Updated May 2018
Keeping your data safe
Who are we?
Located in the heart of Chelsea, Phillipa Lepley is London’s go-to atelier for beautifully tailored, bespoke one-of-a-kind luxury wedding dresses.
Established for over thirty years, Phillipa Lepley’s passion for design and impeccable eye for detail, coupled with the unrivalled skilled craftsmanship of her local expert atelier team have long made No. 48 Fulham Road the destination for discerning brides-to-be looking for both refined tailoring and easy-to-wear elegance. Phillipa Lepley Ltd make all their dresses locally to the shop premises.
1 Who’s in control?
1.1 It is important that you understand who is responsible for keeping your data safe. We are the “controller” of all personal data collected and used. This means that we are responsible for deciding how and why your data is used and for ensuring that your data is handled legally and safely.
2 What data do we collect and where from?
2.1 We collect some data directly from you when you engage with Phillipa Lepley Ltd. This is information about you that you give us by filling in forms on our site phillipalepley.com or by corresponding with us by telephone, email, social media platforms or in person. It includes information you provide when you register to use our site, subscribe to our service, place an order, purchase a garment or accessory, participate in discussion boards or other social media functions, enter a competition, promotion or survey and when you report a problem with our site.
This data could include some or all of the following:
2.1.1 your full name;
2.1.2 your email address;
2.1.3 your telephone numbers, home and mobile;
2.1.4 your postcode and address (if you choose to provide them);
2.1.5 your billing contact name (family or guardian);
2.1.6 your billing contact email address, postal address and phone numbers (family or guardian);
2.1.7 photographic images of you throughout your purchase, order, and fittings process, consisting of approx. 8 fittings in total;
2.1.8 images of you on your wedding day (if you chose to share them);
2.1.9 your credit card information (this is not held on file);
2.1.10 your body measurements;
2.1.11 personal notes about your fittings and personal body information;
2.1.12 personal family information and details of your wedding;
2.2 We collect information about how you use phillipalepley.com using cookies. This includes your viewing history, IP addresses, device identifiers and information about how long you have stayed on certain pages or what pages you have clicked on (Behavioural Data). We also log and use information about any service errors or interruptions that you have experienced in order to help us create fixes and to make technical improvements to phillipalepley.com. We also collect data about you from third parties outlined below.
2.3 We also collect anonymised publicly available information from social networking sites such as Facebook, Instagram, Linked In and Twitter, for example likes, shares, tweets and posts about Phillipa Lepley Ltd. This information is provided to us by a third party and is fully anonymised so we cannot see who has posted the information. This information is used for internal analysis purposes only.
3 What do we use your data for?
3.1 It is important that you understand how and why we use the personal data that we collect about you. This section sets out the different purposes for which we process personal data and which types of personal data we need for each purpose.
3.2 Managing your personal Account Data and providing you with our services, we manage confidentially all the data you have provided us with as listed in section 2.1.1 Your data will stay in our computer system unless you request otherwise. The team at Phillipa Lepley Ltd have all signed strict confidentiality agreements and are very aware of client confidentiality throughout all our processes.
3.2.1 We use a password protected internal computer program, which is backed up to our internal server and in turn backed up externally to manage and administer your purchase order, for the avoidance of doubt this may be a consultation, sample purchase, accessory purchase or a bespoke garment order. We use this to search your account and to provide you with Phillipa Lepley services that you have requested from us. We also store personal data in our online diary system. This would be name and contact details and information in connection with your appointments with us.
3.2.2 we use your Voluntary Data to enable us to make appointments, respond to queries, complaints or comments that you have and to make sure that these are appropriately dealt with.
3.3 Competitions and surveys
3.3.1 We use Competition Data for the purposes of allowing you to participate in competitions and to carry out any activities required in relation to those competitions, for example contacting you to let you know you have won a prize and using your address to send your prize to you.
3.3.2 we use Survey Data for the purposes of analysing insights and information to enable us to improve our services.
3.4 Improving our services
3.4.1 we use Account Data, Behavioural Data, Voluntary Data and Survey Data to help us monitor, analyse and improve Phillipa Lepley Ltd services and procedures. We use this data to help us understand which products, content and services are most suitable to our clients and to help us identify errors and test features. This helps us to make sure that we are providing you with the best possible products and services. This also (a) enable us to assess our performance and to improve our products and services including advertising;
(b) inform our marketing and promotional activities;
(c) inform and support our advertising partners;
3.5 We periodically review the data that we keep in our archive and we will delete or anonymise your data held in the archive where we consider it is no longer of value or interest.
4 What is our legal basis for using your data?
4.1 Data protection law says that we have to tell you the legal basis that we rely on to process your personal data for the purposes that we have notified to you. This section tells you what that legal basis is in relation to each of the purposes set out above.
4.2 With the exception of email marketing, we process your personal data for all of the purposes identified under What do we use your data for? and How do we use your data for marketing and advertising purposes? on the basis that it is in our legitimate interests, or the legitimate interests of third parties with whom we share your data, to carry out these activities. Further information about what those interests are is set out below.
Purpose: Running your account and providing you with our services
Legitimate interests: To ensure that Phillipa Lepley Ltd clients enjoy the best reliable professional experience to gain the most beautiful garments possible.
Purpose: Improving our services
Legitimate interests: To make sure that we continue to improve our products and experience and provide our clients with the best and most effective service possible.
Legitimate interests: To provide advertising that is relevant to you to ensure that you have the best experience possible.
4.3 You have the right to object to us processing your personal data for the purposes set out above. Unless we can show that we have a compelling legitimate reason to continue processing your personal data, we will stop processing it. Remember that you can request that we delete your account at any time in which case we will fully anonymise your personal data. Please email : firstname.lastname@example.org.
4.4 In respect of the use of your email address for email marketing purposes, we process this on the basis that we have your consent to do so. You can withdraw your consent at any time by requesting this via email to email@example.com.
5 Who do we share your data with?
5.1 We do need to share your personal data with some third parties in some circumstances. This includes where we use third party suppliers to perform various services for us. The third party suppliers we share your personal data with are as follows:
5.1.1 third party service providers who help us to manage our customer database and registration process; IT / PR and marketing providers. Website creators and advisors.
5.1.2 other service providers such as information security service providers who help us to manage our IT systems and ensure that they are secure
6 How long do we keep your data for?
6.1 We will keep all your personal data for as long as your Phillipa Lepley account remains open. You can close your account at any time by requesting this via email to firstname.lastname@example.org. If you do this, we will anonymise all your Account Data as soon as we can after you have closed your account. All other information about you, such as Behavioural Data, will also be fully anonymised.
6.2 Any Voluntary Data you submit to our team will be retained for a minimum period of ten years from submission, after which it may be anonymised.
6.3 It is helpful to keep purchase orders on file for reference for crossover with future clients. We often search past client’s orders for fear of a friend having a similar garment.
6.4 In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
6.5 If Phillipa Lepley Ltd. or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
6.6 If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of Phillipa Lepley Ltd, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
7 What rights do you have?
7.1 You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.
7.2 We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information. If your request is particularly difficult or complex, or if you have made a large volume of requests, we may take up to three months to respond. If this is the case we will let you know as soon as we can and explain why we need to take longer to respond.
7.3 A right to access your information
7.3.1 You can access all of your Account Data through requesting this directly via email to email@example.com
7.3.2 You also have a right to ask us to send you a copy of your Account Data and all other personal data that we hold about you (subject to some exceptions). A request to exercise this right is called a “subject access request” and must be made in writing to: firstname.lastname@example.org or to: Data Protection, Phillipa Lepley Ltd, 48 Fulham Road, Chelsea, London, SW3 6HH.
7.4 A right to object to us processing your information
7.4.2 If we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.
7.4.3 You can exercise this right by emailing email@example.com.
7.4.4 Remember that you can always delete your account at any time through emailing firstname.lastname@example.org.
7.5 A right to have inaccurate data corrected
7.5.1 You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.
7.6 A right to have your data erased
7.6.2 We will fully anonymise any personal data we hold about you when you close your account, as set out under How long do we keep your data for? above. This means that it will no longer identify you and ceases to be “personal data”.
8 How can you contact us?
9 What if you have a complaint?
9.1 You have a right to complain to the Information Commissioner’s Officer (ICO), which regulates data protection compliance in the UK, if you are unhappy with how we have processed your personal data.
9.2 You can find out how to do this by visiting www.ico.org.uk.
10 What if this policy changes?
Policy updated on 25 May 2018