Privacy Policy

 

This GDPR Privacy Policy (Policy) details how Made My Wardrobe will meet its obligations under GDPR.

  1. INTERPRETATION

1.1          DEFINITIONS:

Client: a business, organisation or individual who receives the benefit of Services provided by Made My Wardrobe in accordance with the relevant Contract Documentation.

Consent: agreement which has been freely given and acknowledged by You /Data Subject to be specific, informed and be an unambiguous indication of Your / Data Subject wishes in relation to the Processing of Personal Data relating to You / Data Subject in accordance with the terms of this Policy

Personal Data which is under Your control as a Data Controller passed to Made My Wardrobe in order to provide Services to You or to act as a Data Processor for You. In which case You confirm and ensure You have obtained valid Consent from the Data Subject for any Personal Data passed to Made My Wardrobe

Contract Documentation which has been agreed and signed by You for Services provided by Made My Wardrobe or for Your services to Made My Wardrobe in the form of either a;

  1. Client Contract, which is used for the provision of the Services,

  2. Employment contract

  3. Any other contractual documentation

Data Controller:  the person or organisation that determines when, why and how to process Personal Data. It is responsible for establishing practices and policies in line with the GDPR. Made My Wardrobe is the Data Controller of all Personal Data relating to Made My Wardrobe Personnel and Personal Data related to Clients Processed in accordance with this Policy.

Data Subject:  a living, identified or identifiable individual about whom Made My Wardrobe hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data. You (and other relevant Data Subjects) are a Data Subject in respect of this Policy.

Data Processor:  a company, organisation or individual who processes Personal data on behalf of the Data Controller.

Data Protection Contact (DPC):  is Lydia Higginson who is responsibility for data protection compliance within Made My Wardrobe.

General Data Protection Regulation (GDPR):  the General Data Protection Regulation ((EU) 2016/679). Personal Data is subject to the legal safeguards specified in the GDPR.

GDPR Compliance Plan: the internal plan created by Made My Wardrobe to ensure its ongoing committed and compliance to GDPR

Personal Data:  any information identifying a Data Subject or information relating to a Data Subject that  can identify (directly or indirectly) from that data alone or in combination with other identifiers possess or can reasonably access. Personal Data includes Sensitive Personal Data and Pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.

Your Personal Data specifically includes, but is not limited to, any data provided by You on the Contract Documentation and any additional data provided by You in relation to Made My Wardrobe providing the Services.

Personal Data Breach:  the loss, or unauthorised access, disclosure or acquisition, of Personal Data

Personnel:  all Made My Wardrobe employees, workers contractors, agency workers, consultants, directors, members and others.

Processing or Process:  any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.

Sensitive Personal Data:  information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and Personal Data relating to criminal offences and convictions.

Services:, Web design and maintenance and as more specifically set out in the Contract Documentation.

You: the person, business or organisation who has Consented to the terms of this Policy by the express written Consent of signing the Contract Documentation for which this Policy forms part of.

  1. INTRODUCTION

2.1          This Policy sets out how Made My Wardrobe will handle Your Personal Data

2.2          This Policy sets out what Made My Wardrobe expect from You in order for the Made My Wardrobe to comply  with GDPR. Your compliance with this Policy is mandatory.

2.3          Made My Wardrobe is committed to ensuring that Your Personnel Data is processed in accordance with this Policy.  Protecting the confidentiality and integrity of Personal Data is a critical responsibility that Made My Wardrobe take seriously at all times.  This Policy has been endorsed at all levels within Made My Wardrobe and Made My Wardrobe will continue to ensure ongoing compliance through its GDPR Compliance Plan.

2.4         The DPC is responsible for overseeing this Policy and is the main point of contact for all matters relating to data protection with Made My Wardrobe.  Contact details for the DPC are as follows;

Lydia Higginson

Email : lydia@mademywardrobe.com

  1. PERSONAL DATA PROTECTION PRINCIPLES

3.1          Made My Wardrobe are committed to the principles relating to Processing of Personal Data set out in the GDPR. You agree and acknowledge that Your Personal Data will be Processed in accordance with those principles which are;

(a)  Processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency).

(b)  Collected only for specified, explicit and legitimate purposes (Purpose Limitation).

(c)  Adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed (Data Minimisation).

(d)  Accurate and where necessary kept up to date (Accuracy).

(e)  Not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed (Storage Limitation).

(f)  Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality).

(g)  Not transferred to another country without appropriate safeguards being in place (Transfer Limitation).

(h)  Made available to Data Subjects and Data Subjects allowed to exercise certain rights in relation to their Personal Data (Data Subject’s Rights and Requests).

  1. LAWFULNESS, FAIRNESS, TRANSPARENCY

4.1         Lawfulness And Fairness, Transparency

Made My Wardrobe is Processing Your Personal Data and any relevant data Subject’s Personal Data under the legal reason of consent and legitimate interest for in order for

(a)  Made My Wardrobe to deliver the Services to You as set out in the Contract Documentation;

(b) to send newsletters and discounts relating to Made My Wardrobe only.

(c) Made My Wardrobe to meet its legal compliance obligations.;

4.2          Consent

You agree by signing this Policy and/or the Contract Documentation, which incorporates this Policy, that you expressly Consent that Made My Wardrobe can Process Your Personal Data in accordance with this Policy;

(a)  You have the right to withdraw Your Consent at any time by notifying the DPC in writing stating if You wish to withdraw part or all of Your Consent.

(i)  If You wish to withdraw Your Consent for Made My Wardrobe to Process Your Personal Data in order to provide You the   Services then Made My Wardrobe will remove Your Personal Data as set out in section 9 of this Policy.

(ii) If You wish to withdraw Your Consent for Made My Wardrobe to Process Your Personal Data for the purposes of providing the newsletter only, then the DPC will acknowledge Your request and ensure this is actioned within 7 working days.  Your Personal Data will continue to be Processed by Made My Wardrobe for the purposes of providing You the Services.

(b) In the event Made My Wardrobe wish to Process Your Personal Data for any other Purpose then as set out in this Policy, then Made My Wardrobe will require You to provide an additional Consent.

  1. FOR WHAT PURPOSE CAN YOUR PERSONAL DATA BE PROCESSED

5.1          Made My Wardrobe will only Process Your Personal Data for the following purposes;

  1. to enable Made My Wardrobe to provide You the Services as set out in the Contract Documentation

  2. to be included on the Made My Wardrobe client database which is used for the sole purpose of sending out regular newsletters.

 

  1. EXCESSIVE PERSONAL DATA

6.1          Made My Wardrobe has and will continue to review the Personal Data required to enable us to provide You the Services.  If you feel that any Personal Data Made My Wardrobe requests is excessive or not required for the Purposes set out in 5.1, then You should advise the DPC in writing, and we shall investigate, take  appropriate action and update You in respect of the reasons why the Personal data is required or the action taken.

  1. ENSURING YOUR PERSONAL DATA IS ACCURATE

7.1          You shall be responsible for ensuring that all Personal Data provided by You on the Contract Documentation  shall be accurate.

7.2          You shall advise the DPC in writing of any amendments or inaccuracies in Your Personal Data.  Made My Wardrobe will ensure such amendments are made within 5 working days

7.3          Made My Wardrobe will request that You confirm or update Your Personal Data on an annual basis. Merchant And Mills will send this request to the e-mail address provided by You and You shall respond to   such request within 7 working days confirming or amending Your Personal Data.  Failure to do so may result  in Made My Wardrobe ceasing to provide You the Services.

  1. STORING AND DELETING YOUR PERSONAL DATA

8.1          Made My Wardrobe shall store all electronic Personal Data on a separate Server.  Made My Wardrobe shall not store Your Personal Data on any hard-drive of any IT hardware owned or used by Made My Wardrobe.

8.2         Made My Wardrobe shall store Your Personal Data for duration of the Contract Documentation (plus any renewal or extension periods) plus 6 years.

8.3          If You wish Your Personal Data to be deleted prior to the dates set out in 8.2 above then You should send a written request to DPC, who will action such request within 7 working days.

  1. SECURITY INTEGRITY AND CONFIDENTIALITY

9.1          Protecting Your Personal Data

Made My Wardrobe has undertaken all reasonable security measures including but not limited to storing the Personal Data on a separate server, securing the site where to ensure the site where Personal Data is held is secure.

9.2          Reporting A Personal Data Breach

If You suspect their has been a potential or actual breach of Your Personal Data then both parties shall follow the process set out below;

  1. You must write to the DPC as soon as reasonably practicable clearly stating the details of the potential or actual Personal Data Breach (Notice of Breach)

  2. Made My Wardrobe will acknowledge Your Notice of Breach within 2 working day

  3. Made My Wardrobe will investigate the potential or actual Personal Data Breach and report its findings to You within 3 working days, (unless Made My Wardrobe have advised You in writing giving reasonable reasons as to why the investigation will take longer)

  4. If through the investigation Made My Wardrobe determines that there has been a Personal Data Breach, then Made My Wardrobe will take all necessary action in order to rectify the situation and minimalise any potential or actual damage caused through such a Personal Data Breach.

  5. Made My Wardrobe will communicate with You regarding the action being taken.

  6. Made My Wardrobe will comply with any guidelines issued by the Information Commissioners Office (ICO) in relation to Personal Data Breach’s, including notifying the ICO when required to do so.

TRANSFERING YOUR DATA TO 3RD PARTIES

10.1        Made My Wardrobe shall not transfer or share Your Personal Data with any 3rd parties except as specifically set out below;

  1. Merchant And Mills may use the following software to process Your Personal Data, Mailchimp & Squarespace

  2. If You have Consented to receive a newsletter from Made My Wardrobe, Made My Wardrobe will share Your Personal Details with a company called Mailchimp & Squarespace who undertake this service on behalf of Made My Wardrobe.

10.2        Made My Wardrobe shall use its reasonable endeavours to ensure that the 3rd parties stated above comply with GDPR.

10.3        Made My Wardrobe shall enter into a data processing contract with such 3rd parties as required under GDPR.

10.4        Made My Wardrobe shall advise You in writing if Made My Wardrobe changes any 3rd party mentioned in clause 10.1.

  1. YOUR RIGHTS AND REQUESTS

11.1       Made My Wardrobe are fully committed to protecting Your Personal Data, and advise You to understand Your rights under GDPR.

11.1        You should contact the DPC in writing with any questions about the operation of this Policy, GDPR, Your rights in relation to Personal Data held by Made My Wardrobe or if you have any concerns that this Policy is not being or has not been followed. In particular, you should always contact the DPC in the following  circumstances:

  1. if You believe there has been a Personal Data Breach of Your data

  2. if You wish Made My Wardrobe to delete or correct any aspect of Your Personal Data held by Made My Wardrobe.

  3. ACCOUNTABILITY

12.1        Accountability

12.1.1     When Made My Wardrobe is acting as a Data Controller, Made My Wardrobe shall implemented appropriate technical and organisational measures in an effective manner, to ensure compliance with data protection principles.

12.1.2     When You are the Data Controller who has permitted Made My Wardrobe to process Personal Data held by  You, then You shall ensure that You have the full Consent of the Data Subject that their Personal Data being passed to Made My Wardrobe.  You are fully responsible for ensuring that the Personal Data Processed by You and passed to Made My Wardrobe complies with all principles of GDPR.

12.1.3     If You are a business or organisation then by signing this Policy / Contract Documentation Your business / organisation is committed to being GDPR compliant and has taken all reasonable actions to achieve this.

12.1.4     You shall indemnify Made My Wardrobe for any damages, claims, or costs howsoever arising which  Made My Wardrobe incurs as a result of Your breach of GDPR.

12.2        Record Keeping

12.2.1     Made My Wardrobe shall keep a copy of this Policy / Contract Documentation signed by You for the same duration as which Made My Wardrobe hold Your Personal Data.

12.2.2     Where Made My Wardrobe is acting as a Data Processor for You, then You shall notify Made My Wardrobe in writing of how such Personal Data shall be Processed.

12.2.3     You shall keep sufficient records in respect of the Personal Data You provide to Made My Wardrobe as a Data Processor,   and You shall provide evidence of any Consent if Made My Wardrobe are required to demonstrate GDPR compliance.

12.3        Sharing Personal Data

12.3.1    Made My Wardrobe shall not share any of Your Personal Data with any 3rd party not set out in this Policy.

  1. CHANGES TO THIS POLICY

13.1       Made My Wardrobe reserves the right to amend this Policy at any time.

13.2        Made My Wardrobe shall advise You in writing of any amendments to the Policy and if necessary You will be required to sign this Policy again to confirm Your Consent to the amendments made.

  1. ACKNOWLEDGEMENT OF RECEIPT AND REVIEW

You acknowledge that You read a copy of this Policy and understand that I am responsible for knowing and  abiding by its terms.