Privacy Policy

Katherine Hill Handmade

Introduction

I sell items online through Etsy, and in person at craft fairs and markets. I take payments via iZettle and PayPal. Occasionally I receive enquiries and take custom orders via email, facebook/messenger, and direct messaging on Instagram. This policy covers data collected through any of these platforms, as well as information received through my website, www.katherinemaryhill.com – via the contact form, comments on blog posts, or subscriptions to my newletter, which is managed via Mailer Lite.

What information will I use and how will I use it?

When visitors leave comments in response to blog posts on my website I collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here. After approval of your comment, your profile picture will be visible to the public in the context of your comment. If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

If you use the contact form on the website to contact me, I will have access to your name and email address, I require these in order to reply to you. This data will be held on the email server by my provider – Virgin Media – and also downloaded onto my laptop. My laptop is used only by me, and both my user account and the email account are password protected (with different passwords). I would not normally delete these messages in case the enquiries are followed up at a later date, but I can do so, if requested. (see section 4 for how to request this). I will not use this data for any purpose other than addressing your enquiry.

If you place an order on etsy, I will have access to your name and postal address. I require these to fulfill your order. The legal basis for collecting this data is “contractual”. I do not download or store this data anywhere myself. It is held for me on etsy and I do not have any control over how long it is held for. I do not use this data for anything other than fulfilling your order.

If you pay for an order, outside of etsy, via my iZettle card reader, I may have access to your email address and/or mobile phone number. You can choose whether or not to provide these and they are used to email or text you a receipt for the transaction. The legal basis for collecting this data is “contractual”. I do not download or store this data anywhere myself. It is held for me on the iZettle system and I do not have any control over how long it is held for. I do not use this data for anything other than sending you a receipt.

If you purchase an item outside of etsy, and pay for it using PayPal, I will have access to your name, postal address and email address. This information is provided by the PayPal system and is required to fulfill your order. The legal basis for collecting this data is “contractual”. I do not download or store this data anywhere myself. It is held for me on the paypal system and I do not have any control over how long it is held for. I do not use this data for anything other than fulfilling your order.

If you contact me with an enquiry about a custom item, or for any other reason, you may provide me with some/all of the following:- name, email address, postal address, phone number, as required to address your enquiry. The legal basis for collecting this data is “legitimate interest”. The data is held within the system used to make the enquiry. For email enquiries it will be held on the email server by my provider – Virgin Media – and also downloaded onto my laptop. My laptop is used only by me, and both my user account and the email account are password protected (with different passwords). For facebook/messenger enquiries, the data will be held on the facebook/messenger system and will not be downloaded or stored anywhere else by me. For enquiries received via Instagram direct messaging, the data will be held on the instagram system and will not be downloaded or stored anywhere else by me. I would not normally delete these messages in case the enquiries are followed up at a later date, but I can do so, if requested. (see section 4 for how to request this). I will not use this data for any purpose other than addressing your enquiry.

If you sign up to receive news and updates via my website, you will provide me with your first name, last name and email address. The sign-up is the “double opt-in” type, meaning that your initial request to sign up triggers a follow-up email to the email address provided; Your email address is only added to my mailing list once you confirm your acceptance via this follow-up email. The legal basis for collecting this data is “consent”. The data is held for me on the Mailer Lite system, and not downloaded or stored anywhere else by me. It will only be used to send out news and updates about my business. These will be sent no more frequently than once a week, and normally much less frequently than that.

Cookies

If you leave a comment on the website you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Pages and articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who do I share your data with?

I do not share your data with anyone, unless legally required to do so, e.g. by the police, or HMRC.

Where do I send your data?

Website visitor comments may be checked through an automated spam detection service.

Your choices and rights

You have the right to know what information I hold about you, to correct that information and to request that the information be deleted. You have the right to restrict how that information is used and shared. If you are concerned about how your information is used, please contact me – Katherine Hill – by phone on (+44)07976157509, or by writing to me at 51 Grange Rd, Nottingham, NG5 4FU or by emailing me – katherine@katherinemaryhill.com

You also have the right to complain to a supervisory authority if you think your data has been collected/used or shared inappropriately. In the UK, this is the ICO (ico.org.uk).