For more information about GDPR, see also: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/.
WHAT IS GDPR?
The EU’s General Data Protection Regulation (GDPR) was introduced to unify all EU member states’ approaches to data regulation, ensuring all data protection laws are applied identically in every country within the EU. It will protect EU citizens from organisations using their data irresponsibly and puts them in charge of what information is shared, where and how it’s shared. The GDPR is enforceable from 25 May 2018 and though the UK is due to leave Europe in the next 12 months, it will still apply to all businesses handling EU residents’ data, effectively replacing the Data Protection Act 1998.
In essence: Controllers must ensure personal data is processed lawfully, transparently, and for a specific purpose. Once that purpose is fulfilled and the data is no longer required, it should be deleted. A data controller states how and why personal data is processed, while a processor is the party doing the actual processing of the data. Champagne & Sparkles would act as both the data processor and controller.
WHAT DOES GDPR MEAN FOR YOU?
* You have the right to be informed, i.e. we need to provide transparency on how your data will be used.
* You have the right to access your own data, i.e. if you request information on what information we have about you and how we use it, we are by law obliged to provide this
* You have the right to rectification, i.e. if any of the information we have is incorrect, you have the right to get this amended.
* You have the right to restrict processing, i.e. if we use your data in a manner you don’t like you can ask us to stop doing this. Note that some business needs might restrict this.
* You have the right to data portability, i.e. if you request to get a copy of the data we hold on you, we must provide it in a machine readable format (could be a document of some sort or a database dump).
* You have the right to object, i.e. in certain circumstances, you’ll be entitled to object to your personal data being used. For example, if a company uses your personal data for the purpose of direct marketing, scientific and/or historical research, or for the performance of a task in the public interest.
* You have the right to be protected against automated decision making and profiling, i.e. GDPR puts safeguards in place to protect you against the risk that a potentially damaging decision is made without human intervention. For example, you can choose not to be the subject of a decision where the consequence has a legal bearing on you, or is based on automated processing.
* You have the right to be forgotten, i.e. if there is no legal or business reason to keep your information, you have the right to be removed from our records.
Right to be informed
See also: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/the-right-to-be-informed/ for more information.
When you contact us, we will ask you certain personal information depending on the request such as your name, telephone number and email address. This is in the first instance only used to address you appropriately and provide the means to contact you to respond to your enquiry.
Depending on whether there will be further business between yourself and Champagne & Sparkles, additional information may be required. For instance your home address and bank details to process any invoices. If information needs to be provided with 3rd parties (e.g. a venue you wish to use, etc), we will inform you of what they need and only share the information the 3rd party requires and what you consent to.
Some areas on our website also contain “Call to Action” buttons. For instance, we might include a Resource section on our site to enable you to obtain resources in return for providing some information about yourself (e.g. an email address). This email address could be used to follow up to see how we can assist you further. At this moment we don’t provide any newsletters, update subscriptions or similar. If we do this in the future, you can opt in to provide an email address to receive the information.
We have the expectation that the majority of people would be of the age of consent – for GDPR purposes this is 13 or over, but we use 16 or over as a rule of thumb. When it is unclear what your age is, we might ask you if you’re old enough. We will however not store your date of birth. By law, we are required to obtain parental consent for people that have not yet reached the age of consent.
Note that if there is a data breach, we are by law obliged to notify you within 72 hours.
Any information we collect, we typically keep for 12 months, unless there is a legal obligation to keep it for longer, e.g information we may need to keep for a certain period of time for tax and auditing purposes.
Please ask if you have any questions on how we use your information more specifically.
Right to access your own data / Right to data portability
At any point in time, you can ask us what data we hold on you and request the information to be provided to you in a machine readible format.
Right to rectification
We always aim to keep the information we hold on you as accurate as possible. If any information changes, let us know and we will update our records accordingly. This is not only in line with GDPR, but it will also aid us in making sure your experience working with us is seamless.
Right to restrict processing / Right to object
We don’t share any information with third parties unless there is a specific need for this (for instance share information with suppliers when necessary for the event). At all times we will advise you of this. If you do not want us to share the information, please let us know. In this case, another means of providing the information necessary will be suggested (e.g. the supplier might have to contact you directly or you might have to contact the supplier yourself).
At times, we might ask you to provide a testimonial or imagery from your wedding or event for our website. This is voluntary and you can decline to provide one. If you have provided one previously, you will also have the right to have it removed. Testimonials will also be used for marketing purposes and similarly you can decline or request to have this removed.
Our contact forms and call to action forms will have options available to select whether we’re allowed to use you and keep information for purposes other than intended. By default it is set to not use the information for purposes other than intended since implied consent is illegal under GDPR.
Right to be protected against automated decision making and profiling
Champagne & Sparkles does not use automated tools for profiling and decision making purposes – we believe the personal touch is what makes us great.
Right to be forgotten
Unless there is a specific business and legal reason to have your information on file, you have the right to be forgotten. Contact us if you would like your personal data removed.
We have the right to decline to remove you straight away. For instance, we provided a service and you haven’t paid the complete balance. In this case we can ask you to settle the remaining balance before removing your data to ensure we can process the payments.
By law we have to keep certain information for tax and audit purposes. If this information has personal details, we might not be able to eradicate this. We will however not use the information to contact you going forward. We tend to use invoice numbers linked to personal details to remove the personal information and keep a random identifier for accounting purposes instead.
Similarly, in order for us to recommend suppliers, we have supplier information on file. If you’re a supplier and want to have your information removed, we can no longer contact you meaning working with you will be more difficult.
If we need to keep your information for business purposes, we will inform you accordingly and we will advise you when your information will be removed once the business is concluded.
Champagne & Sparkles Limited
Company Number: 9741842