Privacy Notice : Fern and Grace
1. About me :
I am a sole trader providing Floral design services to individuals and organisations within the UK
2. The Purpose of this Notice : This Notice is designed to help you understand what kind of information I collect in connection with my design services and how I will process and use this information.
In the course of providing design services I will collect and process information that is commonly known as personal data.
- describes how I collect, use, share, retain and safeguard personal data and
- sets out your individual rights to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
3. What is Personal Data : Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details.
Personal data may contain information which is known as special categories of (sensitive) personal data – relating to and not limited to an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership. genetic and biometric data or data relating to sexual orientation.
Personal data may also contain data relating to criminal convictions and offences.
4. Personal data I collect : In order for me to provide my design services to you I may collect and process personal data about you.
You may provide me with personal data when booking an introductory call, when providing a brief, or by email. You may also provide personal data during an introductory consultation, or during a project which may be recorded in my notes.
If you visit my website (https://fernandgrace.co.uk) I may collect your personal data through your unique online electronic identifier. (This is commonly known as an IP address.)
I will collect electronic personal data when you visit my website where I will place a small text file that is commonly known as a cookie on your computer. Cookies are used to identify visitors and to monitor visitor behaviour when viewing website content, navigating my website and when using features.
Where I collect data directly from you I am the data controller.
Where I use third parties to process your data, these parties are known as processors of your personal data.
A data “controller” means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A data “processor” means the individual or organisation which processes personal data on behalf of the controller.
As the data controller I may process the following categories of data :
- Personal data such as an individual’s name, business name, mail address, Skype contact details, mobile phone number, home address, business and other contact details needed to provide floral design services.
If you object to the collection and use of your personal data I may be unable to provide you with floral design services.
For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
If you require more information about how I collect personal data and with whom I share data please contact me by email – firstname.lastname@example.org
5. Why do I need your personal data? I need your personal data to be able to offer, quote, provide, invoice and seek feedback for my services.
If you contact me to enquire about my services or to discuss providing services to you or others, or I deliver services to you, I consider that I have a legitimate business interest to provide you with information about future design services that I may offer.
You may request to be withdrawn from any promotional or marketing emails or other contacts from me at any time by emailing email@example.com
(I have no intention of sharing your personal data with third-parties for marketing purposes.)
6. Data Security : I have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access to your personal data is limited to me and any third parties who have a business need to know such data.
I have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where I am legally required to do so.
7. Data Retention : I retain client personal data for 7 years from the date of the end of any contractual agreement.
Where you contact me about design services but I do not provide a design service to you I retain your personal data for a period of 18 months.
I will comply with any legal requirements when retaining this data.
Please contact me by email (firstname.lastname@example.org) if you object to the use of, or you have any questions relating to the use of, or retention, of your personal data.
8. Your rights : Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.
These rights are known as Individual Rights under the Data Protection Act 2018.
The following list details these rights:
– The right to be informed about the personal data being processed;
– The right of access to your personal data;
– The right to object to the processing of your personal data;
– The right to restrict the processing of your personal data;
– The right to rectification of your personal data;
– The right to erasure of your personal data;
– The right to data portability (to receive an electronic copy of your personal data);
Individuals can exercise their Individual Rights at any time. As mandated by law I will not charge a fee to process these requests, however, if your request is considered to be repetitive, wholly unfounded and/or excessive, I am entitled to charge a reasonable administration fee.
You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, I am required by law to grant access to this data for law enforcement, legal and/or health-related matters.
If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please contact me (email@example.com)
I will take all appropriate steps to protect the confidentiality, integrity, availability and authenticity of your data.
9. Complaints :
If you are dissatisfied with any aspect of the way in which I process your personal data please contact me (firstname.lastname@example.org).
You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.