Last updated 18-07-2022
Caroline Rogers is both the data controller and the data processor for All Things Bright.
Name of Legal Entity: Caroline Rogers, trading as All Things Bright
Address: 42 Swallow Park, Thornbury, Bristol. BS35 1LS
Phone Number: 07985 959 957
The type of personal information I collect
I currently collect and process the following information:
- Personal identifiers: full name, email address, telephone number, postal address, and user names, such as Skype name.
How I get your personal information and why I have it
Most of the personal information I process is provided to me directly by you through:
- The contact form on my website.
- Communication by email.
- Communication by phone.
- Social media posts and messaging.
You provide the information to me for one of the following reasons:
- You have requested information about my services.
- You have requested to use or to purchase my services.
I use the information that you have given me in order to:
- Provide you with information you have requested.
- Provide my services to you.
- Provide you with an invoice and collect payment for my services which you have purchased.
- Maintain my accounting records.
- Comply with legal regulatory requirements.
I may share this information with:
- Professional advisers who provide legal, accounting and insurance services, if I have the necessity for these services.
- HMRC and other regulatory bodies that require certain reporting standards to be met.
- Law enforcement bodies if I am legally required by law to do so or to prevent fraud or unlawful activities.
Under the General Data Protection Regulation (GDPR), the lawful bases I rely on for processing this information are:
- I have a legitimate interest to communicate with you to enable me to provide my services to you, except where my interests are overridden by your interests.
- I have a legal obligation to comply with regulatory requirements.
How I store your personal information
Your information is kept private and stored securely on password protected systems and may not be accessed by anyone other than the data controller and data processor.
Email correspondence is stored within the web-based email client server. I cannot guarantee the security of email data as information transmitted via the internet is not completely secure. We each therefore accept the risk of using email communication.
I have procedures in place to deal with any situation I suspect there has been unauthorised access to your personal information. I will advise you and the appropriate regulator immediately if I suspect there has been a privacy breach.
How long I keep your personal information
I will keep your personal contact information and email correspondence for two years following the end of our working relationship. This is purely so that I may identify you if you seek my services again during this period of time. This information will then be deleted.
I will keep my accounting records, which may contain some of your personal information, for the legally required period of time. The statutory retention period is currently six years. These records will then be deleted.
Your information on posts you have entered onto my social media pages may be displayed indefinitely. You may delete these yourself at any time.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask me for a copy of your personal information. I will need you to confirm your identity to ensure your information does not fall into the wrong hands.
Your right to rectification – You have the right to ask me to rectify your personal information if you think it is inaccurate. You also have the right to ask me to complete information you think is incomplete. It is important that the details I have for you are correct so please let me know as soon as possible if there are any changes to be made.
Your right to erasure – You have the right to ask me to erase your personal information in certain circumstances. However, for legal compliance purposes (including accounting and tax purposes), I may not be able to delete certain information.
Your right to restriction of processing – You have the right to ask me to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
You are not required to pay a fee for exercising your rights. However, if your request is manifestly unfounded or excessive, I reserve the right to charge a reasonable fee to deal with your request.
If you make a request, I have one month to respond to you. If I need extra time to consider your request I will let you know within one month. I can take up to an extra two months to fulfil your request.
How to complain
You can also complain to the ICO if you are unhappy with how I have used your data.
The ICO’s address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
ICO helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk