notices, please contact us at:
NatalieJCheetham.Art; NZBN 9429049538298;
Natalie J Cheetham is a New Zealand Sole Trader; Physical Address: 36 Russell Road, Seacliff, 9471, New Zealand
Last update: 6. August 2021