Privacy Policy

What Personal Data do I process?

The Personal Data (data) I process are names, addresses, telephone numbers, email addresses and bank account details. In some cases this data is processed externally under contract. I collect this data directly from you when you place an order or sign up to the newsletter.

What is this data used for?

I use your data to process your order and occasionally to send out my newsletter.

With whom is your data shared?

Your data is shared with my payment processing and web hosting service providers. These providers have stated Privacy Policies that meet the requirements of the 2018 Data Protection Act.

Data is not otherwise passed on by me to any other organisation except where I may have to comply with a legal obligation to do so or I have your explicit consent.

How is your data stored?

Data in digital form is stored on password protected personal computers and on service providers’ secure servers.

Paper records are stored in secure physical locations.

Who is responsible for ensuring compliance with the relevant laws and regulations?

The 2018 Data Protection Act requires I have a Data Controller responsible for setting a Privacy Policy that ensures regulatory compliance. The Data Controller is Dee Puddy.

Who has access to your data?

Only Data Processors authorised by the Data Controller.

What is the legal basis for processing this data?

I process data on the basis of a legitimate interest necessary for the running of my business. See also ‘What is the data used for’ above.

How you can check what data I have about you?

You should contact info@deepuddy.co.uk if you want me to provide you with the type of Personal Data I hold on you. If you are interested in any particular aspects, specifying them will help me provide you with what you need quickly and efficiently. I am required to provide this to you within one month.

There is not usually a fee for this, though I can charge a reasonable fee based on the administrative cost of providing the information if a request is manifestly unfounded or excessive, or for requests for further copies of the same information.

Do I process any Sensitive Personal Data?

The 2018 Data Protection Act defines Sensitive Personal Data as “special categories of personal data”. I do not process any Sensitive Personal Data.

How can you ask for data to be removed, limited or corrected?

You should contact info@deepuddy.co.uk.

For how long do I keep your data, and why?

I keep data for up to three years from the last order placed to facilitate re-ordering.

Financial records are held for seven years to comply with HMRC requirements, records held by my payment processor and hosting company will be held in accordance with their Privacy Policies.