Privacy Notice for my customers
What is the purpose of this notice?
This notice tells you about how I use your personal data. I will only use your personal data in accordance with this notice (and any similar notice that I provide for you).
In this notice, “Data Protection Legislation” is, from the date it comes into force in the United Kingdom, the EU General Data Protection Regulation (2016/679) and, until then, the UK Data Protection Act 1998. A “controller” is someone who you allow to use your personal data for their own purposes, and a “processor” is one of my service providers who I instruct to do something, for me, using your personal data.
Who is your controller?
YOUR PERSONAL DATA
What personal data do I collect about you?
What personal data do I collect about you?
I might first hear about you through a mutual contact, because I do my marketing by word of mouth. Often, you will make the first contact with me. Where I take the initiative, I received your Facebook name, your email address and/or your phone number from a mutual contact, such as one of my existing clients.
Once we're in touch with each other, I collect the personal data that you give to me (whether that's in person, by private messaging, SMS or over the phone). I also create some personal data: my correspondence with you, and invoices. I will also obtain the information contained in my bank statement about electronic payments or cheques from you.
What choices do you have about the personal data I collect?
I can train your horse, fit saddles, and train you as a rider. For me to work for you, as a minimum I need:
- Contact details: Your name, postal address, your Facebook name (for private messaging) or your email address and a contact phone number, so that I can arrange training or fitting appointments with you, and submit invoices.
- Orders: The description and quantities of the goods or services you want me to provide.
- Venue: The address of the venue for the training or fitting.
As a minimum I need your contact details in order to stay in touch with you between appointments, and to arrange future appointments. If I take the initiative, it will be a personal communication: I don't use mass marketing.
How do You withhold or provide less personal information?
You can ask me at any time to stop contacting you at my own initiative, and I will do. You can:
- Limit what you tell me about you. If you limit the information your riding needs, and your horses, that might limit my ability to train you, or to provide my goods or services at all.
- Not respond to messages sent at my initiative (and you also have rights to stop my direct marketing to you: please see below).
- Change your settings and connections in the social networks that you use, so that I can't contact you via those networks. That will mean you don't find out about my availability, or other opportunities for you and your horses to develop.
If you ask me to erase your personal data or some of it, I will do so. Bear in mind that, if you subsequently ask me for goods or services, I may not remember key information about you, including things like how you prefer to me stay in touch.
How do I use your personal data?
Whilst I have access to your personal data I will use it for the following purposes, unless you tell me otherwise in exercise of your rights.
|I will use your personal data ...||And that will be lawful ...|
|To make first contact with you after I have received your details from a mutual contact.||Based on my legitimate interest in following up with potential new,clients.,If you ask, I will always tell you who gave me your contact,details, and if you tell me you’re not interested, I will not contact,you again unless I receive another referral from a mutual contact.,Just,tell me by email if you don’t want me to contact you.|
|To provide you with my goods or services, once you have placed an order.,To raise invoices and process payments from you.||So I can perform my contract with you, or so I can take steps (at your request) before we enter into the contract.|
|To stay in touch via private messaging (such as Facebook) to offer you training or fitting appointment slots (and other opportunities for us to work together), using the contact details I have for you.||Based on my legitimate interest in seeking opportunities for us to,work together, although on the understanding that if you tell me to stop,contacting you, I will stop immediately. Just tell me by email if you,want me to stop contacting you by private messaging.|
|To stay in touch as above, but via email.||New clients: With your consent, and I will ask for this when I first,contact you.,I will stop contacting you by email if you withhold or,withdraw your consent.,Existing clients:,Based on our existing,relationship, it’s lawful as long as I have told you I will contact you,by email, and I give you an easy method to unsubscribe.,Just tell me by,email if you want me to stop contacting you by email.|
|To stay in touch as above, but by phone (if you are a Telephone Preference Service subscriber).||With your consent, and I will ask for this when I first contact you.,I will stop contacting you by phone if you withhold or withdraw your,consent.,Just contact me by email to withdraw your consent.|
|To respond to your enquiries using the contact details I have for you.||Based on my legitimate interest in responding to your enquiries.|
|To take legal or administrative action, including collecting debts, resolving disputes and dealing with regulators.||My legitimate interest in enforcing my contract with you, resolving,any disputes, dealing with regulators, and as necessary for me to,establish, exercise or defend legal claims.|
KEEPING YOUR PERSONAL DATA
How long will I retain your personal data?
I will only retain your personal data for as long as is necessary to fulfil the purposes listed in the table above. Normally I will keep your contact details indefinitely; I will keep information that I record about you as a client for as long as I retain you as a client; and I will keep invoice and payment information for seven years from the date of the payment.
SHARING YOUR PERSONAL DATA
Who do we share your personal data with?
Whilst I have access to your personal data I may share it with any of the following, so that they can perform their role:
- My staff, if any. Currently it’s just me!
- My IT service providers. I use Google for email, and social networks (mainly Facebook) for keeping in touch.
- My bank, and any other service provider that I use to process payments from you.
- My professional service providers, such as my book keeper, accountants, auditors, legal advisers and insurers.
- Any third party in the event that I go through a business transition, such as a merger, being acquired by another person or company, or selling some or all of my business assets.
I reserve the right to disclose your personal data to other third parties if I have lawful grounds to do so (e.g. to courts), or if I’m under a legal obligation to disclose it (e.g. law enforcers).
Do I transfer your personal data outside the UK and EU?
All of my paper records and the electronic devices that I use to run my business are held in the United Kingdom, and all of my business contacts who I may use for your benefit are based in the UK or EU. I use applications and storage provided by Google, Microsoft and Facebook, and they might store your personal data (and mine!) in the United States. The United States does not have laws similar to the Data Protection Legislation, but those three organisations are members of the EU-US Privacy Shield, which means that they provide adequate protection for your personal data (and mine!) even when it’s in the US.
In certain circumstances and by law, you have the right to:
- Request access: to a copy of the personal data that I hold about you, and to check I’m using it lawfully.
- Request correction: of the personal data that I hold about you.
- Withdraw consent: if I rely on your consent for using your personal data for certain purposes.
- Request erasure: of the personal data that I hold about you. This right only applies if, broadly, (a) I have no good reason to keep using it, (b) you have withdrawn your consent to me using it and I have no other lawful basis to use it, (c) you have exercised your right to object (see below) and no exception applies for me, (d) I had no lawful right to use your personal data in the first place, or (e) the law requires me to erase your personal data.
- Object to me using your personal data: where I rely on legitimate interests and there is no exception that permits me to keep using your data.
- Object to me using your personal data for direct marketing: please just tell me in writing if you do not want me to keep in touch.
- Ask me to restrict (suspend) my use of your personal data: which you can do if you think the data is not accurate, or that I’m using it unlawfully (but you don’t want me to erase the data), or that I don’t need to use it any more (but you want me to be preserve it for use in legal claims). You also have this right if you have exercised your right to object, pending the outcome of that.
- Request the transfer: of your personal data to a third party.
If you want to exercise your rights, please just tell me by email.
Rights are free and mostly informal
I may need information so I can confirm your identity. I can lawfully charge a reasonable fee (or refuse to comply) if your request for access is clearly unfounded or excessive.
Changes to this Notice
I may change this notice from time to time. I will place the latest version on my website at www. sarahhallep.com. Please check it regularly to ensure that you are always aware of what personal data I use about you. If you do not agree to the changes that I make, please tell me by email.
Notice date: [May 2018 (version 1.1)]