I Holly-Marie Bailey am committed to processing personal information about customers in a way that is safe, secure and non-invasive. Under the EU General Data Protection Regulation (GDPR) 2018 this document sets out what data I collect and store when you buy from me, why I collect it, who the information is shared with and the rights of the customer to have the information changed or deleted.
WHAT INFORMATION IS COLLECTED: Name, address and email
You may also choose to provide me with additional personal information (for a custom order, for example), if you contact me directly.
Debit/credit card information is collected separately by PayPal.
WHO THE INFORMATION IS SHARED WITH: PayPal (during payment at checkout) Royal Mail (when buying postage)
WHY THE INFORMATION IS COLLECTED: Your name and address is collected in order to provide the products you have purchased from me (under the 'contractual performance' lawful basis of GDPR). Your email is collected so that I can contact you to let you know your order has been dispatched. It might also be used if I have any queries about your order. (Also under the 'contractual performance' lawful basis of GDPR)
The information is not used for direct marketing such as sales emails.
HOW THE INFORMATION IS COLLECTED: Directly from customers via the online ordering system on the web site.
WHO MAY SEE THE INFORMATION: Myself as the sole owner of the business. Select third parties, i.e. PayPal, Royal Mail Other third parties, i.e. law enforcement or tax authorities (only in unusual circumstances).
KEEPING PERSONAL INFORMATION SECURE: I am committed to keeping customer's personal information secure. It will not be sold, inappropriately shared or accidentally used. Customer's details are only used for direct communication about specific orders over email or through Create.net's contact system. All technology in use by me is kept up to date with current security software and is not made available for use by anyone else.
HOW LONG INFORMATION IS KEPT: Under UK law, business records must be kept for seven years. In the case of invoices and receipts, customer information is also included. This information will be securely disposed of as soon as practical. Digital records of individual orders are held by myself for 60 days in order to make sure orders are fulfilled and received without any problems. However, customers also have the right to be forgotten and personal information will be removed from my recording system if requested and it does not interfere with the obligations of the business, e.g. submitting taxes.
ACCURACY OF INFORMATION: This web site relies on customers keeping their information up to date and accurate.
ACCESS TO PERSONAL INFORMATION: Under GDPR legislation, customers should have access to their personal information and be given the opportunity to change their details. You also have the right to ask me to change, restrict my use of or delete your personal information. In order to see what information is held about you by requesting to see what information is held by sending me a message with your request and including your name and address as used when shopping on this web site.
If you reside in the EU and wish to raise a concern about my use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.