Privacy Policy

Effective Date: 19/02/2026

At Amy Thorman Art (the “Company”, “we”, “us”, or “our”), we respect and protect your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you visit and use our website www.amythormanart.com (the "Site"), in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws in the UK.

By using our Site, you agree to the collection and use of your information as outlined in this policy.

1. Information We Collect

We collect personal data from you when you use our Site, including:

  • Personal Information: When you place an order, sign up for our newsletter, or interact with our Site, we may collect information such as your name, email address, phone number, shipping address, billing information, and any other details you provide to us.

  • Payment Information: For processing transactions, we collect payment details (e.g., credit/debit card number, expiry date, billing address). These details are securely handled by our third-party payment processor, not stored by us.

  • Usage Data: We automatically collect information on how you use our Site, such as IP address, browser type, device type, referring URLs, and pages visited. This information helps us improve our website and enhance user experience.

  • Cookies: We use cookies to improve your browsing experience. Cookies are small text files stored on your device that help us personalize your experience, remember your preferences, and track your site usage for analytics purposes.

2. How We Use Your Information

We use your personal data for the following purposes:

  • Order Fulfillment: To process, ship, and manage your orders, including customer support related to your purchase.

  • Communications: To send you order updates, invoices, promotional emails, and newsletters (only if you have opted in).

  • Improvement of Services: To personalize and enhance your experience on our Site, including showing relevant products and improving site functionality.

  • Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our terms and conditions.

3. Legal Basis for Processing Your Data

Under the GDPR, we process your personal data based on the following legal grounds:

  • Contractual Necessity: Processing your data is necessary to fulfill orders and provide services as agreed upon in our Terms and Conditions.

  • Consent: When you opt-in to receive marketing communications or newsletters, we rely on your consent. You can withdraw this consent at any time by unsubscribing from our emails.

  • Legitimate Interests: We may process your data for legitimate business interests, such as improving our services, marketing, and preventing fraud, as long as these interests do not override your rights and freedoms.

4. How We Share Your Information

We will not sell or rent your personal information to third parties. However, we may share your information with trusted third-party service providers who assist in running our business, including:

  • Payment Processors: We use trusted third-party payment processors (e.g., PayPal, Stripe) to securely handle your payment details.

  • Shipping Providers: We share your information with shipping and logistics partners (e.g., Royal Mail, DHL) to fulfill orders.

  • Marketing Partners: If you have consented to receive marketing communications, we may share your information with email marketing platforms (e.g., Mailchimp).

  • Legal Compliance: We may disclose your information when required by law or when necessary to protect our rights, comply with legal processes, or respond to lawful requests from government authorities.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. For example, we may retain order details for tax and accounting purposes, or if you’ve opted into marketing communications, until you withdraw your consent.

6. Your Rights Under GDPR

As a resident of the UK or the EU, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right to Access: You can request a copy of the personal data we hold about you.

  • Right to Rectification: You can request that we correct any inaccurate or incomplete data we hold about you.

  • Right to Erasure: You can request that we delete your personal data, subject to certain exceptions (e.g., if we need to retain it for legal reasons).

  • Right to Restrict Processing: You can request that we limit the processing of your personal data under certain conditions.

  • Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format.

  • Right to Object: You can object to the processing of your personal data for marketing or other legitimate business interests.

  • Right to Withdraw Consent: If you have consented to the processing of your personal data, you can withdraw your consent at any time.

To exercise any of these rights, please contact us at [email address/contact information].

7. Security of Your Data

We take the protection of your personal data seriously and use appropriate technical and organizational measures to safeguard it from unauthorized access, alteration, or disclosure. However, please note that no method of transmitting data over the internet is entirely secure, and we cannot guarantee the absolute security of your information.

8. International Transfers

We do not transfer your personal data outside of the UK or the European Economic Area (EEA). If we ever do need to transfer data to a third country, we will ensure that appropriate safeguards are in place, such as the use of standard contractual clauses.

9. Third-Party Links

Our Site may contain links to external websites. These websites are not operated by us, and we are not responsible for their privacy practices or content. We encourage you to review their privacy policies before providing any personal data.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will post the revised policy on this page with an updated effective date. We encourage you to review this Privacy Policy regularly to stay informed about how we protect your personal data.

11. Contact Us

If you have any questions or concerns regarding this Privacy Policy or the handling of your personal data, please contact us at:

Amy Thorman Art
Email: enquiries@amythormanart.com

12. Complaints

If you believe that we have not processed your personal data in accordance with the GDPR, you have the right to lodge a complaint with the UK’s Information Commissioner’s Office (ICO). You can contact the ICO at www.ico.org.uk.

Key Updates for GDPR Compliance

  • Transparency: We’ve outlined the types of data collected, why it is collected, and how it is used, ensuring full transparency.

  • User Rights: The policy includes explicit details on users' rights (e.g., right to access, right to erasure, etc.) under GDPR.

  • Legal Basis: The policy clearly states the legal bases for data processing, as required by GDPR.

  • Data Retention and Security: We’ve included information on how long data is retained and the measures we take to secure it.