The EU General Data Protection Regulation (GDPR) are rules that govern how data is collected and processed.
The personal data I hold is in line with two of the six lawful bases for processing. These two lawful bases are:
- Consent ? where the individual provides consent for their personal data to be used for a specific purpose. This applies to naomialice where individuals share their personal data with us to be used for information relating to the Services available.
- Contract ? where the processing of an individual?s personal data is required in order to enter into a contract. This applies to naomialice where individuals share their personal data in order for a contract to be entered into for purchases.
What data does naomialice collect and how is it used?
I only collect the personal data that I require in order to fulfil the orders.
The personal data that I hold contains the names, addresses, emails and phone numbers of my customers. I collect this information through order processing and hold this information for the purposes of posting the orders and updating customers on their orders as well as to tell customers when their order period is about to expire.
Personal data, its purposes and how the data is used, is stored within a database on a password protected device.
I keep this data for 18 months after the last interaction with the individual. After this time, the data is permanently deleted.
I never pass this data on to third parties.
I may pass this data on to the relevant legal authorities if there are legal requirements to do so.
I can delete your data if you wish me to.
What are your rights over your personal data?
You have the right to be informed about how your data is collected, stored and used.
You have the right to request access to, correction or deletion of, your data at any point for the duration that the data is held for.
You have the right to restrict the amount of data you provide.
You have the right to object to your data being used.
If you wish to exercise these rights please contact me immediately via firstname.lastname@example.org
What if there is a personal data breach?
If there is a data breach which could lead to the unintentional or unlawful loss, alteration, disclosure, access to, or deletion of personal data I will inform individuals about this breach as soon as possible as well as inform the ICO (Information Commissioner?s Office).