Rosie Made A Thing is committed to protecting your privacy. In order to provide our services to the customer and to provide a more personalised shopping experience, we need to collect certain information from you. This Privacy Notice explains when and why we collect personal information about you as well as the types of personal data we may collect when you interact with us in person, online or over the phone. It also explains how we’ll look after your data and keep it safe. There's a lot to digest but we want you to be fully informed about your rights, and how Rosie Made A Thing uses your data.
We hope what's below covers everything, but if you have any questions at all, do please drop us a line at office@rosiemadeathing.co.uk. It’s likely that we’ll need to update this Privacy Notice every now and again to make sure it's accurate. We’ll let you know of any major changes, but the most up-to-date version will always be here for you to check.

1. Explaining the legal bases we rely on
The GDPR law on data protection sets out a number of different reasons a company may collect and process your personal data, including:

Consent
In specific situations, we can collect and process your data with your consent e.g. when you tick a box online to receive email or postal communication from Rosie Made A Thing. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.

Contractual obligations
In some instances, we need your personal data to comply with our contractual obligations. For example, if you place an order with us, we need your address details to deliver your order and we also need to pass your details to a courier.

Legal compliance
We may be legally bound to collect and process your data. For example, if someone is involved in any criminal activity or fraud affecting Rosie Made A Thing, we need to pass details to law enforcement.

Legitimate interest
We require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we may use your address details to send out trade brochures periodically.

2. How we collect your personal data
There are a number of ways in which we may collect information about you:
• When you purchase products on our website.
• When you place a trade order with us via one of our sales agents, over the phone, via email or at a trade show.
• When you interact with us at Trade Shows
• When you engage with us on social media


3. The type of personal data we collect
The personal data we may collect includes your name, billing/delivery address, email address, telephone number and notes from conversations we have with you.
Please note that when you place an order on our website, we do not hold your card details. Your payment may be collected by Paypal or Stripe, our third party payment processors who use secure online capture and processing methods. If you choose to save your credit card details these will be securely held with Stripe.


4. How and why we use your personal data
We use your data so we can fulfil our contractual obligations to you (such as deliver your order) but also to offer you products and promotions that are more likely to be of interest to you. The data privacy law allows this as part of our contractual obligations and legitimate business interest in understanding our customers and providing the highest levels of service. We will hold your data in our systems for as long as is necessary for each relevant activity or as long as is set out in any contract we have with you.
If you ever wish to change how we use your data, you can do so. Please refer to the ‘Your Rights Over Your Personal Data’ section that is below.

By consenting to this privacy notice, you are giving us permission to process your personal data specifically for the purposes identified below:

• To process and generate leads from trade shows, through our website, over the phone or through our sales agents.
• To process any orders you make on our website, at trade shows, over the phone or through our sales agents.
• We need to be able to respond to your queries, complaints or process a refund so we need your contact information in order to respond. We will keep a record of your information including notes on how we communicated with you and what was discussed.
• When you place an order with us, your card details are collected by our third party payment processors Stripe who use secure online capture and processing methods. This helps to protect you from fraud. We do this on the basis of our contractual and legitimate business interests.
• With your consent, we will use your personal data to keep you informed about relevant products and promotions by email and post. We do this on the basis of our contractual and legitimate business interests but you can always opt out of hearing from us at any time.


5. Protection of your personal data
The security of your personal data is very important to us and we take a lot of care to handle and store it as best we can and in line with new legislation as we know it is important to you as well as us.
Rosie Made A Thing will never sell, share or trade your contact details with any third parties.

If you use a credit or debit card to make a purchase online or over the phone, we ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). We do not store your payment details at all, following completion of your transaction.


6. Trade Customers

If you are a trade customer of Rosie Made A Thing and have ordered from us in the past, we will have collected data from you in order to process your order and respond to any enquiries.

We use SAGE, a central data system, to store your data securely in order to process trade orders. View their Privacy Policy here. https://www.sage.co.uk/uk/hrpayrollhero/privacy-policy

By providing this data, you have opted in to sharing your details with Rosie Made A Thing. We will only use this data to process future orders, respond to enquiries or to periodically update you with information that you may find of interest (brochures, trade show info, etc). We’ll do this on the basis of our legitimate business interests. Rosie Made A Thing will not share, sell or trade this data under any circumstance.

You can unsubscribe to general mailings at any time you like by clicking the unsubscribe link at the bottom of any of our emails or emailing us at office@rosiemadeathing.co.uk


7. How long will we assume your consent for mailings?
After your initial consent to sign up to our mailings, we assume you still want to hear from us if you're engaging with Rosie Made A Thing by opening our emails, visiting the website, placing an order from us or re-registering in-store. If you haven't done any of these things for a period of three years, we'll get in touch to reconfirm that you still want to hear from us. If we can't re-establish contact with you, we will opt you out of further communication.


8. Length of time we keep your personal data
We only keep your data for as long as is necessary for the purpose it was collected. After that period, your data is deleted or anonymised.
You can, of course, request that we delete your data at any time by emailing us at office@rosiemadeathing.co.uk


9. Who we need to share your personal data with and why
It is our policy not to share, sell or trade your personal information with any third parties without your consent. So you will not receive communications from other companies or organisations as a result of giving your details to us.
At times we need to share your personal data with trusted third parties e.g. delivery couriers, IT companies, mailing houses, credit card processing services and so on. We only provide what they need and they cannot use your data for anything other than the purposes that they have your data for. Your data is deleted or rendered anonymous if we stop working with them.
We want your customer journey with Rosie Made A Thing to be as smooth as possible. We use the following companies who will process your personal data as part of their contracts or terms and conditions with us:
• Google Analytics - for monitoring the volume, details and actions of visitors to our website
• Facebook - for personalising ads into your news feeds (which you can opt out of on Facebook)
• JBH Associates Ltd – for fulfilment of trade orders
• DPD – for delivery of trade orders
• Royal Mail – for delivery of orders from our website
• Mail Chimp - our email marketing system. You can find out more here https://mailchimp.com/legal/privacy/
• World Pay – to take trade payment over the phone. View their Privacy Policy here https://www.worldpay.com/uk/privacy-policy Please note that we never store payment details.

The above suppliers are non exhaustive and may change from time to time, but we will endeavour to keep the list above accurate and as up-to-date as possible.


10. Your rights over your personal data
You have a choice as to whether or not you receive marketing information from us and you can withdraw your consent from specific communication channels at any time.

How can you stop the use of your personal data for direct marketing?
There are several ways you can stop direct marketing communications from us:
• Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails
• Contact us at office@rosiemadeathing.co.uk

Requesting access and making changes to your personal data
You also have the right to access and rectify mistakes in the data we hold about you at any time.
These requests will be handled on a case by case basis and we estimate will be processed in no longer than 2 weeks depending on our legitimate business interests, legal and contractual obligations.

Legitimate Business Interests
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.


11. Contacting the Regulator
If you are at all unhappy about the handling of your data, you can send a complaint to the Information Commissioner’s Office by calling 0303 123 1113 or go online to www.ico.org.uk/concerns
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.


12. Questions?
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.
If you have any questions that haven’t been covered, email us at office@rosiemadeathing.co.uk, or write to us at Rosie Made A Thing, 37 The Lea, Kibworth, Leicester. LE8 0SE.