UK GDPR Compliance
The Little Embroidery Studio is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR). This page explains how your rights are upheld under this law, even though we do not store user accounts or maintain a customer database.
Scope and Applicability
The UK GDPR applies to the processing of personal data of individuals in the United Kingdom. While The Little Embroidery Studio does not collect personal information through registrations or forms, we may automatically process limited personal data via website analytics, cookies, and server logs to improve user experience and site functionality.
Your Rights Under UK GDPR
Under the UK GDPR, you have the following rights:
- Right of access – To request confirmation of whether we process your personal data and to receive a copy of it.
- Right to rectification – To correct any inaccurate personal data we hold about you.
- Right to erasure – To request deletion of your personal data where there is no compelling reason for its continued processing.
- Right to restrict processing – To limit how we use your data under certain conditions.
- Right to data portability – To receive your personal data in a structured, commonly used format.
- Right to object – To object to processing based on legitimate interests, including profiling and direct marketing.
How We Comply
We do not store personal data in identifiable databases. Any data collected (e.g., IP addresses, cookie identifiers) is anonymised where possible and retained only for as long as necessary for site operation and security. We use third-party analytics tools (e.g., Google Analytics) with privacy safeguards enabled, including IP anonymisation and data processing agreements.
Data We Process
The personal data we may process includes:
- IP addresses (anonymised)
- Browser and device information via cookies
- Usage patterns through analytics tools
- Server logs for security and performance monitoring
This data is not linked to names, email addresses, or other identifiers unless voluntarily provided through a contact form.
Legal Basis for Processing
Our processing of personal data is based on legitimate interests under UK GDPR Article 6(1)(f), including:
- Ensuring website security and functionality
- Improving user experience through analytics
- Maintaining site performance and troubleshooting
We balance these interests against your privacy rights and do not process data for profiling or automated decision-making.
How to Exercise Your Rights
To exercise any of your rights under UK GDPR, please contact us via email at [email protected]. Include your name, the right you wish to exercise, and any relevant details (e.g., IP address or date of visit if known). We will respond without undue delay.
Response Timeframes
We aim to respond to all requests within one month of receipt. In complex cases, we may extend this period by two additional months and will inform you within one month of the delay.
No Discrimination Policy
You will not be denied goods or services, charged different prices, or receive a different level of service because you exercise your UK GDPR rights.
Updates and Changes
We will update this page if our data practices change. The most recent version will always be available here, with the effective date displayed below.
Contact Information
If you have questions about your rights or our compliance with UK GDPR, please contact our data protection point of contact:
Aria Pennington
125 Swan Street, Richmond VIC 3121, Australia
[email protected]
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection: ico.org.uk.
Last Updated: 5 April 2024