1) INTRODUCTION
This privacy notice provides you with details of how we collect and process your personal data through your use of our site paulpaint.com (Paul Paint).
By providing us with your data, you warrant to us that you are over 18 years of age.
Paul Paint the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at info@paulpaint.com.
2) WHAT DATA DO WE COLLECT ABOUT YOU, FOR WHAT PURPOSE AND ON WHAT GROUND WE PROCESS IT
Personal data means any information capable of identifying an individual. It does not include anonymised data.
We may process the following categories of personal data about you:
- Communication Data:
- Sources: Contact forms, chat functions, email, text, social media messaging, and other communications sent to us.
- Purpose: To communicate with you, maintain records, and handle legal claims.
- Basis: Our legitimate interests to respond to communications, keep records, and manage legal concerns.
- Customer Data:
- Includes: Name, title, billing and delivery address, email, phone number, purchase details, and card details.
- Purpose: To provide goods/services, and maintain transaction records.
- Basis: Contractual obligations and preparatory steps for such contracts.
- User Data:
- Details: How you use our website, and any data you post or publish.
- Purpose: Site administration, content provision, website security, backups, and other related activities.
- Basis: Our legitimate interests to manage our website and business.
- Technical Data:
- Details: IP address, login details, browser specifics, site visit duration, page views, device details, and more from our analytics.
- Purpose: Website analysis, protection, content/ad delivery, and marketing strategy determination.
- Basis: Our legitimate interests to manage our website, grow our business, and set our marketing approach.
- Marketing Data:
- Details: Your marketing and communication preferences.
- Purpose: To manage promotions, deliver relevant content/advertisements, and understand ad effectiveness.
- Basis: Our legitimate interests to understand product/service usage, develop offerings, and refine marketing strategy.
Additional Uses of Data:
- Combination: We might combine Customer, User, Technical, and Marketing data to tailor content and advertisements, and to understand ad effectiveness.
- Basis: Growing our business through legitimate interests or your consent.
Sensitive Data
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
3) HOW WE COLLECT YOUR PERSONAL DATA
We may collect data about you by you providing the data directly to us (for example by filling in forms on our site or by sending us emails). We may automatically collect certain data from you as you use our website by using cookies and similar technologies.
We may receive data from third parties such as analytics providers such as Google based outside the EU, such as search information providers such as Google based outside the EU, affiliate partners inside or outside the EU or providers of technical, payment and delivery services, such as data brokers or aggregators.
4) DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with the parties set out below:
- Service providers who provide IT and system administration services.
- Professional advisers including lawyers, bankers, auditors and insurers
- Government bodies that require us to report processing activities.
- Third parties to whom we sell, transfer, or merge parts of our business or our assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
5) INTERNATIONAL TRANSFERS
We are subject to the provisions of the General Data Protection Regulations that protect your personal data. Where we transfer your data to third parties outside of the EEA, we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:
- We may transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
- If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place; or
- Where we use certain service providers who are established outside of the EEA, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
6) DATA SECURITY
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
7) DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
8) YOUR LEGAL RIGHTS
- Your Choice:
- When you provide us with personal information, you’re acknowledging that we’ll manage it as described in this privacy policy.
- You aren’t obligated to share personal information. However, not doing so might impact your ability to use our website or its services/products.
- Information from Third Parties:
- If we get your information from a third party, it will be protected as per this policy.
- If you’re sharing someone else’s personal details with us, ensure you have their consent.
- Marketing Permissions:
- If you’ve previously allowed us to use your data for marketing, you can retract that decision anytime. To do so, contact us using the provided details.
- Access and Correction:
- You can request details of your personal data we hold.
- If you feel the information about you we have is wrong or outdated, reach out. We commit to rectifying any inaccuracies.
- Non-Discrimination:
- Exercising your rights over your data won’t result in discrimination.
- We won’t deny services, alter prices, or provide varied quality unless the data is essential (e.g., for user support).
- Data Breach Notification:
- In case of a data breach, we pledge to abide by relevant laws.
- Complaints:
- Think we’ve violated data protection laws? Send a detailed complaint our way.
- We’ll investigate, provide a written response, and detail how we’ll resolve it.
- You can also reach out to relevant regulatory bodies about your complaint.
- Unsubscribe:
- To opt-out from emails or other communications, contact us using the given details or use the provided opt-out methods in our communications. To verify your identity, we might need additional details from you.
9) THIRD-PARTY LINKS
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
10) COOKIES
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
11) YOUR RIGHTS UNDER THE GDPR
We undertake to respect the confidentiality of your Personal Data and to guarantee you can exercise your rights.
You have the right under this Privacy Policy, and by law if you are within the EU, to:
- Request access to your Personal Data. The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact Us to assist you. This also enables you to receive a copy of the Personal Data We hold about You.
- Request correction of the Personal Data that We hold about you. You have the right to to have any incomplete or inaccurate information we hold about you corrected.
- Object to processing of your Personal Data. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to our processing of your Personal Data on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
- Request erasure of your Personal Data. You have the right to ask us to delete or remove Personal Data when there is no good reason for us to continue processing it.
- Request the transfer of your Personal Data. We will provide to you, or to a third-party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where ye used the information to perform a contract with you.
- Withdraw your consent. You have the right to withdraw your consent on using your Personal Data. If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of the Service.
If you want us to modify or erase your data, please contact info@paulpaint.com.