GDPR Privacy notice
The Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”) impose certain legal obligations in connection with the processing of personal data.
“Personal data” is defined as any information relating to an identified or identifiable data subject. An identifiable data subject is anyone who can be identified, directly or indirectly, by reference to an identifier, such as a name, identification number or online identifier.
“Processing” means any operation or set of operations that is performed on personal data, such as collection, use, storage, dissemination and destruction.
Windsweptgirlie designs is a data controller within the meaning of the GDPR and we process personal data. We may amend this privacy notice from time to time. If we do so, we will supply you with or otherwise make available to you (e.g. via email or an internet link) a copy of the amended privacy notice.
The purposes for which we intend to process personal data
We intend to process personal data for the following purposes:
To enable us to supply goods to you as our customer.
To enable communication with you for the routine purposes of business (e.g. Delivery, invoicing).
To fulfil our obligations under any relevant laws in force.
To use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings.
If you have consented to us doing so, to contact you about products and services we provide which may be of interest to you.
The legal bases for our intended processing of personal data
Our intended processing of personal data has the following legal bases:
Personal data which we gather and process is limited to that necessary for the purposes of our business relationship with you.
If you do not provide the information that we request, we may not be able to provide goods to you.
At the time you became our customer, you gave consent to our processing your personal data for the purposes listed above.
The processing is necessary for the performance of our contract(s) with you or for the provision of goods to you.
The processing is necessary for compliance with legal obligations to which we are subject.
Persons/organisations to whom we may share personal data
We may share your personal data with third parties for the purpose of providing goods to you (e.g. delivery of goods to your premises).
If the law allows or requires us to do so, we may share your personal data with the following organisations in order to comply with our legal obligations, including our legal obligations to you:
The police and law enforcement agencies
Courts and tribunals
The Information Commissioner’s Office (“ICO”)
Transfers of personal data outside the EU
Your personal data will be processed within the EU only.
Retention of personal data
When acting as a data controller and in accordance with recognised good practice we will retain all of our records only as long as it is necessary for our business requirements. If you wish us to remove your personal data, please let us know.
Storage of personal data
All personal data retained by windsweptgirlie designs is limited to that which is required for the normal purposes of business. We do not keep a database of customers information apart from that required to supply goods, i.e. name, address and email address. We do not process credit card data.
Deleting your records (the right to erasure)
In certain circumstances you have a right to have the personal data that we hold about you erased.
Further information is available on the ICO website (www.ico.org.uk ).
If you want your personal data to be erased, please inform us immediately and we will consider your request.
In certain circumstances we have the right to refuse to comply with a request for erasure (e.g. if a relevant statute prevents us from doing so).
If applicable, we will supply you with the reasons for refusing your request.
The right to restrict processing and the right to object
In certain circumstances you have the right to prevent or suppress the processing of personal data or to object to the processing of that data. Further information is available on the ICO website ( www.ico.org.uk ).
If you want us to cease to process your data, or you object to your data being processed, please inform us immediately so that we can consider what action, if any, is appropriate.
Withdrawal of consent
Where you have consented to our processing of your personal data, you have the right to withdraw that consent at any time. Please inform us immediately if you wish to withdraw your consent.
The withdrawal of consent does not affect the lawfulness of earlier processing.
If you withdraw your consent, we may not be able to continue to provide goods to you.
Even if you withdraw your consent, it may remain lawful for us to process your data on another legal basis (e.g. because we have a legal obligation to continue to process your data).
We do not use automated decision-making in relation to your personal data.
If you have requested details of the information we hold about you and you are not happy with our response, or you think we have not complied with the GDPR or DPA 2018 in some other way, you can complain to us.
Please send any complaints to firstname.lastname@example.org
If you are not happy with our response, you have a right to lodge a complaint with the ICO ( www.ico.org.uk ).