PRIVACY POLICY

Andrea Sharpe t/a Astrid Jensen Chic Candy Carts ('we', 'us', 'our') are here to provide you with an excellent candy cart hire service and are only interested in your personal information to fulfill that service. The only information that we have about you has been/will be provided by you and as far as we're concerned belongs to you so you can ask us to do what you like with it (in terms of GDPR*!). We strive to comply with our obligations under the *General Data Protection Regulation (GDPR) by: keeping personal data/information up-to-date; storing and destroying it securely; only gathering the data that is necessary for the running of our business. 

Our policy embraces the principles of GDPR and, as in all aspects of our business, we will keep you informed and be transparent about how we gather and use your information.

PERSONAL DATA OR INFORMATION - WHAT IS IT?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information we hold or are likely to hold. Personal data includes paper data, e.g. written correspondence. The processing of personal data is governed by the GDPR.

DATA WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
  • Information that you provide by filling in forms on www.astridjensen.co.uk (our site), on any of our social media platforms, or that we email or post to you. This will include your name, email address and mobile 'phone number. If you complete a Candy Cart Hire booking form we will also collect your address and information about your event including the date, time and venue. We assume that you agree to the principles of our policy when you choose to submit a form to us and advise you of this next to the 'submit' button
  • Information that you provide via email, Messenger, SMS, 'phone or in writing
  • If you contact us, we may keep a record of that conversation and/or correspondence.
  • We may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
  • Details of transactions you carry out through our site and of the fulfilment of your orders.
  • Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.

COOKIES
We have not added any cookies* to our website but our web host, Sitelio, has informed us that this website automatically uses persistent cookies which according to the Information Commissioner's Office (ICO) are "stored on a users’ device in between browser sessions which allows the preferences or actions of the user across a site..........  to be remembered. Persistent cookies may be used for a variety of purposes including remembering users’ preferences and choices......" This information does not identify any individual and we don't access it. We are signed up for Google Analytics but this doesn't give us any personal information. The Google Analytics tracking code automatically uses anonymous identifiers to collect data using browser cookies. You can disable cookies in your browser (Google has a wealth of information on this) but most websites won't work properly if you do. 

*update 13/6/18: we have added one to give you the option whether or not to accept cookies! 

WHERE WE STORE YOUR PERSONAL DATA
Information you provide to us electronically is stored on our servers. Our website doesn't allow for SSL but we are password protected and have Bullguard Internet Security 2018 installed. Paper information is stored in a locked office which cannot be accessed by anyone else.

We don't have any access to your payment details as we don't enter into any payment transactions directly. Any payment you make to us via our website is automatically directed to PayPal whereupon their own Privacy Policy applies -  we do not accept any responsibility or liability for such policies.

Unfortunately, in spite of the measures that we have take to the contrary, the transmission of any information via the internet is not completely secure. For example, when data is accidentally disclosed to unauthorized persons or when our laptop is stolen or subject to a targeted attack. Although we will do our utmost to protect your personal data as described above, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. In the unlikely event of a data breach we will always notify the Information Commissioner's Office (ICO) and we will take steps to notify you if we believe that your personal data has been compromised.

USES MADE OF THE DATA
We use information held about you in the following ways and the legal basis for each is noted in brackets :
  • To ensure that content from our site is presented in the most effective manner for you and for your computer (legitimate interest)
  • To provide you with information, products or services that you request from us (legitimate interest)
  • To provide you with information, products or services which we feel may interest you, where you have consented to be contacted for such purposes (explicit consent)
  • To carry out our obligations arising from any contracts entered into between you and us (contractual).
  • To maintain our internal records (legitimate interest)
  • To maintain our financial records (legal obligations​)

HOW LONG DO WE KEEP YOUR INFORMATION?

We will delete your personal information when the contract entered into between you and us has been fulfilled, we are no longer in contact with you and/or we have no legal obligation to retain your information.

SHARING YOUR PERSONAL INFORMATION
Your personal information will be treated as strictly confidential and will not be shared with 3rd parties unless:
  •  it is required carry out our obligations arising from any contracts entered into between you and us 
  • we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements
  • we have your explicit consent

YOUR RIGHTS AND YOUR PERSONAL INFORMATION
Unless subject to an exemption under the GDPR, you have the right to:
  • request a copy of the personal data which we hold about you;
  • request that we correct any personal data if it is found to be inaccurate or out-of-date;
  • request that your personal data is erased where it is no longer necessary for us to retain it;
  • request the restriction of how we use your personal data;
  • request that we transmit your data by automatic means directly to another Data Controller;
  • withdraw your consent to the processing at any time;
  • lodge a complaint with the Information Commissioner's Office.
​​
LINKS TO OTHER WEBSITES
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

FURTHER PROCESSING
If we wish to use your personal data for a new purpose that is not covered by this policy then we will update this policy and, where necessary, seek your prior consent to the new processing.

CONTACT DETAILS
If you have any queries or wish to exercise your rights in relation to personal information that we hold about you or have a complaint about how we process your information please in the first instance contact:
Andrea Sharpe
Astrid Jensen Chic Candy Carts
Unit1.3, Building 18
Barclay Curle Industrial Complex
739 South Street
Glasgow
G14 0BX

email: [email protected]

If we are unable to resolve your complaint you can contact the ICO directly:
Information Commissioner's Office
45 Melville Street
Edinburgh
EH3 7HL

Tel: 0303 123 1115

email: [email protected]

More information about GDPR can be found on the ICO's website  https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
We respectfully suggest that before you click on this link you make yourself a large cup of tea/coffee and maybe a sandwich. It's a very long and complicated read...




  ​​