Privacy Notice

Global Art Supplies Ltd

Privacy Notice

This Privacy Notice will help you understand how we collect, use and protect your personal information. If you have any queries about this Privacy Notice or how we process your personal information, please contact the Compliance Officer, by email: or by post: Compliance Officer, Unit 2, High Post Business Park, Salisbury, Wiltshire, SP4 6AT.

Who we are?

The organisation responsible for the processing of your personal information is Global Art Supplies Ltd. This means that we are a ‘data controller’ under the Data Protection Act 1998 and the General Data Protection Regulation (also known as the GDPR). Global Art Supplies Ltd is a company registered in the United Kingdom under number 3798939 whose registered address is Global Art Supplies Ltd, The Boscombe Centre, Mills Way, Amesbury, SP4 7SD.


What personal data do we collect?

Unless otherwise agreed with you, we will only collect basic personal data about you, which does not include any special categories of personal information about you (often known as ‘sensitive personal data’).

The personal information we hold about you is that which we collect directly from you, for example:

  • Your company name, contact names, address, telephone number, fax number, website address, VAT number and email.
  • When you purchase our products or services.
  • When you register to receive information from us.
  • Each time you interact with us, respond to communications or enter competitions.
  • When you make enquiries or raise concerns with our customer service team.

On our website

We collect and store the information that you give us via forms on our site: such as your name, address, email address, phone number; or when communicating with us by email.

We do not receive or store any other personal data from our website, such as the internet protocol (IP) address used to connect your computer to the internet, your connection information such as browser type and version, your operating system and platform, cookie number, your activity on our website including the pages you have visited, the searches you made, products purchased, likes, comments and uploads.


Why do we need your personal data?

We need to know basic personal data to perform our necessary contractual obligations. If you do not provide this information, then we will be unable to provide the services you have requested. We will not collect any personal data from you that we do not need in order to provide the services we have agreed to provide you with.

We may store your personal information for the following reasons;

  • To communicate with you about order processing, account management, and payment enquiries, and including responding to your enquiries (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests).
  • To assess financial risks, including carrying out credit reference checks and credit scoring assessments (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests).
  • To carry out anti-fraud and anti-money laundering checks and verifying your identity (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests).
  • To administer debt recoveries, where you owe us money under a contract or otherwise (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests).
  • To fulfil our obligations owed to a relevant regulator, tax authority or revenue service (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests).

Our ‘legitimate interests’ as referred to above (and below) include our legitimate business purposes and commercial interests in operating our business in a customer-focused, efficient and sustainable manner, in accordance with all applicable legal and regulatory requirements.


How do we use personal data for marketing?

We will send you marketing about our products and services by post, telephone, email and via digital channels. Digital channels include social media and similar such digital marketing channels. We may upload and match the personal data that you provide to us with the data you provide to social media and similar such digital marketing channels; this allows us to improve our knowledge of you and, in return, serve you with relevant marketing messages.

You can object to receiving marketing from us at any time – simply follow this unsubscribe link and update your settings; or send us your name, address and date of birth via email to or by post to: Compliance Officer, Unit 2, High Post Business Park, Salisbury, Wiltshire, SP4 6AT.

We consider that it is within our legitimate interests to send you information about our products and services for marketing purposes.


Do we make automated decisions?

We use the personal data you provide to us, to enable us to evaluate and manage your account when processing an order.

To ensure your details are not being used without consent, your personal data may be supplied to relevant third parties including credit reference and fraud prevention agencies, who may keep a record of that information. This is necessary to allow us to decide when opening an account, offering credit reviews, and managing account arrears. These decisions may be made by entirely automated means (that is, without human intervention) and through profiling.

We consider that, to the extent our decisions based solely on automated processing, produce a legal or similarly significant effect on a party, those decisions are necessary for entering into, or performance of, our contract with you. However, you have the right to contact us to express your point of view (including providing any additional information that you want us to consider) and to contest such decisions. A member of our team will then re-consider it. If you wish to exercise these rights, please contact us by emailing: or by post: Compliance Officer, Unit 2, High Post Business Park, Salisbury, Wiltshire, SP4 6AT.

Consequences of processing

If we, or a fraud prevention agency, determine that you pose a risk of fraud or money laundering, we may refuse to provide the products, services and financing you have requested; we may also stop providing existing services to you. A record of any fraud or money laundering risk will be retained by us and the fraud prevention agencies. It may also result in others refusing to provide products, services, financing or employment to you. If you have any questions about our processing of your data for fraud purposes, please contact our Compliance Officer at the details provided above.


How do we protect your personal data?

We take all reasonable steps to ensure that your personal data is processed securely and provide regular security checks and updates.

Emails and other electronic communications are not secure if they have not been encrypted. Your communications may pass through servers in a number of countries before they reach us. So, we do not accept responsibility for any unauthorised access to or loss of personal data that stems from a cause beyond our control. Nor can we be held responsible for the actions or omissions of other users or third parties who may misuse your personal data which they collect from the site.


How do we store your personal data?

All the personal data that we hold about you will be processed by our staff in the United Kingdom. Please be aware, that your information is stored in a cloud-based system whose servers are located in the United Kingdom. 


How long will we keep your personal data?

We will generally keep your personal data for a minimum of 6 years, after which time it will be destroyed if it is no longer required for the lawful purpose(s) for which it was obtained. If you consent to marketing then any information we use for this purpose will be kept with us until you notify us that you no longer wish to receive this information. More information on our retention schedule can be found by contacting our Compliance Officer.


Do we share your personal data with third parties?

Where relevant given the nature of the products and services provided to you, we may also share your information with the following categories of third parties:

  • Third party service providers who we instruct for the purposes of handling goods, including couriers and delivery services (such as UPS, Downes Transport Ltd and Royal Mail), website hosts, and businesses who assist us in undertaking communications or monitoring our site (as is necessary for the performance of a contract between you and us);
  • Direct debit payment details are supplied direct to our banking partner and we do not retain credit card details on site.
  • Third party service providers who support the operation of our business, such as IT and marketing suppliers, financial service providers, and debt collection agencies (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests).

Processing outside of the European Economic Union (EEA)

The personal information that we collect from you, and which is shared with some fraud prevention agencies, may be transferred to and processed in a destination outside of the EEA. It may also be processed by staff operating outside the EEA who work for one of our suppliers. In these circumstances, your personal information will only be transferred on one of the following bases:  

  • The country that we send the data to has been is approved by the European Commission as providing an adequate level of protection for personal information; or
  • The recipient has agreed standard contractual clauses with us, which have been approved by the European Commission, obliging the recipient to safeguard the personal information (in particular, our transfer of personal information to suppliers in India and the United States for marketing, IT development and IT testing purposes are protected in each case by the use of appropriate model clauses); or
  • There exists another situation where the transfer is permitted under applicable data protection legislation (for example, where a third-party recipient of personal data in the United States has registered for the EU-US Privacy Shield).

To find out more about how your personal information is protected when it is transferred outside the EEA (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact our Compliance Officer, using the details above.


What are your rights?

Under the Data Protection Act 1998 you have the following rights:  

  • To obtain access to, and copies of, the personal information that we hold about you;
  • To request that we cease processing your personal information if the processing is causing you damage or distress; and
  • To require us not to send you marketing communications.

Now, under the GDPR, you will also have the following rights:

  • To request us to erase your personal information;
  • To request us to restrict or object to our data processing activities;
  • To receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal information to another data controller; and
  • To request us to correct the personal information we hold about you if it is incorrect. 

Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exceptions apply.

If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner.

You can find out more about your rights under data protection legislation from the Information Commissioner’s Office website: