Corette Cornelia Design is the data controller and responsible for your personal data.
Policy key definitions
"I", "our", "us", or "we" refer to the business, Corette Cornelia Design.
"you", "the user" refer to the person(s) using this website.
GDPR means General Data Protection Act.
PECR means Privacy & Electronic Communications Regulation.
ICO means Information Commissioner's Office.
Cookies mean small files stored on a users computer or device.
Key principles of GDPR
Your Individual Rights
Under the GDPR your rights are as follows. You can read more about your rights in details here;
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
What Personal Data We Collect
Personal data means any information capable of identifying an individual. It does not include anonymised data. The types of data we may process about you are:
Personal details (such as your name, e-mail address and telephone number) which you provide by submitting an enquiry via the website, email or telephone.
Financial and transaction data such as payment card details, billing address, delivery address, details about payments to and from you and other details of products and services you have purchased from us.
How you use the website and any other information you post, e-mail or otherwise send to us.
IP addresses – we may collect information where available about your IP (internet protocol) address, operating system and browser type, plug-ins, time zone setting, location and other technology used on devices through which this site is accessed. This data provides us with information about users’ browsing actions and patterns. It is used to inform improvements to the Website and for internal system administration.
Marketing and communication data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Profile Data including purchases or orders, your interests, preferences, feedback and survey responses as provided by you.
Usage Data may include information about how you use our website, products and services.
How We Collect Data
Personal data is collected through direct interactions and automated interactions or technologies.
Direct interactions: You may provide data by filling in forms on our site or by communicating with us by post, phone, email or otherwise, including when you:
inquire about or order products or services;
subscribe to our service or publications;
request resources or marketing be sent to you;
enter a competition, prize draw, promotion or survey; or give us feedback.
Purposes for collecting and processing personal data
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases. We are exempt from registration in the ICO Data Protection Register because we handle personal data only for the core business purposes of staff administration, advertising marketing, PR, accounts and record keeping. Our processing remains strictly within these limits.
Purpose: To establish and maintain contact with a client
Type of Data: Identity & contact details
Lawful Basis: Contractual Obligation
Purpose: To enable you to partake in a prize draw, competition or complete a survey
Type of Data: Identity, contact details, profile, usage, marketing and communications
Lawful Basis: Necessary for our legitimate interests to study how customers use our products/services, to develop them and grow our business
Purpose: To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
Type of Data: Cookies, technical ,usage
Lawful Basis: Necessary for our legitimate interests to define types of customers for our products and services, to keep our site updated and relevant, to develop our business and to inform our marketing strategy
Purpose: To process and deliver design services including: manage payments, fees and charges, collect and recover money owed to us
Type of Data: Identity, contact details, financial, transactions.
Lawful Basis: contractual obligation, necessary for our legitimate interests to recover debts owed to us.
Purpose: To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
Type of Data: Identity, cookies, technical
Lawful Basis: Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise, necessary to comply with a legal obligation
Type of Data: Identity, contact details, profile, marketing and communications.
Lawful Basis: Contractual obligation, necessary to comply with a legal obligation, necessary for our legitimate interests to keep our records updated and to study how customers use our products/services.
Purpose: To deliver relevant content and advertisements to you and measure and understand the effectiveness of our advertising
Type of Data: Identity, contact details, profile , usage, marketing and communications, technical
Lawful Basis: Necessary for our legitimate interests to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy
Purpose: To make suggestions and recommendations to you about goods or services that may be of interest to you
Type of Data: Identity, contact details, technical, usage, profile
Lawful Basis: Necessary for our legitimate interests to develop our products/services and to grow our business
Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
How long we store personal data
Your personal data will be kept by Corette Cornelia Design for no longer than is necessary for the purpose we obtained it for including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
You have the right to request that we delete any personal data belonging to you. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Data Security & Protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
Sharing your Personal Data
There are some circumstances in which we are required to share your personal data with other organisations or third parties.
Service providers who provide IT and system administration services.
Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We will not share your personal data with any other organisation or third parties unless as set out in this privacy notice or by seeking your prior consent. An exception to this would be where we are required to share your personal data in accordance with law or any regulatory requirement to which Corette Cornelia Design is subject.