Data Privacy Notice

Claire Gaudion Ltd. t/a Claire Gaudion, registered number 09895959 and address Meadow Cottage, Station Road, Over Wallop, Stockbridge, SO20 8HZ. Our Data Protection Lead can be contacted at info@clairegaudion.com.

This privacy notice is provided to inform you of how we handle your personal data. All handling of your personal data is done in compliance with the UK General Data Protection Regulation and the Data Protection Act 2018 (“Data Protection Legislation”). The terms “Personal Data”, “Special Categories of Personal Data”, “Personal Data Breach”, “Data Protection Officer”, “Data Controller”, “Data Processor”, “Data Subject” and “process” (in the context of usage of Personal Data) shall have the meanings given to them in the Data Protection Legislation. “Data Protection Lead” is the title given to the member of staff leading our data protection compliance programme in lieu of a requirement for a Data Protection Officer.

What are your rights?

When reading this notice, it might be helpful to understand that your rights arising under Data Protection Legislation include:

  • The right to be informed of how your Personal Data is used (through this notice);
  • The right to access any personal data held about you;
  • The right to rectify any inaccurate or incomplete personal data held about you;
  • The right to erasure where it cannot be justified that the information held satisfies any of the criteria outlined in this notice;
  • The right to prevent processing for direct marketing purposes, scientific/historical research or in any such way that is likely to cause substantial damage to you or another, including through profile building; and
  • The right to object to processing that results in decisions being made about you by automated processes and prevent those decisions being enacted.

You can exercise your right to access any personal data that might be held about you, or any other right, by emailing info@clairegaudion.com with the subject line: “Subject Access Request”. When you submit a ‘subject access request’, you will need to provide confirmation of your identity by attaching a photocopy of your driver's license or passport. This is provided free of charge and our response will be made within thirty (30) days unless our Data Protection Lead deems your request as being excessive or unfounded. If this is the case, we will inform you of our reasonable administration costs in advance and/or any associated delays, giving you the opportunity to choose whether you would like to pursue your request. If you believe we have made a mistake in evaluating your request, please see the section ‘Who can you complain to?’.

If you have questions about any of the rights mentioned in this section, please contact our Data Protection Lead at info@clairegaudion.com.

Who is the Data Controller?

  • If we have collected your personal data directly from you for our own purposes, we are the Data Controller.
  • If we have been passed your personal data from a third-party for our own purposes, we are the Data Controller. We will contact you to let you know before we first start to use it, or, at the latest, within one month of acquiring it.
  • If we have received your personal data as part of a direct administrative relationship between our business and yours, the Data Controller is your employer for that purpose.

What are the lawful bases for processing personal data?

Under Data Protection Legislation, there must be a ‘lawful basis’ for the use of personal data. The lawful bases are outlined in Article 6, Section 1 of the GDPR. What are our ‘legitimate interests’?

Legitimate interests are a flexible basis upon which the law permits the processing of an individual’s personal data. To determine whether we have a legitimate interest in processing your data, we balance the needs and benefits to us against the risks and benefits for you of us processing your data. This balancing is performed as objectively as possible by our Data Protection Lead. You are able to object to our processing and we shall consider the extent to which this affects whether we have a legitimate interest. If you would like to find out more about our legitimate interests, please contact info@clairegaudion.com.

About our processing of your data

We might collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

Identity Data such as names, usernames or similar; marital status; title; date of birth; sex and gender.

Contact Data such as addresses; email addresses and telephone numbers.

Financial Data such as bank account and payment card information.

Transaction Data such as information about payments and details of purchases you have made.

Technical Data such as IP addresses; login data; browser info; time zone; location; browser plug-ins; operating systems; platforms and other technology on the device used to access this website.

Profile Data such as usernames; passwords; security answers; purchases/orders; interests; preferences; feedback and responses to surveys, blogs and messages.

Usage Data such as analytics relating to how you use the website.

Marketing and Communications Data such as your preferences about receiving communications from us or third parties.

We also collect, use and share Aggregated Data such as statistical or demographic data. Aggregated Data can be derived from your Personal Data but is not itself Personal Data as it cannot be used to reveal your identity. If Aggregated Data is ever used in combination with your Personal Data and becomes identifiable, it will be treated in accordance with this notice.

Reference

What categories of information about you do we process?

Why are we processing your data?

Where did we get your personal data from?

Consumer Projects

·       Identity Data

·       Contact Data

·       Financial Data

·       Transaction Data

·       Technical Data

We need to be able to contact our consumer clients, understand their specific requirements and process their payment information in order to complete projects on their behalf. This processing is conducted lawfully on the basis of 'performance of a contract'.

Directly obtained, or by referral - we will always contact you to notify you of a referral before we first process your data, and within a maximum of thirty (30) days.

Business Projects

·       Identity Data

·       Contact Data

·       Transaction Data

·       Technical Data

For our business clients, we need to have a contact within their organisation in order to be able to facilitate completion of a project. This processing is conducted lawfully on the basis of 'performance of a contract'.

Directly obtained, or by referral - we will always contact you to notify you of a referral before we first process your data, and within a maximum of thirty (30) days.

Fulfilment of Orders

·       Identity Data

·       Contact Data

·       Financial Data

·       Transaction Data

·       Technical Data

Whenever we sell you a product we use your personal data in order to manage your order, process payments and make sure that you receive your products. This processing is conducted lawfully on the basis of 'performance of a contract'.

Directly obtained at point of sale.

Consumer Marketing

·       Identity Data

·       Contact Data

·       Transaction Data

·       Marketing and Communications Data

We make all of our previous customers aware of our new services and other products/events that we think are relevant to them based on our previous engagement. This processing is conducted lawfully on the basis of 'our legitimate interests'.

Directly obtained.

B2B Marketing

·       Identity Data

·       Contact Data

·       Marketing and Communications Data

We sometimes contact individuals representing their businesses at their business addresses in order to market our services to their business. This processing is conducted lawfully on the basis of 'our legitimate interests'.

Directly obtained.

Customer Services

·       Identity Data

·       Contact Data

·       Financial Data

·       Transaction Data

·       Technical Data

·       Marketing and Communications Data

In honouring warranties and in order to provide the high specification of customer service that we are known for, we will respond to customer complaints and queries solicited by the customer. This processing is conducted lawfully on the basis of 'performance of a contract'.

Directly obtained, or by referral - we will always contact you to notify you of a referral before we first process your data, and within a maximum of thirty (30) days.

Public Contact

·       Identity Data

·       Contact Data

We make our email addresses publicly available, as well as offering contact methods through our website. We use individual’s information to respond to their queries. This processing is conducted lawfully on the basis of 'our legitimate interests'.

Directly obtained.

 

What happens if I refuse to give you my personal data?

If your personal data is used for Consumer Projects or Business Projects, your personal information may have been collected as part of a statutory obligation requiring the processing of your data. Failure to process your data could result in us being unable to enter into a contract with you to provide services or being unable to comply with our contractual or legal obligations. The information about you that we have collected for the performance of our contracts is required in order for us to successfully fulfil our obligations to you. If you choose not to provide the personal data requested, we will not be able to enter into a contract with you to provide the services we offer. If we are already processing your personal information under a contract, you must end our contractual relationship (as/where permitted) in order to exercise some of your rights.

What profiling or automated decision making do you perform?

We do not perform any profiling or automated decision making based on your personal data.

How long will your personal data be kept?

We hold different categories of personal data for different periods of time. Wherever possible, we will endeavour to minimise the amount of personal data that we hold and the length of time for which it is held.

  • If we process your data on the basis of ‘legitimate interests’, we will retain your data for as long as the purpose for which it is processed remains active. We review the status of our legitimate interests every twelve (12) months and will update this notice whenever we determine that either a legitimate interest no longer exists or that a new one has been found.
  • All categories of personal data that are held by us because they are essential for the performance of a contract, will be held for a period of six years, as determined by reference to the Limitations Act 1980, for the purposes of exercising or defending legal claims.

Who else will receive your personal data?

We pass your data to the third parties listed in the section ‘Third Party Interests’ below.

Does your data leave the UK?

Yes. Where we use providers located outside the UK: if in the United States, they are either Privacy Shield certified or bound by Standard Contractual Clauses; if outside the US, they are either subject to an Adequacy Decision, or bound by Standard Contractual Clauses.

Third Party Interests

Category or Name of Third Party Processor

Purposes for carrying out processing

Web hosting providers

Website hosting, including the storage of data forming the website content and processing your Technical Data (and Profile Data, where applicable) in order to provide you with access to our websites.

Information technology providers

·       Cloud server systems to help us manage our client databases.

·       Telephony providers.

·       Office software providers, such as email clients.

·       IT Support services, who might require access to our systems (with our strict supervision) in order to remedy faults with our technology.

Order fulfilment services

Some of the products that form part of our service are held and delivered by third-parties. Occasionally, this might include limited amount of personal data to ensure that the correct items go to the correct people.

Payment services providers

We use Shopify Payments in order to process payments made via our shop. You can find Shopify’s Privacy Policy here https://www.shopify.com/legal/privacy and Cookies Policy here https://www.shopify.com/legal/cookies.

Newsletters

We use mailchimp email service for our newsletter. When you subscribe to our newsletter, a limited amount of your personal data is used to ensure that this gets send out correctly. You can find their Privacy Policy here https://www.intuit.com/privacy/statement.

 

 

 

Who can you complain to?

In addition to sending us your complaints directly to us at info@clairegaudion.com, you can send complaints to our supervisory authority. As we predominantly handle the personal data of UK nationals, our supervisory authority is the Information Commissioner’s Office. If you believe that we have failed in our compliance with data protection legislation, complaints to this authority can be made by visiting https://ico.org.uk/concerns/.

 

Cookies

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

We use the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Marketing and Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

Please note that third parties also use cookies, over which we have no control. These may include, for example, social networks, advertising networks and providers of external services like web traffic analysis services. These third-party cookies are likely to be analytical cookies or performance cookies or targeting cookies.