Privacy Policy

Privacy Policy 

This Privacy Policy describes how your personal information is collected, used, and shared  when you visit or make a purchase from https://www.lucydodwell.com/ (the “Site”) and how we comply with the UK General Data Protection Regulation, the Data Protection Act 2018 and  EU General Data Protection Regulation 2016/679

PERSONAL INFORMATION WE COLLECT 

When you visit the Site, you will be asked via a pop up banner, whether you are happy for us to collect certain information about your device,  including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device to be collected. And whether you are happy as you browse the Site, for us to collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site.  We refer to this consent-collected information as “Device Information.” 

If you consent, we collect Device Information using the following technologies: 

- “Cookies” are data files that are placed on your device or computer and often include an  anonymous unique identifier. For more information about cookies, and how to disable  cookies, visit http://www.allaboutcookies.org. 

- “Log files” track actions occurring on the Site, and collect data including your IP address,  browser type, Internet service provider, referring/exit pages, and date/time stamps. 

- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about  how you browse the Site. 

Additionally when you make a purchase or attempt to make a purchase through the Site, we will collect certain information from you, including your name, billing address, shipping address,  payment information (including debit/credit card numbers, American Express, Apple Pay and PayPal data and other payment methods from time to time), email address, and phone  number. We refer to this information as “Order Information.” 

When we talk about “Personal Information” in this Privacy Policy, we are talking both about  Device Information and Order Information. 

HOW DO WE USE YOUR PERSONAL INFORMATION? 

We use the Order Information that we collect generally to fulfil any orders placed through the  Site (including processing your payment information, arranging for shipping, and providing  you with invoices and/or order confirmations). Additionally, we use this Order Information  to:

Communicate with you; 

Screen our orders for potential risk or fraud; and 

When in line with the preferences you have shared with us, provide you with information or  advertising relating to our products or services. This includes our popular newsletter to  existing customers who have signed up to receive it. You can of course cancel this at any  time.  

We use the Device Information that we collect to help us screen for potential risk and fraud  (in particular, your IP address), and more generally to improve and optimise our Site (for  example, by generating analytics about how our customers browse and interact with the Site,  and to assess the success of our marketing and advertising campaigns). 

SHARING YOUR PERSONAL INFORMATION 

We share your Personal Information with third parties to help us use your Personal  Information, as described above. For example, we use Shopify to power our online store-- you can read more about how Shopify uses your Personal Information  here: https://www.shopify.com/legal/privacy. We also use Google Analytics to help us  understand how our customers use the Site--you can read more about how Google uses your  Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also  opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout. 

Finally, we may also share your Personal Information to comply with applicable laws and  regulations, to respond to a subpoena, search warrant or other lawful request for information  we receive, or to otherwise protect our rights. 

THE LAWFUL BASIS FOR PROCESSING PERSONAL DATA 

Where the GDPR applies we rely on the following lawful reasons to collect and use your  personal data and on occasion more than one lawful reason (basis) set out below may apply  to the processing: 

- our legitimate interests in marketing and providing our goods and services globally for both  our benefit and that of our customers and contacts interested in what we provide; 

- to comply with our legal obligations; 

- where you consent to the processing where we ask you to (e.g. for certain sorts of marketing  or other processing where the law either requires this or where it is our policy from time to  time to seek consent for such processing). 

BEHAVIOURAL ADVERTISING

As described above, we use your Personal Information to provide you with targeted  advertisements or marketing communications we believe may be of interest to you. For more  information about how targeted advertising works, you can visit the Network Advertising  Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding 

online-advertising/how-does-it-work. 

You can opt out of targeted advertising by: 

FACEBOOK - https://www.facebook.com/settings/?tab=ads

Additionally, you can opt out of some of these services by visiting the Digital Advertising  Alliance’s opt-out portal at: http://optout.aboutads.info/. 

DO NOT TRACK 

Please note that we do not alter our Site’s data collection and use practices when we see a  Do Not Track signal from your browser. 

YOUR RIGHTS 

If you are a European resident, you have the right to access personal information we hold  about you and to ask that your personal information be corrected, updated, or deleted. If you  would like to exercise this right, please contact us through the contact information below. 

Additionally, if you are a European resident we note that we are processing your information  in order to fulfil contracts we might have with you (for example if you make an order through  the Site), or otherwise to pursue our legitimate business interests listed above. Additionally,  please note that your information will be transferred outside of Europe, including to Canada  and the United States. 

SECURITY AND THE PROTECTION OF PERSONAL DATA 

We use appropriate technologies, policies, processes and procedures to protect personal  information. Our information security policies and procedures are closely aligned with widely  accepted international standards and are reviewed and updated regularly to reflect changes  in legislation and in business needs. 

Examples of the technologies, policies, processes and procedures we maintain are: 

- we have measures in place to protect against accidental loss and unauthorised access, use,  destruction, or disclosure of data; 

- we have implemented measures that are designed to safeguard the continuity of our service  to our clients and to protect our people and assets; 

- we place appropriate restrictions on access to personal information; 

- we implement appropriate measures and controls to store and transfer data securely;

- we require, through the use of contracts and security reviews, our third-party vendors,  service providers and their sub-contractors to protect any personal information with which  they are entrusted in accordance with our security policies and procedures. 

DATA RETENTION 

We will only retain your personal information for as long as necessary to fulfil the purposes  we collected it for, including for the purposes of satisfying any legal, accounting, or reporting  requirements. 

The length of time we retain your personal information is determined by several factors  including the purpose for which we use that information and our obligations under other laws. We determine the period of retention of your personal information based on the  following criteria: 

- Retention in case of queries. We will retain your personal information in case of queries from  you, [including on behalf of an organisation for whom you work]; 

- Retention in case of claims. We will retain certain of your personal information for the  period in which you or a third party might bring claims against us;  

- Retention in accordance with legal and regulatory requirements. We will carefully consider  whether we need to retain your personal information after the period described above in  case of a legal or regulatory requirement. 

The exceptions to the above are where: 

- you exercise your right to require us to retain your personal information for a period longer  than our stated retention period (see further Restriction of processing below); 

- you exercise your right to have the information erased (where it applies) and we do not need  to hold it in connection with any of the reasons permitted or required under the law (see  further Request for deletion below); 

- we bring or defend a legal claim or other proceedings during the period we retain your  personal information, in which case we will retain your personal information until those  proceedings have concluded and no further appeals are possible; or 

- in limited cases, existing or future law or a court or regulator requires us to keep your  personal information for a longer or shorter period. 

When we no longer need your personal information, we securely delete or destroy it.

DATA CONTROLLER 

The Data Controller is: 

Star & Lily Limited, The Mill House, Boundary Road, Loudwater, High Wycombe, Bucks HP10  9QN, United Kingdom Email: lucy@lucydodwell.com  

If you have any queries or comments about this privacy notice or how and why personal data  are processed, please contact us using the details above.  

INDIVIDUAL RIGHTS AND HOW TO EXERCISE THEM 

Individuals have specific rights over their personal data gathered and processed us as  described below: 

Right of Access – individuals have a right to access to their personal data held by Star & Lily  Limited as a data controller – (Subject Access Request). Please write to the Data Controller at  the above address to make such a request. Individuals may be asked to provide for  documentation to verify identity and may be charged in accordance with the law governing  data protection. We will respond to Subject Access Requests within one calendar month. 

Right to request that your personal information is amended - to update your personal  information, please write to the Data Controller at the above address. Personal details will be  updated as soon as practicable possible following receipt of a request.  

Right to be ‘forgotten’ or to request erasure – an individual may ask that their personal data  are removed or deleted if there is not a compelling reason for us to retain it. Please contact  the Data Controller at the above address if you wish to request that your data are removed.  

Right to withdraw consent – where personal data are processed under the lawful basis of  consent, an individual has the right to withdraw consent to that processing at any time. To  withdraw consent, please email us at lucy@lucydodwell.com or, if you wish to withdraw  consent to marketing emails, please click on the unsubscribe link in the relevant email. 

Right to data portability – an individual may request a copy of their personal information in a  format that would allow it to be transferred to another company in a safe and secure way. 

For further information, please contact the Data Controller at the above address.  

Right to restrict data processing – an individual may request that the processing of their  personal information is restricted. We may retain the personal information in such  circumstances but will ensure it is not used for the purposes that have been restricted.

Right to object – an individual may object to the processing of their personal information for  direct marketing (including profiling) and where it is being processed for our legitimate  interests. For more information, please contact the Data Controller at the above address. 

CHANGING PRIVACY LAWS 

We recognise that the transparency of data processing is extremely important. This privacy  statement will be kept under regular review to ensure it complies with current data protection  laws. 

This Privacy Statement was last updated on 21 June 2021.  

If we decide to change our privacy policy, we will post those changes to this page so that you  are always aware of what information we collect and how we use it. 

COMPLAINTS 

We take great care to comply with the laws governing the protection of personal data. If,  however, you do want to complain about our use of personal data, please send an email with  the details of your complaint to the Data Controller at lucy@lucydodwell.com and we will  investigate your concerns. 

You have the right to bring your concerns to the attention of the Information Commissioner’s  Office. For more information about how to complain to the ICO, please refer to the ICO  website: https://ico.org.uk/concerns/ 

MINORS 

The Site is not intended for individuals under the age of sixteen. 

CONTACT US 

For more information about our privacy practices, or if you have any questions, please contact us by e-mail at: lucy@lucydodwell.com.

Thank you.

 ....

Star & Lily Ltd, trading as Lucy Dodwell.
Company House Number: 13281125, England and Wales.
Registered Office: Burnham Yard, Beaconsfield HP9 2JH (NO RETURNS TO THIS ADDRESS).
VAT Number: 344100058

 

- page last updated August 2023