top of page

Privacy Policy

Overview

At Colours Across Art Gallery ("we," "us," or "our"), your privacy matters. This Privacy Policy outlines how we collect, use, disclose, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and other applicable UK data protection laws, including the Data Protection Act 2018 and updates brought by the Data Protection and Digital Information Act (DUAA 2024/25).

This Privacy Policy explains:

  • What personal data do we collect

  • How we use your data

  • Who we share it with

  • Your data protection rights

  • How to contact us

​

By using our website or purchasing from us, you agree to the terms of this Privacy Policy.

Our Contact Details

Data Controller: Katarzyna Drabek
Trading As: Colours Across Art Gallery
Email: coloursacross@gmail.com
Business Address: 46 Groves Way, Cottenham, CB24 8BH
Phone / WhatsApp: [+44 7580 017698]

​

The Type of Personal Data We Collect

We may collect the following:

  • Name and contact details (email, phone number, address)

  • Payment details (via Stripe or PayPal)

  • Purchase history

  • Communication preferences

  • Device and browser information (via cookies)

  • Website usage and interaction data

We do not collect or store card numbers. All payments are processed securely via Wix Payments, Stripe, or PayPal, depending on your selection.

​

How We Get Your Data and Why We Have It

Most of the personal data we process is provided directly by you when you:

  • Make a purchase

  • Contact us via email or form

  • Sign up for newsletters or marketing

​

We use your data to:

  • Fulfil your order and communicate with you

  • Provide customer service and respond to queries

  • Personalise your experience

  • Comply with legal obligations (e.g., record keeping)

  • Send optional marketing emails (only with your consent)

​

Lawful Basis for Processing

Under the UK GDPR and DUAA 2024/25, we rely on the following lawful bases:

  • Contractual obligation – to process and deliver your order

  • Consent – for marketing communications

  • Legitimate interest – to improve our services

  • Legal obligation – for tax and accounting purposes

​

International Data Transfers

We primarily use services that store and process your data within the UK, the EEA, or in countries deemed to offer adequate protection (such as Israel).
However, some data may be transferred internationally — for example, when processed by third-party services such as Wix, PayPal, Stripe, or embedded media platforms.

In these cases, we rely on:

  • Data Transfer Agreements with Standard Contractual Clauses (SCCs)

  • The UK International Data Transfer Agreement (IDTA), where appropriate

  • Other lawful mechanisms recognised under UK data protection law

We only work with third parties who demonstrate strong data protection practices and compliance with applicable regulations.

​

Cookies & Analytics

Our site uses cookies to enhance your experience. These may include:

  • Essential cookies (for site functionality)

  • Analytical cookies (e.g. Google Analytics)

  • Third-party service cookies (e.g. Stripe, Wix, PayPal)

You can manage your preferences via your browser settings. For full details, see our [Cookie Policy].

​

Marketing

We will only send you marketing communications if you opt in. You can unsubscribe at any time using the link in the email or by contacting us directly.

​

How We Store and Protect Your Data

Your data is securely stored on Wix’s encrypted servers and any third-party tools (Stripe, PayPal) with secure industry-standard protocols. We limit access to your data and keep it only as long as necessary.

  • Retention period: We retain personal data for up to 6 years to comply with tax, contractual, and legal obligations, unless you request its deletion sooner and we are legally permitted to do so.

​

Your Rights Over Your Data

Under the UK GDPR and DUAA, you have the right to:

  • Access your data

  • Correct inaccurate data

  • Request erasure of your data

  • Object to processing or restrict it

  • Data portability

  • Withdraw consent for marketing at any time

​

To exercise your rights, email us at coloursacross@gmail.com.

You are not required to pay any charge for exercising your rights. We will respond to your request within one calendar month. For complex or multiple requests, we may extend this by up to two additional months. We will notify you if this is the case.

​

Policy Updates

We reserve the right to update this Privacy Policy from time to time to reflect changes in the law or our operational practices. You will be notified of material changes, and the most current version will always be available on our website. This version is current as of September 2025.

​

Complaints

If you are unhappy with how we have used your data, please contact us using the details provided above. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Website: https://ico.org.uk
Phone: 0303 123 1113
Address:

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

​

Thank you for trusting Colours Across Art Gallery. If you have any questions or concerns, we’re always happy to help.

Art Gallery
bottom of page