We are committed to protecting your privacy and personal information and will never abuse your trust.
what information is collected
how information is stored
how information is used
It also provides links to the Privacy Policies of organizations providing web-ware used by this website.
In compliance with GDPR, you are entitled to 8 rights:
8 rights under GDPR
Of access: We let individuals access any data we’ve processed from them which can be shared upon request via the contact from on our page.
Of rectification: We let individuals rectify incomplete or inaccurate data.
To erasure: We grant individuals an option to delete their data from our systems and data processors.
To data portability: Individuals can reuse their data for other services
In relation to automation: Individuals are protected from automated decision-making processes
What is personal data?
This is the definition provided to us by the Information Commission
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organizations collect information about people.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.
What information do we collect?
When you contact us:
Personal data you provide about yourself (for example, your name and contact details e.g. an email)
If you provide a name and an email address when making a comment on a blog post or submitting a form. We do not ask for any other details. What you provide is up to you.
You may disclose information about your business - however, this is not personal information which for the purposes of the GDPR only relates to the personal data of individuals
When a third party contacts us on your behalf:
Personal data provided by a third party such as your name, contact details, and specific circumstances.
When you visit this website or interact with this site or us via social media
Your IP address and browsing preferences and choices;
Your name and username and any comments that you make.
When you commission us to do work for you
Your name and email address. We will also ask you for your normal mailing address for our invoice. Depending on the assignment you may disclose various other data but this will vary from client to client and will not apply to all. What you disclose is your choice.
How do we collect information?
Your personal information may be collected from a number of sources. These include:
From you when you contact or interact with this site by email or when you communicate through social media;
From forms you may complete;
From public sources of data (e.g. the contacts details you have chosen to make public on your website or social media)
From organizations/bodies you are connecting to or are affiliated with when they provide your information to us
When you make a purchase on our website from our store
When you sign up for our newsletter
Why do we collect it?
In relation to newsletters, the information we hold is based on you having given your consent. For example, in relation to newsletters you have provided the email and then verified that it should be stored and used for the purpose of sending you emails via MailChimp.
Data relating to any business transaction arises out of a contractual necessity e.g. so we are both are fulfilling the obligations set out in supplier terms and conditions or any contract that may be in place.
How do we use your information?
We process your data in order to:
Record any correspondence or products We receive and respond accordingly;
Send out information relating to news updates
Enter into contracts with customers
Maintain relationships with individuals and organizations and send messages from time to time
How is it stored?
Your personal data is stored in a number of ways:
In software systems which are managed by Webware provided by a third party supplier. (details below)
If you register for our newsletter, your information will be held on a secure server and the data will be shared with MailChimp only for our newsletter. This is mandatory for sending you our newsletter.
By PayPal or Stripe, DPI and Wix when you make a purchase on our website for order processing and shipment. This is mandatory for processing orders.
By Gmail when you make an inquiry on our website through our contact form. This is mandatory for you to contact us and for us to respond.
Who do we share your information with?
We may share your data with and/or obtain information from some third parties:
our website service in relation to the use of forms on this website;
Other organizations where we are required to by law or by a public authority.
We are committed to protecting your privacy. Under no circumstances do we rent, trade or share your email address without your consent.
How do we protect your data?
We take the security of your data very seriously. Your data cannot be accessed by third parties other than those providing services as identified below.
We engage reputable service providers to process your data on our behalf for the purposes of email correspondence, website and order processing. They are all under a duty of confidentiality and are legally obliged to implement appropriate technical and organizational measures to ensure the security of data in line with the relevant legislation.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
How long do we keep your personal data?
Nothing is kept indefinitely. Your personal data is kept under review.
Correspondence: We periodically delete contacts and associated emails.
Forms: We store your consent for data use and storage within MailChimp when you sign up for the newsletter, within Wix when you make a purchase and PayPal and/or Stripe will store your data when you make a purchase. Please refer to their Privacy Policies (further down on this page) for more information on how they store your data.
Newsletter: Emails are stored on in our dedicated MailChimp account. If the email is not verified for this use within one month of it being received by MailChimp we delete it. You may unsubscribe from this online newsletter at any time by clicking Unsubscribe at the bottom of any email you receive from us.
Personal data and business correspondence in relation to all business contracts involving payment are retained for a minimum of seven years after the end of the tax year in line with the requirements of the Internal Revenue Service.
Privacy of Email addresses
We rely on your consent for us to know and use the personal data you supply - such as name and email address. Your data is always kept safe and secure.
Below we describe the processes and details the links to the Privacy Policies of the services we use when you supply your email to us.
Marketing: We may use your email address for marketing purposes but we will never share it with anyone else except our data processors for our own purposes. We will never sell your information.
What we do with your emails:
Emails are stored in our dedicated Gmail account and can be removed at any time per your request through the contact page on our website.
If you have any queries you can contact us via the contact forms on this website or via the contact information on our contact page.
You are also assured of privacy relating to data collected for statistical purposes - however, I am dependent on the privacy policies of third parties in this respect.
All statistical data collected via this site is initially collected, stored and analyzed by third parties.
Wix provides us with basic statistics. I get more information using two statistical packages - see below
We work with DPI, based in San Francisco to process your orders of artwork for printing and shipping. They can be contacted at:
20 S. LINDEN AVE, 4A
SOUTH SAN FRANCISCO, CA 94080
Tel: +1 (415)216-0031
In addition, this is Google's statement about How Google uses data when you use our partners’ sites or apps.
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt-Out page or by using the Google Analytics Opt-Out Browser
California Online Privacy Protection Act
According to CalOPPA, we agree to the following:
Users can visit our site anonymously.
Can change your personal information:
• By logging in to your account
How does our site handle Do Not Track signals?
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking?
It’s also important to note that we do not allow third-party behavioral tracking.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under the age of 13 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify you via email
• Within 1 business day
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
• Send information, respond to inquiries, and/or other requests or questions
• Process orders and to send information and updates pertaining to orders.
• Send you additional information related to your product and/or service
• Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CAN-SPAM, we agree to the following:
• Not use false or misleading subjects or email addresses.
• Identify the message as an advertisement in some reasonable way.
• Include the physical address of our business or site headquarters.
• Monitor third-party email marketing services for compliance, if one is used.
• Honor opt-out/unsubscribe requests quickly.
• Allow users to unsubscribe by using the link at the bottom of each email.
Contact information and further advice
The Camozzi Art Studio is responsible for ensuring compliance with data protection legislation and is named as Data Controller. If you have a query please contact us in the first instance.
If you have concerns about the use of your personal data, the FTC has made itself America’s de facto Data Protection Authority (DPA) through aggressive use of Section 5 of the FTC Act, which prohibits unfair or deceptive trade practices. They can be contacted through
their website: https://www.ftc.gov/contact or
their phone number +1 (202) 326-2222
in writing to Federal Trade Commission
600 Pennsylvania Ave, NW
Washington, DC 20580
Last edited on 30 May, 2018 4:55 pm