Website privacy notice
1. Who we are?
We are THE BIG ART SAS, which is run by me Chaima Essayed and I provide relationship coaching services.
This privacy notice explains how we use any personal data we collect about you when you use our services and this website.
The Big Art Sas is committed to ensuring that your privacy is protected. Should we ask you to provide certain data by which you can be identified when using our services or this website, then you can be assured that it will only be used in accordance with this privacy notice.
For the purpose of the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications(PECR) the data controller is The Big Art Sas.
2. What personal data do we collect about you?
We may collect the following categories of personal data about you:
- Communication Data that includes any communication that you send to us whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance, or defence of legal claims.
- Prospect Data that includes data relating to enquires or scheduled appointments, meetings, and calls, which did not result in a sale of goods and/or services such as your name, email address, and phone number. We process this data to schedule a discovery call and/or to respond to and manage a sales enquiry.
- CustomerData that includes data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details. We process this data to supply the goods and/or services you have purchased and to keep records of such transactions.
- User Data that includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services. We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain backups of our website and/or databases and to enable publication and administration of our website, other online services and business.
- Technical Data that includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising.
- Marketing Data that includes data about your preferences in receiving marketing from us and our third parties and your communication. preferences. We process this data to deliver relevant website content to you and measure or understand the effectiveness of this advertising.
- We may use Customer Data, User Data, Technical Data andMarketing Data to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you.
We do not collect any Sensitive Data about you. Sensitive data refers to personal data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you do not provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email us at firstname.lastname@example.org.
In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
We do not carry out automated decision making or any type of automated profiling.
3. How will we collect the personal data about you?
You directly provide us with most of the personal data we collect. We may collect and process your personal data when you:
- Filling in forms on our website
- Send us emails directly
- Book an appointment online or place an order for any of our products or services
- Use or view our website via your browser’s cookies.
We may also receive your personal data indirectly from the following sources:
- Third parties such as analytics providers Google based outside the EU, advertising networks such asFacebook based outside the EU, such as search information providers Google based outside the EU, providers of technical, payment and delivery services, such as data brokers or aggregators.
- We may also receive data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.
4. How will we use the personal data about you?
We will use the personal data you provide in a manner compatible with the EU’s GDPR, and to carry out one or more of the following to:
- Process your order, manage your account
- Email you with special offers on other products and services we think you might like
- Respond to any general enquiries you may have made to us via email, telephone, or any other method of communication. We will use this data to follow-up your enquiry
- Carry out administrative and management of our business agreement
- Personalise your repeat visits to our website
5. Sharing your personal data
We will not sell or share your personal data with any 3rd party organisation for market research or marketing purposes without specific consent from you.
We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal data unless we have instructed them to do it. They will hold it securely and retain it for the period we instruct.
- Service providers who provide IT and system administration services
- Professional advisers including lawyers, bankers, auditors, and insurers
- Government bodies that require us to report processing activities.
6. Our legal grounds for processing your personal data
We may rely on one or more of the following legal grounds to process your personal data:
- Contract: This relates to the processing necessary in the performance of a contract or to take steps at your request, before entering a contract. We will use if you become a customer.
- Legal Obligation: This relates to processing necessary for compliance with a legal obligation to which we must comply with. For example, financial data for accounting purposes.
- Legitimate Interests: This relates to our legitimate interests pursued by us or by a third party (such as company partners), except where such interests or your fundamental rights and freedoms which require protection of your personal data. Examples of our legitimate interests are as follows:
- Reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
- Evaluation of workshop (e.g. trainer training and evaluation for event improvements)
- Communicating with our customers, and prospects to introduce them to services, or market similar services that would be of interest and benefit to them.
- Promotion and publicity (e.g. using photographs and video footage of an event to promote and grow our business).
- Enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.
7. How long is your personal data retained?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data maybe held in addition to these periods depending on individual business needs.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
8. Where your personal data is stored
We are subject to the provisions of the GDPR that protect your personal data. Where we transfer your data to third parties outside of the EEA, we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:
- We may transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
- If we use US-based providers that are part of EU-USPrivacy Shield, we may transfer data to them, as they have equivalent safeguards in place; or
- Where we use certain service providers who are established outside of the EEA, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
9. Keeping your personal data secure
Transmitting data over the internet is generally not completely secure. We have procedures and security in place to keep personal data secure once it is in our systems. All personal data is stored securely in accordance with the principles of the GDPR.
Any personal data collected in paper form are securely filed at our office and site locations in France. All access to your personal data is highly restricted for approved business purposes only.
10. Your data subject access rights
Your rights are as follows:
- You have the right to ask for a copy of your personal data.
- You have the right to have your personal data rectified. If you find your personal data, we hold is inaccurate or incomplete, you can request to see this data, rectified.
- You have the right to have your personal data deleted. Though it should be noted this is not an absolute right.
- You have the right to demand the restriction of the data processing of your personal data. This may include, but not limited to the use of data for direct marketing purposes.
- You have the right to receive your personal data in a structured, commonly used and machine-readable format (e.g. PDF or CSV) and to request the transmittance of your data to another controller;
- You have the right to object to the data processing. This is not an absolute right and only applies under certain circumstances;
- You have the right to withdraw a given consent at any time to stop a data processing that is based on your consent.
You may make any of the requests outlined above by contacting us by email: email@example.com or in writing marked for the attention of our Data Compliance Lead at the following address The Big Art Sas, 8 rue Crébillon, 44000 Nantes - France.
If you wish to complain about how we have handled your personal data, please contact our Customer Service Manager by email at firstname.lastname@example.org.
Our Customer Service Manager will then investigate your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you can contact the French Data Privacy Regulatory Authority, the Commission Nationale de l’Informatique et Libertés (CNIL) here: https://www.cnil.fr/en/contact-cnil and file a complaint with them.
11. Changes of business ownership and control
The Big Art Sas may sometimes expand or reduce its business, this may involve the sale of certain divisions or the transfer of control of certain divisions to other parties. Data provided by Users will be transferred along with that division and the new owner or newly controlling party (if necessary to that division) will, under the terms of this Policy, be permitted to use the Data for the purposes for which it was supplied by you.
In the event that any personal data submitted by prospects or customers will be transferred in such a manner, you will not be contacted about this in advance or then after by ourselves
12. Children's privacy
Our service does not address and is not directed towards anyone under the age of 13. We do not knowingly collect personal data from anyone under the age of 13.
If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that data from our systems.
14. Other websites
Our website contains links to other websites. This privacy notice does not cover the links within this site linking to other websites. We encourage you to read to read the privacy statements on the other websites you visit.
15. Changes to our privacy notice
We keep our privacy notice under regular review, and we will place any updates on this web page. This privacy notice was last updated on 5th June 2020.
16. How to contact us
Please contact us if you have any questions about our privacy notice or data we hold about you email@example.com or write to the Data Compliance Lead, The Big Art Sas, 8 rue Crébillon, 44000 Nantes-France.