Privacy Policy

Privacy Policy

This website is owned and operated by Katie Smith at Plymouth Party Princesses.

1. Introduction

We’re committed to protecting and respecting your privacy in line with new EU-wide Data
Protection Regulations (GDPR – click for more in-depth info on GDPR).
This policy explains (hopefully in plain English) how and why we use information you have given us and how we keep it secure. GDPR also gives you new rights and much more control over your personal data. We’ll tell you about all this below as well.

2. How we collect information from you

Obviously we collect information about you when you contact us about products and services.

3. How we handle information collected

When you contact us about products or services GDPR requires all businesses to have a lawful
basis to process personal data about a customer/prospective customer. The law sets out six
different lawful bases to choose from. Business owners have to explain to you how and when we process your data and the legal basis for each occurrence. Currently our processing fits into three of the six available bases:

Contractual’ basis – this is when processing you data is obvious and necessary, for example you submit an enquiry and ask us to get back to you or you contact us to book a show. Please be assured, we will only use this data for the purposes of offering relevant services to you.

Legitimate Interests’ basis – we may contact you again after we have provided our services.  For example we might email you to say thank you for hiring us or to tell you about the same or similar services in the future. We won’t bombard you but you are entitled to tell us to never contact you again at any point.

Legal Obligation’ basis – some processing is necessary because we have to comply with the law.  For example, when you hire our services. HMRC require us to keep records for at least 5 years.

4. Security of your data

When you give us personal information, we take steps to ensure that it’s treated securely. We will absolutely not share your information with third parties for marketing purposes.

a) When you call, email or contact us via our website or social media, any personal information
you give is initially recorded electronically and stored safely.
b) When you book with us we will confirm by email. If requested we can also send you a paper
copy. GDPR doesn’t prohibit keeping personally identifiable information on paper but we must take all reasonable steps to make sure it’s stored securely. We confirm that we always adhere fully to the safe storage of your personal data be that electronic or paper.
c) When you use our website, any information you send via our web-form will be secure and communications between your browser and the website are encrypted.
d) Our website is hosted on 123Reg servers which are located in the EU.
e) We use a third party payment processor. PayPal use robust banking-standard security and
protection to make sure your data is processed securely. Read more here https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev
f) We use outlook as our our email provider. Microsoft cloud services like outlook are fully
compliant with GDPR and emails sent across their servers are end-to-end encrypted by default to prevent other people reading them.
See more here – https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx

5. Access to your personal information

General Data Protection Regulation (GDPR) provides increased rights for individuals. This is the full list of individual’s rights. They don’t apply in all circumstances. However, if you wish to exercise any of these rights please contact us using the details below and we’ll be happy to help.

  • The right to be informed about the processing of your personal information.
  • The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed.
  • The right to object to processing of your personal information.
  • The right to restrict processing of your personal information.
  • The right to have your personal information erased (the “right to be forgotten”).
  • The right to request access to your personal information and to obtain information about how we process it.
  • The right to move, copy or transfer your personal information (“data portability”).
  • Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.

After receiving any request, we will tell you when we expect to provide you with the information, and whether we require any fee for providing it to you. Whilst we’re expected to provide you with a copy of the information free of charge, we can charge a ‘reasonable fee’ if your request is unwarranted.

6. Data Retention Period

GDPR says we shouldn’t retain your data for longer than is necessary.  We’ll only hold your personal information:-

a) for as long as we have reasonable business needs – like carrying out bookings.
b) to comply with our legal obligations to HMRC – 5 years
c) for as long as we have a legitimate interest

8. How you can complain

a. If you are not happy with how we handle your data or you have any complaint then you should tell us by email. Our address is bookings{at}partyprincessessw.co.uk

b. If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner’s Office. This can be done at https://ico.org.uk/concerns/.

7. Contact details

You can contact us:
a) by post, to Plymouth Party Princesses, 57D Stoke Business Park, Stoke, Plymouth PL3 4BB
b) using our website contact form
c) by telephone, on 07791 722286
d) by email, using bookings{at}partyprincessessw.co.uk

© Plymouth Party Princesses 2018