KEEPING YOUR DATA SAFE
1 WHO’S IN CONTROL?
1. It is important that you understand who is responsible for keeping your data safe. We are the “controller” of all personal data collected and used. This means that we are responsible for deciding how and why your data is used and for ensuring that your data is handled legally and safely.
2 WHAT DATA DO WE COLLECT AND WHERE FROM?
2.1 We collect some data directly from you when you engage with Hannah Charlotte Bespoke. This is information about you that you give us by filling in forms on our site hannahcharlottebespoke.com or by corresponding with us by telephone, email, social media platforms or in person. It includes information you provide when you register to use our site, subscribe to our service, place an order, purchase a garment or accessory, participate in discussion boards or other social media functions, enter a competition, promotion or survey and when you report a problem with our site.
This data could include some or all of the following:
2.1.1 your full name;
2.1.2 your email address;
2.1.3 your telephone numbers, home and mobile;
2.1.4 your postcode and address (if you choose to provide them);
2.1.5 your billing contact name (family or guardian);
2.1.6 your billing contact email address, postal address and phone numbers (family or guardian);
2.1.7 photographic images of your product in production and of you throughout your purchase, order, and fittings process
2.1.8 images of you on your wedding day, special occasion or events (if you chose to share them);
2.1.9 your credit card information (this is not held on file);
2.1.10 your body measurements;
2.1.11 personal notes about your fittings and personal body information;
2.1.12 personal family information and details of your wedding, special occasion or events;
2.2 We also collect anonymised, publicly available information from social networking sites such as Facebook, Instagram, Linked In and Twitter, for example likes, shares, tweets and posts about Hannah Charlotte Bespoke. This information is provided to us by a third party and is fully anonymised so we cannot see who has posted the information. This information is used for internal analysis purposes only.
3 WHAT DO WE USE YOUR DATA FOR?
3.1 It is important that you understand how and why we use the personal data that we collect about you. This section sets out the different purposes for which we process personal data and which types of personal data we need for each purpose.
3.2 Managing your personal Account Data and providing you with our services, we manage confidentially all the data you have provided us with as listed in section 2.1.1 Your data will stay in our system unless you request otherwise.
3.2.1 we use your Voluntary Data to enable us to make appointments, respond to queries, complaints or comments that you have and to make sure that these are appropriately dealt with.
3.3 Competitions and surveys
3.3.1 We use Competition Data for the purposes of allowing you to participate in competitions and to carry out any activities required in relation to those competitions, for example contacting you to let you know you have won a prize and using your address to send your prize to you.
3.3.2 we use Survey Data for the purposes of analysing insights and information to enable us to improve our services.
3.4 We periodically review the data that we keep in our archive and we will delete or anonymise your data held in the archive where we consider it is no longer of value or interest.
3.5 We will use photographs of your outfit in production on social medial such as Instagram, Facebook, our website and other marketing materials.
3.5.1 We will post pictures of you in your outfit on social media, our website and other marketing materials but only after your event date and only with full consent from you
4 WHAT IS OUR LEGAL BASIS FOR USING YOUR DATA?
4.1 Data protection law says that we have to tell you the legal basis that we rely on to process your personal data for the purposes that we have notified to you. This section tells you what that legal basis is in relation to each of the purposes set out above.
4.2 With the exception of email marketing, we process your personal data for all of the purposes identified under What do we use your data for? and How do we use your data for marketing and advertising purposes? on the basis that it is in our legitimate interests, or the legitimate interests of third parties with whom we share your data, to carry out these activities. Further information about what those interests are is set out below.
Purpose: Running your account and providing you with our services
Legitimate interests: To ensure that Hannah Charlotte Bespoke clients enjoy the best reliable professional experience to gain the most beautiful garments possible.
Purpose: Improving our services
Legitimate interests: To make sure that we continue to improve our products and experience and provide our clients with the best and most effective service possible.
Legitimate interests: To provide advertising that is relevant to you to ensure that you have the best experience possible.
4.3 You have the right to object to us processing your personal data for the purposes set out above. Unless we can show that we have a compelling legitimate reason to continue processing your personal data, we will stop processing it. Remember that you can request that we delete your data at any time in which case we will fully anonymise your personal data. Please email :email@example.com
4.4 In respect of the use of your email address for email marketing purposes, we process this on the basis that we have your consent to do so. You can withdraw your consent at any time by requesting this via email to:firstname.lastname@example.org
5 WHO DO WE SHARE YOUR DATA WITH?
5.1 We do need to share your personal data with some third parties in some circumstances. This includes where we use third party suppliers to perform various services for us. The third party suppliers we share your personal data with are as follows:
5.1.1 third party service providers who help us to manage our customer database and registration process; IT / PR and marketing providers. Website creators and advisors.
5.1.2 other service providers such as information security service providers who help us to manage our IT systems and ensure that they are secure
5.1.3 Freelance dressmakers, pattern cutters, members of wider production team and artisans.
6 HOW LONG DO WE KEEP YOUR DATA FOR?
6.1 We will keep all your personal data for as long as Hannah Charlotte Bespoke is trading. You can ask for your data to be removed at any time by requesting this via email to email@example.com. If you do this, we will anonymise all your data as soon as we reasonably can.
6.2 Any Voluntary Data you submit to our team will be retained for a minimum period of ten years from submission, after which it may be anonymised.
6.3 It is helpful to keep purchase orders on file for reference for crossover with future clients. We often search past client’s orders for fear of another client having a similar garment.
6.4 If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of Hannah Charlotte Bespoke, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
7 WHAT RIGHTS DO YOU HAVE?
7.1 You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.
7.2 We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information. If your request is particularly difficult or complex, or if you have made a large volume of requests, we may take up to three months to respond. If this is the case we will let you know as soon as we can and explain why we need to take longer to respond.
7.3 A right to access your information
7.3.1 You have a right to ask us to send you a copy of personal data that we hold about you (subject to some exceptions). A request to exercise this right is called a “subject access request” and must be made in writing to: firstname.lastname@example.org
7.4 A right to object to us processing your information
7.4.2 If we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data
7.5 A right to have inaccurate data corrected
7.5.1 You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.
7.6 A right to have your data erased
7.6.2 We will fully anonymise any personal data we hold about you when you email your request for us to do so, as set out under How long do we keep your data for? above. This means that it will no longer identify you and ceases to be “personal data”.
8 HOW CAN YOU CONTACT US?
9 WHAT IF YOU HAVE A COMPLAINT?
9.1 You have a right to complain to the Information Commissioner’s Officer (ICO), which regulates data protection compliance in the UK, if you are unhappy with how we have processed your personal data.
9.2 You can find out how to do this by visiting www.ico.org.uk.
10 WHAT IF THIS POLICY CHANGES?