Somerset Crafts Data Protection Information
Last modified 27/11/22
In May 2018, the regulations surrounding how companies and organisations can hold your personal data changed. This policy tells you how we handle your personal data and the rights you have, when we hold it. This policy was intended to comply with the provisions of the General Data Protection Regulation EU 2016/679 (GDPR) which governs how personal data is processed within the European Economic Area (EEA). Currently, post-Brexit, the principles of the EU GDPR have been incorporated in UK Data Protection law, so our existing guidance is still valid. We aim to revise this document periodically to reflect any relevant changes in UK GDPR.
We are always happy to explain anything which this document does not make clear to you. You will find our contact details at the end of this document.
We are a collective of artists and makers who have formed a membership group bound by a formal contract. We make and sell our work under the group name of Somerset Crafts. Our registered business address is Somerset Crafts, Avalon Marshes Centre, Shapwick Road, Westhay, Somerset BA6 9TT. Tel: 01458 860426 Email: email@example.com
Your Personal Data – what is it?
‘Personal Data’ is data that relates to a living individual who can be identified from that data. We might be able to identify you from the data itself or by linking that data to other information we have access to. GDPR tells us how we must process your Personal Data.
How do we collect Personal Data from you?
We collect information about you from you when you:
- purchase a product or service in person, by phone, online or by post;
- sell us a product or service;
- submit information about yourself on a form on or from our website or in person;
- subscribe to our mailing list;
- contact us by phone, email, post or otherwise to make an enquiry about our products or services;
- when you click links from or respond to our emails
If you give us somebody else’s Personal Data, you warrant that you have obtained the express consent from the third party for the disclosure and use of their personal data.
What type of data do we collect from you?
The type of data that we collect will vary according to the nature of our contact with you and the information you provide. Here is a list of the types of data that we collect.
- When you make a purchase or booking, we collect your name, address, email and phone number. If you do this online then also your IP address and the time of transaction.
- We may collect your financial details such as your bank name, account number and sort code if we need to make a payment to you.
- When you subscribe to our newsletter, we collect your name, email address, IP address, time of consent and any marketing preferences.
- When you interact with marketing emails, your personal data may be automatically collected by our email platform. This information includes but is not limited to: the device you have used; the location of the device; the mode of access – such as the type software or operating system used. It does not include your name, address, phone, email payment information or any other such sensitive personal data.
- In the event you contact us in person, by phone, email or post, we retain a record of your query along with any personal information that you provide.
Why do we hold your personal data?
Data protection laws state that we are only able to process personal data if we have valid reasons to do so. We collect and use personal data for the following purposes:
- To fulfil a contract of service. A contract of service is entered into when you purchase one or more of our products or services or we purchase a product or service from you.
- For customer service purposes such as to provide information about a product or service that you have requested or purchased or to share your contact details with officials and other authorised people and companies for the purpose of delivering the service we provide.
- To manage and process payments for the organisation we run.
- For any legal statutory or accounting purposes.
- For marketing purposes, to inform you of news, events, activities or services that you have expressed an interest in.
How do we process your Personal Data?
We comply with our obligations under GDPR in the following ways:
- by keeping Personal Data up to date;
- by collecting, storing and destroying it securely;
- by not collecting or retaining unnecessary or excessive amounts of data;
- by protecting Personal Data from loss, misuse, unauthorised access, and disclosure.
What is the legal basis for processing your personal data?
- When you enter a contract with us for the provision of goods or services and have agreed to our terms and conditions of service. We need to keep certain information to adequately manage your purchase or booking.
- When you have provided goods or services to us, we must hold your information to adequately process our transaction and for legal and accounting purposes.
- We have legal requirements to hold customer information for accounting purposes.
- You have given us explicit consent to hold and use your personal data.
Data Retention – How long do we keep your Personal Data?
Customer Service & Legal Obligations
If you book an event, purchase a voucher from us; us or contract with us for any other service, we will keep your Personal Data for as long as you are a customer of our organisation. After you leave, we will keep your information for no longer than we reasonably need, in accordance with applicable laws. Any Personal Data that we hold following the end of our contractual obligation to provide goods or services to you, will be for legal, accountancy or insurance purposes and not for any marketing purposes.
If you signed up for our newsletter or requested in writing to be on our mailing list, we will keep your personal data indefinitely or until you unsubscribe from our mailing list or request removal of your information from our marketing list.
Data that is automatically collected when you interact with our emails may be kept indefinitely. If you unsubscribe from our mailing list, any analytical data will become anonymous.
Access and Sharing your Personal Data
Your Personal Data will be treated as strictly confidential and will be shared only with organisations whose services are required to fulfil our service obligations to you such as ticketing providers or courier services. We also use third party payment processors to help us process your Personal Data when you make a purchase from us. Third parties we use may operate outside the EEA. In these cases, we will make sure that robust securities exist to protect your Personal Data.
When you give your consent to our holding of your Personal data you agree to us sharing your Personal Data (including special categories of Personal Data – where we have your explicit consent) with third party processors and sub-processors located both inside and outside the EEA.
All personal data we collect from you is stored in secured locations. Where your data is stored on company devices, these devices are password secured and running security software.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping the password confidential. We ask you not to share a password with anyone.
We agree to take reasonable measures to protect your data in accordance with applicable laws and in accordance with our General Terms and Conditions
In the event of a data breach, we shall ensure that our obligations under applicable data protection laws are complied with where necessary.
Your Rights and Your Personal Data
Unless we have an exemption under GDPR, you have the following rights with respect to your Personal Data:
- The right to request a copy of the Personal Data which we hold about you, without any charge.
- The right to request that we correct any Personal Data found to be inaccurate or out of date.
- The right to request that your Personal Data is erased where it is no longer necessary for us to keep it.
- The right to withdraw your consent to the processing we carry out at any time.
- The right to request that we provide you with your Personal Data and, where possible, to send that data directly to another data controller.
- The right, where there is a dispute in relation to the accuracy or processing of your Personal Data, to ask us to restrict further processing.
- The right to object to the processing of Personal Data.
- The right to lodge a complaint with the Information Commissioners Office and to seek legal recourse.
If we wish to use your Personal Data for a new purpose, not covered by this Notice, then we will provide you with a new notice explaining this new use. We will do this before we start processing for the new use. We will set out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Contact Details & Complaints
If you have a problem, complaint or, if there is something you don’t understand, please contact us Email: firstname.lastname@example.org, Address: Somerset Crafts, Avalon Marshes Centre, Shapwick Road, Westhay, Somerset BA6 9TT. Tel: 01458 860426
You can also contact the Information Commissioners Office Tel: 0303 123 1113 Email: https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF
Changes to this Policy
Any changes we make to our policy in the future will be posted on our website and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our policy. This Policy Document was last updated on Friday 27th November 2022 by Kim Wood on behalf of Somerset Crafts.