Privacy Policy
Last updated: 15/02/2026
1. Introduction
This Privacy Policy explains how Katy Fryd Art (“we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you use our website [katyfrydart.co.uk] or interact with our services. We are committed to complying with the UK GDPR and the Data Protection Act 2018.
If you have any questions, you can contact us at: Email: [terrapintrouble@gmail.com] Address: [65A Wrangleden Rd, Maidstone, Kent, ME15 9LD]
2. What Personal Data We Collect
We may collect the following types of personal data:
Data you provide directly
-
Name
-
Email address
-
Phone number
-
Postal address
-
Payment information (processed securely by third‑party providers)
-
Any information you submit via forms, messages, or account creation
Data collected automatically
-
IP address
-
Browser type and device information
-
Cookies and usage data
-
Pages visited and actions taken on our website
Data from third parties
-
Payment processors
-
Advertising or analytics partners (if applicable)
3. How We Use Your Personal Data
We use your data for the following purposes:
-
To provide and manage our services
-
To process orders and payments
-
To communicate with you about your account or enquiries
-
To send marketing communications (only with your consent)
-
To improve our website and user experience
-
To comply with legal obligations
4. Legal Bases for Processing
We process your data under one or more of the following legal bases:
-
Consent — when you opt in to marketing or optional services
-
Contract — when processing is necessary to deliver a service you requested
-
Legal obligation — when required by law
-
Legitimate interests — for business purposes that do not override your rights
5. How We Share Your Data
We may share your data with:
-
Service providers (e.g., payment processors, hosting providers)
-
Professional advisers (e.g., accountants, legal consultants)
-
Analytics or marketing partners (only with consent)
-
Authorities, if required by law
We never sell your personal data.
6. International Data Transfers
If we transfer your data outside the UK or EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
7. Data Retention
We keep your personal data only for as long as necessary for the purposes described in this policy, or as required by law. After this period, your data is securely deleted or anonymised.
8. Your Rights Under GDPR
You have the right to:
-
Access your personal data
-
Correct inaccurate data
-
Request deletion (“right to be forgotten”)
-
Restrict or object to processing
-
Withdraw consent at any time
-
Request data portability
-
Lodge a complaint with the ICO (Information Commissioner’s Office)
To exercise any of these rights, contact us at [your email].
9. Cookies
We use cookies to improve your browsing experience. You can manage or disable cookies through your browser settings. For more details, see our Cookie Policy (if you have one).
10. Security
We take appropriate technical and organisational measures to protect your personal data from loss, misuse, or unauthorised access.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date.