Privacy And Cookie Policy

Our Privacy Policy Notice

Processing of your personal data

Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.

  • We only process personal data for the core business purposes, and therefore we are exempt from registration in the ICO Data Protection Register.
  • Lawful basis: Consent

We may process the information you provide us for the purpose of subscribing to our email notifications and/or newsletters. We refer to this data as “notification data”. We process the notification data for the purposes of sending you relevant notifications about our products, promotional offers and exclusive discounts. The legal basis for this processing is consent.

  • Lawful basis: Contract

We may process your transaction data, including information about purchases of goods and services you make through our website. This data may include your contact details, your card details and delivery address. This data may be processed for the purpose of supplying you the goods and services you purchased and keeping proper records of those transactions. The legal basis for this processing is ‘the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract’ and our ‘legitimate interests’ to properly administer our website and business.

  • Lawful basis: Legitimate interests

We may process data contained in or relating to any communication you send us. This data may include the communication content and metadata associated with it. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed communicate with you and for record-keeping. The legal basis for this processing is our ‘legitimate interests’ to properly administer our website and business, and to communicate with customers.

  • Lawful basis: Legal obligation
    In addition to the specific purposes for which we outlined above, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject.

Data Sharing

  • We may disclose your name, contact number and address to our carrier to enable them to deliver your orders.
  • We may disclose may disclose your contact details to our suppliers or subcontractors insofar as reasonably necessary for providing you with goods and services you require.
  • Financial transactions relating to our website and services are handled by our payment services providers, WorldPay, PayPal and Divido. We will share transaction data with them only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices by clicking the links below:
  • WorldPay
  • PayPal
  • Divido

Data security and protection

We shall not keep any of your personal data that we process for any purpose or purposes for longer than is necessary for that purpose or those purposes. At present, we are required by HMRC to keep transaction records for 6 years plus current. For more information about this requirement, you can check out the HMRC Policy paper on Records Management and Retention and Disposal Policy.

If we find that our lawful basis for processing your personal information changes, we will notify you about the change and any new lawful basis to be used if needed. We shall stop processing your personal information if the lawful basis we used is no longer relevant.

Data security and protection

We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.

Your individual rights

Under the GDPR your rights are as follows. You can read more about your rights in details here:

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • the right to object; and
  • the right not to be subject to automated decision-making including profiling

You also have the right to complain to the ICO [] if you feel there is a problem with the way we are handling your data.

We handle subject access requests in accordance with the GDPR.

Internet cookies

We use cookies on this website to provide you with a better user experience. We do this by placing a small text file on your device / computer hard drive to track how you use the website, to record or log whether you have seen particular messages that we display, to keep you logged into the website where applicable, to display relevant adverts or content, referred you to a third party website.

Some cookies are required to enjoy and use the full functionality of this website.

We use a cookie control system which allows you to accept the use of cookies, and control which cookies are saved to your device / computer. Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.

Cookies that we use are;

  • PHPSESSIONID – this keeps track of your session in GraphicAir website, and expires when you close your browser.
  • Paypal cookies – this allows you to use Paypal in our website
  • catAccCookies – this remembers that you saw the cookie notice so you don’t have to see it again every time you visit a page. It expires after 6 months.
  • Google Analytics – includes the following:
    • _utma – contains randomly generated digits used to workout unique visitors to our site. It expires after 2 years.
    • _utmb – this randomly generated code works with _utmc to analyse the average length of time users spend on It expires after 30 minutes.
    • _utmc  – another randomly generated number that works with _utmb to determine when you close your browser. It expires when you close your browser.
    • _utmz  – this randomly generated number informs us about how you got to our site (e.g. direct or via a link, organic search or paid search). It expires after 6 months.

 Our cookies fall into the following categories:

  1.  Session cookies – temporary cookies that reside in your computer’s internet browser folder until you close the browser.  We use this cookie to make sure connections to our servers are performing properly.
  2.  Permanent cookies – remain in our computer’s internet browser folder a longer period after you visited the website. We need to use a cookie to remember your preference while in our website. It doesn’t keep any other information and is not used for any other purposes. These cookies are deleted when you clear your browsing history.
  3.  Analytical cookies – Like most websites, we use Google Analytics cookies. There are used to record the following:
  • time of your first visit to website
  • time of your most recent visit to the website
  • time of your current visit
  • how long you stayed on the website;
  • how you got to our website (i.e. search, keyword, link from other page etc)

Google and personal data. Read about Google’s Privacy Policy here.

To stop Google Analytics cookies, you may wish to install the Google Analytics Opt-Out Browser Add-On (

Transparent Privacy Explanations

We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.

Email marketing messages & subscription

Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal date” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software or applications that allow marketers to send out email marketing campaigns to a list of users. Our EMS Provider is MailChimp.

Email marketing messages that we send may contain tracking beacons/ racked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.

Any email marketing messages we send are in accordance with the GDPR and the PECR. You can easily withdraw your consent to receive our marketing messages by clicking the ‘unsubscribe’ link which is included in every marketing emails we send out.

MailChimp will hold the following information about you within its EMS system;

  • Name
  • Email address
  • I.P address
  • Subscription time & date