Privacy policy.
Welcome to Dear Creative Gurl, our website at www.dearcreativegurl.com and thank you for your interest in this Privacy Policy. We understand that anyone who shares data on the Internet wants to be sure that their data does not fall into the wrong hands and that’s why we take great care to protect your data. Doing so, we follow the UK`s Data Protection Act (DPA) and the EU`s General Data Protection Regulation (GDPR).
What is Personal Data?
Personal data is all data that can be related to you personally, e.g., name, e-mail addresses. The personal data of users processed within the scope of our website includes inventory data (e.g., names, e-mail addresses and addresses), usage data (e.g., the websites visited on our website, interest in our services) and content data (e.g., information in messages and forms you fill in).
Who is responsible?
Responsible for the collection and processing of personal data is:
Dear Creative Gurl
Bridget Banton (Sole Trader)
London, United Kingdom
E-Mail: contact@dearcreativegurl.com
What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the DPA and the GDPR:
· For the fulfilment of contractual obligations,
o Personal data is processed for the purpose of providing the services,
o The purposes of the data processing are primarily based on the services.
· Within the framework of our legitimate interests
Where necessary, we process your data beyond the actual performance of the contract in order to safeguard legitimate interests of us or third parties. Examples:
o Ensuring IT security and IT operations,
o Measures for business management and further development of services,
o Defence against third-party claims and enforcement of own claims.
· Based on your consent
o Insofar as you have given us your consent to process personal data for certain purposes, passing on data to third parties, sending newsletters, advertising etc., this processing is lawful on the basis of your consent.
o Consent given can be revoked at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.
What data protection rights do I have?
Every data subject has
· the right to information,
· the right to rectification,
· the right to deletion,
· the right to restriction of processing, and
· the right to data portability.
Further, you can revoke consent, in principle with effect for the future.
Furthermore, you have the right to lodge a complaint with a data protection supervisory authority. The Information Commissioner`s Office (ICO) is the relevant authority in the UK. The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.
Finally, you also have a right to object. This applies, on grounds relating to data processing on the basis of our legitimate interest and also to profiling.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You may withdraw your consent and request us to stop using and/or disclosing your Personal Data for any or all of the Purposes by submitting your request to us in writing. Should you withdraw your consent to the collection, use or disclosure of your Personal Data, it may impact our ability to proceed with your transactions, agreements, or interactions with us. Prior to you exercising your choice to withdraw your consent, we will inform you of the consequences of the withdrawal of your consent. Please note that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies) or undertaking any steps as we may be entitled to at law.
Categories of personal data processed
We process the following categories of personal data:
· Customer and Contract data:
Name, email address, telephone number, billing address, payment methods and payment confirmations, subject matter of contract, duration, customer category.
· Device Data
Online Identifiers and IP addresses.
Processing of special categories of data
No special categories of data are processed.
Automated Decision Making
Automated decision making within the meaning of the DPA and GDPR is not used.
Contacting us
If you contact us per e-mail or social media, we process the following data from you for the purpose of processing and handling your enquiry: Name, contact details -if provided by you- and your message. The legal basis of the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our legitimate interest in processing your enquiry.
We also use Zoom to conduct our video calls and various types of data are processed when using Zoom. The scope of the data depends on the information you provide before or during participation in the video call. The legal bases for processing are your consent, our legitimate interest and, insofar as it concerns an enquiry to enter into or fulfil a contract, also contract.
Booking a Meeting
For booking a Booking a Meeting in an easy and convenient way, we use Calendly. Your data from the form will be transferred to our appointment account at Calendly after you press the "Book appointment" button. You will then receive a confirmation email with a link to the event. Your data will be kept at Calendly until the purpose for storing the data no longer applies (appointment made) or you request us to delete it. Calendly undertakes not to pass on your data to third parties. The legal basis is your consent as well as our legitimate interest.
Contractual Services
We collect, process, and use the information you provide in the context of executing the contract between us and you this may include personal data and non- personal data, in particular your name, billing address and e-mail address, as well as information on the type of payment method you have chosen. We store the information you provide for the period of processing and handling the purchased services. Afterwards, your data will be deleted. Data that we are required to store due to legal, statutory, or contractual retention obligations will be blocked instead of being deleted to prevent it being used for other purposes. The processing of the data serves the fulfilment of the contract with you.
Use of our website
When you call up our website, our web server records the domain name or IP address of your computer, the file name and the URL that was requested, as well as the http response code and, if applicable, the URL referring to our website. This procedure is common for technical reasons and necessary to enable the use of our website. In this regard, we are supported by our technical service providers, which we use as processors. The above-mentioned data is logged and used for the purpose of defending against unlawful use or attempted attacks on our web server. A combination of this data with other data sources does not take place. However, we reserve the right to statistically evaluate anonymised data records. The data will be deleted after 6 months.
Use of cookies
Cookies are pieces of information that are transmitted from our web server or third-party web servers to the user's web browser and stored there for later retrieval. Cookies may be small files or other types of information storage. There are different types of cookies:
· Essential Cookies
Essential cookies are cookies to provide a correct and user-friendly website. Some examples:
o Storing your language preferences;
o Detecting abuse or fraud;
o Storing browser settings to display the website according to the screen size.
· Non-essential Cookies
Non-essential Cookies are any cookies that do not fall within the definition of essential cookies, such as cookies used to analyse your behaviour on a website (‘analytical’ cookies) or cookies used to display advertisements to you (‘advertising’ cookies). These cookies are typical third-party cookies that website operators use to collect statistical data about how a website is used, including:
o Average page load time;
o Pages visited;
o Browser data;
o IP address;
o MAC address;
o Duration of a (page) visit;
o Data about the operating system;
o Data about the device used;
o Clicking behaviour and other interactions on one or more pages.
We have refrained from using cookies that are requiring your consent (non- essential cookies). For further information on the strictly necessary cookies used on my website, please contact us.
Newsletter subscription
If you subscribe to our newsletter, you consent to us informing you regularly by e-mail about current and new offers and services as well as information from us about our services. You can revoke your consent at any time, by clicking on the unsubscribe link in each newsletter or by contacting us using the contact details provided above. When you register for the newsletter, we collect your e-mail address. Your e-mail address will be passed on to our service providers for newsletter dispatch, which we use as order processors. You will receive another confirmation e-mail to confirm your consent (so-called double opt-in procedure.) We will use your data until you revoke your consent. A revocation does not affect the lawfulness of the processing of your personal customer and health data carried out on the basis of the consent until the revocation. This consent is voluntary, you can order from us regardless of the consent given.
Subscriptions and Orders
If you order products from us, the processing is done to fulfil the contractual service such as delivery to your e-mail account, payment processing and billing.
The sales contract with you is the legal basis for this processing. We will also process your data to the extent required by law to fulfil our archiving and retention obligations under the UK`s commercial and tax law. The provision of this personal data and order data is necessary for the conclusion of the contract.
The provision of bank details is subject to our payment processors Stripe. We do not collect or store payment information or bank details ourselves but receive payment confirmation statements of our processors. For further information, please refer to the relevant providers privacy policy by clicking on the above links.
In addition, we may use your data for direct advertising - i.e., to send you information about our products, services and promotions. You can object to the use of your data for the purpose of advertising at any time, using the above contact details.
The duration of processing depends on the purpose of fulfilling the contract and the associated further legal requirements for storage and provision of evidence. For direct advertising, we use the data as long as you have not objected.
Is there an obligation for me to provide data?
Within the scope of our business relationship, you are only required to provide personal data that is necessary for the establishment, implementation, and termination of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and may have to terminate it.
Data Security
We secure our website and other systems through appropriate technical and organisational measures against loss, destruction, access, modification, or distribution of your data by unauthorised persons. However, and despite regular checks, complete protection against all dangers is not possible.
Our website uses the industry standard SSL (Secure Sockets Layer) for encryption. This ensures the confidentiality of your personal information over the Internet. You can tell whether encrypted transmission is taking place by the closed key/lock symbol in your browser display.
Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
Passing on of data
Your personal data will only be passed on to third parties:
· if you have given your express consent to this;
· if the disclosure is necessary for the fulfilment of contractual obligations;
· if we are legally obligated to disclose the data;
· if the disclosure of the data is in the public interest;
· if the disclosure of the data is necessary for the protection of our legitimate interests or the legitimate interests of a third party, unless your interests in the protection of your data override these interests.
Duration of storage of personal data
Your data will be stored by us for as long as it is needed for the respective purposes underlying the processing. Beyond that, we only store data insofar as we are legally obligated to do so, e.g., due to statutory retention obligations.
Accuracy
We endeavour to ensure that all decisions involving your Personal Information are based upon accurate and timely information. However, we rely on you to disclose all relevant information to us and to inform us of any changes in your Personal Information. As such, please disclose all relevant information necessary for us to provide services to you and ensure all information submitted to us is up-to-date, complete, and accurate. Kindly inform us promptly if there are any changes in your Personal Information.
Integration of third-party services and content
Within our website and App, we use content or service offers of third-party providers on the basis of our legitimate interests in order to integrate their content and services (hereinafter uniformly referred to as "content").
This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content.
We endeavour to only use content whose respective providers only use the IP address to deliver the content.
Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our website, as well as being linked to such information from other sources.
The following provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and so-called opt-out measures, if any:
· Newsletter, Webhosting, Content Management System and eCommerce: Squarespace
Validity and questions
This privacy and cookie policy is valid as of Wednesday, 16 November 2022. It is the current and valid version of our privacy policy. However, we point out that from time to time due to actual or legal changes a revision to this privacy policy may be necessary.
If you have any data protection questions enforce your rights or withdraw your consent, please feel free to contact us using the details provided above.