ABOUT THIS NOTICE
Data protection law says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
If you have any questions about this notice or how we collect and use personal information about you, please contact us.
INFORMATION ABOUT US
We are Lisa Bradburn Design Ltd Our registered office is at Dillions, Tanyard Lane, Staplefield, West Sussex, RH17 6HH. Our company registration is 09043045
We are known, however, as Lisa Bradburn Interior Design.
CONTRACT INFORMATION AND OTHER CORRESPONDENCE WITH INDIVIDUALS
If you are an individual, when you enter into a contract with us (or someone does so on your behalf) there will be personal information about you relating to that contract such as your name, contact details, contract details, delivery details, and correspondence with us about the contract.
We need certain information to carry out our contract with you and you must provide this in order to enter into a contract with us (or as required under that contract), if you do not, we may not be able to carry out our contract with you. Mandatory information fields are generally set out when you are entering into the contract, but in particular, if you are buying wine from us you must provide the following information:
- Your name and contact details.
- Your delivery addresses.
- Your payment details.
- Information to verify your age and identity.
Other correspondence or interaction (for example by email, telephone, post, SMS or via our website) between you and us, will include personal information (such as names and contact details) in that correspondence. This may include enquiries, reviews, follow-up comments or complaints lodged by or against you and disputes with you or your organisation.
We will keep and use that information to carry out our contract with you (if applicable), to comply with any legal requirements for us to maintain certain records or carry out certain verifications and money laundering checks, and/or for our legitimate interests in preventing fraud, dealing with a complaint or enquiry and administering your (or your organisation’s) account or order and any services we offer, as well as to review and improve our offerings, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
We will only use your personal information for the purposes for which we collected it as set out in this notice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
If we engage with you on social media via Instagram, we may use information you share with us (including your social media handle or profile) or which is available from your account to inform our correspondence with you. Instagram will provide us with Insights, which are aggregated data to help us understand how people are engaging with our page. Insights do not show us details of individual visitors. Instagram is owned by Facebook – see further below re responsibilities of Facebook and us in relation to our Instagram page.
If you visit our Facebook page, Facebook may be a joint controller with us in relation to information Facebook collects about you regarding your visit and interaction with our page or its content. Facebook will provide us with Page Insights, which are aggregated data to help us understand how people are engaging with our page. Page Insights do not show us details of individual visitors. For more information on the responsibilities of Facebook and us in relation to our Facebook page, please see https://www.facebook.com/legal/terms/information_about_page_insights_data. For more information about how Facebook uses your information, please see https://en-gb.facebook.com/privacy/explanation.]
We may also collect details of phone numbers used to call our organisation and the date, time and duration of any calls. Please note that if we record your calls to or from us, we will inform you of this.
We may collect your name and contact details (such as your email address, phone number or address) in order to send you information about our products which you might be interested in.
You always have the right to “opt out” of receiving our marketing. You can exercise the right at any time by contacting us [insert link to Contacts]. If we send you any marketing emails, we will always provide an unsubscribe option to allow you to opt out of any further marketing emails. If you “opt-out” of our marketing materials you will be added to our suppression list to ensure we do not accidentally send you further marketing. We may still need to contact you for administrative or operational purposes, but we will make sure that those communications don’t include direct marketing. Where you unsubscribe from any postal marketing, you may initially still receive some content which has already been printed or sent, but we will remove you from any future campaigns.
For individuals. We may use your contact details as necessary for our legitimate interests in marketing to you and maintaining a list of potential customers (including, in particular, if we collected them as part of a sale to you or a negotiation with you about a sale). Otherwise (in particular if you are not a customer and we have not discussed a sale with you) we will only send you marketing emails or texts with your consent.
For businesses. If you are a company or LLP (or are acting in a professional capacity as part of one) we will use your contact details as necessary for our legitimate interests in marketing to you (by various channels) and maintaining a list of potential customers.
Sharing of details. We never share your name or contact details with third parties for marketing purposes unless we have your “opt-in” consent to share your details with a specific third party for them to send you marketing. We may use third party service providers to send out our marketing, but we will only allow them to use that information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We may collect information about you and your use of our website via technical means such as cookies, webpage counters and other analytics tools. This may include your IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access a website. We use this as necessary for our legitimate interests in administering and improving our website and its content, to ensure it operates effectively and securely, and to develop our business and inform our marketing strategy. We may also create aggregate statistical data from that information (for instance, overall numbers of website visitors) which is not personal information about you.
We, or third-party advertisers, may also use this information to serve adverts on you. Where those adverts are targeted, this may involve using website information and information we (or our third-party advertisers) have obtained from third parties and an automated decision-making process based on information about your interests or status. This will not include information such as your name or contact details. Where our adverts are displayed to you using your information, your information is used as necessary for our legitimate interests in marketing to you.
The information described above about your use of our website may also be collected and used by third party advertisers and analytics providers using cookie technology. You will have the option when using our website to accept or reject those cookies. If you accept those cookies, your data will be collected and used by those third parties for their own advertising and analytical purposes. For more information, please see their privacy policies.
Sharing or Like buttons.
If you click a “share” or “like” or equivalent social media button on our website, the relevant social media platform may be a joint controller with us in relation to information that is sent to them about you regarding your clicking of that button (which may include the types of information which we collect about you as part of your visit to our website described above). Any information sent to a social media platform is used by them according to their privacy policies, and they will be solely responsible for that use and primarily responsible for providing you with information about any joint processing and enabling you to exercise your rights under data protection law. We only use Facebook and Instagram. See above as to how to find the responsibilities of such platforms and us in relation to social media buttons on our website and their privacy policies.
By using our website, you may also receive certain third-party Cookies on your computer or device. Third-party Cookies are those placed by websites, services, and/or parties other than us. Thurs-party Cookies are used on our website for tailored advertising, marketing or analytics services. These Cookies are not integral to the functioning of our website and your use and experience of our website will not be impaired by refusing consent to them.
Before Cookies are placed on your computer or device, you will be shown a pop up at the top of the homepage requesting your consent and acceptance to set those Cookies. By giving your consent you are enabling us to provide the best possible experience and service to you.
You may, if you wish, deny consent to the placing of Cookies; however certain features of our website may not function fully or as intended as a consequence.
In addition to the control that we provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third-party Cookies. By default, most internet browsers accept Cookies, but this can be changed.
You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access our website more quickly and efficiently including, but not limited, login and personalisation settings.
Third party websites.
Our website may, from time to time, contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
PHOTOS, CONTENT AND PROMOTIONAL MATERIAL
This is information about you which you provide to us (whether through our website or otherwise), or images or recordings of you which you allow us (or someone on our behalf) to take (including at our premises or events), for publication or display. This may include reviews, comments, testimonials, photographs (including stock photos and advertising material) and videos.
We may display and publish this content (and, if relevant, attribute it to you) on our platforms as necessary for our legitimate interests in providing content and for promotional purposes (or, in some circumstances, because you have specifically consented to us doing this). This information is kept and published or displayed by us for as long as we consider it relevant for those purposes. You can ask us to remove or delete your content at any time (subject to any agreements about our right to use it) by contacting us. If we are displaying or publishing the information based on your consent, you have the right to withdraw that consent at any time.
If you work for one of our customers, suppliers or business partners, the information we collect about you may include your contact information, details of your employment and our relationship with you. This information may be collected directly from you or provided by your organisation. Your organisation should have informed you that your information would be provided to us and directed you to this policy. We use this as necessary for our legitimate interests in managing our relationship with your organisation. If we have a business relationship with you or your organisation, we may receive information about you from your organisation.
We keep this information for up to seven years after the end of our relationship with your organisation.
INFORMATION COLLECTED AT OUR PREMISES
Visitor information. We collect information about visitors to our premises. We may record information on your visit, including the date and time, who you are visiting, your name, employer, contact details and vehicle registration number. If you have an accident at our premises, this may include an account of your accident. Visitor information is kept for a period of up to twelve years. If you have an accident on our premises, our accident records are retained for a period of up to twelve years
CCTV. We may operate CCTV at our premises which may record you and your activities. We display notices to make it clear what areas are subject to surveillance. We only release footage following a warrant or formal request from law enforcement, or as necessary in relation to disputes. CCTV recordings may be kept for a period of up to 90 days (unless an incident occurs, and it is necessary for us to keep recordings for longer to properly deal with it).
Where we consider there to be a risk that we may need to defend or bring legal claims, we may retain your personal information as necessary for our legitimate interests in ensuring that we can properly bring or defend legal claims. We may also need to share this information with our insurers or legal advisers. How long we keep this information for will depend on the nature of the claim and how long we consider there to be a risk that we will need to defend or bring a claim.
SHARING YOUR INFORMATION
We never sell your data to third parties. But we may need to share your information with third parties, including third-party service providers and other entities in our group. Third parties are required to respect the security of your personal information and to treat it in accordance with the law.
Why might we share your personal information with third parties?
We may share your personal information with third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our agreements with you, or to protect the rights, property, or safety of us, our customers, or others or where we have another legitimate interest in doing so. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Which third-party service providers process your personal information?
We may need to share your personal information with third-party service providers (including contractors and designated agents) so that they can carry out their services. We may use third-party service providers in relation to the following types of activity: legal advice, contract administration, order fulfilment, delivery, administration, IT services, payment processing.
How secure is your information with third-party service providers and other entities in our group?
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information. Where third parties process your personal information on our behalf as “data processors” they must do so only on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
What about other third parties?
We may share your personal information with other third parties, for example with potential buyers and professional advisers in the context of the possible sale of the business where necessary in connection with the purposes which your information was collected for. We may also need to share your personal information with a regulator or to otherwise comply with the law.
HOW AND WHERE DO WE STORE YOUR INFORMATION?
As well as the measures set out above in relation to sharing of your information, we have put in place appropriate internal security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
HOW LONG WILL WE KEEP YOUR INFORMATION FOR?
Where your information relates to a contract, it is kept for a period of up to 7 years after the date of the contract to enable us to deal with any after sales enquiries or claims and as required for tax purposes.
Your payment information is collected by our payment card processing provider and is retained for a period of up to 6 years after the date of the order.
If your information is on social media, it will be retained in accordance with the relevant social media platform’s policies. Any other information set out above such as initial enquiries or correspondence which doesn’t relate to a customer is kept for 3 years.
In some circumstances, it may be necessary to keep your information for longer than set out above in order to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Data protection law gives you a number of rights when it comes to personal information, we hold about you. The key rights are set out below. More information about your rights can be obtained from the Information Commissioner’s Office (the “ICO”). Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it (for instance, we may need to continue using your personal data to comply with our legal obligations). You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to us using your information on this basis and we do not have a compelling legitimate basis for doing so which overrides your rights, interests and freedoms (for instance, we may need it to defend a legal claim). You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.
- Withdraw consent. In the limited circumstances where we are relying on your consent (as opposed to the other bases set out above) to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another compelling legitimate interest in doing so.
- Lodge a complaint. If you think that we are using your information in a way which breaches data protection law, you have the right to lodge a complaint with your national data protection supervisory authority (if you are in the UK, this will be the ICO).
CORRECTING, ERASING OR WITHDRAWING CONSET TO USE OF YOUR PERSONAL DATA
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, withdraw your consent to the processing of your personal information or request that we transfer a copy of your personal information to another party, please contact us.
No fee usually required. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you. We may need to request specific information from you to help us understand the nature of your request, to confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. If we request any identification from you for this purpose, it is on the basis that it is necessary to comply with our legal obligations, and we will only keep and use this until your identity has been verified.
Timescale. Please consider your request responsibly before submitting it. We will respond to your request as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.
CHANGES TO THIS PRIVACY AND COOKIE POLCIY