BACKGROUND: 

Harlequin Arts understands that your privacy is important to you and that you care about how your personal data is used. I respect and value the privacy of everyone who visits this website, www.harlequinarts.co.uk (“My Site”) and as described in Parts  5 and 6, below, I do not collect personal data about you unless you contact me. Any personal data I do collect will only be used as  permitted by law. 

Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of this Privacy Policy is deemed to  occur upon your first use of My Site. If you do not accept and agree with this Privacy Policy, you must stop using My Site  immediately. 

1. Information About Me 

1.1. My Site is operated by Karen Herrick, a sole  trader, of 

1.2. 10 Westfield Gardens, Brampton, Chesterfield, Derbyshire, S40 3SN. 

1.3. Email address: admin@harlequinarts.co.uk. 

2. What Does This Policy Cover? 

2.1. This Privacy Policy applies only to your use of My Site. My Site may contain links to other websites.  Please note that I have no control over how your data  is collected, stored, or used by other websites and I  advise you to check the privacy policies of any such  websites before providing any data to them. 

3. What is Personal Data? 

3.1. Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the  “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in  particular by reference to an identifier’. 

3.2. Personal data is, in simpler terms, any  information about you that enables you to be  identified. Personal data covers obvious information  such as your name and contact details, but it also  covers less obvious information such as identification  numbers, electronic location data, and other online  identifiers. 

4. What Are My Rights? 

4.1. Under the GDPR, you have the following rights, which I will always work to uphold: 

4.1.1. The right to be informed about my collection and use of your personal data. This  Privacy Policy should tell you everything you need to  know, but you can always contact me to find out  more or to ask any questions using the details in  Part 10. 

4.1.2. The right to access the personal data I hold  about you. Part 9 will tell you how to do this. 

4.1.3. The right to have your personal data  rectified if any of your personal data held by me is  inaccurate or incomplete. Please contact me using  the details in Part 10 to find out more. 

4.1.4. The right to be forgotten, i.e. the right to  ask me to delete or otherwise dispose of any of your  personal data that I have. Please contact me using 

the details in Part 10 to find out more. 

4.1.5. The right to restrict (i.e. prevent) the  processing of your personal data. 

4.1.6. The right to object to me using your  personal data for a particular purpose or purposes. 4.1.7. The right to data portability. This means  that, if you have provided personal data to me directly, I am using it with your consent or for the  performance of a contract, and that data is  processed using automated means, you can ask me for a copy of that personal data to re-use with  another service or business in many cases. 

4.1.8. Rights relating to automated decision making and profiling. I do not use your personal  data in this way. 

4.2. For more information about my use of your  personal data or exercising your rights as outlined  above, please contact me using the details provided in  Part 10. 

4.3. Further information about your rights can also  be obtained from the Information Commissioner’s  Office or your local Citizens Advice Bureau. 

4.4. If you have any cause for complaint about my use of your personal data, you have the right to lodge a  complaint with the Information Commissioner’s Office. 

5. What Personal Data Do You Collect? 

5.1. Subject to the following, I do not collect any  personal data from you. I do not place cookies on your  computer or device, nor do I use any other means of  data collection. 

5.2. If you send me an email, I may collect your  name, your email address, and any other information  which you choose to give me. 

5.3. If you choose to contact me via a contact page  on My Site I may collect your name, your email  address, and any other information which you choose  to give me. 

5.4. If you choose to contact me via mobile  technology or social media I may collect your name,  your unique contact information, and any other  information which you choose to give me. 

6. How Do You Use my Personal Data? 

6.1. If I do collect any personal data, it will be  processed and stored securely, for no longer than is 

Harlequin Arts – Privacy Policy v25.5.2018 Page 1 of 2 

necessary in light of the reason(s) for which it was first  collected. I will comply with my obligations and  safeguard your rights under the GDPR at all times. For  more details on security see Part 7, below. 

6.2. As stated above, I do not generally collect any  personal data. If you contact me and I obtain your  personal details from your email or other means of  contact, I may use them to respond to you. 

6.3. Any and all emails or messages delivered to me containing your personal data will be deleted no later  than one year after the subject matter of your email or  reason for contacting me has been resolved.  

6.4. You have the right to withdraw your consent to  me using your personal data at any time, and to  request that I delete it. 

6.5. I will not share any of your data with any third  parties for any purposes other than storage on an  email server. 

7. How and Where Do You Store My Data? 7.1. I will only store your personal data within the  European Economic Area (the “EEA”). The EEA consists  of all EU member states, plus Norway, Iceland, and  Liechtenstein. This means that your personal data will  be fully protected under the GDPR or to equivalent  standards by law. 

7.2. Where I transfer your data to a third party based  in the US, this may be protected if they are part of the  EU-US Privacy Shield. This requires that third party to  provide data protection to standards similar to those in  Europe. More information is available from the  European Commission. 

7.3. Please contact me using the details below in  Part 10 for further information about the particular  data protection mechanism used by me when  transferring your personal data to a third country. 

7.4. Personal data security is essential to me, and to  protect personal data, I take the following measures: 7.4.1. Your data is stored on a password  protected and encrypted server. 

7.4.2. I use password protected computers and  data encryption is enabled. 

7.4.3. My backup data is held on a secure online  facility within the EEA. 

7.4.4. Physical archive documents that need to  be retained for such as audit and compliance  reasons are retained in locked storage. The documents may have to be stored for six years for  compliance reasons before destruction. 

7.4.5. I cross cut shred any redundant physical  documents that have any data references. 

7.4.6. Permanent deletion of files on a hard drive  (a non-volatile memory hardware device that  permanently stores and retrieves data on a  computer) cannot be guaranteed so while I  endeavour to delete unnecessary files all hard drives  are destroyed before end of life disposal and  recycling. 

7.4.7. I do not use portable memory devices to  store data of any kind. I also endeavour not to use  any personal data, including my own, when using  someone else’s device for such as a presentation. 

8. Do You Share My Personal Data? 

8.1. I will not share any of your personal data with  any third parties for any purposes, subject to one  important exception. 

8.2. In some limited circumstances, I may be legally  required to share certain personal data, which might  include yours, if I am involved in legal proceedings or  complying with legal obligations, a court order, the  instructions of a government authority or some other  statutory or compliance requirement. 

9. How Can I Access My Personal Data? 

9.1. If you want to know what personal data I have  about you, you can ask me for details of that personal  data and for a copy of it (where any such personal data  is held). This is known as a “subject access request”. 

9.2. All subject access requests should be made in  writing and sent to the email or postal addresses  shown in Part 10. 

9.3. There is not normally any charge for a subject  access request. If your request is ‘manifestly  unfounded or excessive’ (for example, if you make  repetitive requests) a fee may be charged to cover my administrative costs in responding. 

9.4. I will respond to your subject access request  within 21 days and, in any case, not more than one  month of receiving it. Normally, I aim to provide a  complete response, including a copy of your personal  data within that time. In some cases, however,  particularly if your request is more complex, more time  may be required up to a maximum of three months  from the date I receive your request. You will be kept  fully informed of my progress. 

10. How Do I Contact You? 

10.1. To contact me about anything to do with your  personal data and data protection, including to make a  subject access request, please use the following  details: 

10.1.1. Email address:  

admin@harlequinarts.co.uk. 

10.1.2. Postal Address:  

Brampton Courtyard, 11a Old Hall Road,  

Chesterfield, Derbyshire, S40 3RG. 

11. Changes to this Privacy Policy 

11.1. I may change this Privacy Notice from time to  time. This may be necessary, for example, if the law  changes, or if I change my business in a way that  affects personal data protection. 

11.2. Any changes will be immediately posted on My Site and you will be deemed to have accepted the  terms of the Privacy Policy on your first use of my Site  following the alterations. I recommend that you check  this page regularly to keep up-to-date.