top of page
White Circle Logo - White

Privacy Statement

This privacy statement sets out the types of personal data White Circle Art Ltd (White Circle) may collect about you when you interact with us and explains how we process your personal data. This statement applies if you are a visitor to our website (our Website) or social media pages (a Website User) and/or if you purchase any products from White Circle (a Customer).


We are responsible for deciding how we hold and use personal data we collect or receive about you. We are committed to protecting and respecting your privacy. We will ensure your personal data is stored and used in accordance with this privacy policy.


We may collect, use, store and transfer different kinds of personal data about you when you visit our website, when you contact us, or when you purchase any of our products.


We want you to know that we don’t sell any of the personal data you share with us or that we collect.


Please read this privacy statement carefully. This statement may change from time to time. We will regularly review this statement and any updates we make will be posted on our website. We encourage you to frequently check this page for any changes to stay informed about how we are collecting and processing personal data about you.


This privacy statement was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal data. However, we would be happy to provide any additional information or explanation upon request.


If you have any questions or concerns about any of your personal data or information contained within our privacy policy, please contact us using the details below.


Our website is not intended for children and we do not knowingly collect data relating to children.



White Circle is a limited company registered in England and Wales under company number 07418613 at Bank Chambers, 1-3 Churchyardside, Nantwich, Cheshire CW5 5DE.


Our head office is at Bonded Warehouse, 18 Lower Byrom Street, Manchester M3 4AP.


Within the context of this statement, references to “we”, “us” or “our” relate to White Circle Art Ltd, known as White Circle.




Direct interactions: Most of the personal data we hold about you is collected directly from you when you interact with us or correspond with us directly via our website, by email, telephone, by post or on social media.


Automated technology: When you visit our website, our systems will automatically collect information about your equipment, browsing actions and patterns. We collect this personal data (namely Technical and Usage data) by using cookies, tracking pixels, server logs and other similar technologies. 


Other third parties: We may also receive personal data about you from various third parties as set out below:

  • Our ecommerce platform provider (currently who provides payment and other services to us to allow us to sell our products online and process electronic payments for products

  • Analytics providers, such as Google Analytics and Wix Analytics who provide us with Technical and Usage data

  • Advertising networks, such as Google Adwords and Facebook who provide us with Technical and Usage data

  • Operators of social media platforms, including Facebook, Instagram, LinkedIn, Twitter, YouTube and Pinterest, which may be based outside of the UK and EEA

  • Online postcode look-up services to autofill your delivery address, for example.



We collect, use and are responsible for personal information about you, when you provide it to us. Examples include:

  • Identity data – name, billing address, delivery address, email address(s) and telephone contact number(s)

  • Customer Service data – information relating to your interactions with our customer service team via telephone, email or post, or in person. For example, information you provide when you make a general enquiry, ask us for product advice or in the unfortunate case that you need to complain to us.

  • Financial data – data we collect if you purchase a product from us, such as your bank account and payment card details

  • Usage data – information about how you use our website, including how you navigate our website, which pages you view, the advertisements you click on, any search terms you enter and if you encounter any problems. We also collect details of how you arrive at our website (eg through Google).

  • Technical data – electronic information which is automatically logged/stored by processing equipment including details of the device(s) you use to access our services, internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website

  • Social Media data – data we have access to through a social media platform when you connect with us or like or follow our social media accounts, including your social media handle, photograph, date of birth, location, occupation, interests and other information and content you make available via your social media accounts.

  • You may be required to provide us with additional information to facilitate the provision of services to you; this could include proof of identity.

  • Telephone calls may be recorded for training and monitoring purposes.




We collect and use this information in order to deliver our services or perform any duties or obligations under any contractual relationship you have entered into with us, or with any of our clients.


We seek to ensure that our information collection and processing is always proportionate (i.e. we will not collect more data than is required). We will notify you of any material changes to the type of information we collect, or to the purposes for which we collect and process it.




Where we need to collect personal data from you in order to comply with our legal obligations or to perform a contract we have with you and you fail to provide that data when requested, we may not be able to perform the relevant contract (for example, to deliver your products or process your payment). In this case, we may have to cancel the relevant contract.




We may share your personal data with the following third parties in order to perform a contract with you, comply with a legal or regulatory obligation, in our legitimate interests of conducting our business, or where you have consented:


  • IT companies who support our Website and provide other business systems, such as our ecommerce provider

  • Payment providers, such as Stripe, who provide payment services to us to allow us to process electronic payments for products

  • Operational companies such as delivery couriers

  • Data analytics companies such as Google Analytics

  • Social media platforms and online search engines, such as Facebook, Instagram, LinkedIn, Twitter and Pinterest

  • Other companies and organisations for the purposes of fraud protection and credit risk reduction, HM Revenue & Customs, the police, regulators and other authorities and public bodies

  • Professional advisers, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accountancy services.


We require all our data processors to respect the security of your personal data and to treat it in accordance with the law. We do not allow our data processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.


In some instances where we share data with third parties, such as HMRC, those third parties will also be controllers of your personal data. We shall not be responsible or liable for the way in which other data controllers hold or process your personal data. Please contact those third parties for further information regarding how they will use your data. We shall only share your personal data with third parties in accordance with this privacy policy.



Any hard copy information is held at our registered office, along with other service providers where appropriate (e.g. our email provider or our web hosting company).




We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We seek to ensure that there is appropriate security for information we hold, including the use of secure servers and cloud-based information storage providers which adhere to the Cloud Security Alliance (CSA) Code of Conduct for GDPR Compliance and which have achieved ISO 27018 – the internationally recognised standard for leading practices in cloud privacy and data protection.


Your personal data is only available to authorised personnel of White Circle who need access to the information in order to fulfil their duties. All White Circle personnel who have access to your personal data will only process your personal data on our instructions and they shall be subject to a duty of confidentiality.


Unfortunately, however, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.


Once we no longer require your personal data, we will take reasonable steps to destroy it in a secure manner.




We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.


In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) in order to develop our business methods and strategy or for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.


We shall not have any liability whatsoever to you for the deletion of personal data in accordance with our data retention policy.



White Circle retains the right to lawfully collect the personal information referred to within this statement, in pursuance of any contractual arrangements which oblige us so to do, or where you have granted us the appropriate consent.


We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we wish to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.


We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.



Under the General Data Protection Regulation you have a number of important rights free of charge:

  • Fair processing of information and transparency over how we use your personal information

  • Access to your personal information and to certain other supplementary information that this Privacy Statement is already designed to address

  • Requirement for us to correct any mistakes in the information of yours that we hold

  • Requirement for the erasure of personal information concerning you, in certain situations

  • Receive the personal information concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to a third party, in certain situations

  • Object at any time to processing of personal information concerning you for direct marketing

  • Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you

  • Object in certain other situations to our continued processing of your personal information

  • Otherwise restrict our processing of your personal information in certain circumstances

  • Claim compensation for damages caused by our breach of any data protection laws


For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.


We may ask you to verify your identity if you make a request to us to exercise any of the rights set out above. This is a security measure, to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request, to speed up our response. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.




If you wish to contact us, please email, call or write:


Providing the following information:

  • Full name, address and alternative correspondence address, if applicable.

  • Proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill).

  • The information to which your request relates, including any relevant account or reference numbers.




If you would like this statement in another format (for example: Welsh language, audio, large print or braille) please contact us (see ‘How to contact us’ above).




We hope that we can resolve any query or concern you may raise about our use of your information.


The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner, who may be contacted at or by telephone on 0303 123 1113.




This Privacy Statement will be effective from 10/08/2022. We may change this Privacy Statement from time to time and, when we do, we will inform you.



This Privacy Statement was published on 10th August 2022

bottom of page