top of page

Privacy Policy

This Website and the Services provided by it, including the online Shop (“Services”) are operated by Heather M Nisbet, The Fox Hole, Sandside Road, Kirkcudbright, Dumfries and Galloway, Scotland DG6 4XD (“HMN” or “I” or “me” or “my”).


This Privacy Policy page informs you of my policies regarding the collection, use, and disclosure of personal data when you use the Services and the choices you have associated with that data.


By using the Services, you agree to the collection and use of personal data in accordance with this policy.



HMN fully respects your right to privacy, and will not collect any personal information about you on this Website without your clear permission. Any information which you volunteer to HMN will be treated with the highest standards of security and confidentiality, strictly in accordance with the Data Protection Act, 2018.






HMN is committed to protecting and respecting your privacy.

This privacy policy sets out the basis on which any personal data I collect from you, or that you provide to me, will be processed by me. Please read the following carefully to understand my views and practices regarding your personal data and how I will treat it.


The rules on processing of personal data are set out in the General Data Protection Regulation May 25th 2018. (the “GDPR”).


1. Definitions


Data controller – A controller determines the purposes and means of processing personal data.

Data processor – A processor is responsible for processing personal data on behalf of a controller.

Data subject – Natural person

Categories of data: Personal data

Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, home address or private email address. I do not use Online identifiers such as IP addresses, but sites will use cookies.

Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.


2. Who am I?

HMN is the data controller. This means I decide how your personal data is processed and for what purposes. My contact details are The person in charge of data control is Heather M Nisbet.


3. How is the data and information collected?


When you conduct a transaction on the Website, or register as a member, as part of the process, HMN collects personal data you give me, as set out in 5 below. This personal data will be used for the specific reasons stated at 4 only.

4. The purpose(s) of processing your personal data

I use your personal data for the following purposes:


  • to contact you, should you fill in the form on this Website and request such contact; or

  • to provide information to my external printing facility, so that they can produce the item(s) you purchased from this Website and send it/them to you; or 

  • to post out direct items purchased by you from this Website; or

  • to send you promotional emails about (1) the products for sale on the Website or (2) new paintings that have been added to the Website galleries or (3) forthcoming exhibitions or other events, activities or occurrences relating to my art work; or

  • to monitor the way in which this Website is used, and to ensure that content from this Website is presented in the most effective manner for you and for your computer; or

  • to administer this Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

  • to comply with a legal obligation;

  • to protect and defend the rights or property of HMN or Heather M Nisbet Art;

  • to prevent or investigate possible wrongdoing in connection with the Service;

  • to protect the personal safety of users of the Service or the public; or

  • to protect against legal liability.


Also, HMN may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to poll your opinions through surveys or questionnaires, to send updates about the Services, or as otherwise necessary to contact you to enforce applicable national laws, and any agreement HMN may have with you. For these purposes HMN may contact you via email.

5. The categories of personal data or other information concerned

With reference to the categories of personal data described in the definitions section, I process the following categories of your data - data on Website forms or emails that you submit or send to me or otherwise entered on this Website, including you name, postal address, email address, phone number, financial and credit card information, personal description and information relating to your participation in and feedback on any of my products or any of the Services.


I also receive, collect and store any personal data you enter on the Website or provide to me in any other way. In addition, the Website collects the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. 


HMN may use software tools, including Google Analytics, to measure and collect session data, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. 


HMN also collects personally identifiable data (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.

6. What is my legal basis for processing your personal data and information?

The legal basis for HMN processing your personal data is your consent, given by virtue of (1) submission of a form on the Service or (2) sending me an email requesting contact or (3) you making a purchase of items from the Service, as part of which you will have ticked the box providing that consent and confirming that you accept HMN Terms and Conditions, Privacy Policy and Deliveries and Returns Policy.


Where my processing is based on your consent, and not any other legal basis, you have the right to withdraw your consent at any time. This withdrawal will not affect the lawfulness of processing prior to the withdrawal. If you inform me that you no longer wish to receive email or other communications from us, I will stop sending you these communications.

7. Storing, sharing, using or Disclosing your personal data

Your personal data will be treated as strictly confidential and will not be shared with, or disclosed to, any third party outside of HMN except:


  • if this becomes necessary to help you with your enquiry, in which case this will be fully explained to you in advance and consent will be sought;

  • to the external print facility who produces and sends out the item(s) that you have purchased;

  • to comply with a legal obligation;

  • to protect and defend the rights or property of HMN or Heather M Nisbet Art;

  • to prevent or investigate possible wrongdoing in connection with the Service;

  • to protect the personal safety of users of the Service or the public; or

  • to protect against legal liability.


Also, the Website and Services are hosted on the platform. provides HMN with the online platform that allows HMN to sell items to you. Your data may be stored through’s data storage, databases and the general applications. They store your data on secure servers behind a firewall. 


All direct payment gateways offered by and used by the Services adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.


If I collect your personal information, the length of time this Website retains it is determined by a number of factors including the purpose for which I use that information and my legal obligations.


I may need your personal information to establish, bring or defend legal claims. For this purpose, I will normally retain your personal information for a period of 6 years. After the date it is no longer needed by me for any of the purposes listed under the heading “The Purpose(s) of processing your personal data” I will delete it.


The only exceptions to this are where:


  • the law requires me to hold your personal information for a longer period, or delete it sooner;

  • you exercise your right to have the information erased (where it applies) and I do not need to hold it in connection with any of the reasons permitted or required under the law;

  • I bring or defend a legal claim or other proceedings during the period I retain your personal information, in which case I will retain your personal information until those proceedings have concluded and no further appeals are possible; or

  • in limited cases, existing or future law or a court or regulator requires me to keep your personal information for a longer or shorter period.

8. Providing HMN with your personal data

You are under no statutory or contractual requirement or obligation to provide me with your personal data. But failure to provide contact details when filling in the form means I cannot respond to your question.

9. Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:


  • The right to request a copy of the personal data which I hold about you;

  • The right to request that I correct any personal data if it is found to be inaccurate or out of date;

  • The right to request your personal data is erased where it is no longer necessary to retain such data;

  • The right to withdraw your consent to the processing at any time, where consent was your lawful basis for processing the data;

  • The right to request that I provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);

  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

  • The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).


10. Google Analytics and Cookies


My website uses the analytics service Google Analytics. Google Analytics uses “cookies”, which are text files placed on your computer, to help the Website analyse how users use the Website. Also the platform on which the Website is hosted uses some cookies.


Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse the Services.


You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of my Services.


The information generated by the cookie about your use of the Website (including your IP address) will be transmitted to and stored by Google on servers in the United States.


Further information concerning the terms and conditions of use and data privacy can be found at or at



11. Further processing


If I wish to use your personal data for a new purpose, not covered by this Privacy Policy, then I shall provide you with a new policy explaining this new purpose and ask for your consent to the use of your personal data for that new purpose. 


I shall not use your personal data for such new purpose without your consent.


12. Changes to my Privacy Policy


Any changes I may make to my privacy policy in the future will be posted on this page. Please check this Website frequently to see recent changes. The date when this Privacy Policy was last updated will be displayed at the bottom of the page.


13. How to make a complaint


To exercise all relevant rights, queries or complaints I encourage you, in the first instance , to contact HMN,  either by email to or by post to The Fox Hole, Sandside Road, Kirkcudbright, Dumfries and Galloway, Scotland DG6 4XD.


You have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.





This Privacy Policy was last updated on 19 July 2020.

bottom of page