This privacy notice sets out how I (Sarah Smith) collect, use and protect personal data that you provide. In accordance with the General Data Protection Regulation (GDPR) it also sets out the legal basis on which such personal data is processed.
This policy may change from time to time by updating this page. This policy is effective from January 2019.
Processing on the legal basis of ‘legitimate interests’ (Article 6.1(f) of the GDPR)
In simple terms the legal basis of ‘legitimate interests’ means that the processing is necessary to provide the services I provide.
In order to do this I may collect and keep a record of personal data about you from my website, telephone conversations, emails and written communications. When you contact me via my website, you may be required to provide certain information. I may also ask you for additional information, as required under the circumstances. Please let me know if any of your personal data changes or is inaccurate so that I may keep my records up-to-date.
I may use the personal data we collect from you in various ways, including:
- to process any orders placed by you;
- to communicate with you;
- for maintaining my internal records;
- to improve the quality of my website/service; and
- to protect my website and systems against unauthorized access.
Your personal data will not be shared with anyone else, including any third parties for marketing purposes.
Processing on the legal basis of ‘consent’ (Article 6.1(a) of the GDPR)
In certain circumstances I may ask for your specific permission (‘consent’) before processing your personal data. In these circumstances I will provide notice of the exact nature of the processing and give you a genuine choice to accept or refuse.
Should you choose to accept (‘consent’) to such processing you then have the right to withdraw your ‘consent’ at any time by informing me that you no longer give permission for your personal data to be used in this way.
Retention of personal data
Unless there are overriding legal requirements, I retain your personal data only for as long as necessary to keep you up to date to any information you opt-ed into, or to provide you with a product or service.
Keeping your personal data secure
All information I collect about you will be used and protected by me in accordance with current data protection law and this Privacy Notice.
I am committed to ensuring that your information is kept secure. In order to prevent unauthorised access or disclosure I have put in place appropriate measures to safeguard personal data from loss, misuse, unauthorised access, disclosure, alteration, damage or destruction.
In respect of data collected from my website, standard technology called ‘cookies’ are used. Cookies are small pieces of information that are stored by your browser on your computer’s hard drive. My website host needs this information to identify you and to store information about the options you select between visits. This helps them to improve the service to you. Although most browsers automatically accept cookies you can usually change your browser to prevent cookies being stored.
Personal data transfers
I will not transfer the personal data I collect to any other entity outside of the EEA.
Your data protection rights
Under GDPR you have certain rights with regards to the processing of your personal data. If you would like to exercise any of these rights or need further information please contact me.
These rights are summarised below.
Right of access
You may request details of personal data that I hold about you including:
- a description of the personal data, the purposes for which it is being processed, whom it may be shared with and how long it is kept for
- information on your rights of rectification, erasure, restriction objection and portability as described below
- existence of automated decision making where relevant
- transfer safeguards where relevant
Right of rectification
You have the right to have inaccurate personal data rectified without delay.
Right to erasure
Under some circumstances you have the right to request the erasure of your personal data without undue delay.
- Withdrawal of consent where consent was basis of collection
- No longer necessary for purposes collected
- No overriding ‘legitimate interest’ grounds
Right of restriction
You have the right to ask us to restrict the processing of your personal information under the following circumstances
- Accuracy is contested
- Processing is unlawful but you oppose deletion and request restriction instead
- Your personal information is no longer needed by me but you require it to be kept for establishment, exercise or defence of legal claims
- Pending a right to object action (see below)
Right to object
You have the right to object to processing of your personal information on grounds relating to your particular situation or circumstances.
You have the right to object to direct marketing.
Right to portability
You have the right to have your personal data that I have collected on the legal basis of ‘consent’ transferred to another entity in a machine-readable format.
Right to lodge a complaint with a Supervisory Authority
You have a right to lodge a complaint with the Supervisory Authority in the country of your place of residence or work. The Supervisory Authority in the UK is the Information Commissioner’s Office (ICO).
I use Google Analytics to give me an idea of how my site is being used. This information does not identify you personally. To opt out of being tracked by Google Analytics click here.
Amazon affiliate disclaimer
I am part of the Amazon Affiliate Programme, which means a small fee is earned by linking to Amazon products. If you prefer not to use those links you can look up the same products on Amazon direct.
Thank you for visiting my website.