HomeHomeArtistsArtistsExhibitionsExhibitions
Artwork Artwork 
Eastern European ArtworkEastern European ArtworkNorthern ArtworkNorthern Artwork
AboutAbout
Contact Contact 
ContactContactArtist SubmissionsArtist Submissions

Search by keyword, artist name, artwork title or exhibition

HomeArtistsExhibitions
Artwork
Eastern European ArtworkNorthern Artwork
About
Contact
Artist Submissions

Search by keyword, artist name, artwork title or exhibition

Last Updated: April 18, 2025

 

Your privacy is especially important to us. This Privacy Policy explains how Stephenson's Gallery Limited collects, uses, shares, and protects your personal information in accordance with UK law, including the General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations (PECR).

 

1. Who We Are

 

Stephenson’s Gallery Limited, registered office: 68 Heworth Village, York, YO31 1AL, registered in England & Wales with company number: 15933229. We are the data controller responsible for the personal information we collect and process.

 

2. What Personal Data We Collect

 

We may collect the following types of personal data from you:

 

  • Identity Data: Your name, title, date of birth, nationality.
  • Contact Data: Your billing address, delivery address, email address, telephone number.
  • Financial Data: Your payment card details or bank account information (processed securely by our payment providers).
  • Transaction Data: Details about purchases you have made from us, including the artworks purchased and order history.
  • Technical Data: Your IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.  
  • Usage Data: Information about how you use our website, including the pages you visit, the links you click, and the duration of your visit.   
  • Marketing and Communications Data: Your preferences for receiving marketing communications from us.
  • Identification Data (for high-value purchases): Copies of your passport, driving license, national ID card, company registration details, details of directors and ultimate beneficial owners, as required by anti-money laundering regulations.

 

3. How We Collect Your Personal Data

 

We collect your personal data in the following ways:

  • Direct Interactions: When you place an order, create an account (if applicable), contact us via email or phone, subscribe to our newsletter (if offered), or complete forms on our website.
  • Automated Technologies or Interactions: As you interact with our website, we may automatically collect Technical and Usage Data through cookies, server logs, and other similar technologies. We use Google Analytics for this purpose (see section 7).   
  • Third Parties: We may receive personal data from third parties such as payment processors and delivery companies.

 

4. How We Use Your Personal Data (Purposes of Processing)

 

We use your personal data for the following purposes:

  • To process and fulfil your orders, including managing payments, shipping artworks, and communicating with you about your order (Legal basis: Contract).
  • To provide customer support and respond to your inquiries (Legal basis: Contract and Legitimate Interests in providing excellent customer service).
  • To manage your account on our website (if applicable) (Legal basis: Contract).
  • To personalize your website experience and provide you with relevant content (Legal basis: Legitimate Interests in understanding user preferences and improving website experience).
  • To send you marketing communications about our products and promotions where you have provided your explicit consent (Legal basis: Consent).
  • To administer and protect our business and website, including for security and fraud prevention (Legal basis: Legitimate Interests in ensuring the security and integrity of our business and website, and Legal Obligation to implement security measures).
  • To analyse website usage and improve our website and services (Legal basis: Legitimate Interests in understanding website performance and user behaviour to make improvements).
  • To comply with our legal obligations, including anti-money laundering regulations and tax requirements (Legal basis: Legal Obligation).

 

5. Legal Basis for Processing Your Personal Data

 

We will only process your personal data when we have a lawful basis to do so, as outlined in section 4. This may include:

 

  • Consent: Where you have freely given us your specific, informed, and unambiguous consent to process your personal data for a particular purpose (e.g., marketing cookies, direct marketing). You have the right to withdraw your consent at any time by contacting us or using opt-out links provided in our communications.
  • Contract: Where processing is necessary for the performance of a contract, we have with you or to take steps at your request before entering a contract (e.g., processing your order for artwork).   
  • Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, provided that your interests and fundamental rights do not override those interests. For example, our legitimate interests include ensuring the functionality and security of our website, improving our services, and understanding our customers' needs.   
  • Legal Obligation: Where processing is necessary for us to comply with a legal obligation, such as providing information to regulatory authorities or complying with anti-money laundering laws.

 

6. Sharing Your Personal Data

 

We may share your personal data with the following categories of third parties for the purposes outlined above:

  • Payment processors: Such as Stripe to process your payments securely. Their privacy policies will also apply to your payment information.
  • Shipping and delivery companies: Such as Parcelforce to deliver your artwork. They will have access to your name and delivery address.
  • IT service providers: Who assist with the operation and maintenance of our website, data storage, and other IT systems. These include ArtCloud.
  • Analytics providers: Specifically, Google Analytics, to analyse website usage (see section 7).
  • Legal and regulatory authorities: Where we are required to do so by law, such as HMRC or law enforcement agencies.
  • Professional advisors: Such as lawyers and accountants who provide us with professional services.

 

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and contractual agreements.   

 

7. Cookies and Similar Technologies

 

Our website uses cookies and similar technologies to collect information about your browsing activities.   

  • What are Cookies? A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a Web site, that site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies. Each Web site can send its own cookie to your browser if your browser’s preferences allow it, but (to protect your privacy) your browser only permits a Web site to access the cookies it has already sent to you, not the cookies sent to you by other sites.   
  • How We Use Cookies: We use the following types of cookies: 
    • Strictly Necessary Cookies: These cookies are essential for the operation of our website and enable you to use its features, such as adding items to your basket and proceeding to checkout. The legal basis for these cookies is our legitimate interest in providing a functional website.   
    • Analytics Cookies (Google Analytics): We use Google Analytics to collect information about how visitors use our website. This helps us to understand website traffic, the pages users visit, and how long they stay. This information is used to improve our website and user experience. Google Analytics uses cookies and may also collect your IP address (we have configured Google Analytics to anonymize IP addresses). We will only use non-essential analytics cookies if you have provided your consent through our cookie banner. You can manage your preferences at any time.
    • Functional Cookies: These cookies allow our website to remember choices you make (such as language preferences or currency) and provide enhanced, more personal features. The legal basis for these cookies is our legitimate interest in enhancing user experience.

   

8. IP Addresses

 

IP addresses are used by your computer every time you are connected to the Internet. Your IP address is a number that is used by computers on the network to identify your computer. IP addresses are automatically collected by our web server as part of demographic and profile data known as “traffic data” so that data (such as the Web pages you request) can be sent to you. We use Google Analytics to collect this data (see section 7), and we have configured it to anonymize IP addresses to further protect your privacy. The legal basis for processing IP addresses for analytics purposes is your consent (for non-anonymised data) or our legitimate interest in website functionality and security (for essential logging).   

 

9. Email Information

 

If you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses. We provide the same protections for these electronic communications that we employ in the maintenance of information received online, mail, and telephone. The legal basis for this processing is our legitimate interest in managing customer communications and maintaining records.   

 

10. Data Security

 

We have implemented appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:   

  • Using secure server environments.
  • Implementing encryption for sensitive data transmission (e.g., payment information).
  • Employing firewalls and intrusion detection systems.
  • Restricting access to personal data to authorized personnel who need to know the information to process it.
  • Regularly reviewing and updating our security measures.

 

11. Data Retention

 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, as well as applicable legal requirements.   

Typically, we will retain:

  • Order data for 7 years for tax and accounting purposes.
  • Marketing contact details until you unsubscribe.
  • Identification data collected for anti-money laundering purposes for 5 years after the business relationship ends, as legally required.
  • Website analytics data is retained by Google Analytics according to their policies  

 

12. Your Rights Under the GDPR

 

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • The right to be informed: You have the right to receive clear and comprehensive information about how we process your personal data (which is what this policy aims to do).   
  • The right of access: You have the right to request access to a copy of the personal data we hold about you.
  • The right to rectification: You have the right to request that any inaccurate or incomplete personal data we hold about you is corrected.
  • The right to erasure ("the right to be forgotten"): In certain circumstances, you have the right to request that we delete your personal data.
  • The right to restrict processing: In certain circumstances, you have the right to request that we restrict the processing of your personal data.   
  • The right to data portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and to transmit that data to another controller.   
  • The right to object: You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes or where the processing is based on our legitimate interests.   
  • Rights in relation to automated decision-making and profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not currently engage in such automated decision-making.   

 

13. Exercising Your Rights

 

If you wish to exercise any of the rights set out above, please contact us using the details provided in section 15. We may require you to verify your identity before responding to your request. We will aim to respond to your request within one month, although this may be extended in complex cases, in which case we will inform you of the delay.

 

14. Policy Changes

 

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any significant changes by posting a prominent notice on our website for a reasonable period and updating the "Last Updated" date at the top of this policy. For significant changes that may affect your rights, we may also attempt to contact you directly via email where we have your contact information. We encourage you to review this policy periodically to stay informed about how we are protecting your personal data.   

 

15. Contact Us

 

If you have any questions about this Privacy Policy or our privacy practices, or if you wish to exercise your data protection rights, please contact us at:   

 

Email: contact@stephensonsgallery.co.uk 

Address: Stephenson’s Gallery Limited, 6 Clifford Street, York, YO1 9RD

 

Full Name *

Email Address *

This site is protected by reCAPTCHA and the GooglePrivacy Policy andTerms of Service apply.
Copyright © 2025, Art Gallery Software by ArtCloudCopyright © 2025, Art Gallery Software by ArtCloud