1. WHAT IS THE PURPOSE OF THIS PRIVACY NOTICE?

Your ‘personal data’ or ‘personal information’ is any piece of information that would allow us to identify you as an individual. The processing of personal data is governed by the EU General Data Protection Regulation (the “GDPR”) and national laws that supplement the GDPR in each European Economic Area (EEA) country. We take your privacy very seriously, and this document sets out what personal information we collect from you, how we intend to use it and what your rights in respect of that information are.

2. WHO CONTROLS YOUR PERSONAL INFORMATION, AND HOW DO YOU GET IN TOUCH?

The controller of your personal information is House of Lemon (“we”, “us”, “our”). Should you have any query in respect of your personal information, you can contact us at the following: Data controller Crundles, Petersfield, GU31 4PJ / info@sarahsheldrake.co.uk / 07900 628665.

3. WHAT INFORMATION DO WE COLLECT ABOUT YOU?

We collect the following information from you for the purpose of processing your event booking: Your full name; your email address; your telephone number; your personal address; and your event address. If you opt to receive marketing content from us, we may also use your email address for that purpose.

4. HOW DO WE COLLECT YOUR PERSONAL INFORMATION?

We collect your personal information directly from you when you email or telephone to book an event.

5. WHAT IS OUR LEGAL BASIS FOR COLLECTING AND USING YOUR PERSONAL INFORMATION?

We’ll use your personal information (name, phone number, email address, home address and event address if different) to perform our contractual obligations to you i.e. to organise and raise a contract and invoice for your event.

6. WHAT IF YOU DON’T WANT TO PROVIDE YOUR PERSONAL INFORMATION?

You don’t have to provide your personal information to us. However, should you choose not to provide it we’ll be unable to process your event requirements.

7. HOW IS YOUR PERSONAL INFORMATION PROTECTED?

We maintain strong physical, electronic and procedural safeguards to protect the confidentiality, integrity and availability of your personal information. In particular, we have taken appropriate security measures against illegal and/or unauthorised access to your personal information, and against the accidental loss of, or damage to, it.

8. DO WE SHARE YOUR PERSONAL INFORMATION WITH ANYONE?

Our email solution provider and our accounting software provider will have access to your personal information. This is necessary for us to operate our booking system and to provide you with an invoice. We may also need to share your personal information with the following in limited circumstances: IT security providers; insurers; external advisors (for example solicitors or auditors); and public authorities or law enforcement. Any time we provide access to your personal information by someone else, we will ensure that it is adequately secured to protect your privacy.

9. WILL YOUR PERSONAL INFORMATION BE TRANSFERRED OUTSIDE OF THE EEA?

Our accounting software providers are based outside the EEA. You can see their privacy policy here: https://www.xero.com/uk/about/terms/privacy/

10. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?

The information that we collect for the purpose of processing your event booking will be kept for a period of six (6) years following the date of the event. We need to retain it for business records, and in case of a dispute relating to the event. Your payment information will be kept for a period of two (2) years following the date of the payment. We need to retain it as instructed by our payments processor, and in the event of a dispute relating to your payment. We may sometimes need to keep a copy of your personal information for a longer period, for example in the event of a dispute, to investigate a data breach or to comply with legal requirements.

11. WHAT ARE YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION?

You have rights in respect of the personal information we hold on you, including the right to ask us to: – inform you on how we collect and use it (this Privacy Notice is designed to do that); – provide you access to the information we hold on you; – rectify it if you believe that it is incorrect; – delete it (only to the extent we rely on your consent to use it); – provide you with a copy of any information we hold on you; and – stop processing or using it temporarily (to the extent it is practical for us to do so). Should you want to exercise any of those rights, please contact us using the details set out in Section 2 above.

12. CONSENT

Where consent is used to process your data, you have the right to withdraw your consent at any time and ask us to stop processing your data. We will tell you about the implications of doing this and follow your wishes as required.

13. CHANGES TO THIS PRIVACY NOTICE

We may need to make changes to this Privacy Notice in the future (for example, to comply with new legal requirements). Where that is the case, we will provide you with a revised Privacy Notice on our website, which you will be able to access in the same way you accessed this version. This Privacy Notice was last updated on 23rd May 2018.

The GDPR also gives you the right to lodge a complaint with a supervisory authority, in the UK this is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113. For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual’s rights under the General Data Protection Regulation.