Privacy Notice

1. Who are we?

The website is owned by Richard Murrin.

Richard Murrin aims to provide you with the highest quality service. To do this, we must keep records about you and the services we provide for you. We aim to maintain high standards, adopt best practice for our record keeping and regularly check on how we are doing.

Being transparent and providing accessible information to individuals about how we will use their personal data is a key element of the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (“GDPR”).

This Privacy Notice relates to Richard Murrin Art and Photography, specifically the use of the website (including purchases from the store) and the newsletter (mailing list).

2. What are Richard Murrin's obligations under GDPR as a Data Controller?

Richard Murrin is the Data Controller because we determine why your data is being processed and how it is being processed.

Personal data means any information capable of identifying a living individual. It does not include anonymised data.

Processing is anything that is done with personal data including collecting, recording, structuring, storing, adapting, altering, retrieving, consulting, use and disclosure.

We will handle your information correctly and protect your privacy. Relevant information will only be shared with trusted organisations contracted to process data on behalf of Richard Murrin or where required to by law and with sound legal basis (see sections 7 and 8).

3. How and why are we processing your personal data?

We may collect and process your personal data in a different ways:

Communication Data that includes any communication that you send to us whether that be through the contact form on our website, through email, text, social media messaging, social media posting, commenting on the website or any other communication that you send us.

We use Communication Data to help tailor our services and provide more content that takes into account your feedback. We also use it to answer your queries and provide personal responses. Communication Data is not used for marketing purposes and you will only be added to the Mailing List if you explicitly request it.

Marketing Data that includes data about your preferences in receiving marketing from us and your communication preferences. This is provided by subscribing to the Mailing List.

We use Marketing Data to deliver relevant email content to you and to measure or understand the effectiveness of the content we provide you. The personal data you have provided is your email address, and in some instances also your name. This is so that you can receive email notification of new content as well as new offers, sales, and other similar information. The personal details provided will be used only for this purpose and you are able to unsubscribe at any time.

Technical Data that includes data about your use of our website and online services, which may include your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is Google Analytics.

We use Technical Data to allow us to improve the user experience and monitor website usage.

4. Cookie policy

This website uses cookies. Cookies are simple text files that are stored on your computer or mobile device. When you visit a new website for the first time a cookie is downloaded. That way, the next time you visit that website it ‘knows’ that you’ve visited before and can take account of that by tailoring the experience to you.

Some cookies are used for other purposes, such as recording what your preferred settings are so they can be loaded when you revisit a website, for example this could include remembering what items are in your shopping cart. Cookies are used to improve your overall browsing experience. They can also be used to analyse traffic for advertising and marketing purposes.

Session cookies last only whilst your browser is open and will be automatically deleted when you close your browser. Persistent cookies last until they expire or until you delete them.

If you don’t wish to allow cookies you can adjust your browser settings. Some browsers will allow you to manage settings for individual websites so that you can disallow cookies from all sites except those on your trusted list.

However, if you limit the ability of websites to use cookies you may worsen your browsing experience and/or lose the ability to access services.

Click here for more information about Google Analytics and your privacy.

Please be aware that some cookies are necessary for the website to function properly. If you disable these cookies in your browser, parts of the website may not work correctly. For more information about cookies, visit

5. Under what legal basis do we collect and process your data?

We rely on consent as the lawful basis on which we collect and use your personal data (Communication Data and Marketing Data).

We rely on legitimate interest as the lawful basis on which we collect and use your website browsing information (Technical Data).

6. Sensitive data

Sensitive Data includes data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data, criminal convictions and offences. We do not collect any sensitive data.

7. What other organisations process my data?

In order to provide a high quality service, Richard Murrin uses trusted organisations to collect and process your data. These are:

Format - is hosted on Format. Submission to the Contact form and subscriptions to the Mailing List are also handled by Format, as well as transactions in the Store using PayPal as the payment processor.  Format's privacy policy can be found at: and their cookie policy can be found at:

Mailchimp – Mailchimp is used to store your personal data, create email material and to send this to you. Under GDPR they are a data processor. Mailchimp’s privacy policy can be found at: and you should refer to “Section 3 – Privacy for Contacts”.

Google – Richard Murrin uses Google Analytics to gain insights about how users interact with the website and to improve the functionality of the website as a result. Google uses cookies to provide this function. Google’s privacy policy can be found at:

You have the right to opt-out of Analytics cookies by using a browser add-on. This is available here:

PayPal - PayPal is the payment processor for transactions in the Store and they receive your transaction information. Under GDPR they are a data processor. PayPal's privacy policy can be found at:

8. Providing your personal data to others

We may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

We may also share your personal data with professional advisors including lawyers, bankers, auditors, bookkeepers/accounters and insurers who provide consultancy, banking, legal and accounting services.

We may also share your personal data with government or regulatory bodies that require us to report processing activities in certain circumstances.

9. How long will we hold your personal data?

We will hold your data until you withdraw consent, which you are able to do at any time by contacting or by using the ‘Unsubscribe’ link on email communications. When you unsubscribe, your personal data will be deleted within 30 calendar days of your unsubscription/request for deletion.

Data related to sales of prints or other materials in the Store will be retained in accordance with the current UK HMRC retention policy of 6 years plus the current tax year (6 years + 1).

10. What are your rights under GDPR as a Data Subject?

You are a Data Subject because you are the person whose personal data is being processed and you have the right to:

  • request a copy of your personal data which Richard Murrin holds about you
  • be informed how your data is being processed and why it is being processed
  • request that Richard Murrin corrects any personal data if it is found to be inaccurate or out of date
  • request your personal data is erased where it is no longer necessary for Richard Murrin to retain such data
  • withdraw your consent to the processing at any time
  • request that Richard Murrin transmits your personal data directly to another data controller
  • request a restriction be placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data
  • object to the processing of personal data
  • not be subject to a decision made solely on automated processing
  • lodge a complaint with the Information Commissioner’s Office if you are unhappy about how we have handled your personal data

11. Requesting access to your personal information

Under the data protection legislation you have a right of access to information about you that we hold. If you would like to make a request for access to your personal information contact:

12. Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner.

If there is any suspected data security breach we will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

13. Amendments to this Privacy Notice

From time to time this Privacy Notice may be updated by publishing a new version to this page. Should there be a significant change, we will notify you by email or notification on the website home page. Otherwise, you should check back occasionally to ensure you remain happy with the content of this Privacy Notice. A Change Log is provided at the bottom of this Privacy Notice and identifies what updates have been made and when.

14. Third Party Cookies and Privacy Policies

Third party cookies are those that serve content or advertising on the website. These include when a website user takes a specific action, such as liking or following a post on a social media platform. Richard Murrin has no control over cookies set by third parties.

We use Google Analytics to collect insights into the usage of the website. Their privacy policy can be found at:

15. Who to contact

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at

Richard Murrin is the Data Protection Officer. Their contact details are

You can also use the website contact form.

Change Log

11th December 2021

  • Date of original publication.
Using Format