Privacy Policy
Who We Are
Cindy Lass (“we” or “us” or “our”) gather and process your personal data in accordance with this privacy notice (“Notice”) and in compliance with the General Data Protection Regulation (“GDPR”) and relevant laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
If you have any questions about how we process personal data, or would like to exercise your data subject rights, please email us at orders@cindylass.com
Information That We Collect
Cindy Lass processes your personal data to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way other than as specified in this notice.
We collect the following personal data:
Name
Home Address
Personal Email
Business Email
Home Telephone Number
Mobile Telephone Number
Your website address
Our website is hosted with Squarespace and uses cookies to monitor website visits, eCommerce purchases, location, visit duration and traffic data.
We collect data directly from you in the below ways:
Purchases made through our website
Via our website contact form
Via our mailing list sign-up form
How We Use Your Personal Data (Lawful Basis for Processing)
Cindy Lass will never disclose or share your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purposes specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time.
The purposes and reasons for processing your personal data are detailed below:
We collect your personal data in the performance of a contract or to provide a service and to ensure that orders are completed;
We collect and store your personal data as part of our legal obligation for business accounting and tax purposes; and
We will occasionally use your personal data to send you marketing information where we have assessed that it is beneficial to you as a customer and in our interests. Such information will be non-intrusive and is processed on the grounds of legitimate interests.
Your Rights
You have the following rights under the GDPR, which this notice and our privacy policy are designed to uphold:
The right to access, update or to delete the personal information we have on you
The right of rectification
The right to object
The right of restriction
The right to data portability
The right to withdraw consent
Depending on the specific situation, these rights may allow you take the following actions:
You have the right to access any personal data that Cindy Lass processes about you and to request information about:
What personal data we hold about you
The purposes of the processing
The categories of personal data concerned
The recipients to whom the personal data has/will be disclosed
How long we intend to store your personal data for
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a lawful reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
Sharing and Disclosing Your Personal Information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement.
Cindy Lass uses third-party services to provide the services and business functions listed below. In all of these relationships, we are the data controller.
Safeguarding Measures
Cindy Lass takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data from unauthorised access, alteration, disclosure or destruction. We have several layers of physical, electronic and procedural safeguards in place that we believe to be appropriate to protect your personal data.
We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.
Transfers Outside the EU
To help provide essential services, Cindy Lass utilizes a U.S.-based Cloud Service Provider, as a back-up storage for our data, including your personal data. This means that we may transfer information which is submitted by you outside the European Economic Area (“EEA”).
Where this is the case, we will take steps to ensure that our service providers use the necessary level of protection for your information and abide by strict agreements and measures set out by Cindy Lass to protect your data and comply with the relevant data protection laws.
Other than this instance, Cindy Lass does not transfer any other personal data outside the EEA.
Consequences of Not Providing Your Data
You are not obligated to provide your personal information to Cindy Lass, however, as this information is required for us to provide you with our services, we will not be able to offer some/all our services without it.
Legitimate Interests
As noted above in the “How We Use Your Personal Data” section of this notice, we occasionally process your personal data under the legitimate interests’ legal basis. Where this is the case, we have carried out a thorough Legitimate Interests’ Assessment (“LIA”) to ensure that we have weighed your interests and any risk posed to you against our own interests; ensuring that they are proportionate and appropriate.
We use the legitimate interests’ legal basis for processing your contact details and purchase history. We have identified that our interests are to provide further, related, online or email information and ongoing news updates in relation to our services in identified interest areas and to safeguard our position should any claims arise out of our contract.
How Long We Keep Your Data
Cindy Lass only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 10 years after which time it will be destroyed.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
Lodging A Complaint
Cindy Lass only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If you have any cause for complaint about our use of your personal data, please contact us at the first instance at orders@cindylass.com in the first instance in order for us to be able to investigate thoroughly.
If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority. You may lodge this complaint with the supervisory authority of your habitual residence or of the location of our business.
This notice was last updated on 23 April, 2020.
We reserve the right to make changes to this notice. Please check back frequently to see any updates or changes.