1. Information About Us

• Company Name: Hedyn Cyf, trading as Cwmni Pot-Inc

• Registered Office: 24 College Road, Bangor, Gwynedd, LL57 2AN

• Contact Email: post@pot-inc.co.uk

• Phone Number: 01248 305071

• ICO Registration: ZB400650

​​

If you have any questions about this policy or how we handle your data, please contact us using the details above.

2. What Data We Collect

Children’s Artwork

• Artwork Scans: Scanned images of children’s artwork submitted by participating schools, nurseries, or clubs.

• Unique Codes: Each piece of artwork is assigned a randomly generated 8-digit code, ensuring privacy and security.

• Child’s Details: Names and class details may be visible on the artwork but are not stored separately or publicly unless a parent/guardian provides this information during the artwork preview or order process.

  • The artwork and any visible names or class details are processed solely within the image for order purposes and are not extracted or used independently.
     

Customer Data

• Personal Information: Name, email address, and contact details provided during order placement.

  • Why We Collect It: To identify customers, communicate updates, and respond to enquiries.

• Order Information: Personalisation text (e.g., names to be printed on products), delivery address, and payment details.

  • Why We Collect It: To process and fulfil personalised orders, ensure delivery, and manage payments.
     

Technical Data

• What We Collect: Internet Protocol (IP) address, browser type, device type, operating system, and language preferences.

  • Why We Collect It: To ensure the functionality of our website, improve user experience, and monitor usage through analytics.

3. Data Processing Relationship with Schools

Cwmni Pot-Inc acts as the Data Processor in our relationship with participating schools, nurseries, and clubs.

​

These institutions provide us with children's artwork that features limited essential information (name, class, school) for the purpose of creating personalised ceramic ornaments. Importantly, we do not extract or separately store this information; it remains securely embedded within the artwork image.

​

We have strict safeguards in place to protect this data, including:

• Data Minimisation: We only process the essential data provided by the schools, and no additional data is extracted or used.

• Secure Data Handling: We use robust security measures to protect personal data, in line with Article 32 of the GDPR.

• Confidentiality: Our personnel are bound by confidentiality obligations.

• Data Retention: We delete all personal data, including scanned artwork images, within 30 days of project completion, unless required as part of the order record.

We process this data under the lawful basis of necessity, as it is required to fulfil our agreements with the schools.

​

We are committed to assisting schools in fulfilling their data protection obligations and responding to data subject requests.

4. How We Collect Data

We collect personal data through:

• Schools, nurseries, and clubs: Submitting children’s artwork as part of our fundraising project.

• Website users and Customers: Providing personal and order information during the artwork preview or order process.

• Our Website: Through cookies and analytics.

• Social Media and Feedback: Engagements or enquiries submitted through social media platforms or feedback forms.

• Competitions and Promotions: Participation in surveys, competitions, or other activities.

5. How We Use Your Data

Children’s Artwork

• To create personalised ceramic ornaments.

• To associate orders with the correct artwork using unique codes.

Customer Data

• To process and fulfil orders, including personalisation and delivery.

• To communicate updates or resolve enquiries related to orders.

Technical Data

• To improve our website’s performance and functionality.

• To monitor website usage and identify potential improvements.

6. How We Protect Children’s Data

• Privacy Measures: Names and class details on the artwork are never extracted or stored separately from the artwork image. While artwork images may be duplicated for processing, personal data remains securely embedded within the image and is not used independently.

• Unique Codes: During processing, each piece of artwork is assigned a randomly generated 8-digit code, ensuring privacy with a 1 in 100,000,000 chance of guessing a single combination correctly.

• Safeguarding Personalisation Data: Parents/guardians can update personalisation details (e.g., names for printing on products) during order placement. This data is used only for personalising your order and will not be used for any other purpose. Since this data is integral to the order record, it is securely retained in connection with the order and cannot be deleted independently.

• Retention and Deletion: Information provided during the artwork preview or order process, including the child’s full name and school, is securely retained for the duration of the order’s processing and permanently deleted within 30 days of project completion, unless required as part of the order record.

7. How We Store and Delete Artwork and Data

• Original Artwork: Returned to the participating school during or after project completion.

• Scanned Artwork: Securely deleted within 30 days of project completion. Early deletion requests can be made by contacting us at post@pot-inc.co.uk.

• Customer Data: Retained securely as part of the order record. We will only keep your data for as long as is necessary to comply with legal, accounting, and reporting obligations.

8. How We Use Cookies and Analytics

All Cookies used by our business are used in accordance with the current Cookie Law. We may use some or all of the following types of Cookie on our website in accordance with the Wix.com Privacy Policy (https://www.wix.com/about/privacy).

​

• Strictly Necessary Cookies - a Cookie falls into this category if it is essential to the operation of our website, supporting functions such as logging in.

• Analytics and Flash Cookies - it is important for us to understand how you use our website. For example, how efficiently you are able to navigate around it, and what features you use. Analytics Cookies enable us to gather this information and help us to improve our website.

• Functionality Cookies - enable us to provide additional functions to you.

• Persistent Cookies - Any of the above types of Cookie may be a persistent Cookie. Persistent Cookies are those which remain on your computer or device for a predetermined period and are activated each time you visit our website.

• Session Cookies - Any of the above types of Cookie may be a session Cookie. Session Cookies are temporary and only remain on your computer or device from the point at which you visit our website. To delete these cookies, you will need to clear your browser history.

Before Cookies are placed on your computer or device, you will be shown a cookie compliance statement, requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling us to provide you with the best possible experiences and services to you. You may wish to deny consent to the placing of the Cookies at which point we request you cease using our website.

9. Third-Party Hosting and Payment Processing

Our website is hosted by Wix.com (www.wix.com). Wix.com provides the online platform that allows us to sell our products and services to you.

Data Storage by Wix.com

• Your data may be stored through Wix.com’s data storage, databases, and general applications.

• Wix.com stores your data on secure servers protected by a firewall.

Payment Processing

• All direct payment gateways offered by Wix.com and used by our company comply with the standards set by the PCI Security Standards Council, which is a collaborative effort by major card brands including Visa, MasterCard, American Express, and Discover.

• PCI-DSS Standards: These standards ensure the secure handling of payment information by our website and its service providers.

For more information, you can review Wix.com’s Privacy Policy at Wix Privacy Policy.

10. Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have the right to:

​

• Access: Request a copy of your data.

• Rectify: Correct inaccurate or incomplete data.

• Erase: Request deletion of your data where it is no longer necessary or if you withdraw consent.

• Restrict Processing: Limit how your data is processed in specific situations.

• Object: Opt out of specific types of processing.

• Portability: Receive your data in a transferable format.

To exercise these rights, you can submit a Data Subject Access Request (DSAR) by emailing us at post@pot-inc.co.uk. We will respond to your request within one month, as required by law.

11. Complaints

If you have concerns about how we handle your data, you can:

• Contact us at post@pot-inc.co.uk or call us on 01248 305071.

• File a complaint with the Information Commissioner’s Office (ICO):

  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

  • Helpline: 0303 123 1113

  • Website: ico.org.uk

12. International Data Transfers

All data is processed and stored within the UK/EU. In the event that any data is transferred outside the UK/EU (e.g., by Wix.com), appropriate safeguards, such as Standard Contractual Clauses (SCCs), will be implemented to ensure the protection of your data.

13. Updates to This Policy

We may update this policy periodically to reflect changes in our practices, services, or applicable laws. Updates will take effect immediately upon posting. Please review this page regularly for the latest information.