Privacy Policy
Privacy Policy
This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from https://www.lucydodwell.com/ (the “Site”) and how we comply with the UK General Data Protection Regulation, the Data Protection Act 2018 and EU General Data Protection Regulation 2016/679.
PERSONAL INFORMATION WE COLLECT
When you visit the Site, you will be asked via a pop up banner, whether you are happy for us to collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device to be collected. And whether you are happy as you browse the Site, for us to collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this consent-collected information as “Device Information.”
If you consent, we collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
Additionally when you make a purchase or attempt to make a purchase through the Site, we will collect certain information from you, including your name, billing address, shipping address, payment information (including debit/credit card numbers, American Express, Apple Pay and PayPal data and other payment methods from time to time), email address, and phone number. We refer to this information as “Order Information.”
When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use the Order Information that we collect generally to fulfil any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
Communicate with you;
Screen our orders for potential risk or fraud; and
When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services. This includes our popular newsletter to existing customers who have signed up to receive it. You can of course cancel this at any time.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimise our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
SHARING YOUR PERSONAL INFORMATION
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store-- you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy. We also use Google Analytics to help us understand how our customers use the Site--you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
THE LAWFUL BASIS FOR PROCESSING PERSONAL DATA
Where the GDPR applies we rely on the following lawful reasons to collect and use your personal data and on occasion more than one lawful reason (basis) set out below may apply to the processing:
- our legitimate interests in marketing and providing our goods and services globally for both our benefit and that of our customers and contacts interested in what we provide;
- to comply with our legal obligations;
- where you consent to the processing where we ask you to (e.g. for certain sorts of marketing or other processing where the law either requires this or where it is our policy from time to time to seek consent for such processing).
BEHAVIOURAL ADVERTISING
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding
online-advertising/how-does-it-work.
You can opt out of targeted advertising by:
FACEBOOK - https://www.facebook.com/settings/?tab=ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
YOUR RIGHTS
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident we note that we are processing your information in order to fulfil contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
SECURITY AND THE PROTECTION OF PERSONAL DATA
We use appropriate technologies, policies, processes and procedures to protect personal information. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed and updated regularly to reflect changes in legislation and in business needs.
Examples of the technologies, policies, processes and procedures we maintain are:
- we have measures in place to protect against accidental loss and unauthorised access, use, destruction, or disclosure of data;
- we have implemented measures that are designed to safeguard the continuity of our service to our clients and to protect our people and assets;
- we place appropriate restrictions on access to personal information;
- we implement appropriate measures and controls to store and transfer data securely;
- we require, through the use of contracts and security reviews, our third-party vendors, service providers and their sub-contractors to protect any personal information with which they are entrusted in accordance with our security policies and procedures.
DATA RETENTION
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
The length of time we retain your personal information is determined by several factors including the purpose for which we use that information and our obligations under other laws. We determine the period of retention of your personal information based on the following criteria:
- Retention in case of queries. We will retain your personal information in case of queries from you, [including on behalf of an organisation for whom you work];
- Retention in case of claims. We will retain certain of your personal information for the period in which you or a third party might bring claims against us;
- Retention in accordance with legal and regulatory requirements. We will carefully consider whether we need to retain your personal information after the period described above in case of a legal or regulatory requirement.
The exceptions to the above are where:
- you exercise your right to require us to retain your personal information for a period longer than our stated retention period (see further Restriction of processing below);
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Request for deletion below);
- we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
- in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
When we no longer need your personal information, we securely delete or destroy it.
DATA CONTROLLER
The Data Controller is:
Star & Lily Limited, The Mill House, Boundary Road, Loudwater, High Wycombe, Bucks HP10 9QN, United Kingdom Email: lucy@lucydodwell.com
If you have any queries or comments about this privacy notice or how and why personal data are processed, please contact us using the details above.
INDIVIDUAL RIGHTS AND HOW TO EXERCISE THEM
Individuals have specific rights over their personal data gathered and processed us as described below:
Right of Access – individuals have a right to access to their personal data held by Star & Lily Limited as a data controller – (Subject Access Request). Please write to the Data Controller at the above address to make such a request. Individuals may be asked to provide for documentation to verify identity and may be charged in accordance with the law governing data protection. We will respond to Subject Access Requests within one calendar month.
Right to request that your personal information is amended - to update your personal information, please write to the Data Controller at the above address. Personal details will be updated as soon as practicable possible following receipt of a request.
Right to be ‘forgotten’ or to request erasure – an individual may ask that their personal data are removed or deleted if there is not a compelling reason for us to retain it. Please contact the Data Controller at the above address if you wish to request that your data are removed.
Right to withdraw consent – where personal data are processed under the lawful basis of consent, an individual has the right to withdraw consent to that processing at any time. To withdraw consent, please email us at lucy@lucydodwell.com or, if you wish to withdraw consent to marketing emails, please click on the unsubscribe link in the relevant email.
Right to data portability – an individual may request a copy of their personal information in a format that would allow it to be transferred to another company in a safe and secure way.
For further information, please contact the Data Controller at the above address.
Right to restrict data processing – an individual may request that the processing of their personal information is restricted. We may retain the personal information in such circumstances but will ensure it is not used for the purposes that have been restricted.
Right to object – an individual may object to the processing of their personal information for direct marketing (including profiling) and where it is being processed for our legitimate interests. For more information, please contact the Data Controller at the above address.
CHANGING PRIVACY LAWS
We recognise that the transparency of data processing is extremely important. This privacy statement will be kept under regular review to ensure it complies with current data protection laws.
This Privacy Statement was last updated on 21 June 2021.
If we decide to change our privacy policy, we will post those changes to this page so that you are always aware of what information we collect and how we use it.
COMPLAINTS
We take great care to comply with the laws governing the protection of personal data. If, however, you do want to complain about our use of personal data, please send an email with the details of your complaint to the Data Controller at lucy@lucydodwell.com and we will investigate your concerns.
You have the right to bring your concerns to the attention of the Information Commissioner’s Office. For more information about how to complain to the ICO, please refer to the ICO website: https://ico.org.uk/concerns/
MINORS
The Site is not intended for individuals under the age of sixteen.
CONTACT US
For more information about our privacy practices, or if you have any questions, please contact us by e-mail at: lucy@lucydodwell.com.
Thank you.
....
- page last updated August 2023