About | Shop | Licensing | Projects | Media | Thought Diary | Contact
Helen is having 2022 off from selling to explore new ideas and play with new materials. Keep an eye on our Facebook & instagram pages for updates Read More

Privacy & data protection policy

This document is designed to tell you how we look after any data and personal details you provide us with. We take your privacy very seriously and aim to treat your information as we would want our own handling. This is how we do things:

1.0 What is data?

2.0 Named person

3.0 Who has access to your data?

3.1 Consumer sales

3.2 Trade stockists

3.3 Communication

4.0 What data do we collect and why do we collect it?

4.1 Consumer sales

4.2 Trade sales

4.3 Suppliers

5.0 Communication – How do we keep you up to date with Helen Russell Creations news

6.0 How do we store and protect your information?

6.1 Website

6.2 Paypal/Worldpay

6.3 Mailchimp

7.0 How do we protect against data breaches?

8.0 How long do we keep data for and how do we keep it up to date?

9.0 Further reading

1.0 What is data?

Data is defined as facts and statistics collected together for reference or analysis. We don’t believe in collecting information we don’t need but there are some things that are essential for us to do our job such as name, address and contact details when processing an order.

2.0 Named person

Helen is the named person for data handling at Helen Russell Creations. If you have any questions about how your details are used (that aren’t answered in this document) then please get in touch with her directly

Where we use a third-party organisation such as Paypal, we will also provide a link to their privacy policy in the section called further reading.

3.0 Who has access to your data?

We are a small business and like to keep things as simple as possible, so the number of people involved in handling your data is quite small.

3.1 Consumer Sales (private sales through the website or at events):

  • Web sales – Helen manages all sales that come through the Helen Russell Creations website. Source Creative (our web company) has admin rights for the site for maintenance purposes. We chose to appoint them as Helen worked with them in a former life and we trust them.
  • Paypal – We use Paypal for receiving payment of items bought on the Helen Russell Creations website. Occasionally Helen will invoice a customer directly using the Paypal platform. This is usually for special items or commissioned pieces.
  • Worldpay – Helen uses Worldpay to take card payments when she is at external events such as trade shows and craft fairs. The Worldpay platform can be used to take a telephone payment if people don’t have a Paypal account; we would need your telephone number for this.
  • Gmail – if we need to chat to you about anything specific (such as a commission) we tend to use email so we have a record of what has been discussed and can then ensure we get things right.

3.2 Trade customers (my stockists):

  • We use Quickbooks to manage our trade orders and trade customer contact details
  • We use Gmail for communicating with our stockists and suppliers

3.3 Communications:

  • Mailchimp is used for newsletters

4.0 What data do we collect and why do we collect it?

4.1 Consumer sales

  • Helen Russell Creations website – guest checkout

When you order a product from us, and you haven’t signed up as a returning customer, you can check out as a guest. When you do this our website system shows us the following information – your first and surname; your PayPal linked email address; the items you have ordered; the shipping address; date of the order and the amount you have paid. We do not see your financial details. We need this information to process the order and to contact you if there is anything we need to check with you. The information on items bought helps us keep track of which products sell well and which we need to eventually put in a wonky/end of line sale. It also helps us with stock control and materials ordering.

  • Helen Russell Creations website – returning customer account

If you have signed up as a return customer we have access to all the information listed above plus your telephone number and website details (if you have chosen to share them). We can also access your order history, so what you have bought; your total spend and when you have bought things. This is very useful as it gives us a good indication of buying patterns in terms of time of year and whether product type relates to this. As a small business this is invaluable for product development and planning.

  • Blog posts

If you choose to comment on a blog post then you are required to submit your name and an email address. You also have the option of sharing your own website address with us. This information helps us to make sure that comments submitted for approval are suitable for the audience who sees the site and if not we can report them as spam. Including your web address, particularly if you are a fellow creative, gives us chance to find out about your work. Sometimes this leads to collaboration and partnership opportunities.

  • Paypal

We use Paypal as a third-party organisation to help us complete transactions through our website shop. Paypal manages the monetary exchange for us (in return for a commission fee). When Helen logs in to Paypal to confirm a sale and mark it as sent she can see your name; the date; the products purchased, and the email address linked to the PayPal account used. Unless we need to invoice you through PayPal (for a special commission or something not generally stocked on the website) we don’t see your address here. In addition, we get an email confirmation through from Paypal to a separate, non-public facing email address that confirms your order. This email contains your name, PayPal linked email address and the items you have purchased. Unless we have invoiced you directly we do not see your postal address here either. The data that is collected during these transactions is used to process your order and make sure we can track your purchase activity if any follow up action is required.

We don’t see your financial details at any point in the transaction process. PayPal’s privacy policy can be found in the further reading section at the end of this document.

  • Worldpay – hand held device

We use a Worldpay hand held device paired with Helen’s mobile phone to process card payments at events and exhibitions. When we log in to our Worldpay account after an event to review the sales we can see the date the purchase was made; the monetary amount of the sale; the card type used to pay; the last four digits of your long card number and the expiry date of your card. No transaction details are held on either Helen’s mobile phone or the hand-held device, all details listed are stored on Worldpay’s secure server, and we do not have access elsewhere to any financial information used by Worldpay to process the sale. The data collected is only used to complete the transaction and to ensure we have a log of items sold should you need to get in touch after the event. A copy of Worldpay’s privacy policy is included in the further reading section at the end of this document.

  • Worldpay – manual transactions

Occasionally we use the Worldpay platform to take a card payment over the phone. When we do this Helen has to manually input the name shown on your card; the long card number; the expiry date and the three-digit security code; plus your address (and if you want to receive a SMS receipt, your mobile phone number). As your address is not retained in the Worldpay transaction history once your details have been manually entered, Helen has to make a quick hand-written note of your address so she can get the goods posted out to you. This note is shredded as soon as your goods have been parcelled up ready for posting. As with the hand-held device, the only data retained in the Worldpay system that is visible to Helen, are details of the transaction that would be needed for follow up communications e.g. name; products ordered; date etc.

  • Google analytics

We use Google Analytics on the website to show how many visits to the site there have been, how long people have stayed, which pages are most looked at and where people have been referred to the site from e.g. Facebook, Instagram. We do not have access to any information about individuals who have visited the website unless you make a purchase (please see above for details on this data collection)

Google analytics is also used on our Facebook business page. Facebook allows us to access data such as which geographic area visitors to the page live in, what level of interaction a page is receiving, the gender of visitors and the age category that visitors fall into. Again, we do not see individual personal data unless you choose to share that information on our newsfeed in the form of a comment. The information collected through Google Analytics is invaluable as it allows us to see who our primary customer groups are. This helps during the planning and design of new ranges. Google analytics privacy policy can be found in the further reading section at the end of this document. If you want to prevent Facebook from collating data on your age/gender etc then you can change your privacy setting from your Facebook account.

4.2 Trade sales (stockists):

  • Accountant

Mr Anthony Fisher is the accountant for Helen Russell Creations. He does our annual tax return and as a result has access to sales figures and business names of stockists.

  • Howling Moon PR

Our PR company often retweet and share information we have posted on social media. We don’t post anything about another business that is not already freely available in the public realm.

  • Suppliers

We keep contact details for our suppliers so we can order the materials we need to fulfil our orders. This information is freely available on the internet but we also keep a paper copy of the companies we work with for speedy reference. These details are stored in our locked, non-public facing studio.

5.0 Communication

How do we keep you up to date with Helen Russell Creations news?

  • Mailchimp

Helen Russell Creations uses Mailchimp to update customers about the business. We have separate newsletters for our stockists and our consumer customers so that the news we share is targeted to your needs. We try our best to make sure that newsletter content is relevant to what we do, or to things and places that we feel you will enjoy reading about. Content may include (but is not limited to) information on new products, collaborations and license arrangements, event and exhibitions, inspirational places and things, wonky and end of line sale details, offers and vouchers, media coverage, stockist reviews and information about other artists. Newsletters are sent out monthly and there is an option to unsubscribe at any time. Mailchimp’s privacy policy is included in the further reading section at the end of this document.

  • Gmail

We use Gmail for our email communication.

If you are a consumer visitor to Helen Russell Creations then we will never email you unless you have entered into a transaction or discussion with us and we need to contact you e.g. if we need to talk to you about an order, commission or an enquiry.

If you are a trade customer then email is our preferred method of communication for talking through orders, new ideas etc. We sometimes email potential stockists if we feel that our product is a good fit for the venue and that we could develop a relevant working relationship.

If you are a member of the media then we will need to forward your details to our PR company Howling Moon PR as they handle all media enquiries.

  • Telephone

We will only use telephone contact details if they have been freely provided by the customer and we need to contact the customer urgently about an order or a commission. We will never pass your telephone number on to a third party.

6.0 How do we store and protect your information?

  • 1 Website

The Helen Russell Creations website is a secure website that doesn’t store any of your financial details – the purchasing aspect of buying from us is managed through the Paypal platform and the operating system (tool for making payment possible) is WooCommerce. As mentioned in previous sections of this document, the website does store your contact details so we can process orders. The content management system (CMS) of the website is password protected. We always log out when we have completed updates but there is also a timed automatic log out system in place should it be required.

The site is hosted on Source Creative’s dedicated server that has a SSL certificate. Source Creative do not allow clients like ourselves access to the server which offers an additional layer of security. The website data is stored in a MySQL database and all passwords are MD5 hashed, which in simple terms means that in the highly unlikely event of a data breach no passwords can be obtained from the database.

  • 2 Paypal and Worldpay

Our Paypal and Worldpay accounts are password protected and the devices we access our accounts from have two-step verification systems set up. We log out of the platforms each time we have completed any actions required but there are also automated log outs set up if required. We use Paypal and Worldpay because we prefer not to have direct access to your bank details and feel that their investment in security is far higher than we could afford as a small business.

  • 3 Mailchimp

If you have chosen to sign up to our newsletter then your details are saved on a secure Mailchimp server. We never share our contact lists with people and we never bombard you with information – these are two of our pet hates and we wouldn’t want to inflict them on you!

                We never autosave passwords on any of our equipment, we must log in every time

7.0 How we protect against data breaches?

We think you should know that we rarely take hardware equipment out on the road with us e.g. laptops, and all devices are shut down and locked away at the end of each working day. Helen has access to most of the platforms mentioned in this document from her mobile phone which is both password and thumbprint protected in case it is stolen or lost. The website management system and any payment platforms such as Paypal require us to log in each time they are needed. We do not stay logged in to our systems indefinitely!

Individual passwords are in place for all pieces of equipment and platforms so that in the case of a data breach only one platform would be accessible. If a breach were to happen it would be reported to the ICO (Information Commissioner’s Office) within 72 hours of us becoming aware of the data breach and we would take action based on their advice.

8.0 How long do we keep data for and how do we keep it up to date?

  • Our annual accounts are kept for 7 years as standard for tax purposes, after this time they are shredded.
  • Sales data will be kept for the lifespan of the business Helen Russell Creations. It helps inform us about changes in the market, areas of growth and the success (or not) of our product ranges. Should the business cease to trade all sales and customer data would be deleted and our systems voided within 3 months of close of business.
  • Our stockist information is reviewed annually. Any stockists that have ceased trading are deleted from the system. New stockists and potential stockists are filed and utilised throughout the year
  • If you subscribe to our newsletter you are entitled to unsubscribe at any time using the button at the bottom of the newsletter.
  • If you have bought anything off our website, or have a returning customer account, the information we hold about that purchase can be deleted upon your request. Please email to action this.

9.0 Further reading:

Worldpay privacy policy and terms of use

Google analytics data policy

Mailchimp privacy policy

Paypal privacy policy