By using the site and providing us your data, you confirm that you are over the age of 13.
The data controller for the site is Astrid Gay and will be referred to as “we”, “us” and “our” throughout this policy. You can contact us using our online contact form, by email at support@Astrid.Nicholls.co.uk or by post at: Astrid Nicholls, 128 Warburton Road, SOUTHAMPTON, SO19 6HL.
Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information.
Collecting and using your personal data
Personal data means any information capable of identifying an individual. It does not include anonymous data. We may receive personal data from you directly or from third parties helping us to provide our products or services on the site.
Technical Data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. Our primary source for user data is Google Analytics, our tracking system. We may also ask you directly if you take part in surveys. User data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
We may process information contained in any enquiry you submit to us regarding goods and/or services (“communication data“). This data can be gathered through the contact form on our website, email, text, social media messaging, social media posting or any other communication that you send us. It may be processed for the purposes of communication with you, record keeping or offering, marketing and selling relevant goods and/or services to you. The source of the data is you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business or to establish, pursue or defend legal claims.
Customer data may include data relating to any purchases of goods and/or services such as your name, title, billing and delivery addresses, email address, phone number, contact details, or purchase details. The source of the data is you and our payment services providers. The transaction data may be processed for the purpose of supplying the purchased goods and/or services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
Marketing data may include information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters. This data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is our legitimate interests, namely communications with our website visitors and service users
We may process any of your personal data identified in this policy to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you. The legal basis for this processing to grow our business. We may also use such data for compliance with a legal obligation to which we are subject.
We do not collect sensitive data. Sensitive data refers to data that includes details about your ethnicity, personal beliefs or opinions, sex, sexual orientation, disability or biometric data. We do not collect any information about criminal convictions and offences.
Please do not supply any other person’s personal data to us, unless we prompt you to do so.
Providing your personal data to others
Your personal data held in our website database will be stored on the servers of our hosting services providers.
We may disclose your persona data to our suppliers insofar as reasonably necessary for running our business such as:
- Service providers who provide IT and system administration services.
- Professional advisers including lawyers, bankers, auditors and insurers
- Government bodies that require us to report processing activities.
- Third parties to whom we sell, transfer, or merge parts of our business or our assets.
In addition to the specific disclosures of personal data, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
International transfers of your personal data
Your personal data may be transferred to countries outside the European Economic Area (EEA) as some of our suppliers are based outside the EEA.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data. We will only transfer your data to countries the European Commission have approved or, in the case of US-based providers only if they are part of the EU-US Privacy Shield.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
Retaining and deleting personal data
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
In some circumstances, we may use your personal data for research or statistical purposes. In which case we may render the date anonymous and use this information indefinitely without further notice to you.
We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject (such as for tax purposes), or in order to protect your vital interests or the vital interests of another natural person.
Your principal rights under data protection law are:
- the right to access – you can ask for copies of your personal data;
- the right to rectification – you can ask us to rectify inaccurate personal data and to complete incomplete personal data;
- the right to erasure – you can ask us to erase your personal data;
- the right to restrict processing – you can ask use to restrict the processing of your personal data;
- the right to object to processing – you can object to the processing of your personal data;
- the right to data portability – you can ask that we transfer your personal data to another organisation or to you;
- the right to complain to a supervisory authority – you can complain about our processing of your personal data; and
- the right to withdraw consent – to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.
These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal data that we store about you may be linked to the information stored in and obtained from cookies.
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website.
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy.
This document was created using a template from SEQ Legal (https://seqlegal.com/free-legal-documents/privacy-policy).