Paul Newson ArtPaul Newson Art

✅ Every print includes a Certificate of Authenticity & free UK delivery

Privacy Policy

Introduction

This Privacy Policy explains how personal data is collected, used, stored and shared when you visit or interact with https://paulnewson.art (the website), and describes your rights under UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The controller of the personal data described in this policy is:

Paul Newson
Email: paul@paulnewson.art
Postal address: Llanberris, Woods Loke East, Lowestoft NR32 3DR

If you have questions about this policy or wish to exercise your data rights, contact the address above.

Information I collect and why

  1. Comments and user‑provided content
    • What I collect: name, email address, website (if provided), comment text, IP address and browser user agent string, and any profile image you choose to display.
    • Purpose and lawful basis: to publish and manage user comments and to moderate spam and abuse. Lawful basis: consent for publishing comments; legitimate interests for spam prevention and ensuring site security. You may withdraw consent for future comments by contacting us, but previously published comments may remain if needed for legal or administrative reasons.
  2. Account registration (if you register)
    • What I collect: username, email address, profile information and any information you choose to add to your profile.
    • Purpose and lawful basis: to provide account services and manage access. Lawful basis: contract and/or legitimate interests for account administration.
  3. Media uploads
    • What I collect: files you upload and any metadata included in those files (for example EXIF data in photographs).
    • Purpose and lawful basis: to store and display content you upload. Lawful basis: performance of a contract or consent where applicable. I recommend removing embedded location data before uploading because any embedded data may be publicly accessible.
  4. Cookies and similar technologies
    • What I collect: identifiers stored in cookies for preferences, login sessions, and analytics.
    • Purpose and lawful basis: functional cookies are necessary for the site to work (contract or legitimate interests); analytics and marketing cookies, and optional cookies use consent. You can manage and withdraw cookie consent via the cookie banner or your browser settings. See the Cookies section below for details.
  5. Contact and password reset emails
    • What I collect: email address and IP address for password reset and contact requests.
    • Purpose and lawful basis: to respond to enquiries and provide account security. Lawful basis: contract and legitimate interests.
  6. Automated spam checking and security scanning
    • What I collect: comment content, IP address and metadata passed to automated spam detection services.
    • Purpose and lawful basis: to detect and block spam and malicious activity. Lawful basis: legitimate interests in protecting the website and visitors.
  7. Analytics (Google Analytics 4)
    • Purpose and lawful basis: to understand how visitors use the website and to improve performance and content. Lawful basis: consent. Analytics cookies are only set if you choose to allow them.
    • Retention: analytics data is retained for 14 months before automatic deletion.
    • Opt‑out: you can withdraw consent at any time via the cookie banner or your browser settings. You may also use Google’s opt‑out tools: https://tools.google.com/dlpage/gaoptout.
  8. Marketing and Advertising (Meta Pixel)
    • Purpose and lawful basis: I use the Meta Pixel (provided by Meta Platforms Ireland Limited) to measure the effectiveness of my advertising campaigns on Facebook and Instagram, and to deliver more relevant ads to visitors. The lawful basis for this processing is consent. These cookies and tracking technologies are only set if you choose to allow them.
    • Data collected: Information about your interactions with my website (such as pages visited, actions taken, and whether you completed a purchase) may be linked with your Facebook or Instagram account if you are logged in.
    • Retention: Data collected via the Meta Pixel is retained in line with Meta’s policies.
    • Opt‑out: You can withdraw consent at any time via the cookie banner or your browser settings. You can also manage your ad preferences directly in your Facebook account settings.

Third parties and processors

I use third parties to provide core services. These processors act on my instructions and have their own privacy and security measures. Examples include:

  • Website hosting and backups.
  • Analytics (Google Analytics 4): I use Google Analytics 4, provided by Google Ireland Limited, to analyse how visitors use my website. Google processes this data on my behalf and may transfer it to servers outside the UK/EEA, including the United States. Safeguards such as Standard Contractual Clauses are in place. For more information, see Google’s Privacy Policy: https://policies.google.com/privacy.
  • Advertising (Meta Pixel): I use the Meta Pixel, provided by Meta Platforms Ireland Limited, to track website activity and measure the effectiveness of advertising campaigns. Meta may process this data on my behalf and may transfer it to servers outside the UK/EEA, including the United States. Safeguards such as Standard Contractual Clauses are in place. For more information, see Meta’s Privacy Policy: https://www.facebook.com/privacy/policy.
  • Email service providers for newsletters and contact form messages.
  • Image and content delivery networks or gallery plugins for fast media delivery.
  • Spam and security services for comment moderation.

I will provide a current list of processors on request. Where I share personal data with third parties I require appropriate contractual data processing agreements.

Transfers outside the UK and safeguards

Personal data may be processed or stored by third parties located outside the UK or European Economic Area. Where that occurs I will ensure an adequate level of protection by relying on: adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms. Contact me for full details of the safeguards in place.

Retention of your personal data

I retain personal data only as long as necessary for the purpose it was collected or to comply with legal obligations. Typical retention periods:

  • Visitor comments and related metadata: retained indefinitely unless you request removal. Retaining comments allows recognition of follow‑ups and moderation history.
  • Account information: retained while the account exists and for up to two years after account deletion unless legal obligations require longer retention.
  • Contact form and email records: retained for up to two years for record keeping and support purposes unless a different retention period is required.
  • Backup copies and logs: retained for up to 12 months for security and disaster recovery.

If you require a different retention period or deletion sooner, contact me using the details at the top of this policy.

Your rights under data protection law

You have the following rights, subject to statutory conditions:

  • Right to be informed about processing (this policy).
  • Right of access to the personal data I hold about you.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure (to be forgotten) where there is no overriding lawful reason to retain the data.
  • Right to restriction of processing in certain circumstances.
  • Right to data portability where processing is by automated means and based on consent or contract.
  • Right to object to processing based on legitimate interests or direct marketing.
  • Rights in relation to automated decision making and profiling.

To exercise any of these rights, contact me at paul@paulnewson.art. I will respond within one month, or within three months for complex requests, and I will inform you if I need to extend this period.

Withdrawing consent and complaints

Where processing is based on consent, you can withdraw consent at any time by contacting me or by changing cookie preferences. Withdrawing consent will not affect processing conducted prior to withdrawal.

You can also manage your advertising preferences directly through your Facebook account settings.

If you are unhappy with how I process your data you have the right to lodge a complaint with the UK Information Commissioner’s Office: www.ico.org.uk.

Cookies — short summary

  • Essential cookies: necessary for core site functions such as login and comment posting. These do not require consent.
  • Functional cookies: store preferences such as screen options.
  • Analytics cookies (Google Analytics 4): help me understand how visitors use the site. These cookies are only set with your consent and may involve transfers of data outside the UK/EEA. You can manage or withdraw consent at any time via the cookie banner or your browser settings.
  • Marketing cookies (Meta Pixel): help me measure the effectiveness of advertising campaigns and show more relevant ads on Facebook and Instagram. These cookies are only set with your consent and may involve transfers of data outside the UK/EEA.

Security of your data

I implement appropriate technical and organisational measures to protect personal data from unauthorised access, accidental loss, disclosure or destruction. These measures include secure hosting, encrypted connections (HTTPS), regular updates and access controls. No method of transmission or storage is completely secure, so I cannot guarantee absolute security but I strive to minimise risks.

Children

The website is not intended for children under 13. I do not knowingly collect personal data from children under 13. If you believe I have collected personal data from a child under 13, contact me and I will take steps to remove that data.

Changes to this policy

I may update this policy from time to time to reflect changes in law, technology, suppliers or my data processing practices. This policy was last updated on the 12th of October 2025. Significant changes will be notified via the website or email where I hold your contact details.