Privacy Policy

Data Storage and GDPR Compliance

Introduction

At Blossom with Rosie (Rosemary MacLennan-Crump) we take the privacy and security of your personal data very seriously. This document outlines how we store, manage, and protect your data in compliance with the General Data Protection Regulation (GDPR) in the UK.

Types of Data Collected

We collect various types of data to provide and improve our services. This includes:

Personal Identification Information: Name, email address, phone number, etc.
Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform.
Usage Data: Information about how you use our website, products, and services.
Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

How We Store Your Data

Data Storage Locations

We store your data in secure data centres located within the European Economic Area (EEA). In cases where data is transferred outside the EEA, we ensure it is protected by appropriate safeguards, such as the Standard Contractual Clauses (SCCs) approved by the European Commission.

Data Security Measures

To protect your data, we employ a variety of security measures, including:

Encryption: Data is encrypted both in transit and at rest using industry-standard encryption protocols.
Access Controls: Only authorized personnel have access to your data, and they are subject to strict confidentiality obligations.
Regular Audits and Testing: We perform regular security audits and vulnerability assessments to ensure our systems are secure.
Secure Backups: Regular backups are performed to ensure data can be restored in case of any data loss incidents.

Data Retention Policies

We retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period may vary depending on the type of data and the purpose of its collection. Once the data is no longer needed, it will be securely deleted or anonymised.

Your Rights Under GDPR

Under GDPR, you have various rights regarding your personal data, including:

Right to Access: You have the right to request access to the personal data we hold about you.
Right to Rectification: You can request correction of any inaccurate or incomplete data.
Right to Erasure: You have the right to request the deletion of your data under certain conditions.
Right to Restrict Processing: You can request that we limit the processing of your personal data.
Right to Data Portability: You have the right to request the transfer of your data to another service provider.
Right to Object: You can object to the processing of your data based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: If we are processing your data based on your consent, you have the right to withdraw that consent at any time.
How to Exercise Your Rights
To exercise any of your rights under GDPR, please contact us at [Your Contact Information]. We will respond to your request within one month. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Updates to This Document

We may update this document from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We encourage you to review this document periodically to stay informed about how we are protecting your data.