1.1 We, Neon Gallery Limited (with 'we', 'our' or 'us' being interpreted accordingly) are committed to protecting your privacy and personal information. Personal information relating to you from which you can be identified that we collect or which you provide is called personal data ('Personal Data').
Last Updated 20th July 2020
2. Our Legal obligations regarding your Personal Data
We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) ('GDPR') and the UK Data Protection Act 2018 ('DPA') together with other applicable UK and EU laws that regulate the collection, processing and privacy of your Personal Data (together, 'Data Protection Law').
3. What Personal Data do we collect and use?
3.1 The Personal Data about you that we collect and use includes the following:
(a) Your name;
(b) Your email address, telephone number, billing address and delivery address;
(c) Payment details;
(d) Information from accounts you link to us (e.g. Facebook, Twitter, Instagram);
(e) Your contact history and purchase history;
(f) Information about your personal preferences and background;
(g) Information about your use of our website (see 'Cookies' below).
3.2 Some of the Personal Data we collect may be 'sensitive' Personal Data (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership and information concerning your health).
3.3 Please note that if you do not provide Personal Data when we ask for it, it may delay or prevent us from providing products or services to you.
4. How your Personal Data is collected
4.1 We collect most of this Personal Data directly from you – in person, by email, telephone and via our website e.g. when you contact us with a query, make a purchase, or ask that you are added to our mailing list. However we may also collect Personal Data from cookies on our website (see 'Cookies' below), from social media accounts you link to us e.g. Facebook, Twitter or Instagram and from articles or other information which has been published about you in the media.
5. Information about third parties
5.1 Please ensure that any Personal Data you supply to us which relates to third party individuals is provided to us with their knowledge of our proposed use of their Personal Data.
6. How and why we use your Personal Data
6.1 Under Data Protection Law, we can only use your Personal Data if we have a proper reason for doing so e.g.:
(a) To comply with our legal and regulatory obligations;
(b) For the performance of a contract between us or to take steps at your request before entering into a contract;
(c) For our legitimate interests or those of a third party (where we have a business or commercial reason to use your Personal Data, so long as this is not overridden by your own rights and interests, including ensuring the successful continuing our business operations, updating our client and contact records, improving our offerings, marketing our offerings and preventing fraud); or
(d) Where you have given consent.
6.2 If we process sensitive data as referred to above we will only do this with your explicit consent; or, to protect your vital interests (or those of someone else) in an emergency; or, where you have already publicised such information; or, where we need to use such sensitive data in connection with a legal claim that we have or may be subject to.
6.3 We may use your Personal Data for one or more of the following purposes:
(a) To fulfil requests, including providing products or services to you, responding to any requests you may have regarding products or services;
(c) Marketing, including adding you to our mailing list and providing you with direct marketing communications about what we are doing as well as products, services and/or events which may be of interest to you by post or phone. If required under applicable law, where we contact you by SMS, email, fax, social media and/or any other electronic communication channels for direct marketing purposes, this will be subject to you providing your express consent. You can object or withdraw your consent to receiving direct marketing from us at any time, by contacting us using the email address below;
(d) To enforce and/or defend any of our legal claims or rights; and/or
(e) For any other purpose required by applicable law, regulation, the order of any court or regulatory authority.
7 Disclosing your Personal Data to third parties
7.1 We will not sell or rent your Personal Data. We will only share your Personal Data as set out in this section 7, including sharing with:
(a) the offices of other companies within the Neon Gallery Limited group;
(b) third parties we use to help deliver our products and services to you, e.g. payment service providers and delivery and shipping companies;
(c) other third parties we use to help us run our business, e.g. our client database providers; and
(d) third parties approved by you, e.g. social media accounts you choose to link your account with us to or third party payment providers.
7.2 We only allow our service providers to handle your Personal Data if we are satisfied they take appropriate measures to protect your Personal Data. We also impose contractual obligations on service providers to ensure they can only use your Personal Data to provide services to us and to you.
7.3 We may also share personal information with external auditors in relation to the audit of our accounts, and we may disclose and exchange information with law enforcement agencies and regulatory bodies without telling you to comply with our legal and regulatory obligations.
7.4 We may also need to share some Personal Data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
8. Cookies and similar technologies
8.2 Our website uses the following types of cookies:
(a) Necessary cookies: these cookies are essential for the website to function properly and cannot be disabled without severely affecting the usability of the website. The law does not require us to ask consent to use these cookies and they will always be placed when you use our website.
(b) Functional cookies: these cookies remember various choices you make on the website to improve your experience. They are also used to display recommendations for you based on your past activity on the website. Functional cookies may be required for actions such as watching a video.
Any Personal Data that these cookies collect is anonymised before being used for any other purpose, so we don’t keep records of your data or track you personally, or monitor how you browse on other websites.
(c) Analytics cookies: these cookies gather anonymous data on how visitors use the website e.g. what pages are most visited and how long visitors stay on them as well as what device and operating system you are using. They also gather information on errors which may occur during visits which can help us fix them.
8.3 Managing cookies: most web browsers allow you to manage which cookies you accept via their settings. You can normally use the ‘Help’ functionality on your browser to find out about how it handles cookies and how you can manage your cookie preferences.
8.4 You can also view and manage the advertising cookies placed on your device by visiting Your Online Choices here.
8.5 Some of our marketing emails to you may include a unique URL. If you click that URL (link), then we may measure your responsiveness to our communications on different subjects.
9. International transfers
9.1 We may transfer your Personal Data to Neon Gallery Limited group company offices in the United States and Hong Kong, to service providers located outside the European Economic Area (EEA), or to service providers who may transfer your Personal Data outside the EEA. This means your Personal Data will be transferred to territories whose laws are currently not considered to meet the same legal standards of protection for Personal Data as set out under Data Protection Law. However, in order to safeguard your Personal Data, we only conduct such transfers under a contract or another appropriate mechanism which is authorised under Data Protection Law. This is to make sure that your Personal Data is safeguarded in accordance with the same legal standards that apply to us in the United Kingdom.
10. How long we retain your Personal Data for
10.1 Neon Gallery Limited only retains Personal Data identifying you for as long as you have a relationship with us, as is necessary to perform our obligations to you (or to enforce or defend contract claims), or as is required by applicable law.
10.2 We have a data retention policy that sets out the different periods we retain data for in respect of relevant purposes in accordance with our duties under Data Protection Law. The criteria we use for determining these retention periods is based on various legislative requirements; the purpose for which we hold data; and guidance issued by relevant regulatory authorities including but not limited to the UK Information Commissioner's Office (ICO)
10.3 Personal Data we no longer need is securely disposed of and/or anonymised so you can no longer be identified from it.
11. Security that we use to protect Personal Data
11.1 We employ appropriate technical and organisational security measures to protect your Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
11.2 We also endeavour to take all reasonable steps to protect Personal Data from external threats such as malicious software or hacking. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of all data sent to us (including Personal Data).
12. Links to other websites
13. Your personal data rights
13.1 In accordance with your legal rights under applicable law, you have a 'subject access request' right under which you can request information about the Personal Data that we hold about you, what we use that Personal Data for and who it may be disclosed to as well as certain other information. Usually we will have a month to respond to such a subject access request. We reserve the right to verify your identity if you make such a subject access request and we may, in case of complex requests, require a further two months to respond. We may also charge for administrative time in dealing with any manifestly unreasonable or excessive requests for access. We may also require further information to locate the specific information you seek before we can respond in full and apply certain legal exemptions when responding to your request.
13.2 Under Data Protection Law you also have the following rights, which are exercisable by making a request to us in writing:
(a) that we correct Personal Data that we hold about you which is inaccurate or incomplete;
(b) that we erase your Personal Data without undue delay if we no longer need to hold or process it;
(c) to object to any automated processing (if applicable) that we carry out in relation to your Personal Data, e.g. if we conduct any automated credit scoring;
(d) to object to our use of your Personal Data for direct marketing;
(e) to object and/or to restrict the use of your Personal Data for purpose other than those set out above unless we have a legitimate reason for continuing to use it; or
(f) that we transfer Personal Data to another party where the Personal Data has been collected with your consent or is being used to perform contact with you and is being carries out by automated means.
13.3 All of these requests may be forwarded on to a third party provider who is involved in the processing of your Personal Data on our behalf.
13.4 If you would like to exercise any of the rights set out above, please contact us at the address below.
13.5 If you make a request and are not satisfied with our response, or believe that we are illegally processing your Personal Data, you have the right to complain to the Information Commissioner's Office (ICO) – see https://ico.org.uk/.
Name: Christopher Shake or Dimitrios Tsivrikos