FF Bridal Ltd, (Company Number: 13717252), trading as Feathers and Florence Bridal Studio (“we/us/our”), respects and values the privacy of everyone who visits www.feathersandflorence.co.uk (“our website”), and we understand that your privacy is important to you and that you care about how your personal data is used. Accordingly, when you use our website, we will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
We may alter our policies and terms and conditions at any time. You are therefore advised to check these pages each time you visit www.feathersandflorence.co.uk. In the event of any conflict between the current version of our policies or terms and conditions and any previous version(s), the provisions current and in effect shall prevail unless it is expressly stated otherwise.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the ICO. We would, however, welcome the opportunity to resolve your concerns ourselves before you approach the ICO, so please contact us in the first instance using the contact details above.
“Personal data” is any information relating to you that identifies you either directly from that information or indirectly, by reference to other information that we have access to.
Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. It does not include data where your identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of data about you, which we have classified as follows:
• Identity Data such as your first name and last name;
• Contact Data such as your name and your email address;
• Profile Data such as your login details, preferences, interests, survey and feedback responses;
• Technical Data such as IP address, browser type and version, operating system and platform, and other technology on the devices you use to access our website;
• Usage Data such as information about how you use our website, the venues you favourite and/or contact via our website;
• Marketing and Communications Data such as including your preferences about receiving marketing from us and our third parties and your communication preferences.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic or biometric data). Nor do we collect any information relating to criminal convictions and/or offences.
“We collect personal data directly from you as follows:
• when you book an appointment using Square;
• when you request marketing to be sent to you; when you enter a competition, promotion or survey; and/or
• when you give us feedback or contact us.
Most of the personal data that we collect from you will be information that you provide voluntarily. In some circumstances, we may also receive information from:
• regulatory bodies;
• credit reference agencies; and/or
• other companies providing services to us.
We will only use your data fairly and where we have a lawful reason to do so.
We are allowed to use your personal data if we have your consent or another legally permitted reason applies. These include to fulfil a contract with you, when we have a legal duty to comply with, or when we have a legitimate interest.
“Legitimate Interest” means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to do so by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
If we are relying on your consent as the lawful basis for using your personal data, you are free to withdraw that consent at any time. If you withdraw your consent, we may not be able to provide certain products and services to you.
We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and we need to use your personal data for that purpose.
Please contact our Data Protection Officer if you have any questions about how we collect and use your personal data using the contact details above.
1. Use of Personal Data: To maintain security and manage access to our systems and website. Our lawful basis for the use of your personal data: To comply with legal obligations, and because we have a legitimate interest in maintaining the security of our website and networks, including those of our service providers.
2. Use of Personal Data: To provide news and information services, including newsletters. Our lawful basis for the use of your personal data: Where you have consented and expressed a preference to receive such marketing communications; or where it is appropriate and relevant to our business relationship with you.
3. Use of Personal Data: To send you details of surveys, campaigns or other initiatives that we co-ordinate. Our lawful basis for the use of your personal data: Where you have consented and expressed a preference to receive such marketing communications; or where it is appropriate and relevant to our business relationship with you.
4. Use of Personal Data: To operate suppression lists to ensure that you do not receive communications if you object or unsubscribe. Our lawful basis for the use of your personal data: To respect your rights and comply with our legal obligations.
5. Use of Personal Data: To understand how you interact with our services so that we can improve our website and services and personalise our communications with you. Our lawful basis for the use of your personal data: Where we have your consent or where it is necessary so that we can deliver our website and online services effectively.
6. Use of Personal Data: To provide the products and/or services that you apply for/subscribe to, to manage our business relationships, including communicate with our customers, to manage billing and payment and to keep records. Our lawful basis for the use of your personal data: Where you have consented; or where it is appropriate and relevant to our business relationship with you. To fulfil our contract(s) with our customer(s) and to comply with legal and regulatory obligations, including accounting, tax and data privacy.
7. Use of Personal Data: To manage our supply chain/service providers. Our lawful basis for the use of your personal data: Where necessary for the efficient running of our business.
9. Use of Personal Data: Sharing personal data in connection with the sale, transfer, merger, of all or part of, our business or assets. Our lawful basis for the use of your personal data: To comply with legal obligations and to facilitate the transaction.
10. Use of Personal Data: Other purposes that we have identified at the point of collection. Our lawful basis for the use of your personal data: Where we have your consent.
With your permission and/or where permitted by law, we may use your personal data for marketing purposes, which may include contacting you by email with information, news, and offers on our products and/or services. We will always obtain your express opt-in consent before sharing your personal data with third parties for marketing purposes and you will be able to opt-out at any time.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us.
Where you opt out of receiving marketing messages, this will not apply to personal data provided to us as a result of registering on our website, where we have provided a product or service to you or any other transaction.
We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it, or to comply with any legal, regulatory or reporting obligations or to assert or defend against legal claims. For more information about how long we keep your personal data, please contact our Data Protection Officer.
We will not share your personal data with third parties, subject, when necessary, to the following exceptions:
• suppliers and service providers used by us including IT and systems administration services;
• professional advisers including lawyers, bankers, auditors, insurers, market research providers, fraud prevention agencies and insurers who provide consultancy, banking, legal, insurance, accounting and fraud prevention services to us;
• law enforcement and regulatory authorities or in connection with any legal proceedings; and/or
• if we sell, transfer, or merge, all or part of, our business or assets.
We will only transfer your personal data outside of the European Economic Area under the following circumstances:
• where the transfer is to a country or other territory which has been assessed by the European Commission (or an equivalent UK body) as ensuring an adequate level of protection for personal data;
• with your consent; or
• on the basis that the transfer is compliant with the GDPR and other applicable laws.
The security of your personal data is essential to us, and to protect your data, we take a number of important technical and organisational measures, including the following:
• limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality; and
• procedures for dealing with personal data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so
You may also have the right, in certain circumstances to:
• request access to the personal data we hold about you, as well as supplementary information – this is commonly referred to as “subject access request”. (Right of access)
• request that we update or correct any inaccurate personal data, or to complete any incomplete personal data. If you do, we will take reasonable steps to check the accuracy of, and correct the information. (Right to rectification)
• request that your personal data is erased. This is also known as the “right to be forgotten”. (Right to erasure)
• request the restriction or suppression of your personal data, so that you can limit the way that we use your personal data, usually for a certain period of time. (Right to restrict processing)
• receive personal data, which you have provided to us and that we are processing by automated means with your consent or for the performance of a contract, in a structured, commonly used and machine readable format and to request that we transmit this data directly to another service provider. (Right to data portability)
• object to us processing your personal data for a particular purpose or purposes. You have an absolute right to ask us to stop processing your personal data for direct marketing purposes at any time. (Right to object)
We will try to respond to all legitimate requests within one month. Occasionally it could take us longer than one month if your request is particularly complex or you have made a number of requests, in which case we will notify you and keep you updated.
We generally do not make any charge for dealing with these requests, however in some cases, if a request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding or we may refuse to deal with a request. In either case, we will explain our reasons to you.
You can exercise the above rights by contacting our Data Protection Officer, whose details are set out at the beginning of this policy. We will require you to provide satisfactory proof of your identity in order to ensure that your rights are respected and protected and that your personal data is disclosed only to you.
Further information about your rights can also be obtained from the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).