This policy was last updated: 12th February 2018
This policy explains how Poppy Design Studio will handle the privacy of your information. We are committed to maintaining robust privacy protections for all our users. We will take the necessary steps to ensure that users information is safeguarded and kept in accordance with all applicable laws and regulations.
Our full terms and conditions are available at https://www.poppydesignstudio.com/terms-and-conditions/
The information that you provide us with may be collected and processed by us in accordance with the Data Protection Act 1998 and subsequent legislation.
We have a ‘Contact Us’ page which enables you to email us. We require you to complete the fields for your name, phone number, email and business name, so that we can contact you and provide details of our services to you, as well as deal with general company enquiries. Data collected is held on the grounds of being for legitimate business interests or to fulfil a contractual obligation.
If you choose our offer of a free website review, we ask you to give us your full name, email address and website URL. This data enables us to carry out the service and to get in touch with you regarding the results of the review. If you do not proceed with any order your details will be deleted in accordance with our data retention policy.
We use social media to engage with users and the Poppy Design Studio website links to our Facebook, Twitter, Google+, Pinterest and Instagram pages. We do not keep any specific data that identifies an individual user but hold details of our followers on these platforms.
From time to time, we may need to obtain information from third parties about you. This will only apply where it is necessary to provide our services to users and as permitted by law.
Your information will be used by us to enable us to provide our services to you. We act as a Data Controller of your information and undertake to protect your personal and sensitive data in a manner that is consistent with the requirements of the Data Protection Act/General Data Protection Regulation (GDPR). We will take reasonable measures to ensure the secure storage of your data.
Users of this website do so at their own discretion and provide any such personal details at their own risk.
We do not share, sell, or distribute your data to third parties, except as provided in this Privacy Notice. Your data may be shared with contractors working on our behalf, who act on our instruction in relation to the management of your data and must adhere to all data protection laws and regulations. Data processors will be required to have a signed agreement with us to ensure accountability.
We will only send you emails about our products and services (i.e. direct marketing) with your express consent. You have the option not to give consent and to withdraw consent at any time. You may withdraw your consent for us to contact you by contacting us at email@example.com
We may disclose your personal information if we are required to do so by law, in connection with any legal proceedings, and in order to establish, exercise or defend our legal rights, or if otherwise legally permitted.
We keep your personal information in accordance with our Data Retention Policy which reflects our needs to provide services to you as contracted and also as required to meet legal, statutory and regulatory obligations. The need to hold information is regularly reviewed and information/data will be disposed of when no longer required.
Your information may be stored on a cloud-based system whose servers are located within the UK or European Union (EU). All data will be stored so to comply with the Data Protection Act 1998 and as enacted, the General Data Protection Regulation (GDPR).
Poppy Design Studio cannot guarantee or verify the contents of any externally linked website and users click on external links at their own risk. Poppy Design Studio and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are subject to our terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate and/or engage with them with due care and caution in regard to their own privacy and personal details. This website nor its owners will not ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
Poppy Design Studio uses social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised that before using such social sharing buttons, that they do so at their own discretion, and should consider that the social media platform may track and save requests to share a web page, through the users’ social media platform account.
The General Data Protection Regulation (GDPR) gives individuals, known as ‘data subjects’, the right to access personal data that is held by organisations by a subject access request (SAR). We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information. We have a formal request form to deal with SAR requests that can be accessed on our website, www.poppydesignstudio.com or by emailing us at firstname.lastname@example.org. You will need to tell us how we acquired the information and in what form.
Data subjects have the right to request that we amend or change personal information that we hold about you, that is inaccurate or incorrect.
Data subjects have the right to ask us to delete personal information from our systems without giving any reason and at any time. We will act on any request without delay.
Data subjects have the right to rectification or erasure of personal data in the following circumstances:
Data subjects have the right to obtain and transfer their data to different service providers.
Data subjects have the right to object to the processing of data at any time based on their particular situation. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data where we can demonstrate lawful grounds for doing so.
Right not to be subject to decisions based on automated processing
We do not use any automated processing that results in any automated decision based on a data subject’s personal information.
If you wish to invoke any of these rights, you can contact our Data Controller by email to email@example.com
If you have any concerns about how we handle your data, you can contact the Data Controller by writing to Poppy Design Studio, 20 Church View Road, Desborough, Kettering, NN14 2PS or by email to firstname.lastname@example.org
If you have a complaint about the use of your data, you can contact us by email to email@example.com. Alternatively, you can formally report an issue of concern to the Information Commissioner’s Office, the UK body that governs Data Protection. See https://ico.org.uk