my little makes
At My Little Makes we are dedicated to safeguarding your privacy online. Our aim is to ensure that our customers can make purchases and communicate with My Little Makes, confident that their personal data is being kept secure.
Our lead person for data protection is Louise Smythson Way. The lead person ensures that My Little Makes meets the requirements of the GDPR, liaises with statutory bodies when necessary, and responds to any subject access requests. You can find our contact details at the bottom of this page.
Information that we keep
The items of personal data that we keep about individuals are documented on our personal data matrix. The personal data matrix is reviewed annually to ensure that any new data types are included.
Our lawful basis for processing data is fulfilment of our contract with customers that place an order with My Little Makes, our legal obligation for tax purposes and where consent is given from individuals who sign up to our newsletter.
The only personal information we hold is what individuals provide to us when they place an order on our website, sign up for the newsletter, or sign a contract. All the data we gather via our website or through communication with you is used to operate, expand and personalise the service we offer you. How we use your personal data is dependent on the legal basis for processing that data. We are dedicated to using your personal data only for:
Processing your orders correctly.
Development and expansion of the business, including examination of customers’ shopping behaviours, measurement of advertisements and product style preferences of our customers.
Technical management of our website.
Reviewing our systems
Providing you with information about the services we offer.
Letting you know about offers and news.
We store sensitive data for as long as projects are in progress and customers remain active clients. We keep a record of any orders you make from us, so we can help to deal with any enquiries or problems you may have in the future, and so we can ensure that any information that we send to you is appropriate. Personal data that we process shall not be kept for longer than is necessary for that purpose or those purposes. Information required for tax and legal requirements are held for 7 years as a requirement by law.
My Little Makes kindly requests that you do not supply any other person’s personal data to us, unless required by law or you have their explicit consent to do so.
Sharing information with third parties
We will only share your information with outside agencies on a need-to-know basis, for example, in the case of an HRMC audit.
Some limited personal information is disclosed to authorised third parties we have engaged to process it, as part of the normal running of our business, for example in order to take online bookings and to run our website. Any such third parties comply with the strict data protection regulations of the GDPR.
How we protect data
The Internet is not a 100% secure platform for communication and, accordingly, we cannot guarantee the security of any data you send to us (or we send to you) via the Internet. We are not responsible for any damages which you, or others, may suffer as a result of the loss of confidentiality of such information.
We take every precaution to safeguard your information. All personal data stored by us is kept on a server in a secure environment. The computer on which data is accessed on is password protected and third-party software have their own security systems.
The risks of a breach are minimal due to the precautions mentioned above being
taken, and close monitoring is undertaken to ensure security systems are always up to date. Breaches will be identified, reported, managed, and resolved according to the ICO guidelines.
Subject access requests
Under GDPR you have a right to be forgotten, to withdraw your consent, to change information we hold about you, and to restrict processing. My Little Makes is more than happy to comply with this in accordance with the law in the following ways:
Individuals can ask to see the information and records that we keep about themselves.
We will make the requested information available as soon as practicable, and will respond to the request within one month at the latest.
If our information is found to be incorrect or out of date, we will update it promptly.
Individuals can ask us to delete data. However, we have to keep some data for specific periods so won’t be able to delete all data immediately.
If any individual about whom we hold data has a complaint about how we have kept their information secure, or how we have responded to a subject access request, they may complain to the Information Commissioner’s Office (ICO).
We comply with the requirements of the General Data Protection Regulation (GDPR), regarding obtaining, storing and using personal data.
Louise Smythson Way
My Little Makes
7 Spicers Yard
This policy was adopted by:
my little makes May 2018