Updated: 25th May 2018
This policy applies to information we hold about clients and prospective clients, and all other persons about whom we hold information whether that information is supplied to us by way of interaction with this website, requests for information submitted by email, or by use of our company’s products and services. By ‘information,’ we mean personal information about you that we collect, use, share and store.
In this policy, “we,” “us,” and “our” means Montague’s Gallery and any holding company of which we are part of and “you” means the individual or organisation to whom the information relates.
Our address for all correspondence is: 40 High Street, Kings Langley, Hertfordshire, WD4 9HT. Our registered office address is: 7 MERLIN CENTRE GATEHOUSE CLOSE, AYLESBURY,
We are a data controller. In relation to the information that you provide to us, we are legally responsible for how that information is handled. We will comply with the Data Protection Act 1998 and the GDPR (2018) in the way we use and share your personal data. Among other things, this means that we will only use your personal data:
Fairly and lawfully
As set out in the legislation and this policy
To the extent necessary for these purposes
We will from time to time use your information for marketing, account management or relationship management purposes. The main purpose of this is to provide you with information about goods and services which we think may be of interest to you and/or to maintain any existing relationship we may have with you.
Information which we collect about You
your contact information such as your address, email address and telephone number
financial data where you have made a purchase of Montague’s Gallery products or services
information about you that you give us in person, by filling in forms on our website, or by corresponding with us by phone, e-mail or otherwise
information in relation to your purchase of our products and services
information gained from analysis of response to email newsletter and communications
anonymised tracking information obtained via the use of Google Analytics cookies on our website (see Cookies below)
Information which we DO NOT collect about You
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data
Detailed credit and debit card information. The processing and storage of any credit or debit card information related to the purchase of products and services is undertaken exclusively either by PayPal or Worldpay to which we are fully compliant. For clarity, Montague’s Gallery and any holding company of which we are part of do not store any financially sensitive data.
How we store your data and the legal basis for processing
Our processing of your personal information is necessary to:
provide information about our current and future products and services
carry out our obligations arising from any agreements entered into between you and us as the result of the purchase of any products or services
comply with legal and regulatory obligations
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes. In some circumstances you can ask us to delete your data. We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your data will be stored until you request removal of your personal data from our system. Please note that we will be unable to carry out your request to be removed it there is still and open transaction against your account. In order to provide updates and offers that may be of interest to you we use recognised third parties to take payment, manage our company accounts and provide banking services. We will store transactions, payment (this does not include payment card data) and order data for up to 7 years or for as long as required by UK financial and company regulations. These third parties may operate outside the EU.
We will only use your personal data when legally permitted.
Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
In relation to any processing of special categories of personal data, we will generally rely on obtaining specific consent from you at the time unless there is otherwise a legal requirement for us to process such information.
Sharing your information
Except as expressly set out in this policy we will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
The personal information you provide to us may be shared with third party companies, agents, contractors, service providers or affiliated companies if this is necessary to provide you with our products or services or for any of the purposes described in this policy. We may share your information if required with:
law enforcement agencies, other governmental agencies or third parties if we are required by law to do so; and
other business entities should we plan to merge with or be acquired by that business entity, or if we undergo a re-organisation with that entity.
Transferring Your Information outside the UK
Your personal information may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) and may also be processed by staff operating outside the EEA who work for us, or for one of our service providers.
When we, or our permitted third parties, transfer your information outside the European Economic Area, we or they will impose obligations on the recipients of that data to protect your information to the standard required in the European Economic Area or otherwise require the recipient to subscribe to international frameworks intended to enable secure data sharing. In the case of transfers by us, we may also transfer your information where: (i) the transfer is to a country deemed to provide adequate protection of your information by the European Commission; or (ii) where you have consented to the transfer.
The Data Protection Act 1998 and the EU General Data Protection Regulation give you the right to access information held about you. Your right of access can be exercised in accordance with the Act and Regulation. At any time, you have the right:
to request access to or a copy of any personal data which we hold about you;
to rectification of your personal data, if you consider that the information we are holding is inaccurate;
to ask us to delete your personal data, if you consider that we do not have the right to hold it;
to withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent);
to ask us to stop or start sending you marketing messages as described below in the marketing section;
to restrict processing of your personal data;
to data portability (moving some of your personal data elsewhere) in certain circumstances;
to object to your personal data being processed in certain circumstances;
Any request from you for access to or a copy of your personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with data protection legislation. We will comply with our legal obligations as regards your rights as a data subject.
We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, please let us know if any of your personal details change at the following email address, firstname.lastname@example.org
Where you are one of our clients or have otherwise agreed to be contacted for marketing we may use your personal information to send you information about selected products and services. You can unsubscribe from receiving them at any time, details of how to unsubscribe will be included on each electronic mailing we send you.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Links to Other Sites
Questions, comments and requests regarding this policy are welcomed and should be addressed to email@example.com
If you have any concerns about our use of your information, you also have the right (as a UK resident) to make a complaint to the Information Commissioner’s Office, which regulates and supervises the use of personal data in the UK, via their helpline on 0303 123 1113. We would request however that any concerns you may have are shared with us initially so that we may take immediate remedial steps as necessary.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site.
We use Google Analytics traffic log cookies to identify which pages are being used, when, from which geographical locations, and via which referral sources – no personally identifiable information is gathered during this process. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs.
A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Changes to this policy
Any changes we make to our policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our policy.
This page was last updated May 25th 2018.
If you are a client of Montague’s Gallery and a current user of any of our products and services, you may request a tailored statement of GDPR compliance by emailing firstname.lastname@example.org
40 High Street
T: 01923 263311
Gallery Manager: Soraya Kashfi
Monday - Saturday: 10am - 5pm
Sunday: 11am - 4pm
Appointments can be booked outside of gallery hours
Bank Holiday hours may vary
© Montague's Gallery 2023