This website is owned by Susannah Boughtflower trading as Susannah's People, and programmed and operated by Andrew Boughtflower.
Susannah's People is committed to protecting and respecting your privacy in line with the EU-wide data protection regulations (GDPR). This policy explains how and why we use information you have given us and how we keep it secure.
How do we collect information from you?
We collect information about you when you contact us about our services. We also collect limited information when you visit our website via cookies. Such information will not identify you personally. It is statistical data. This statistical data does not identify any personal details whatsoever.
What are cookies and how do we use them?
For example, we use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. Google then give us reports with information like the number of views we get for a particular page on our website so we know what’s popular and what’s not.
Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
Microsoft Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
How do we handle information collected when you contact us about our services?
GDPR requires all businesses to have a lawful basis to process personal data about a customer/prospective customer. The law sets out six different lawful bases to choose from. Business owners have to explain to you how and when we process your data and the legal basis for each occurrence. Currently our processing fits into three of the six available bases.
‘Contractual’ basis – this is when processing your data is obvious and necessary, for example you submit an enquiry and ask us to get back to you or you contact us to book a show. Please be assured that we will only use this data for the purposes of offering relevant services to you.
‘Legitimate Interests’ basis – we may contact you again after we have provided our services. For example we often send an email thanking you for hiring us and we might email you in the future to remind you about our services. The law says businesses cannot send marketing emails or texts to individuals without specific consent. However, there is a limited exception if you are a previous customer as long
as we only contact you about the same or similar products. The jargon for this is ‘soft opt-in’ – so no affirmative consent required.
‘Legal Obligation’ basis – some processing is necessary because we have to comply with the law. For example, when you hire our services. HMRC require us to keep records for at least 5 years.
Security of your data
When you give us personal information, we take steps to ensure that it’s treated securely. We will not pass on your personal details to any other organisation under any circumstances unless you give us the authority and good reason to do so. The details we store are strictly for our own use and will not be made publicly available or sold to other companies. We will never share your personal details with any third party unless we are required to do so by law.
a) When you call, email or contact us via our website, any personal information you give is recorded and stored electronically. We do not keep any paper records.
b) We use 4UHosting as our website and email host. 4UHosting email services are encrypted, and the hosted site has an SSL certificate to keep it secure. The website for 4UHosting is https://www.4uhosting.co.uk
d) We use a third party CRM (Customer Relationship Management) provider, Gigwell. Gigwell is fully GDPR compliant. When we enter information into Gigwell it is fully encrypted using industry-standard SSL. More details can be found here
f) We use a third party accounting provider, Xero. Xero is fully GDPR compliant. All data is encrypted on their servers and throughout their infrastructure. All data that goes between our computers and Xero is encrypted using industry-standard SSL. More details can be found here
Your rights under GDPR
GDPR provides increased rights for individuals and below is the full list. They don’t apply in all circumstances. However, if you wish to exercise any of these rights please contact us using the details below and we’ll be happy to help.
- The right to be informed about the processing of your personal information.
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed.
- The right to object to processing of your personal information.
- The right to restrict processing of your personal information.
- The right to have your personal information erased (the “right to be forgotten”).
- The right to request access to your personal information and to obtain information about how we process it.
- The right to move, copy or transfer your personal information (“data portability”).
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.
In accordance with the Data Protection Act 1998 you have the right to access any information that we hold relating to you. Please note that we reserve the right to charge a small fee to cover costs incurred by us in providing you with the information.
a. If you are not happy with how we handle your data or you have any complaint then you should tell us by email. Our email address is firstname.lastname@example.org
b. If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner’s Office. This can be done at https://ico.org.uk/concerns/