Sam Selby makes a commitment to protecting and respecting your privacy. This policy will outline what personal information we collect from you when you visit our website www.sam-selby.com, as well as how we use the information, how it is never shared with third parties and how we keep it secure. By using our website, you are agreeing to the terms set out in this policy. Sam Selby will be known as the ‘controller’ of the personal data that you provide us with unless otherwise specified.
What information do we collect from you, how do we collect it, how is it used and under what grounds do we process it?
We may collect information from you and process your data when you visit our website, for example when you place an enquiry via the contact form, when you email us, message us and/or comment via social media. The lawful grounds for this processing is legitimate interest in order to respond to any communication that you send us, as well as keeping records of such interactions, or to pursue or defend any legal claims.
If you place an order with us or request one of our services (e.g. jewellery custom order) we will collect data relating to your purchase of goods and/or services such as your title, name, billing address, delivery address, email address, telephone number and purchase details. We collect this data in order to fulfil our obligations to provide you with the goods/services that you have purchased. We will keep a record of such transactions. Our lawful grounds for processing this data is to fulfil our contractual obligations that we have entered into with you.
When you visit our website, as well as any contact details that you may leave, we may also collect and store data, such as your IP address, information about the browser that you are using, details of page views, length of time visiting pages on our website, navigation paths and information about the devices you use to access our website. This information is captured by our analytics system and we process this data to ensure that we provide you with relevant content, to maintain back-ups of our website and databases, to keep our website secure, to enable us to effectively administer our website, as well as gaining an insight into the effectiveness of our marketing. The lawful basis for processing this information is legitimate interest in order to maintain our website and grow our business through effective marketing.
We may use your data to send marketing communications to you via email. We will only email you if you have requested to receive such information by subscribing to our mailing list via the website. You can ask us to stop sending you marketing communications at any time, by emailing or by clicking the ‘unsubscribe’ links on any marketing emails sent to you. If you opt-out of receiving our marketing emails, this opt-out does not apply to personal data provided as a result of purchasing our goods/services.
We may use your data to deliver online content that we think will be of interest to you (e.g. online advertisements or content via social media). We may also use this data to measure the effectiveness of our marketing campaigns. The lawful basis for processing this information is legitimate interest to allow us to grow our business.
We do not collect any sensitive data from you.
Who will have access to your information?
We will never share or sell your personal information to any third party for marketing purposes. However, there may be times when we need to share your information with third parties in order to fulfil our obligations. These include:
Third parties who we work with to provide IT and system administration services.
Third party payment providers who specialise in secure online payment (e.g. PayPal).
Third party suppliers that we work with in order to fulfil our contractual obligations with you (e.g. Malta Post and mail other delivery companies).
Third party marketing providers such as Mailchimp who we use for data collection (via the sign-up form on our website), for storing your personal data within our account, in order to allow us to send you marketing emails that you have requested to receive.
Professional advisers such as accountants, lawyers, bankers, auditors, insurers.
Government bodies that may require us to report to any processing activities to them.
Where working with a third party that involves transferring your data outside the European Economic Area (EEA) (e.g. Mailchimp), we ensure that security measures are in place to protect your data. Mailchimp are part of EU-US Privacy Shield and equivalent safeguards are in place.
We require all third parties that we work with to respect your data privacy in line with current legislation and we only allow your data to be processed for the specified purpose and in accordance with our instructions.
How long will we keep your information for?
We will hold on to your information for as long as is deemed necessary for the relevant activity. We are bound by legal and statutory obligations to keep records for a certain amount of time e.g. for tax and accounting purposes. If you have consented to receive marketing communications from us, we will keep your details until you request otherwise.
How do we keep your data secure?
What are your rights?
Under the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) you have the right to request access to your data, for it to be: corrected, erased, restricted or transferred. You also have the right to object to us processing your data. Where consent to process has been given, you have the right to withdraw this consent.
If at any time you no longer wish to receive marketing communications from us, you can ‘unsubscribe’ immediately by clicking on the link at the bottom of the email that you receive. Alternatively, you can email: firstname.lastname@example.org and ask us to remove you from our marketing email list or ask us to update your details. If you opt-out of receiving our marketing emails, this opt-out does not apply to personal data provided as a result of purchases of our goods/services.
If at any point you believe the information we process on you is incorrect, you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated. Please email: . We will not charge a fee for providing access to your personal data, providing that the request is reasonable, not excessive or repetitive. In such circumstances that the request is deemed to be unreasonable, we may charge a fee for your request or refuse to comply with the request.
We will always check that we have enough information to be sure of your identity before providing you with access to your personal data and if we have any doubt, we may ask you to provide evidence to confirm identity.
We aim to respond to all legitimate requests within once calendar month. However, depending on the complexity of the information requested, it may take us longer. However, in this case, we will notify you.
If you are dissatisfied with our response, or if you believe we are processing your personal data unlawfully, please inform us first so that we can investigate and resolve the issue for you. However, should our response be unsatisfactory, you can complain to the Information Commissioner’s Office https://idpc.org.mt/
Review of this policy
We will regularly review this policy and update it when necessary. This policy was last updated in May 2018.