Last updated: 30/04/2026

Who we are

Our website address is: https://www.emilymccormack-artist.ie.

Data Controller:

Full name of Data Controller: Emily McCormack
Full name of Company: Emily McCormack Artist
Email address: [email protected]
Postal address: Warrenstown, Co. Meath, W23 TVH7, Ireland

Data Processors:

We work with trusted service providers and contractors who process personal data on our behalf, such as website management support, payment processors, email marketing providers, and hosting services. These parties only process data according to our instructions and in compliance with GDPR.

Where Your Data is Stored (Hosting & Data Location)

Our website is managed and hosted by Sarah Kick Web Services. The underlying infrastructure is provided by IONOS, whose data centres are located in the United Kingdom.
The UK currently benefits from an EU adequacy decision, meaning it is recognised as providing a level of data protection equivalent to EU GDPR. Personal data is stored and processed in the UK lawfully. Secondary encrypted backups are also maintained for disaster recovery purposes.

We maintain a Data Processing Agreement (DPA) with Sarah Kick Web Services, and all processing is carried out in accordance with GDPR requirements.

What Personal Data We Collect and Why:

Orders and Customer Accounts

We collect the information required to process and fulfil orders, manage accounts, and provide customer support. This includes name, email address, postal address, payment details (processed securely by Stripe or PayPal), and order history.

Contact Forms

Information submitted through contact forms is used solely to respond to enquiries.

Cookies

We use cookies to support website functionality, store preferences, enable analytics, and facilitate the checkout process.

Login Cookies

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Basket Cookies

WooCommerce uses cookies to keep track of basket contents while you browse.

Tracking & Analytics Cookies

We use tracking cookies for:

  • Google Analytics
  • WooCommerce Analytics
  • Facebook Pixel

These cookies help us understand how visitors use the site, measure performance, and improve our offerings. They are only activated with your consent.

You may withdraw consent at any time through the cookie settings on our site.

Embedded Content from Other Websites

Articles on this Site may include embedded content (e.g. videos, images, articles, maps etc.). Embedded content from other websites behaves in the exact same way as if you visited the external site directly and may collect data, use cookies, or track interactions.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

We have provided you with the choice to accept this embedded third-party content or not, as we prompt you with consent boxes for all embedded content and no data is transferred before consent is granted. The checkboxes below show you all the embeds you have consented to. You can opt out at any time by unchecking any selected embeds and clicking the Update button.

Analytics Tools We Use

Google Analytics

We use Google Analytics to understand how visitors use the site. Google may process data outside the EU using Standard Contractual Clauses (SCCs). IP anonymisation is enabled.

WooCommerce Analytics

WooCommerce Analytics collects aggregated data on product views, sales performance, and store activity. This data is used to improve our shop and customer experience.

Facebook Pixel

The Facebook Pixel tracks page views, conversions, and advertising performance. It is only activated with your explicit consent.

What We Collect and Store (WooCommerce)

While You Visit the Site, we will track and collect:

  • Products you have viewed: we’ll use this to, for example, show you products you’ve recently viewed,
  • Location, IP address and browser type (we will use this for purposes like estimating taxes and shipping estimates),
  • shipping address (we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order),
  • and basket contents (via cookies).

We’ll also use cookies to keep track of basket contents while you’re browsing our site.

During Checkout

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 6 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

We will also store comments or reviews, if you choose to leave them.

Account Information

If you create an account, we store your details to streamline future checkouts.

If you request a password reset, your IP address will be included in the reset email.

Who on Our Team Has Access

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:

  • Order information like what was purchased, when it was purchased and where it should be sent, and
  • Customer information like your name, email address, and billing and shipping information.

Our team members have access to this information to help fulfill orders, process refunds and support you.

What we share with others

We share information with third parties who help us provide our orders and store services to you; for example: –

Payments

We accept payments through PayPal and Stripe. When processing payments, some of your data will be passed to PayPal and/or Stripe, including information required to process or support the payment, such as the purchase total and billing information.

Please see the PayPal Privacy Policy and/or Stripe Privacy Policy for more details.

Email Marketing (Mailchimp) & Email Services

If you subscribe to our newsletter, your email address is processed by Mailchimp for email delivery. Mailchimp may process data outside the EU using Standard Contractual Clauses (SCCs).

When shopping, we keep a record of your email and the basket contents for up to 30 days on our server. This record is kept to re-populate the contents of your basket if you switch devices or needed to come back another day. Read our privacy policy here.

Accountants & Legal Advisors

We may share financial records and transaction information with our external accountant and, where necessary, legal advisors. This is done to meet our legal obligations for tax, accounting, and compliance purposes. These professionals are bound by confidentiality and process data in accordance with GDPR.

Administrative and Technical Support

We work with Sarah Kick Web Services (our technical partner) to ensure our website remains secure, functional, and protected against data loss. They have access to website data for essential business functions such as maintenance, backups, security monitoring, order management, and technical support.

This service involves the use of industry-standard tools such as Acronis, UpdraftPlus, Google Drive, and Cloudflare, alongside our hosting provider (IONOS). All access is strictly controlled, minimal, and carried out under confidentiality and GDPR-compliant agreements.

International Data Transfers

Some service providers (Mailchimp, PayPal, Stripe, Google, Meta, IONOS) are located outside the EU. Where personal data is transferred internationally, we rely on:

  • The UK adequacy decision (for hosting)
  • Standard Contractual Clauses (SCCs)
  • Provider‑implemented GDPR safeguards

How Long We Retain Your Data

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

  • Order information: 6 years (tax and accounting)
  • Account information: retained until you request deletion (check)
  • Contact form messages: up to 12 months
  • Marketing email data: retained until you unsubscribe
  • Server and security logs: up to 90 days

Lawful Basis for Processing

We process personal data under the following lawful bases including but not limited to:

  • Contract: to process and fulfil orders, manage accounts, and provide customer support.
  • Consent: for marketing emails, optional cookies, analytics, and embedded third‑party content.
  • Legitimate interests: to maintain website security, prevent fraud, understand site usage, and improve our services.
  • Legal obligation: to retain financial records for tax and accounting purposes.

Your Rights

You have the right to access your personal data, request correction of inaccurate data, request deletion of your data, request a copy of your data, withdraw consent at any time, object to certain types of processing, restrict processing in specific circumstances.

To exercise your rights, contact: [email protected] 

Right to Lodge a Complaint (Ireland – GDPR & Data Protection Act 2018)

If you have any concerns about how your personal data has been handled, please contact us first using the details provided in this policy and we will do our best to resolve the issue. If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission (DPC), the Irish supervisory authority for data protection.

Automated Decision‑Making

We do not use automated decision‑making or profiling.

Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page.