Skip to content
1.1 I, Annabel Playfair (with ‘I’, ‘my’ or ‘me’ being interpreted accordingly) am committed to protecting your privacy and personal information. Personal information relating to you from which you can be identified that I collect or which you provide is called personal data (‘Personal Data’).
2 My Legal obligations regarding your Personal Data
I collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) (‘GDPR’) and the UK Data Protection Act 2018 (‘DPA’) together with other applicable UK and EU laws that regulate the collection, processing and privacy of your Personal Data (together, ‘Data Protection Law’).
3 What Personal Data do I collect and use?
3.1 The Personal Data about you that I collect and use includes the following:
Your email address, telephone number, billing address and delivery address;
Information from accounts you link to me (e.g. Facebook, Twitter, Instagram);
Your contact history and purchase history;
Information about your use of my website (see ‘Cookies’ below).
3.2 Please note that if you do not provide Personal Data when I ask for it, it may delay or prevent me from providing products to you.
4 How your Personal Data is collected
4.1 I collect most of this Personal Data directly from you – in person, by email, telephone and via my website e.g. when you contact me with a query, make a purchase, or ask that you are added to my mailing list. However, I may also collect Personal Data from cookies on my website (see ‘Cookies’ below), from social media accounts you link to me e.g. Facebook, Twitter or Instagram and from articles or other information which has been published about you in the media.
5 Information about third parties
5.1 Please ensure that any Personal Data you supply to me which relates to third party individuals is provided to me with their knowledge of my proposed use of their Personal Data.
6 How and why I use your Personal Data
6.1 Under Data Protection Law, I can only use your Personal Data if I have a proper reason for doing so e.g.:
To comply with my legal and regulatory obligations;
For the performance of a contract between me or to take steps at your request before entering into a contract;
For my legitimate interests or those of a third party (where I have a business or commercial reason to use your Personal Data, so long as this is not overridden by your own rights and interests, including ensuring the successful continuing of my business operations, updating my client and contact records, improving my offerings, marketing my offerings and preventing fraud); or
Where you have given consent.
6.2 If I process sensitive data as referred to above I will only do this with your explicit consent; or, to protect your vital interests (or those of someone else) in an emergency; or, where you have already publicised such information; or, where I need to use such sensitive data in connection with a legal claim that I have or may be subject to.
6.3 I may use your Personal Data for one or more of the following purposes:
To fulfil requests, including providing products or services to you, responding to any requests you may have regarding products or services;
Marketing, including adding you to my mailing list and providing you with direct marketing communications about what I am doing as Ill as products or events which may be of interest to you by email. If required under applicable law, where I contact you by email, social media and/or any other electronic communication channels for direct marketing purposes, this will be subject to you providing your express consent. You can object or withdraw your consent to receiving direct marketing from me at any time, by contacting me using the following email address email@example.com;
To enforce and/or defend any of my legal claims or rights; and/or
For any other purpose required by applicable law, regulation, the order of any court or regulatory authority.
7 Disclosing your Personal Data to third parties
7.1 I will not sell or rent your Personal Data. I will only share your Personal Data as set out in this section 7, including sharing with:
third parties I use to help deliver my products and services to you, e.g. payment service providers and delivery and shipping companies;
other third parties I use to help me run my business, e.g. my client database providers; and
third parties approved by you, e.g. social media accounts you choose to link your account with me to or third-party payment providers.
7.2 I only allow my service providers to handle your Personal Data if I am satisfied they take appropriate measures to protect your Personal Data. I also impose contractual obligations on service providers to ensure they can only use your Personal Data to provide services to me and to you.
7.3 I may also share personal information with external auditors in relation to the audit of my accounts, and I may disclose and exchange information with law enforcement agencies and regulatory bodies without telling you to comply with my legal and regulatory obligations.
7.4 I may also need to share some Personal Data with other parties, such as potential buyers of some or all of my business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
8 Cookies and similar technologies
8.2 My website uses the following types of cookies:
Necessary cookies: these cookies are essential for the website to function properly and cannot be disabled without severely affecting the usability of the website. The law does not require me to ask consent to use these cookies and they will always be placed when you use my website.
Functional cookies: these cookies remember various choices you make on the website to improve your experience. They are also used to display recommendations for you based on your past activity on the website. Functional cookies may be required for actions such as watching a video.
Any Personal Data that these cookies collect is anonymised before being used for any other purpose, so I don’t keep records of your data or track you personally, or monitor how you browse on other websites.
Analytics cookies: these cookies gather anonymous data on how visitors use the website e.g. what pages are most visited and how long visitors stay on them as well as what device and operating system you are using. They also gather information on errors which may occur during visits which can help me fix them.
8.3 Managing cookies: most web browsers allow you to manage which cookies you accept via their settings. You can normally use the ‘Help’ functionality on your browser to find out about how it handles cookies and how you can manage your cookie preferences.
8.4 Some of my marketing emails to you may include a unique URL. If you click that URL (link), then I may measure your responsiveness to my communications on different subjects.
9 How long I retain your Personal Data for
9.1 Annabel Playfair only retains Personal Data identifying you for as long as you have a relationship with me, as is necessary to perform my obligations to you (or to enforce or defend contract claims), or as is required by applicable law.
9.2 I have a data retention policy that sets out the different periods I retain data for in respect of relevant purposes in accordance with my duties under Data Protection Law. The criteria I use for determining these retention periods is based on various legislative requirements; the purpose for which I hold data; and guidance issued by relevant regulatory authorities including but not limited to the UK Information Commissioner’s Office (ICO)
9.3 Personal Data I no longer need is securely disposed of and/or anonymised so you can no longer be identified from it.
10 Security that I use to protect Personal Data
10.1 I employ appropriate technical and organisational security measures to protect your Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
10.2 I also endeavour to take all reasonable steps to protect Personal Data from external threats such as malicious software or hacking. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and I cannot 100% guarantee the security of all data sent to me (including Personal Data).
11 Links to other websites
12 Your personal data rights
12.1 In accordance with your legal rights under applicable law, you have a ‘subject access request’ right under which you can request information about the Personal Data that I hold about you, what I use that Personal Data for and who it may be disclosed to as well as certain other information. Usually I will have a month to respond to such a subject access request. I reserve the right to verify your identity if you make such a subject access request. I may also require further information to locate the specific information you seek before I can respond in full and apply certain legal exemptions when responding to your request. If you wish to submit a subject access request, or you have a question regarding your rights, please email firstname.lastname@example.org and I’ll be happy to help where I can.
12.2 Under Data Protection Law you also have the following rights, which are exercisable by making a request to me in writing, to email@example.com:
that I correct Personal Data that I hold about you which is inaccurate or incomplete;
that I erase your Personal Data without undue delay if I no longer need to hold or process it;
to object to any automated processing (if applicable) that I carry out in relation to your Personal Data;
to object to my use of your Personal Data for direct marketing;
to object and/or to restrict the use of your Personal Data for purpose other than those set out above unless I have a legitimate reason for continuing to use it; or
that I transfer Personal Data to another party where the Personal Data has been collected with your consent or is being used to perform contact with you and is being carries out by automated means.
12.3 If you would like to exercise any of the rights set out above, please contact me at firstname.lastname@example.org
12.4 If you make a request and are not satisfied with my response, or believe that I am illegally processing your Personal Data, you have the right to complain to the Information Commissioner’s Office (ICO) – see https://ico.org.uk/ .