Golden Hare is an online marketplace for artists and craftsmen in the UK. All suppliers are curated by the gallery and we hold pop up’s and events throughout the year.
Golden Hare / we / our / us" means the companies listed in the previous sentence. Golden Hare is a "data controller" for the purposes of the Data Protection Act 1998 and the European Union’s (EU) General Data Protection Regulation (GDPR) (i.e. implementing appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR). Mailchimp is the provider of our email mailing list system and is the data processor and processes personal data on behalf of Golden Hare (i.e. is responsible for, and controls the processing of, your personal information).
“Personal information” may include full name, postal address, email address, phone numbers, and marketing preferences, purchase history, IP Address and credit card details.
Information we collect from you.
Making a purchase
When you make a purchase on Golden Hare’s website, at one of our pop up events or over the telephone we will collect personal information about you including your address, telephone number and email address in order to process this order and fulfil a contractual obligation to send you an item.
Registering your details
You may choose to register your details with Golden Hare using the ‘Subscribe’ section of the website or via the pop up banner. You will need an account if you want to receive marketing information from us and to make checkout easier or to join a membership scheme. In this case the membership form will set out the minimum information we need you to provide in order to set up an account with us. We do not ask for any other information that isn’t relevant to the registration of an account.
When you contact us, either via the ‘Contact’ form on our website or directly, we may collect, use and store the following kinds of data about you: first name, last name, email address and telephone numbers (“contact details”).
In addition to this, if you subsequently order from us or commission a piece, we may collect, use and store your address and your billing address. Bank account details (only for refunds to you) and payment card details, details about payments from you, purchases or orders made by you; and any feedback will also be stored securely.
We collect data on our customers by various methods. We will ask for your contact details if you place an order with us, commission a piece with us or if we meet you at a fair or show. Also via our mailing list pop up on our website, through using our contact us form on the website or by asking to be put on our mailing list over the phone. We may also receive personal data about you from iZettle who process payments for our products at shows and pop ups. We will always ask your consent for this type of data collection.
How we use your data
We will only use your personal data when the law allows us to. Most commonly, we will use and process your personal data to perform the contract we are about to enter into or have entered into with you. There are several ways we will use your data, specifically: to carry out an order from our website, to contact you regarding your order, delivering your order, manage payment on your order, to enable you to take part in a prize draw or a competition.
We may use your data for marketing purposes wherever you have ‘opted in’. This will be via our mailing list and will be to send you details of exhibitions, shows, offers and new products via our newsletter. If you wish to unsubscribe at any time, every email will have a clear unsubscribe link at the bottom. We use Mailchimp for our email marketing, they are fully GDPR compliant and hold data for Golden Hare in a secure way.
Access to your personal data is strictly limited to those people that have a business need to know it, and only for the purposes set out above. We do not transfer your personal data outside the European Economic Area. If for any reason there is a suspected personal data breach, will notify you and any applicable regulator of a breach where we are legally required to do so.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include: the right to request access to your personal data; request correction of your personal data; request erasure of your personal data; object to processing of your personal data; request restriction of processing your personal data; request transfer of your personal data; and right to withdraw consent.
You will not have to pay a fee to access your personal data (or to exercise any your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.