It's important stuff, for you and me. It's quite long, but please take time to read it carefully. I've tried to make it a little less tedious than most legal jargon...
The law relating to data protection changed on May 25, 2018 when the General Data Protection Regulation (GDPR) came into force in the United Kingdom and across Europe.
When you're using my websites, Vicky Fraser Ltd. is the data controller (referred to as "Vicky Fraser", "I", "me", or "my" in this privacy notice). My registered office is at The Dingle, Stoke Prior, Leominster, HR6 0NB.
Or, if you want to revive the art of letter writing, you can write to my DPO at The Dingle, Stoke Prior, Leominster, HR6 0NB.
I may collect, store, and transfer personal information about you in the following ways.
Data you give to me:
Data I collect when you use my services:
Data from third parties I work with:
I may collect, use, store, and transfer different types of personal information about you which I've grouped together like this:
Marketing and communications data: how you want to receive marketing from me and my third party providers, and your communications preferences.
I also collect and share aggregated data like statistical or demographic data for any purpose. Aggregated data may be derived from your personal data, but it's not considered to be personal data under the law because it doesn't directly or indirectly reveal your identity. For example, I may aggregate your usage data to work out the percentage of people accessing a specific feature of my website.
I do not collect any special categories of personal info about you. This includes details about race or ethnicity, sex life, sexual orientation, religious or philosophical beliefs, political opinions, trade union membership, information about your health, and genetic and biometric data.
I'm only allowed to use your personal information if it's legal. I will only process your data where I have a legal basis under the GDPR to do so. My use of your personal data will always have a legal basis, because:
Where my processing of your data is based on my legitimate interests, I will have made sure such processing is necessary and I will not do so where my interests are overridden by yours.
My legitimate interests include:
You can ask us or third parties to stop sending you marketing messages at any time by contacting us at DPO@vickyfraser.com or you can write to the DPO at The Dingle, Stoke Prior, Leominster, HR6 0NB. Or you can click the unsubscribe link at the bottom of marketing emails at any time.
Change of Purpose
I'll only use your personal information for the purposes I collected it for, unless I reasonably consider I need to use it for another reason, and that reason is compatible with the original purpose. If you want me to explain how the processing for the new purpose is compatible with the original purpose, please contact the DPO on DPO@vickyfraser.com or write to the DPO at The Dingle, Stoke Prior, Leominster, HR6 0NB.
If I need to use your personal information for an unrelated purpose, I'll notify you and explain the legal basis which allows me to do so.
Please note that I may process your personal information without your knowledge or consent, in compliance with the rules above, where this is required or permitted by law.
I may have to share your personal information with the parties and organisations listed below for purposes explained above.
I expect and require all third parties to respect your personal information's security and to treat it in accordance with the law. I do not allow any of my third-party service providers to use your personal information for their own purposes. I only allow them to process your personal information for specific and specified purposes and in accordance with my instructions.
If I need to collect your personal information by law, or in order to fulfil a contract with you, and you fail to provide that data when I ask for it, I may not be able to provide you with the goods or services you want. If this is the case, I may have to cancel a product or service you have with me. I'll let you know at the time if this happens.
The EEA is the European Economic Area, comprising the EU Member States, Iceland, Liechtenstein, and Norway.
I don't transfer your data outside the EEA. However, I may use third-party service providers which do. In that case, if they do transfer your personal information outside the EEA, I'll make sure it's protected in the he same way as if it was being used in the EEA, and I'll make sure adequate safeguarding measures are in place.
Please contact me if you want more information about the specifics of what happens if your personal information leaves the EEA.
I've put appropriate security measures in place to prevent your personal information being accidentally lost, used or accessed without authorisation, altered, or disclosed. Additionally, I limit access to your personal information to those agents, contractors, and other third parties who have a business need to know. They will only process your personal information on my instructions and they are subject to a duty of confidentiality.
I've put procedures in place to deal with any suspected personal information breach and will notify you and any applicable regulator (including the ICO) of a breach, where I'm legally required to do so.
I'll only keep your personal information for as long as I need it to fulfil the purposes I collected it for, including the purpose of satisfying any accounting, legal, or reporting requirements.
I consider the amount, nature, and sensitivity of the personal information when deciding how long to keep it for. I also look at the potential risk of harm from unauthorised use or disclosure, the purposes I process your information for, and whether I can achieve the purposes by some other method, and the legal requirements that apply to all this.
Sometimes, I may anonymise your personal information (so it can no longer be associated with you) for research or statistical purposes. If I do this, I may use the information indefinitely without notifying you further.
I may use your personal information to tell you about relevant goods and services, and any upcoming offers or events.
I can only use your personal information to send you marketing messages if I have either your consent, or a legitimate interest to do so.
You can ask me to stop sending you marketing messages any time – just click on the unsubscribe links at the bottom of any marketing emails you receive, or email the DPO at DPO@vickyfraser.com.
In the unlikely event I decide to share information, I'll get your express opt-in consent before I share your personal information with any company for marketing purposes.
When you opt out of receiving marketing messages from me, this won't apply to personal information you give me as a result of buying my goods or services, or any other transaction between us.
My website is not intended for children under the age of 16 and I do not knowingly collect data relating to children. I encourage parents and legal guardians to monitor children's internet use. If you believe a child under the age of 16 has given personal information to me through my service, please contact me at DPO@vickyfraser.com or you can write to the DPO at The Dingle, Stoke Prior, Leominster, HR6 0NB.
Under the General Data Protection Regulation (GDPR), you have a number of rights regarding your personal data, which this policy and our use of your data has been designed to uphold:
If you have cause for complaint about my use of your data, or you would like to exercise any of your rights, please contact me using the details provided in Section 1 and I will do my best to solve the problem for you.
If I'm unable to help, or you aren’t satisfied with my response, you also have the right to lodge a complaint with the UK’s supervisory authority – The Information Commissioner’s Office (ICO). You can contact the ICO: