Last modified 9th May 2018
Sophie Grace Bridal Ltd (“We”) are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EU). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate. Even though the UK has expressed its intention to leave the EU in March 2019, the GDPR will be applicable in the UK from 25th May 2018. The Government intends for the GDPR to continue in UK law post Brexit and has also introduced a Data Protection Bill to replace the current Data Protection Act in due course. Your new rights under the GDPR are set out in this notice but will only apply once the GDPR becomes law on 25th May 2018. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
2. Data collected via the website
3. Collecting personal information
We may collect, store and use the following kinds of personal information: -
• When submitting a form on this website, the submitted information is sent to us. We use this data to contact you in relation to your enquiry. Access to data we collect is limited to the members of our staff who require that data to perform their duties.
• If you phone our business to make an appointment with us, we will collect your personal information such as name, telephone number, date of your wedding.
4. Using personal information
Personal information submitted to us could be via email, post, telephone or in person. We may use your personal information to: -
• Complete your order for your bridal gown, bridesmaids or any dressmaking required
• Communicate about delivery dates or appointments required
• Send invoices or payment reminders to you where needed
• Update you on any forthcoming events we are holding
• Respond to any queries or complaints you may have about your order
• Send you regular updates/newsletters regarding our business
• Keep our website secure and prevent fraud
• For compliance with our legal obligations under the anti-money laundering regulations
We will not supply your personal information to any third party for the purpose of their or any other third party’s direct marketing.
5. Disclosing Personal Information
We may also disclose your information as follows: -
• We may disclose your personal information to any of our employees in so far as reasonably necessary for the purposes of completing the work contracted
• To the extent that we are required to do so by law
• In order to establish, exercise or defend our legal rights (including providing information to others for the purpose of fraud prevention and anti-money laundering)
• We will not provide your personal information to third parties
6. Retaining personal information
This section sets out our data retention policies and procedure which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.
• Personal information that we process for any purpose or purposes shall not be kept for longer than 3 years
• This personal data will be deleted securely after 3 years
• We can delete personal data at your request at any time in writing
• Notwithstanding the other provisions, we will retain documents (including electronic documents) containing personal data, a) to the extend that we are required to do so by law, b) If we believe that the documents may be relevant top any ongoing or prospective legal proceeding and c) In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
7. Security of personal information
We will take reasonable technical and organisational precautions to prevent the lost, misuse or alteration of your personal information. Regarding Digital Data, we will store all the personal information you provide on a password protected personal computer and for paper-based data, we will ensure all files held are kept in secure locked premises and where deemed appropriate in locked filing cabinets.
You acknowledge that the transmission of information over the internet is inherently insecure and we cannot guarantee the securing of data sent over the internet including emails.
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy and we may notify you of any changes to this policy via email.
9. Your Rights
You may instruct us to provide you with any personal information we hold about you and provision of such information will be subject to: -
• The supply of appropriate evidence of your identity (for this purpose, we will usually accept a photo ID such as a passport or Driving License and an original copy of a utility bill showing your current address)
• We may withhold personal information that you request to the extent permitted by Law.
We are registered in England and Wales and our registered address is at Canna Park, Highampton, Beaworthy, Devon. EX21 5LR.
You can contact us as follows:-
• By post, using our postal address for the shop (on our website)
• Using our website contact form
• By telephone on the contact number on our website
• By emails, using the email addresses on our website