Privacy Policy
This policy explains how CARLOS SIMPSON Art collects, uses, stores, and protects your personal data when you use this website, purchase a product, or contact us.
Who we are
This website is operated by Carlos Simpson (GB) (“we”, “us”, “our”). We are the data controller for personal data processed through this site.
| Business / Site name | CARLOS SIMPSON Art |
|---|---|
| Website | https://carlos-simpson.com |
| Controller | Carlos Simpson (GB) |
| Contact email | rgb@live.co.uk |
| Business address | London, United Kingdom |
What data we collect
We collect personal data you provide directly, and some data that is collected automatically when you browse the site.
- Identity & contact data: name, email address, billing/shipping address, phone number (if provided/required at checkout).
- Order data: products purchased, order notes, delivery details, refunds/returns (where applicable).
- Account data: if you create an account, we store login-related account details and preferences.
- Customer support data: messages you send us via forms, email, or account pages.
- Technical data: IP address, device/browser info, and log data (typically for security, diagnostics, and performance).
- Usage data: pages viewed, interactions, and general analytics signals (see Analytics).
How we use your data
We use personal data to operate the website, fulfil orders, and improve the experience.
- Process orders, payments, delivery, refunds, and customer service.
- Communicate with you about orders, enquiries, and important service messages.
- Maintain site security and prevent fraud or abuse.
- Understand site performance and usage patterns (analytics).
- Comply with legal obligations (tax, accounting, consumer rights, and record-keeping).
Legal basis (UK GDPR)
We process personal data under one or more of the following legal bases:
- Contract: to perform the contract when you place an order or request services.
- Legal obligation: to meet accounting, tax, and consumer law obligations.
- Legitimate interests: to keep the site secure, prevent fraud, and improve performance (balanced against your rights).
- Consent: where required, for non-essential cookies or specific optional features.
Sharing your data
We only share personal data when necessary to run the site and deliver your order, or where required by law. Typical recipients include:
- Payment providers (to take payments securely).
- Hosting / IT providers (to keep the site running).
- Analytics providers (to understand website usage).
- Delivery and fulfilment partners (only if needed for shipping).
- Professional advisers (accountants, legal) where necessary and lawful.
We do not sell your personal data.
Payments
Payments on this website are processed via PayPal. We do not store full card details on our servers. The payment provider will process your payment data in accordance with their own privacy policy and security standards.
Analytics
We use Google Analytics to understand how visitors use the site (for example: which pages are visited, how long users stay, and where traffic comes from). This helps us improve content, usability, and performance.
Analytics may use cookies or similar technologies. Where required, we will ask for your consent before setting non-essential analytics cookies. See Cookies.
Cookies
Cookies are small text files placed on your device. Some cookies are essential for the site to work (e.g., shopping cart, checkout), while others help with analytics and preferences.
You can manage cookie preferences through the cookie banner and/or your browser settings. For more detail, read our Cookie Policy: https://carlosimpson.com/cookie-policy-uk/.
Data retention
We keep personal data only as long as needed for the purposes described in this policy, including legal, accounting, or reporting requirements.
- Order records: typically retained for tax/accounting and consumer law purposes.
- Support messages: retained as long as needed to resolve issues and maintain service records.
- Analytics data: retained according to the analytics configuration and applicable requirements.
Security
We take reasonable technical and organisational measures to protect personal data, including access controls, secure hosting practices, and security updates. No system is 100% secure, but we work to reduce risk and respond quickly to issues.
Your rights
Under UK GDPR, you have rights over your personal data. These include:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure (in certain cases).
- The right to restrict processing (in certain cases).
- The right to data portability (in certain cases).
- The right to object (in certain cases).
- Rights related to automated decision-making and profiling (if applicable).
To exercise a right, contact us at rgb@live.co.uk. We may ask you to verify your identity before we act on a request.
International transfers
Some service providers (for example, analytics or payment providers) may process data outside the UK. Where this happens, we rely on appropriate safeguards as required by UK data protection law.
Children
This website is not intended for children, and we do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us so we can take appropriate action.
Changes to this policy
We may update this Privacy Policy to reflect changes in the site, legal requirements, or our practices. When we do, we will update the “Last updated” date at the top of this page.
Contact
If you have questions about this policy or your personal data, contact:
- Controller: Carlos Simpson (GB)
- Email: rgb@live.co.uk
- Address: London, United Kingdom
Note: This page provides general information and is not legal advice. If you have complex requirements (e.g., international sales, marketing automation, special category data), consult a qualified professional.
