Date last revised: April 2019
CLEMENTINE BRIDAL BOUTIQUE LIMITED (Company number 11715805) are committed to respecting your privacy and protecting your personal data. We recognise that personal data does not belong to us; we have received it for specific purposes, and must only use it in ways that are consistent with those purposes.
Unless otherwise required by law, the Information Commissioner’s Office (ICO) guidance or best practice, or in order to perform our contract with you, we will only process your personal data in the way we tell you (at the point we collect it) or in the way you ask us to, and we will give it back to you at any time (unless we need to retain it, for specified reasons).
1. This policy
1.1 This policy sets out how we will process your personal data and it applies to our contract with you. Our standard terms of business also contain information about how your personal data is held by us. You are therefore advised to read both carefully.
1.2 Terms used within it shall have the meaning(s) given in the Data Protection Act 2018 (Act) and/or the EU General Data Protection Regulation 2016/679 (Regulation), as applicable.
1.3 By visiting our website at http://www.clementinebridal.com, by working with us or by otherwise providing your personal data to us, you understand, accept and consent to the practices described in this policy.
1.4 Any changes we make to this policy will be posted on this page. Where such changes have a material impact on the way we use your data, including who we disclose it to, we will notify you in advance. You are nonetheless advised to check back frequently as, unless your consent is required, any changes will be binding on you when you continue to use the Website or work with us after the date of the relevant change.
1.5 For more information relating to your rights under this policy, please see section 10.
1.6 If you have any queries relating to this policy, please contact us at firstname.lastname@example.org in the first instance
2. Who we are
2.1 For the purposes of the Act, the data controller is Clementine Bridal Boutique Limited. We are a private limited company registered in England & Wales (number 11715805) and our registered office is at 12/14 High Street, Caterham, Surrey, CR3 5UA.
2.2 We are registered with the ICO to process personal data in the manner set out in this policy and our registration number is A8453951.
2.3 Your personal data will be stored by us in our internal management information systems backed up off site on encrypted Cloud-based servers located within the EU. All personal data is processed by UK based staff who are regulated by our internal staff data protection policy.
3. Your consent
3.1 It is a common misconception of the Regulation that we can only process your personal data with your prior consent. This does not apply to us in most cases as we require your personal data in order to perform our contract with you (whether as a customer dealing on our standard terms, or on our supplier agreement), and provide our goods and services to you. This is a specifically permitted lawful basis to process personal data under the Regulation.
3.2 We currently consider that all personal data we obtain is reasonable and necessary for this purpose, but we review this from time to time.
4. What personal data do we take?
4.1 The following categories of your personal data are collected in order to do business with you:
4.1.1 basic contact information (including your name, prefix/title, address, telephone number and email address);
4.1.2 identification and background information provided by you or collected as part of our business acceptance processes (further detail is stated in our terms and conditions of business provided to you on engagement);
4.1.3 all personal data requested on our new customer account or credit application forms;
4.1.4 payment information (for invoicing and payment processing); and
4.1.5 any other information relating to you which you may provide to us (such as during meetings, over the telephone or on email).
4.2 Where you are a current member of our staff, we will process additional information about you in order for us to comply with our employment obligations and administer our contract with you. This will include your date of birth, bank details, identity documents, nationality, gender and residential addresses.
4.3 Where you are a potential employee, worker or other member of our staff, we may collect additional categories of your personal data from you for the purposes of our recruitment process.
4.4 We do not knowingly obtain or receive personal data from anyone under the age of 18 during ordinary business purposes.
4.5 We use CCTV at some of our premises for the protection of our staff and property, and for the prevention and detection of crime, and we are registered with the ICO to process your data in this way. If you visit us at these premises, your biometric data will be taken during your time on site and this will be stored and retained by us in accordance with our internal data retention policy
5. How we collect your data
The categories of personal data listed in section 4 are collected in the following ways:
5.1 When you provide it to us
Your personal data is primarily provided to us during ordinary negotiations and discussions during the course of doing business with you;
when you correspond with us by phone or e-mail as part of our business with you;
when you complete our supplier questionnaires or customer account or credit application forms; and
when you buy or sell your products to or from us, you will provide personal data to us in related correspondence.
5.2 When we collect it from you
When you use our Website, we will automatically collect technical information about the device you use to visit, including your IP address, browser type/version and related settings.
5.3 Where you are a current, potential or former employee, worker or other member of our staff, we may collect additional categories of your personal data for the purposes of providing you with the necessary benefits under our contract with you.
6. Why we need your data
6.1 Your personal data is primarily required to enable us to supply you with the relevant goods, services and support you have requested from us, and to contact you in relation to any enquiries or requests you raise with us.
6.2 Technical information we collect about your visit to our Website is used to enable us to:
personalise and improve its functionality and security (to keep it safe and secure);
administer and monitor traffic and behaviours on our Website for analysis, testing, research, statistical and survey purposes; and
ensure that we can offer you the most effective and efficient browsing experience, and make improvements where necessary
6.3 Where we change our services, or any applicable terms and conditions, we will contact you.
7. How long do we keep your data?
We will keep information for a reasonable amount of time in order to perform the purposes listed above.
We only keep your information for as long as necessary. We generally keep personal information for 6 years after last contact with you. However Clementine Bridal Boutique Limited reserves the right to keep information for longer if we feel that this is in the legitimate interests of Clementine Bridal Boutique Limited.
After this time, your data will be securely deleted and we will not contact you unless you ask us to.
8. How secure is your personal data with us?
8.1 The security of your personal information is very important and we are committed to protecting the information we collect. We maintain administrative, technical and physical safeguards designed to protect the personal information you provide or we collect against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.
8.2 We store personal information only for as long as it is necessary for the fulfilment of the purpose for which the personal information was collected, unless otherwise required or authorised by applicable law. We take measures to destroy or permanently de-identify personal information if required by law or if the personal information is no longer required for the purpose for which we collected it.
8.3 Physical access to servers is restricted and securely locked, permitting management and IT support access only data held on our servers is encrypted.
9. Who do we share your data with?
9.1 We do not sell or otherwise disclose personal information we collect about you, except as described in this Privacy Notice or as indicated via the consent process at the time the data is collected. We share the information we collect with, but not limited to:
Vetted affiliates and partners / Financial Institutions / Insurance Companies for business facilitation to provide required services;
Formally contracted service providers to perform services on our behalf;
Hosting Datacentres, IT Infrastructure, Applications (Development / Support), Cloud based storage Services etc. We contractually require these service providers to safeguard the privacy and security of personal information they process on our behalf and authorise them touse or disclose the information only as necessary to perform services on our behalf or comply with legal requirements
9.2 Additionally, we may share information about you, if required legally, to prevent harm or financial / reputation loss, for investigation of suspected or actual fraudulent or illegal activities.
9.3 We reserve the right to transfer your information in the event of a sale or transfer (wholly or partially) of our business or assets, with reasonable efforts for the acquirer protect / use your information consistent with our Privacy Notice. You can exercise your rights to contact the acquiring entity with questions concerning the protection and processing of your information.
9.4 Any websites which are linked from the Website are outside of our control and not covered by this policy. If you access those websites using the links provided, the website operators may collect information from you which will be used by them in accordance with their own privacy policies (if any). These policies may differ from ours, and we cannot accept any responsibility or liability in respect of these.
10. What are your rights?
10.1 In relation to all of your personal data, you have the following rights (in addition to any rights you may have under the Act or the Regulation) to ask us:
10.1.1 to clarify what data we hold about you, how it was obtained, to whom it has been disclosed and for how long it will be stored;
10.1.2 to amend any inaccurate data we hold about you;
10.1.3 to delete any of your data (where you no longer think we need to hold it, or you think we have obtained or processed it without your consent at any time); and
10.1.4 to only process your personal data in limited circumstances, for limited purposes.
10.1.5 Have the information blocked, anonymised or deleted
10.2 To update your preferences, ask us to remove your information from our mailing lists or submit a request to access, update, correct or delete your personal information, please contact us at email@example.com. We will require you to verify your identity to us before we provide any personal data, and reserve the right to ask you to specify the types of personal data to which your request relates.