Privacy Policy

I respect your privacy and am committed to protecting your personal information. This policy explains what data I collect, how I use it, and your rights.

1. Who is responsible for your data

I am Harriet Lawless, the data controller responsible for the personal information collected through this website.

If you have any questions, you can contact me at:
harriet@harrietlawlessartist.com

2. What information I collect

When you place an order, commission a painting, sign up to my mailing list, or contact me, I may collect:

  • Your name

  • Email address

  • Shipping address

  • Payment confirmation details (I do not store full card or bank details)

  • Any personal information you choose to share in messages or commission briefs

This information is collected directly from you.

3. How I use your information

I use your personal information to:

  • Process and deliver orders and commissions

  • Send invoices and payment confirmations

  • Communicate with you about your purchase or enquiry

  • Provide customer support

  • Keep basic records for tax and accounting purposes

  • Send marketing emails if you have signed up to my mailing list

4. Lawful basis for processing

Under UK GDPR, I rely on the following lawful bases:

  • Contract: to fulfil orders and commissions you place

  • Legal obligation: to comply with tax and accounting requirements

  • Legitimate interests: to manage enquiries and run my business effectively

  • Consent: for sending marketing emails when you join my mailing list

5. Cookies and similar technologies

This website may use cookies and similar technologies to ensure the site functions properly and to understand how visitors use the site.

These may include cookies set by website hosting services, analytics tools, or embedded features such as forms or social media links.

Where required, cookies that are not strictly necessary will only be used with your consent.

You can control or disable cookies through your browser settings at any time.

6. Third-party services

I do not sell your personal data.

However, I use trusted third-party services to run my website and process orders, including:

  • Payment processors such as Stripe or PayPal

  • Email service providers for communication and newsletters

  • Website hosting platforms

These providers may process your data outside the UK. When this happens, appropriate safeguards are used to protect your information, such as UK-approved data transfer mechanisms or equivalent protections.

7. Data retention

I keep your personal data only for as long as necessary:

  • Order and commission records are kept for up to 7 years to meet tax and accounting requirements

  • Email correspondence is kept only as long as needed for communication

  • Mailing list data is kept until you unsubscribe

You can request deletion of your data at any time, where legally permitted.

8. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data I hold about you

  • Request correction of inaccurate data

  • Request deletion of your data

  • Object to or restrict certain types of processing

  • Withdraw consent at any time (for example, unsubscribing from emails)

  • Lodge a complaint with the Information Commissioner’s Office (ICO) in the UK

To exercise any of these rights, please contact me at:
harriet@harrietlawlessartist.com

9. Data security

I take reasonable technical and organisational measures to protect your personal information from loss, misuse, or unauthorised access.

10. Changes to this policy

This privacy policy may be updated from time to time. The most recent version will always be available on this page.