Privacy Policy

Bethany Rose Bridal Ltd - Privacy Policy

Date published: 3rd July 2022

Our contact details 

Name: Bethany Rose Bridal Ltd

Address: 59 Market Place, Long Eaton, NG10 1LQ

Phone Number: 0115 698 0329

E-mail: Jo@bethanyrosebridal.co.uk

The type of personal information we collect 

We currently collect and process the following information:

• Personal identifiers, contacts and characteristics (for example, name and contact details)
• Details about products you have purchased or information about your preferences/measurements
• If you have given us permission to do so; photographs, videos or audio recordings of you for the purposes of marketing, or for future reference for staff internally
• CCTV footage or still images, which may or may not include audio, recorded at our premises for the safety of our staff and customers and for the purposes of the prevention and detection of crime. 

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

• When booking an appointment with us via our website, by phone, email or any other means
• In some circumstances, your details may have been provided by a third-party (by way of a referral or other means) in which case we will use them for the purpose of contacting you to offer services. In those circumstances we will reasonably assume that the third-party providing those details has gained your specific consent to share that data with us and that you consent to our contacting you to provide services.
• Where photographs, videos or audio recordings are shared on social media in the public domain (by you or another person) we may redistribute these for marketing purposes via our own social media channels, website or in printed media. Where possible, we will attribute the original producer of the media.
• Where photographs, videos or audio recordings are taken by our staff at our premises with your consent, we may use such material for marketing purposes including, but not limited to, on our website, social media channels and in printed media. Any copyright or intellectual property rights to such media shall be vested soley in Bethany Rose Bridal Ltd.
• Where you have requested us to do so, we may pass your contact details to any company/person who holds a concession space in our store so that they may contact you for marketing purposes. However, we would usually provide you with their contact details so you can choose if and when to make contact.

We use the information that you have given us in order to contact you regarding your appointment, regarding any future/alternative appointment(s) and about any purchases you make. If you have given us permission to do so, your contact details may be used for the purpose of ongoing marketing communications by email, telephone, post or SMS.

We may share this information with law enforcement agencies or other regulators where required by law or other regulatory instrument. In the case of CCTV; images or recordings of you may be included and lawfully disclosed when fulfilling a Subject Access Request by a third-party or where required for disclosure by law enforcement agencies.

COVID-19

Under the latest regulations the service we provide is considered a 'close contact' service (as applies to tailors and dress-fitters). We are therefore legally obglied to either collect and record customer's contact details or require those visiting our store to 'check in' using the NHS COVID-19 QR code. A customer or guest refusing to either check in using the QR code or provide their contact details will be unable to enter the premises.

In line with our legal obligations and vital interest rights; information provided by you will be provided, upon request, to NHS Track and Trace and/or other government body responsible for contract tracing in relation to COVID-19. This includes whatever contact information you provide when booking your appointment. This information is likely to include your name, contact details and any information we are able to provide about others who attended your appointment. We encourage customers to 'check-in' using the NHS QR code displayed in which case you would be notified in the event of any outbreak or incident likely to impact you.

Use of the NHS COVID-19 QR code is governed by the NHS' privacy policy which is available to read at: https://covid19.nhs.uk/privacy-and-data.html . We do not recieve any data in conjunction with the use of this service.

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are: 

(a) Your consent. You are able to remove your consent at any time. You can do this by contacting us using the details at the top of this page

(b) We have a contractual obligation.

(c) We have a legal obligation.

(d) We have a vital interest.

(e) We need it to perform a public task.

(f) We have a legitimate interest.

How we store your personal information 

Your information is securely stored:

• With or by the host of our website and appointments system “GoDaddy Operating Company, LLC” whose privacy notice was available at the point your data was provided or available to review at: https://uk.godaddy.com/legal/agreements/privacy-policy
• Within cloud-based systems used by us including, but not limited to, Microsoft O365, Google Drive and associated storage mediums (this includes cloud storage and email inbox)
• With or by the host of our accounting and invoicing providers, Xero whose privacy notice can be reviewed at https://www.xero.com/uk/about/privacy/
• Stored locally on IT storage devices owned and operated by directors of the company
• Where operationally necessary; in written form held at our premises or at the home or alternative workplace of directors of the company (addresses available from Companies House)
• CCTV footage or stills may be captured by Verisure Services (UK) Ltd on our behalf for the purposes outlined above. Their privacy policy is available to review at https://www.verisure.co.uk/privacy-notice

Other than as a result of data held electronically in the above mediums (which may be held abroad in line with their privacy policies) ; we do not anticipate that we would need to transfer your data outside of the UK for any purpose. Whilst we buy from EEA suppliers, customer's details are not provided to those suppliers.

We will keep your contact details, purchase history and invoicing details for 6 years from the date of purchase or contact. We will then dispose of your information by deleting it from the relevant systems. Note that those who provide our accounting, invoicing, website hosting and appointments systems may retain your data for longer in conjunction with their own privacy policies. 

Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information. 

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. 

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances. 

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you unless we are permitted longer to respond by one of the permitted reasons (eg we ask you to provide more information regarding your request or because your request is unusually voluminous or complex). For more information about the circumstances when we may take longer to respond see the ICO website, details at the end of this notice.

Please contact us using the contact details at the top of this page if you wish to make a request. If you are exercising any rights in conjunction to this policy, it will assist in prompt handling of your request if your email/correspondence is headed clearly with ‘Data Protection Request’. In compliance with relevant legislation, we may require you to provide sufficient information and/or documentation to satisfy us of your identity and rights to access and/or amend consent(s) under this policy. If we cannot handle your request with the information you provide, we may ask you to provide such information.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details at the top of this page. To ensure prompt handling of your complaint, it would assist if your email or correspondence is clearly marked with ‘Data Protection COMPLAINT’.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:            

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk