Privacy Policy

This privacy policy informs you about our handling of your data. At www.georgefrancis.dev, we (Myself and the third party service providers used), attach great importance to the security of users' data and compliance with data protection regulations. We would like to inform you below about the processing of your personal data on our website.

In order to ensure fair processing, this privacy policy contains general information about how we handle your data as well as information about your rights under the European Data Protection Regulation (GDPR) and the UK's Data Protection Act.

General Information

Contact us

If you have any questions or suggestions regarding this information, or if you wish to contact us about asserting your rights, please address your enquiry to:

George Francis

Lewes, England

www.georgefrancis.dev

E-mail: hey@georgefrancis.dev

Legal Basis

The term "personal data" under data protection law refers to all information relating to an identified or identifiable individual.

We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the DPA. Data processing by us only takes place on the basis of legal permission. We process personal data,

• only with your consent (Art. 6 para. 1 letter a) GDPR),
• for the performance of a contract to which you are a party,
• at your request for the performance of pre-contractual measures (Art. 6 para. 1 letter b) GDPR),
• to comply with a legal obligation (Art. 6 para. 1 lit. c) GDPR),
• or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights or freedoms which require the protection of personal data override (Art. 6 para. 1 lit. f) GDPR).

Duration Of Storage

Unless otherwise stated, we store personal data only for as long as is necessary to achieve the purpose of the processing or to comply with our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax law regulations.

Categories Of Recipients

We use processors as part of the processing of your data. These include, for example, shipping service providers in the context of package notifications and updates on shipment status, hosting, maintenance and support of IT systems, the provision of certain services and functions on our website, order processing, marketing measures or file and data carrier destruction.

A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out the data processing exclusively for the data controller and are contractually obliged to guarantee appropriate technical and organisational measures for data protection.

In addition, we may transfer your personal data to bodies such as postal and delivery services, your bank, tax advisors/auditors or the tax authorities.

If your data is transferred to other recipients, we will inform you under the respective processing procedure.

Your Rights

As a data subject, you have the right to assert your data subject rights against us. There is more information on each right on the Information Commissioners (ICO) website, and you can simply follow the links provided to learn more.

• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object

Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us.

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the ICO, their contact details can be found on their website.

Please direct all requests for information, requests for information or objections to data processing to us.

Data processing on our website

General

When you use the website, we collect information that you yourself provide. In addition, during your visit to the website, we automatically collect certain information about your use of the website. In data protection law, the IP address is also generally considered to be a personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.

Visiting our website may involve the transfer of certain personal data to third countries, i.e., countries where the GDPR or the DPA is not applicable law. Such a transfer is permissible if the European Commission or the ICO has determined that an adequate level of data protection is warranted in such third country.

In the absence of such an adequacy decision by the European Commission or the ICO, a transfer of personal data to a third country will only take place if appropriate safeguards pursuant to Art. 46 GDPR are in place or if one of the conditions of Art. 49 GDPR is met.

Unless otherwise stated below, we use standard contractual clauses for the transfer of personal data to processors in third countries as appropriate safeguards.

Processing Of Server Log Files

During the purely informative use of our website, general information that your browser transmits to our server is initially stored automatically. This includes by default: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 (1) f) GDPR. This processing serves the technical administration and security of the website.

The stored data is deleted after 30 days unless there is a justified suspicion of unlawful use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject from the stored information. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11 (2) of the GDPR, unless you provide additional information that enables you to be identified in order to exercise your rights set out in these articles.

Shop Data Processing For The Processing Of Purchases

If you order a product via our website, we process personal data to process the contract or to provide you with the ordered product. Within the scope of ordering process, we only process the data that you yourself have entered in the input mask and, if applicable, payment information if you pay by advance bank transfer. In order to be able to deliver the ordered products to you, we transmit your data required for the delivery to our service provider Printspace Studios Limited (UK) as described below.

The legal basis for the processing is in each case Art. 6 para. 1 letter b) GDPR. All data fields marked as mandatory are required for processing your order. Failure to provide this data will result in us not being able to process your order. The provision of further data is voluntary.

Backed By Shopify

We use the shop system Shopify for the purpose of providing our store backend. Shopify is offered by the service provider Shopify International Limited (Ireland). Unless otherwise stated, all data collected on our shop is processed on our behalf on the servers of Shopify International Limited.

As part of the aforementioned services, data may be transferred to Canada to the company Shopify Inc. For the data transfer to Canada as a third country, i.e., a country in which the GDPR is not applicable law, an adequacy decision of the European Commission is available. The European Commission has thus decided that an adequate level of protection exists in Canada and that the transfer can take place in a permissible manner.

For more information about Shopify's privacy practices, please visit: https://www.shopify.com/legal/privacy

Google Pay

If you choose the payment method "Google Pay" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment will be processed via the "Google Pay" application of your mobile device running at least Android 4.4 ("KitKat") and equipped with an NFC function by charging a payment card deposited with Google Pay or a payment system verified there (e.g., PayPal). For the release of a payment via Google Pay in the amount of more than £25, the prior unlocking of your mobile end device by the respective verification measure set up (such as facial recognition, password, fingerprint or pattern) is required.

For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a uniquely assigned transaction number to the source website, which is used to verify a payment that has been made. This transaction number does not contain any information about the real payment data of your payment means deposited with Google Pay, but is created and transmitted as a one-time valid numeric token. For all transactions via Google Pay, Google only acts as an intermediary to process the payment. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the means of payment deposited with Google Pay.

Insofar as personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b of the GDPR. Google reserves the right to collect, store and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description of the goods or services purchased provided by the merchant, photos you have attached to the transaction, the name, and email address of the seller and buyer or sender and recipient, the payment method used, your description for the reason for the transaction and, if applicable, the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Art. 6 para.1 lit. f GDPR on the basis of the legitimate interest in proper accounting, verification of transaction data and optimisation and functional maintenance of the Google Pay service.

Google also reserves the right to merge the processed transaction data with other information that is collected and stored by Google when using other Google services.

Paypal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by instalments" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only insofar as this is necessary for the payment processing.

For the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by instalments" via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

Shopify Payments

We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, the payment processing is carried out by the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provided during the ordering process, together with information about your order (name, address, account number, bank sort code, credit card number if applicable, invoice amount, currency, and transaction number) in accordance with Art. 6 Para. 1 lit. b GDPR. Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose.

Order Fulfilment

We use theprintspace for the purpose of printing and shipping the artwork you purchase in our shop. Printspace is offered by the service provider Printspace Studios Limited (UK). Unless otherwise stated, the order data collected in our shop is processed on our behalf by Printspace Studios Limited. The legal basis for the processing is in each case Art. 6 para. 1 letter b) GDPR. All data fields marked as mandatory when placing an order are required for processing and shipping your order. Failure to provide this data will result in us not being able to process your or ship your order.

For more information about Printspace's privacy practices, please visit: https://www.theprintspace.co.uk/privacy-policy/

E-Mail Marketing

We offer on our website the possibility to sign up to receive marketing emails such as our newsletter. Once you have signed up, we will send you regular updates on our offers and events and, where applicable, remind you of shop items in your shopping basket. A valid email address is required to sign up. To verify the e-mail address, you will first receive a registration e-mail, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and name on the basis of your consent.

The processing is based on the legal basis of Art. 6 (1) a) GDPR. You can revoke your consent at any time with future effect, for example via the "unsubscribe" link in the newsletter or by contacting us via the above-mentioned channels. The legality of the use of the data that has already taken place remains unaffected by the revocation. When you register for the newsletter, we also store the IP address and the date and time of registration. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 para. 1 lit. c) in conjunction with Art. 7 para. 1 GDPR).

Newsletter Analysis

The newsletters contain a so-called "web beacon", i.e., a pixel file that is retrieved when the newsletter is opened. When you open the newsletter, technical information such as your browser and system information, IP address and the time of opening are collected. This data and information is used to technically improve our service based on your reading behaviour. This also includes recording when an email or newsletter was opened and whether a link was clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. It is not our intention to observe individual users. The statistical collection and evaluation of the data serves us to recognise the reading habits of our users and thus to better adapt our content to the users. This also serves to send users different content according to the interest of our users.

The legal basis for statistical collection and analysis is Art. 6 (1) f GDPR. We are interested in using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of our users.

Our Newsletter is provided by Buttondown, LLC, 95 Meadowfarm Rd, East Islip​, NY, 11730-2911, United States. For more information about Buttondown's privacy practices, please visit: https://buttondown.email/privacy

You can object to the statistical collection and analysis by unsubscribing from the newsletter. Unfortunately, a separate revocation of the statistical evaluation is not possible.

Cookies

We use cookies and similar technologies on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser you are using and can be recognised by our web server. We use so-called "session cookies", which are deleted again when the browser session is closed. Other cookies ("persistent cookies") are automatically deleted after a specified period of time, which may differ depending on the cookie.

The use of cookies is partly technically necessary for the operation of our website. We also use cookies and comparable technologies to measure analytics about the reach of our website and to analyse the use of our website. If you wish to learn more about cookies in general, please visit www.allaboutcookies.com and if you like to learn more about the cookies we use please read our Cookie Policy.

Social Media

Processing Of Data Provided To Us Via Our Social Media Pages

We also process information that you have provided to us via our page on the relevant social media platform (CodePen, Twitter, GitHub) Such information may be the username used, contact details or a message sent to us. We regularly process this personal data only if we have previously expressly requested you to provide us with this data, for example as part of a survey. These processing operations are carried out by us as the sole data controller.

We process this data on the basis of our legitimate interest in contacting people who make enquiries. The legal basis for the data processing is Art. 6 (1) f GDPR.

In addition, we may process such data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 (1) f GDPR and serves our interest in further developing our offer and informing you specifically about our offers. Further data processing may take place if you have consented (Art. 6 (1) (a) GDPR) or if this serves the fulfilment of a legal obligation (Art. 6 (1) (c) GDPR).

Closing

Changes and updates to the privacy policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

Queries and Complaints

Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.