Helen Holgate, trading as Oreo PA, is the data controller and responsible for your personal data (referred to as “me” or “I”). The term “you” refers to the user or viewer of my website. The terms “this website” and “my website” and similar terms means www.oreopa.co.uk.
By providing me with your data, you warrant to me that you are over 13 years of age.
Full name of legal entity: Helen Holgate trading as Oreo PA
Email address: firstname.lastname@example.org
Postal address: 7 Treeneuk Gardens, Ashgate, Chesterfield, Derbyshire S40 3FH
Telephone number: 07584 306749
If you are not happy with any aspect of how I collect and process your personal data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). If you do have a complaint, I would be grateful if you would contact me first so that I can try to resolve it for you.
It is very important that the information I hold about you is accurate and up to date, therefore please let me know if your personal information changes by emailing me at email@example.com.
WHAT PERSONAL DATA DO I COLLECT ABOUT YOU
Personal data means any information capable of identifying an individual. I may collect and process a variety of personal data from you including:
- your name, marital status or title;
- your billing address, delivery address, email address and telephone numbers;
- your bank account and payment card details;
- details about payments between us and details of purchases made by you;
- your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this website;
- your purchases or orders, interests, preferences, feedback and survey responses;
- information about how you use my website and services;
- your preferences in receiving marketing communications from me and my third parties and your communication preferences.
I do not collect any sensitive personal data.
HOW I COLLECT YOUR PERSONAL DATA
I may collect personal data through a variety of methods including if:
- you provide personal data by completing forms on my website or by communicating with me by post, phone or email, including when you:
- order products or services;
- subscribe to or request services, publications or marketing;
- enter a competition, prize draw, promotion or survey;
- give me feedback; or
- you use my website, when I may automatically collect personal data about your equipment, browsing actions and usage patterns. I collect this data by using cookies, server logs and similar technologies; or
- I receive personal data about you from various third parties such as:
- analytics providers such as Google based outside the EU; or
- advertising networks such as Facebook based outside the EU.
HOW I USE YOUR PERSONAL DATA
I will only use your personal data when legally permitted. The most common uses of your personal data are:
- to enable your access to and use of my website services;
- where I need to perform the contract between us;
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
- where I need to comply with a legal or regulatory obligation.
Generally, I do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by emailing me at firstname.lastname@example.org.
You will receive marketing communications from me if you have:
- requested information from or purchased goods or services; or
- if you provided your details when you entered a competition or registered for a promotion; and
- in each case, you have not opted out of receiving that marketing.
I will get your express opt-in consent before I share your personal data with any third party for marketing purposes.
You can request for me or third parties to stop sending you marketing messages at any time or by following the opt-out links on any marketing message sent to you or by emailing me at email@example.com. Where you opt-out of receiving my marketing communications, this will not apply to personal data provided to me as a result of a product or service purchase, product or service experience or other transactions.
Change of Purpose
I will only use your personal data for the purposes for which I collected it, unless I reasonably consider that I need to use it for another reason and that reason is compatible with the original purpose. If you wish to find out more about how the processing for the new purpose is compatible with the original purpose, please email me at firstname.lastname@example.org.
If I need to use your personal data for a purpose unrelated to the purpose for which I collected the personal data, I will notify you and I will explain the legal ground of processing. I may process your personal data without your knowledge or consent where this is required or permitted by law.
DISCLOSURES OF YOUR PERSONAL DATA
I may have to share your personal data with the parties set out below for the purposes outlined in the above section.
- Service providers who provide IT and system administration services.
- Professional advisers who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
- Third parties to whom I sell, transfer or merge parts of my business or assets.
I require all third parties, to whom I transfer your personal data, to respect the security of your personal data and to treat it in accordance with the law. I only allow such third parties to process your personal data for specified purposes and in accordance with my instructions.
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection; therefore European law prohibits the transfer of personal data outside of the EEA unless it meets certain criteria.
Many of my third parties service providers are based outside the EEA. Whenever I transfer your personal data out of the EEA, I try to ensure a similar degree of data security by ensuring at least one of the following safeguards is implemented:
- I will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
- where I use certain service providers, I may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- where I use providers based in the United States, I may transfer personal data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the United States.
If none of the above criterion is met then I may request your consent. You will have the right to withdraw this consent at any time. Should you require additional information please email me at email@example.com.
I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal data I collect. I have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a breach where I am legally required to do so.
I will only retain your personal data for as long as necessary to fulfil the purposes I collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
Legally I have to keep basic information about my clients (including contact, identity, financial and transaction data) for six years after they cease being clients. In some circumstances you can ask me to delete your personal data; see below for further information.
In some circumstances, I may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case I may use this information indefinitely without notifying you.
YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
- request access to your personal data;
- request correction of your personal data;
- object to processing of your personal data;
- request restriction of processing your personal data;
- request transfer of your personal data;
- request deletion of your personal data; or
- withdraw consent.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights), however if your request is clearly unfounded, repetitive or excessive I may charge a reasonable fee. Alternatively, I may refuse to comply with your request in such circumstances.
I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data; this is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
THIRD PARTY LINKS