What data do I collect and where from?
I collect some data directly from you when you make a purchase or booking with made by hand herbals. This data includes the following:
- Your full name,
- Your email address,
- Your postcode and address (if you choose to provide them).
I also collect personal data that you voluntarily provide to me when you contact me with queries, complaints, comments or praise.
What do I use your data for?
It is important that you understand how and why I use the personal data that I collect about you. This section sets out the different purposes for which I process personal data.
Managing your order
I use your personal data to set up, manage and administer your order with made by hand herbals and any other services that you request from me.
I will use your email address to send you email marketing (including my newsletter and competitions). You can opt out of receiving marketing emails at any time by following the instructions to unsubscribe in any of my email marketing communications.
What is our legal basis for using your data?
Data protection law says that I have to tell you the legal basis that I rely on to process your personal data for the purposes that I have notified to you. This section tells you what that legal basis is in relation to each of the purposes set out above.
I process your personal data for all of the purposes identified under What do I use your data for? above on the basis that it is in my legitimate interests to carry out these activities.
Purpose: Managing your purchase or booking
Legitimate interests: To ensure that made by hand herbals customers enjoy the best experience possible.
Purpose: Email marketing
Legitimate interests: To provide advertising that is relevant to you. In respect of the use of your email address for email marketing purposes, I process this on the basis that I have your consent to do so. You can withdraw your consent at any time by following the instructions to “unsubscribe” in any email marketing communications.
Freedom of information
I are required under the Freedom of Information Act 2000 to provide certain personal data in response to Freedom of Information requests. You can make a request by emailing email@example.com
Who do I share your data with?
I do not share your personal data with any other organisations.
How long do I keep your data?
I retain your personal data for as long as necessary to provide you with our services as described above. However, I may also be required to retain this data to comply with my legal and regulatory obligations, to resolve disputes, and to enforce agreements. I will keep your personal data for 10 years or until you ask me to erase it (see section below).
What rights do you have?
You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. I will normally need to ask you for proof of your identity before I can respond to a request to exercise any of the rights in this section and I may need to ask you for more personal data, for example to help me to locate the personal data that your request relates to.
I will respond to any requests to exercise your rights as soon as I can and in any event within one month of receiving your request and any necessary proof of identity or further personal data. If your request is particularly difficult or complex, or if you have made a large volume of requests, I may take up to three months to respond. If this is the case I will let you know as soon as I can and explain why I need to take longer to respond.
A right to access your personal data
You have a right to ask me to send you a copy of personal data that I hold about you (subject to some exceptions). A request to exercise this right is called a “subject access request” and must be made in writing to firstname.lastname@example.org
A right to object to me processing your personal data
A right to ask me not to market to you
You can ask me not to send you direct marketing or advertising. You can do this by using the “unsubscribe” option in any of my email marketing communications.
A right to have inaccurate data corrected
You have a right to ask me to correct inaccurate data that I hold about you. If I are satisfied that the new data you have provided is accurate, I will correct your personal data as soon as possible.
A right to have your data erased
How can you contact me?
What if you have a complaint?
You have a right to complain to the Information Commissioner’s Officer (ICO), which regulates data protection compliance in the UK, if you are unhappy with how I have processed your personal data.
You can find out how to do this by visiting www.ico.org.uk
What if this policy changes?