EU GDPR and Nifty Needles
The EU General Data Protection Regulation (GDPR) came into force on the 25th of May 2018. The GDPR changes how personal data is handled and increases or reinforces the rights of data subjects.
This document tells you how Nifty Needles has prepared for the GDPR.
Nifty Needles procedures only allow specified staff access to customer information. All staff understand their responsibilities under The GDPR and the Data Protection Act 2018.
Nifty Needles acts as a Data Controller within the meaning of the GDPR. We control and process the data with our customers’ permission. This permission is given via consent for browsing and marketing emails and legitimate interest for purchases retreats and demonstrations.
Who We Are
This site is operated on behalf of Nifty Needles. Please contact us using the details below if you have any questions on these terms or the service that we provide. All references to “us” or “we” throughout this statement is to Nifty Needles.
We take compliance with our legal duties in respect of your personal data seriously and are addressing them through this privacy statement.
What information we hold about you
We collect personal information whenever you provide it to us. This personal information may include the following:
- Name, address and contact details;
- Your account login details;
- Next of Kin (retreat purposes only)
Reasons we can collect and how we use your personal information
We rely on our legitimate interest as the lawful basis on which we collect and use your personal data. Our legitimate interests are that we use your personal information in order to process and respond to any enquiries which you raise with us and without using such data this would not be possible.
Cookies are small files which are placed on your computer’s hard drive. Cookies help us collect information about how visitors use our website this information is collected in an anonymous form. We use this information to help us improve our website.
The cookies used on this website fall into three categories which are:
Necessary cookies help make our website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Statistics cookies help us to understand how you interact with the website by collecting and reporting information anonymously.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user.
The full list of cookies can be found here.
We will not provide your information to third parties other than as set out below.
Who we may share your data with?
We may disclose your personal data to:
- A third party who acquires our business
- Law enforcement and regulatory agencies in connection with any investigation to help prevent unlawful activity or as otherwise required by law.
- Payment processors (PayPal and Square) in order to accept and verify your payment.
- Email processors (MailChimp) in order to send marketing emails.
Transfer of data out of the EEA
We will not transfer your data outside of the European Economic Area (EEA). However, some of our third-party suppliers may, where this is the case we have ensured that they have conformed to all appropriate safeguards, including standard data protection clauses adopted by the EU Commission or Privacy Shield.
Keeping your data secure
We take technical and operational steps to protect the data we keep against unauthorised access, unlawful processing, accidental loss or destruction, damage, or misuse, for example:
- We store your personal data on and in, secure systems
- Access to your personal data is limited to authenticated and approved staff
While we will use all reasonable efforts to protect the information we collect and store, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.
You have the right to request access to personal data that we may process about you. If you wish to exercise this right, you should contact us.
- Include proof of your identity and address (eg a copy of your driving licence or passport, and a recent utility or credit card bill); and
- Specify the personal data you want access to, including any account or reference numbers where applicable.
You have the right to require us to correct any inaccuracies in your data free of charge. If you wish to exercise this right, you should contact us.
- Provide us with enough information to identify you; and
- Specify the information that is incorrect and what it should be replaced with.
In certain circumstances you have the right to require us to erase personal data that we may process about you. If you wish to exercise this right, you should contact us.
- Provide us with enough information to identify you.
If you have any concerns or questions as to the way in which we process your information, please do contact us. In addition, you have a right to bring a complaint with the Information Commissioner’s Office. More information on the Information Commissioner’s Office and your rights is available at www.ico.org.uk.
Retention of Data
Your data will be retained as required by legislation and the retention periods can be viewed upon request.
Changes to This Policy
We may change this policy from time to time. You should check this policy frequently to ensure you are aware of the most recent version that will apply each time you visit this website.
To contact us please use the following details: