Rosemary Cottage Privacy Policy | Page 3

laws .
• Marketing . Where you have consented to receiving marketing communications , we will share your personal data with our mail merging company based in the UK . For more details regarding our mail merging company , please contact us at contact @ rosemarydittisham . co . uk
• Affiliates . Our subsidiaries and parent company and businesses , and other affiliated legal entities and businesses with whom we are under common corporate control . We shall ensure that all of our parent , subsidiary , and affiliated legal entities and businesses that receive your information from us will comply with the terms of this privacy policy .
• Third party purchaser . In the event that we sell or buy any business or assets we will disclose your personal data to the prospective seller or buyer of such business or assets .
• Enforcing our rights . In the event that we are required to take action to enforce the terms of this Privacy or the Terms and Conditions . 2 . Booking
• Provision of services . To provide you and our other customers with the services in accordance with this Privacy Policy and our Terms and Conditions we may share information with our thirdparty E marketing and printing providers , all based in the UK . For more information about our thirdparty providers please contact us at contact @ rosemarydittisham . co . uk HOW WE PROTECT YOUR INFORMATION All personal data is stored on secure databases and authorised staff are permitted access . We also use a Firewall ( security software ) to safeguard stored personal data . Clients also have a legal right to view the data that we hold about them . This means that personal data submitted can only be exchanged between you and XXX . Payments are collected online or over the phone through a 3 rd party payment provider such as PayPal . We do not save any of your details . TRANSFERS OUTSIDE THE EEA 1 . Using the Website As a result of disclosing your personal data to a third party listed above , we may transfer your personal data outside the European Economic Area ( the " EEA ") when you use the Website . To ensure that your personal information receives an adequate level of protection we ensure that appropriate safeguards are in place , as detailed in the processing agreement between XXX and the third party . The safeguards may include passing down the EU Model Contract Clauses or ensuring U . S . Privacy Shield certification . WHEN WE DELETE YOUR INFORMATION We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for , including for the purposes of satisfying any legal , accounting , or reporting requirements . To determine the appropriate retention period for personal data , we consider the amount , nature , and sensitivity of the personal data , the potential risk of harm from unauthorised use or disclosure of your personal data , the purposes for which we process your personal data and whether we can achieve those purposes through other means , and the applicable legal requirements . All personal data held will be reviewed every 10 years , whereby we remove inactive accounts . In some circumstances we may anonymise your personal information so that it can no longer be associated with you , in which case we may use such information without further notice to you . RIGHTS OF ACCESS , CORRECTION , ERASURE AND RESTRICTION 1 . Your duty to inform us of changes