top of page

Privacy and Data Protection Policy


The security of any information you give to me is very important to me.


This website is hosted on the platform. 


What type of information do you collect?

We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.

How do you collect information?

When you conduct a transaction on our website, as part of the process, we collect personal information you give us such as your name, address and email address. Your personal information will be used for the specific reasons stated above only.


Why do you collect such personal information?

We collect such Non-personal and Personal Information for the following purposes:

  • To provide and operate the Services;

  • To provide our Users with ongoing customer assistance and technical support;

  • To be able to contact our Visitors and Users with general or personalized service-related notices and promotional messages;

  • To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we or our business partners may use to provide and improve our respective services; 

  • To comply with any applicable laws and regulations.

How do you store, use, share and disclose our site visitors' personal information?

Our company is hosted on the platform. provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through’s data storage, databases and the general applications. They store your data on secure servers behind a firewall. 


All direct payment gateways offered by and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

How do you communicate with your site visitors?

We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages, and postal mail.


How do you use cookies and other tracking tools?

The collection of information

Every time you log on to our website your IP (Internet Protocol) address registers on our servers. Your IP address reveals no information other than the number assigned to you. We do not use this technology to get any personal data against your knowledge or free will (i.e., automatically recording e-mail addresses of visitors). Nor do we use it for any purpose other than to help us monitor traffic on our website, or (in case of criminal activity or misuse of our information) to cooperate with law enforcement.


Cookies are small pieces of data stored on your browser. They are typically used to keep track of the settings you have selected and actions you have taken on our site. They do not contain personal information and cannot tell us who you are.


By accessing this website you are consenting to the way information is collected and used, as described within this Privacy Policy.


If you do not want to use 'cookies', most Internet browser programs will permit you to turn them off. If you do this, you will still be able to access our site as normal but some processes such as those outlined above that depend on cookies may not work properly.

First Party Cookies

These are cookies that are set by this website directly.


Google Analytics: We use Google Analytics to collect information about visitor behaviour on our website. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. This Analytics data is collected via a JavaScript tag in the pages of our site and is not tied to personally identifiable information. We therefore do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.


You can find out more about Google’s position on privacy as regards its analytics service at

How can I withdraw my consent?

If you don’t want us to process your data anymore, please contact us at or write to: Michelle Hughes Design, 67 St Swithins Walk, York, North Yorkshire, YO26 4UG.

Privacy policy updates

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. 


Questions and your contact information

If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at or write to: Michelle Hughes Design, 67 St Swithins Walk, York, North Yorkshire, YO26 4UG.


Subscribing to my website

If you have subscribed to our website your details will only be stored within our Wix account. Their full privacy policy can be read here.


Other records


Where is your data stored?

Digitally data is stored on my computer in my studio. I have sole use of this and so your data will never be seen by anyone else. Any paper copies will be stored safely in a file in my studio.

How long is your data stored for?

In line with self employment business records, I only keep essential and relevant information, for transactions over the past seven years.


Mailing list

I have been gathering my mailing list since setting my business up in June 2016. I have kept records of permission to add people to it.

Your details are stored digitally on a password protected spreadsheet. This is so that I can keep a record of where and when I was given permission to add your details to my mailing list. I am required by law to be able to supply evidence if needed.

I keep paper copies of mailing list sheets filled out at print fairs as proof of permission.

I keep emails digitally if you have confirmed you would like to be on my mailing list by email.

If you have subscribed to my mailing list through my website your details will only be stored within my Wix account.

Their full privacy policy can be read here.

I use MailChimp to create my newsletters. This is an online tool to create them. For me to be able to send regular newsletters, your name and email address are input and saved within my account. MailChimp requires two-step authentication for me to log on. This means that as well as putting in my username and password. The site also texts a verification number to my phone, so that I can log in.

Their full privacy policy can be read here.


I only ever use your details to keep you up to date on things like:

  • New print designs

  • New design projects

  • Exhibitions

  • Information about how designs are created

  • Workshops

  • Special offers

  • I will make sure my contact with you is relevant, based on the information you give me.

You can opt out at any time clicking on the unsubscribe button at the bottom of my newsletters or contacting me directly.

Customer order details for prints and related products

I keep copies of the digital or paper receipts given for the purchase of any products.  These may contain your name, contact number, address and email. This is so I can get in touch when your purchase is ready. Unless you have asked me on my mailing list, I will not contact you for any other reason.


If you have booked onto one of my workshops I will ask you to fill out a booking form. I will only contact you with information about the booked workshop.

After my workshops I usually ask for your course feedback on the day. I will only add you to my mailing list if I have your permission on this form and supplied your details. I will only use photos and testimonials from this form if you have ticked that I have persimmon to do so.


I will only use testimonials with your consent. I will only display your name and business. I will not disclose any other details.

Graphic design and commission clients

I keep a copy of the client's company name, names, address, email and telephone number on a spreadsheet on my desktop computer. This is for my reference only and is not shared with or sold on to anyone.

I save telephone numbers and email addresses on my mobile phone. These are also saved in my contact list on my email account. Both are password protected.

I will only contact you if we are working on a current project, you have expressed an interest in working together on a project or as follow up to see if I can help with any other graphic design services at a later date.

I will not contact you for any other reason.


Quotes and invoices

Quotes and invoices contain your contact details. I will not share these with anyone.

Third party suppliers

I use reputable third-party businesses where needed.

Online payments

For taking credit card payments in my online shop I use SquareUp


Please see the ‘Information we may collect about your customers’ section of  the Square Up privacy policy for details.


In person payments

For taking credit card payments in person, I use iZettle. They will only receive information needed to verify and authorise your payment card and to process your order. The iZettle privacy policy can be read here:

Pre-paid postage

For posting prints and products I use the Post Office or another reputable courier service. They will only require a name and address.

In the future, should I use a third party accountant, they will have access to the invoice details.


Data Breach Policies

If under unforce circumstances my business is subject to a data breach and I think that my customer personal data has been compromised i will contact you immediately. I will recommend that you should reset online passwords to accounts, and any other pertinent information that is related to the breach.


Other info

I will never pass your personal details to anyone for them to use for their own marketing purposes.

I never purchase date sets lists.



For any queries about my policies or your data, please email or write to: Michelle Hughes Design, 67 St Swithins Walk, York, North Yorkshire, YO26 4UG.


Privacy Policy updated September 2020

bottom of page