Privacy Policy
The purpose of this privacy statement is to explain how Little Luxury Treats processes personal data to fulfil our data protection responsibilities in general terms. The scope covers all related activities by the staff of Little Luxury Treats, referred to as LLT hereafter. This statement is provided for information only and is not conditional for the use of our services.
The role of LLT in data protection terms is that of a data controller where it determines the purpose and use of the personal data being processed. It is the responsibility of the privacy manager (PM), contactable using to ensure it is processed in accordance with the UK’s latest data protection legislation.
The sort of personal data processed by LLT will be contact details sufficient to answer your queries and to deliver our services to you. Although the information we ask for will be kept to a minimum, if you do not provide it we may not be able to fulfil our obligations to you.
LLT’s duty of confidentiality means that our staff will treat your personal data with respect and in confidence. It will only be disclosed to staff that need to know it. We also expect the same duty of confidentiality of all third parties with whom we share your personal data. We use appropriate organisational and technical measures to secure all company information. All processing takes place on-site with routine back-ups performed on UK based servers.
LLT processes personal data against a lawful basis in instances described below:
· To respond to your general enquiries and stay in touch with you after service/product delivery, we will do so in pursuit of our legitimate interests
· To comply with our legal obligations such as those required for HMRC purposes
· When necessary for the performance of a contract with you and its prior preparation
· When processing for a pre-defined purpose for which your consent will be sought prior to that processing commencing, but please note that you can withdraw your consent at any time by contacting the PM
In all cases the processing of personal data by LLT shall be in accordance with the principles of data protection as set out in the UK data protection legislation.
LLT will share personal data, but only when necessary, with some or all of the following:
· The Inland Revenue (HMRC) for invoice purposes
· An IT support company which is subject to a data processing agreement
· Solicitors appointed by LLT to handle any client/customer matters if necessary
· Accountants appointed by LLT for payment handling and related record keeping
· Contractors for outsourced services who are subject to a data processing agreement
LLT follows a retention schedule to determine the length of time it holds different types of personal data. The retention schedule is shown below:
· General correspondence with potential clients that does not lead to a quotation or sale for services/products, will be retained for 1 year after our last contact with you
· Personal data collected for the preparation of a sale, such as a quotation or similar, will be retained for the duration of the activity plus 7 years after our last contact with you
· Minimal contact data is stored indefinitely although all requests for erasure will be considered and actioned appropriately
· Financial records and invoices, which may include personal data, will be retained for 6 years after the end of the current tax year of processing
· By exception, documentation that includes personal data may be retained by LLT beyond the schedule, but only for a specific purpose and only when LLT believes there is a legitimate interest or a legal obligation to do so
At the end of the retention schedule LLT will either return, destroy, or delete your personal data and any associated emails or relevant documentation. If it is technically impractical to delete electronic copies of personal data, it will put it beyond operational use. LLT allows up to 3 months after the retention schedule to complete this action.
The LLT websites use cookies (and similar technologies) and all but those deemed to be strictly necessary, require your permission before they are dropped.
The UK General Data Protection Regulation defines the rights that you have (although these do not apply in all situations). For convenience, these rights are shown below:
· Right to be informed as to how your personal data is being processed by us – this is done through this statement or specific privacy notices when issued separately
· Right to access your personal data held by us which is done by making a ‘Data Subject Access Request’ (DSAR) to the LLT PM
· Right to rectification of your personal data if you believe LLT has collected or recorded it incorrectly, or it needs to be updated
· Right to erasure of your personal data for which we no longer have a legitimate purpose to process or where your interests outweigh our own
· Right to restrict processing under certain circumstances, during which time your personal data but will not be in operational use until the related matter is resolved
· Right to data portability of your personal data in a machine-readable version, as you have provided but only applicable to data provided with your consent or under contract
· Right to object to LLT processing your personal data for which there is no associated legal or contractual obligation
· Rights related to automated decision making and profiling (however LLT does not use these techniques in its decision making)
Further details about your rights can be found on the Information Commissioner’s Office (ICO) website: https://ico.org.uk.
Raising concerns, exercising rights, or making queries about our processing of your personal data can be done by contacting the PM. Please be aware that we need to be sure of your identity before responding fully, therefore, you may be asked for proof of your ID. In any event, you have the right to contact the ICO directly over any concerns you may have, using the details provided above, but naturally we would welcome the opportunity to handle any concerns you have first.