Data Controller: Lucy White (Lucy Made Me)
Email: [email protected]
We may update this privacy notice from time to time. This version was last updated on 22 July 2022.
Personal information is any form of information from which an individual can be identified. Set out below are the general categories and in each case the types of personal information which we collect, use and hold about you:
Identity Information - This relates to your identity such as your first and last names (including any previous names and any titles which you use), gender, marital status and date of birth.
Contact Information - This relates to your contact details such as email address, postal addresses and telephone numbers.
Account Information - This relates to your account with us (including username and password).
Payment Information - This relates to the methods by which you provide payment to us such as bank account details, credit or debit card details and details of any payments (including amounts and dates) which are made between us.
Transaction Information - This relates to transactions between us such as details of the goods (products you’ve purchased) and services provided to you and any returns details.
Survey & Competition Information - This is what we have collected from you or which you have provided to us in respect of surveys and feedback or your participation in competitions.
Marketing Information - This relates to your marketing and communications preferences (including email newsletter sign ups).
Website, Device & Technical Information - This is about your use of our website and technical data which we collect (including your IP address, the type of browser you are using and the version, the operating system you are using, details about the time zone and location settings on the device and other information we receive about your device).
We do not collect or hold any sensitive information about you. This includes information relating to health, racial and ethnic origin, political opinions, religious and similar beliefs, trade union membership, sex life and sexual orientation and also includes genetic and biometric information.
We are only able to use your personal information for certain legal reasons set out in data protection law. We will use your personal information for the following legal reasons:
Contract Reason: this is in order to perform our obligations to you under a contract we have entered into with you;
Legitimate Interests Reason: this is where the use of your personal information is necessary for our (or a third party’s) legitimate interests, so long as that legitimate interest does not override your fundamental rights, freedoms or interests.
Legal Obligation Reason: this is where we have to use your personal information in order to perform a legal obligation by which we are bound; and
Consent Reason: this is where you have given us your consent to use your personal information for a specific reason or reasons.
So that we are able to provide you with goods and services, we will need your personal information. If you do not provide us with the required personal information, we may be prevented from supplying the goods and services.
It is important that you keep your personal information up to date. If any of your personal information changes, please contact us as soon as possible to let us know. If you do not do this then we may be prevented from supplying the goods and services to you, for example, if you move address and do not tell us, then your goods may be delivered to the wrong address.
Where we rely on consent for a specific purpose as the legal reason for processing your personal information, you have the right under data protection law to withdraw your consent at any time. If you do wish to withdraw your consent, please contact us using the details set out at the beginning of this policy. If we receive a request from you withdrawing your consent to a specific purpose, we will stop processing your personal information for that purpose, unless we have another legal reason for processing your personal information, in which case, we will confirm that reason to you.
We may use your personal information for the following purposes:
Processing Your Order - To take payment from you, advise you of any updates in relation to your order and to fulfil a contract.
Providing Customer Service - To assist and support users and/or customers when requested to do so and to settle disputes.
Enrolling You As A Customer - To contact you regarding similar goods and services to those you have already purchased and that may be of genuine interest to you. This includes updates about our products, promotions and general business information.
Complying With Legal Requirements - To fulfil our legal obligations, for example, to send information to HMRC for tax purposes.
Improving Goods And Services - To improve our products for future customers and to grow our business.
Maintaining & Improving Our Website - To ensure the smooth running and correct operation of our website. This includes using data analysis so we can understand our users and/or customer’s needs, desires and requirements when using the website.
We will only use your personal information for the original purpose for which we collected it.
We usually collect identity information, contact information, payment information, transaction information, survey information and marketing information directly from you when you fill out a form, survey or questionnaire, purchase goods and services from us, contact us by email, telephone, social media or otherwise. This includes the personal information which you provide to us when you subscribe to our email newsletter and enter a competition or survey.
We may receive some of your personal information from third parties. This includes:
- Contact Information and Payment Information from our selected third-party suppliers, such as PayPal and Stripe.
- Identity Information and Contact Information from our selected third-party supplier, such as Mailchimp.
- Website, Device and Technical Information from our third party supplier, such as Google Analytics and from technologies such as cookies which are installed on our website.
Strictly Necessary Cookies -These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website, for instance when logging into an account and using the shopping basket.
Analytical / Performance Cookies - These cookies collect information about how visitors use our website, for instance they allow us to count the number of visitors and the pages they go to most often, and if they get error messages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how our website works, for example, by ensuring that visitors are finding what they are looking for easily.
Functionality Cookies - These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
Targeting / Advertising Cookies - These cookies record your visit to our website, the pages you have visited and the links you have followed, amongst other information. We will use this information to make our website more relevant to your interests. We may also share this information with third parties, such as Facebook, Instagram, Twitter, Pinterest and Google Analytics, for this purpose. These cookies are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.
You can find out more information about cookies and how to disable them by visiting All About Cookies.
We may need to share your personal information with other organisations or people. These organisations include:
- Any organisations which propose to purchase our business and assets in which case we may disclose your personal information to the potential purchaser.
Third Parties who may include:
- Website Host: Create based in the United Kingdom;
- Payment Gateways: Paypal & Stripe based in the United States;
- Bank: Starling based in the United Kingdom;
- Shipping Provider: Royal Mail based in the United Kingdom;
- Email Marketing Service: Mailchimp based in the United States;
- Web Analytics Service: Google Analytics based in the United States;
- Email Platform: 123 Reg based in the United Kingdom;
- Government bodies and regulatory bodies: such as HMRC and fraud prevention agencies based in the United Kingdom
We do not sell or trade any of the personal information which you have provided to us.
All photographs provided by you (the user and/or customer) will only be used for advertising purposes and shared via our social media platforms and/or used on our website with your consent.
Many of our third party service providers listed above are based outside of the European Economic Area (EEA) and as a result we may need to transfer your personal information outside of the EEA.
Whenever we transfer your information outside of the EEA we will do our best to ensure the organisation receiving your personal information has provided adequate protection and safeguards, including use of Binding Corporate Rules, the EU-US Privacy Shield and Model Clauses.
Under certain circumstances you have a number of rights in relation to your personal information as follows:
Right to Access - To obtain from us a copy of the personal information which we hold about you.
Right to Correction - To request that any incorrect or incomplete personal information is corrected and complete.
Right to Erasure - To request us to erase all of your personal information.
Right to Restrict Processing - To request us to restrict the processing of your personal information.
Right to Data Portability - To request us to transfer your personal information to someone else.
Right to Object - The right to object to us processing your personal information.
In addition to the rights set out above, where we rely on consent as the legal reason for using your personal information, you have the right to withdraw your consent. Further details about this are set out above under, ‘How and Why We Use Your Personal Information’.
If you want to exercise any of the above rights in relation to your personal information, please contact us using the details set out at the beginning of this policy.
Any information you request will be provided free of charge, provided the request is not unfounded or excessive. In this instance we may charge a reasonable fee based on the administrative cost of providing the information. Information will be provided within one month of the original request unless the requests are complex or numerous. If there is a delay we will contact you to let you know the progress of your enquiry.
For more information about your individual rights please visit the ICO website.
You may receive email marketing from us about similar goods and services, where either you have consented to this, or we have another legal reason by which we can contact you for marketing purposes.
However, we will give you the opportunity to manage how or if we market to you. In any email which we send to you, we provide a link to either unsubscribe or opt-out, or to change your marketing preferences. To change your marketing preferences, and/or to request that we stop processing your personal information for marketing purposes you can always contact us on the details set out at the beginning of this policy.
If you do request that we stop marketing to you, this will not prevent us from sending communications to you which are not to do with marketing (for example in relation to goods and services which you have purchased from us).
We do not pass your personal information on to any third parties for marketing purposes.
Our website may contain links to third party websites. If you click and follow those links then these will take you to the third party website. Those third party websites may collect personal information from you and you will need to check their privacy policies to understand how your personal information is collected and used by them.