Privacy Policy for Patricia Corrales Illustration

Last updated: December 11th, 2025

This Privacy Policy explains how Patricia Corrales Illustration collects, uses, and protects your personal data when you visit our website www.patriciacorrales.com, interact with our services, or make purchases. We are committed to complying with the UK GDPR, EU GDPR, and all applicable UK data protection laws.

If you have any questions, please contact us at:
📧 hellopatriciacorrales@gmail.com

1. Data Controller

The data controller responsible for your personal information is:

Patricia Corrales Illustration
United Kingdom
Email: hellopatriciacorrales@gmail.com

2. Personal Data We Collect

We collect the following categories of personal data:

a. Information You Provide to Us

  • Name

  • Email address

  • Payment information (processed securely by third-party payment providers)

  • Newsletter signup information

b. Information Collected Automatically

  • IP address

  • Device and browser type

  • Usage data (pages viewed, time spent, interactions)

  • Cookies and tracking identifiers

c. Data Collected Through Third-Party Services

  • Analytics data (Google Analytics)

  • Payment confirmation and transaction data (PayPal)

  • Email subscription data (Mailchimp)

  • Hosting and platform data (Squarespace)

3. How We Collect Personal Data

We collect data through:

  • Newsletter signup forms

  • Cookies and analytics tools

  • Checkout and purchase processes

  • General browsing of our website

We do not offer user accounts, so we do not collect or store login information.

4. Purposes of Processing

Your personal data is processed for the following purposes:

  • Marketing (newsletter updates, promotional emails)

  • Analytics (to understand website performance and improve the user experience)

  • Order fulfilment (processing payments and delivering digital or physical goods)

  • Service improvement (diagnostics, troubleshooting, site optimisation)

5. Legal Bases for Processing

We rely on the following legal bases under the UK GDPR and EU GDPR:

  • Consent – for email marketing, newsletter signup, and cookies requiring consent.

  • Contract – when processing your data to fulfil purchases or respond to order-related requests.

  • Legitimate interest – for website analytics, security, and site optimisation (where consent is not required).

6. Third-Party Services

We share personal data with trusted service providers who assist us in operating our website and conducting business. These services may process your data on our behalf:

  • Google Analytics – analytics and usage insights

  • PayPal – secure payment processing

  • Mailchimp – email marketing and communications

  • Squarespace – website hosting, infrastructure, and e-commerce tools

Each provider has its own GDPR-compliant privacy and security practices.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Enable essential website functions

  • Improve website performance and security

  • Measure traffic and user behaviour

  • Support marketing and newsletter signup tools

When required by law, we request your explicit consent before placing non-essential cookies.

You can manage or disable cookies through your browser settings at any time.

8. International Data Transfers

Some of our third-party providers (e.g., Mailchimp, Google) may store or process data outside the UK or EU.
When this occurs, we ensure appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)

  • Adequacy decisions

  • Other GDPR-compliant mechanisms

9. Data Retention

We keep your personal data only as long as necessary for the purposes described above:

  • Marketing data: until you unsubscribe

  • Purchase and transaction data: typically 6 years for legal and tax purposes

  • Analytics data: as defined by Google Analytics retention policies

When data is no longer needed, we securely delete or anonymise it.

10. Your Rights Under GDPR

You have the following rights:

  • Right of access – request a copy of your personal data

  • Right to rectification – correct inaccurate or incomplete data

  • Right to erasure (‘right to be forgotten’)

  • Right to restrict processing

  • Right to data portability

  • Right to object to processing based on legitimate interests or direct marketing

  • Right to withdraw consent at any time

To exercise your rights, contact hellopatriciacorrales@gmail.com

11. Children’s Privacy

Our website is not intended for children under 16, and we do not knowingly collect their data.

12. Security Measures

We take appropriate technical and organisational measures to protect your data, including:

  • Encrypted connections (HTTPS)

  • Secure payment processing via PayPal

  • Access controls and platform-level security via Squarespace

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. All updates will be posted on this page with the date of the latest revision.

14. Contact Us

If you have any questions about this Privacy Policy or your personal data, please contact:

Patricia Corrales Illustration
📧 hellopatriciacorrales@gmail.com