Privacy Policy

1.1 Important information and who we are

Welcome to Gabrielle Todd’s Privacy and Data Protection Policy (“Privacy Policy”). At www.gabrielletodd.com (“Gabrielle Todd”, “website”, “we”, “us” or “our”) we are committed to protecting and respecting your privacy and personal data in compliance with the law and guidelines of the EU General Data Protection Regulation (“GDPR”). This privacy policy will define the information that we collect from you and explains: how we collect your data, how we process/use this personal data to deliver our services and your privacy rights. It is important you read this policy, review it periodically and let us know if you have any questions. By using Gabrielle Todd, you acknowledge the collection and use of data by us as set out in this Privacy Policy; this will apply from your first visit to our website and your continued use of Gabrielle Todd shall constitute your acknowledgment of any modifications to this Privacy Policy.

1.2 Who is your data controller and data protection officer

Gabrielle Todd is your Data Controller and is responsible for your personal data. We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights surrounding your personal data please contact the Data Protection Officer at elle@gabrielletodd.com. You have the right to contact the Information Commissioner’s Office (ICO); the UK’s supervisory authority for data protection issues (www.ico.org.uk). However, we would appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

1.3 Changes to the privacy policy and your duty to inform us of changes

We keep our privacy policy under regular review and reserve the right to update this privacy policy at any time; we will inform you if we do so and update the “Last Updated” date of this policy. It is important that the personal data we hold about you is accurate and current. Therefore, please keep us informed if your personal data changes during your relationship with us.

1.4 Third party links

This website may contain links to other third-party websites, plug-ins and applications. Clicking on these links or enabling plug-in connections may allow third parties to collect or share data about you. This privacy policy only applies to our website, we do not control these third-parties and are not responsible for their privacy statements. If you click on a link to another website, we encourage you to read their privacy policy.

2.1 The types of personal data we collect

Personal data is any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you that you voluntarily provide to us or that we otherwise collect or acquire about you. The extent of this personal data depends on your user type and how you use our website; subsequently, not all of the following types of data will necessarily be collected from you but this is the full scope of data that we collect:

If you register or otherwise sign up for our service, or send an enquiry to us:

• Identity Data includes first name and last name.

• Contact Data includes email address and telephone number.

• Marketing Data includes your preferences in receiving marketing from us and our third parties.

• Communications Data includes any correspondence included in your enquiry; if you have contacted us by email we will retain a record of that conversation.

If you sign up to our mailing list in order to receive email newsletters and updates:

• Identity Data includes first name and last name.

• Contact Data includes email address.

If you make a payment to Gabrielle Todd for a product/service:

• Transaction Data includes details about payments to and from you and other details of products/services you have purchased/sold from or through Gabrielle Todd.

If you contact us or leave a review/reference:

• Communications Data includes any correspondence; if you have contacted us by email we will retain a record of that conversation.

• Customer Support Data includes feedback and survey responses.

• Review Data includes feedback on any services used.

Any other personal information we collect from you during the provision of our services which are necessary to administer your account with us or help us to deliver a better service:

• Usage Data includes data relating to your browsing activity or interaction with our emails, obtained through the use of cookies, pixel tags and other similar technologies; information about when your current or previous sessions started; details about any products you viewed or purchased.

• Technical Data includes IP address; browser type and operating system; geolocation, to ensure we’re showing you the correct notices and information; any other unique numbers assigned to a device.

2.2 The legal basis for collecting the above data

There are a number of lawful reasons under the GDPR that allow collection and processing of personal data. The main bases we rely on are (but see more on the specifics below under ‘How we use your personal data’ section.):

Contractual Obligations:

• We may require certain information from you in order to fulfil our contractual obligations and provide you with the promised service.

Legitimate Interest:

• We might need to collect certain information from you to be able to meet our legitimate interests.

Legal Compliance:

• We’re required by law to collect and process certain types of data, such as fraudulent activity or other illegal actions.

Consent:

• Certain situations allow us to collect your personal data, such as when you tick a box that confirms you are happy to receive email newsletters from us, or ‘opt in’ to a service.

3.1 Direct interactions

You may give us your personal data by registering for the service, creating an account, filling in forms or by corresponding with us by phone, email or otherwise. This includes personal data you provide when you:

• Inquire about our products/services

• Purchase our products/services

• Use our products/services

• Contact our team

• Subscribe to our service or publications

• Request marketing to be sent to you

• Give us feedback or contact us

• Fill in any forms

3.2 Automated technologies or interactions

As you interact with our website and services, we will automatically collect Technical Data and Usage Data about your usage of the service and equipment you use including browsing actions and patterns. This information does not reveal your specific identity such as your name or contact information etc; however, it is required to maintain the security and operation of our website and for our internal analytics and reporting purposes to enable us to enhance, personalise and improve our services.

We collect this personal data by using cookies and other similar technologies. Where your data is collected through the use of non-essential cookies, we rely on consent to collect your personal data and for the onward processing purpose. Please see our Cookie Policy for more information.

3.3 Third parties or publicly available sources

We will receive personal data about you from various third parties including:

• Analytics providers such as Google

• Advertising networks such as LinkedIn and Google

• Financial and Transaction Data from providers of payment and delivery services

4.1 Our uses

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with you.

• Provision of the service will also include sharing relevant elements of your contact data with other users, but you will always be in control of that when you choose who to contact and how.

• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

• Where we need to comply with a legal obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us. 

Set out below are the ways we use your personal data, the type(s) of personal data used for these activities and the lawful basis for processing this data.

• To manage/facilitate the services we offer you, including:

a) Register you for the service and creation of an account

b) Replying to any enquiries

c) Sending communication and marketing e.g. newsletters

d) Manage payments, fees and charges

e) Collect and recover money owed to us

• Data type: Identity, Contact, Billing, Transaction, Marketing, Communications

• Lawful basis:

  • Contractual Obligations; transactional data is required to comply with our legal obligations and keep a record of invoices following a purchase.

  • Legitimate Interest; to provide users with support and refer back to it if necessary.

• To manage our relationship with you, including:

a) Notifying you about changes to our terms and conditions or privacy/cookie policy

b) Notifying you about website changes and new services/features

c) Asking you to leave a review or take a survey

d) User support; including contacting us or leaving a review/reference

• Data type: Identity, Contact, Communications, Transaction, Customer Support, Review

• Lawful basis:

  • Consent; review/feedback and survey data is voluntary, we will not extract it from users without their consent.

  • Contractual Obligations; to provide users the services we promised.

  • Legal Obligations; contact data is required to notify users of updates to our terms and conditions or privacy/cookie policies.

  • Legitimate Interest; we keep a record of any communication and transaction data so that we can provide support and refer back to it if necessary. In addition, this data is necessary to keep our records updated and to study how customers use our products/services.

• To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).

  • Data type: Identity, Contact, Technical, Usage

  • Lawful basis:

    • Legal Compliance; to comply with all legal obligations surrounding data collection, processing and retention.

    • Legitimate Interest; for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise.

• To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.

  • Data type: Identity, Contact, Technical, Usage, Communications, Marketing

  • Lawful basis:

    • Legitimate Interest; to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy.

• To use data analytics to improve our website, products/services, marketing, customer relationships and experiences, including:

a) identifying where users are logging in from

b) identify which browsers’ users use

c) analysis of how users use our services

• Data type: Technical, Usage

• Lawful basis:

  • Legitimate Interest; to define types of customers for our products and services, to keep our website updated and relevant, to develop our business, to inform our marketing strategy to understand customer demographic and help keep our records up-to-date.

• To make suggestions and recommendations to you about services that may be of interest to you.

  • Data type: Identity, Contact, Technical, Usage, Communications

  • Lawful basis:

    • Legitimate Interest; to develop our products/services and grow our business.

• To comply with our legal and regulatory obligations.

  • Data type: Identity, Contact, Transactional

  • Lawful basis:

    • Legal Obligations

• For any other purpose that we notify you about in advance which is linked to the provision of our services to you.

  • Data type: We will inform you of the categories of data which are necessary for any new purposes of processing

  • Lawful basis:

    • We will inform you of the legal basis when we notify you of any new purpose for processing.

4.2 Marketing and content updates

You will receive marketing and new content communications from us if you have opted into and consent to receiving these communications. From time to time we may make suggestions and recommendations to you about goods or services that may be of interest to you.

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us using the contact details below at any time.

4.3 Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact our Data Protection Officer. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent in compliance with the above rules and where this is required or permitted by law.

5.1 Storing your data

We generally store your personal data in the EU such that it is fully protected under the GDPR. However, some of the data that we collect may be transferred to and stored at a destination outside the European Economic Area (‘EEA’). We take all reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy. We use strict procedures and security features to prevent any unauthorised access to your data that we hold.

5.2 Securing your data

We implement a variety of security measures designed to protect and ensure the security of any personal data we process on our systems. Any personal data collected by us is contained behind secured networks and is only accessible by a limited number of employees who have special access rights to such systems and are bound by obligations of confidentiality. If and when we use subcontractors to store your data, we will not relinquish control of your personal data or expose it to security risks that would not have arisen had the data remained in our possession.

However, unfortunately no transmission of data over the internet is guaranteed to be completely secure. Although we do our best to protect your personal information, it may be possible for third parties not under the control of Gabrielle Todd to intercept or access transmissions or private communications unlawfully. While we strive to protect your personal data, we cannot ensure or warrant the security of any personal data you transmit to us. Any transmission of personal information to and from our website is at your own risk. You should only access the services within a secure environment. If you believe that your interaction with us is no longer secure, please contact us.

5.3 Retaining your data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for. We may retain your personal data for a longer period than usual if permitted by law. In addition, a longer retention period may be required in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. When we no longer have a legitimate business need to process your personal information, we will delete it.

5.4 Sharing your data

We only share your information with your consent, to comply with laws, to protect your rights or to fulfil business and contractual obligations. We will share your information in the following situations:

Compliance with laws:

• We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).

Vital interests and legal rights:

• We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.

Third party service providers:

• We may share your data with third parties who perform services for us or on our behalf and require access to such information to do that work. Examples include: payment processing, data analysis, email delivery, hosting services, customer service and marketing efforts. We may allow selected third parties to use tracking technology on the website, which will enable us to collect data about how you interact with the website over time. This information may be used to, among other things, analyse and track data, determine the popularity of certain content and better understand online activity, all as explained further above.

Business transfers:

• We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

Third party advertisers:

• We may use third-party advertising companies to serve ads when you visit the website. These companies may use information about your visits to our website and other websites that are contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you. See our Cookie Policy for further information.

Affiliates:

• We may share your information with our affiliates, in which case we will require those affiliates to honour this privacy policy.

Business partners:

• We may share your information with our business partners to offer you certain products, services or promotions.

With your consent:

• We may disclose your personal information for any other purpose with your consent.

Other users:

• When you share personal information or otherwise interact with public areas of the website, such personal information may be viewed by all users and may be publicly distributed outside the website. Similarly, other users will be able to communicate with you within our website and view your profile.

6.1 What are your privacy rights?

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access:

• You have the right to request copies of your personal data. We will ask you for proof of your identity before we disclose any information and may charge you a small fee for this service.

The right to rectification:

• You have the right to request that we correct any information you believe is inaccurate. You also have the right to request we complete any information you believe is incomplete.

The right to erasure:

• Under certain conditions, you have the right to request that we erase your personal data.

The right to restrict processing:

• Under certain conditions, you have the right to request that we restrict the processing of your personal data.

The right to object to processing:

• Under certain conditions, you have the right to object to us processing your personal data.

The right to data portability:

• Under certain conditions, you have the right to request that we transfer the data that we have collected to another organisation, or directly to you.

The right to complain:

• You have the right to lodge a complaint directly with the Information Commissioner’s Office (ICO) if you’re concerned about the handling of your personal information; for full details about how to share any concerns you may have, visit: www.ico.org.uk or call 0303 123 1113.

• If you have any cause for complaint about our use of your personal data, please contact us at elle@gabrielletodd.com in the first instance before you exercise your right to contact the ICO.

6.2 Requesting your data

If you would like to exercise any of your rights or request your data, please contact us at our email: elle@gabrielletodd.com. If you make a request, we have one month to respond to you. You may have to pay a fee to access your personal data (or to exercise any of the other rights). However, if your request is clearly unfounded, we could refuse to comply with your request. We will request specific information from you to help us confirm your identity and ensure you have the right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

6.3 Opting out of marketing promotions

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us using the contact details below at any time. Where you opt out of receiving these marketing messages, we will continue to retain personal data provided to us as a result of a product/service purchase, product/service experience or other transactions.

Please see our full Terms and Conditions for our website which set out the terms, disclaimers, and limitations of liability governing your use of www.gabrielletodd.com.

If you have any questions/concerns about this privacy policy or the information we hold on you, please do not hesitate to contact us by email to elle@gabrielletodd.com.