Version: 24 MAY 2018
The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.
Suhajda Karl t/a Sugar Flowers Workshop will comply with the GDPR as a data controller and processor when it takes effect on 25th May 2018.
Please note that we may amend this policy on a regular basis. Please visit this page to keep up to date.
1°) Who is responsible for Data Protection?
Suhajda Karl firstname.lastname@example.org +36 30 206 3845
2°) Why do we keep your data?
Suhajda Karl t/a Sugar Flowers Workshop only collects personal information for the purpose of purchasing a course and keeping in touch through email.
3°) What personal data do we keep about you?
Your name and email.
4°) Who do we share these data with?
The data is not shared with anyone outside of our software vendors.
5°) Where did we find your data?
You subscribed via a sign-up form on our website or purchased a course via our online portal operated by Teachable inc.
6°) Where is your data stored and processed?
We use multiple cloud-based systems to carry out our various tasks. We use an Email Service Provider to process and store name and email data. And we use the course hosting provider.
Servers are based in the US and they have committed to being compliant with the GDPR requirement.
7°) How long do we keep your data?
Our Email Service Provider keeps your name and email for as long as you wish to receive email correspondence from us, you can unsubscribe at any time.
If you’ve purchased a course the course hosting platform will keep your name, email, address and financial details (via their secure payment processor) as long as you wish to access the course.
8°) How do we protect your data?
Your data is extremely important to us. We endeavour to treat your data the same way we would like ours processed.
We are fully aware of data protection and our responsibilities.
We endeavour to only use software and systems that have committed to be GDPR compliant.
We use secure passwords through a dedicated password manager.
All of our systems’ providers have committed to being GDPR compliant and offer various level of encryption and pseudonymisation.
9°) Under the GDPR you have the right to:
Access the data we hold about you
Restrict the processing of your data
Rectify the data we hold about you
Erasure (right to be forgotten)
Object to the use of your data
Automated decision-making and profiling
10°) How can you exercise your rights as a Data Subject?
Email our Data Protection Champion, Suhajda Karl email@example.com with the right you wish to exercise in the subject line.
Please be aware that you may be asked for a proof of identity, which will not be kept after processing your request. We may also need to ask for more information about your request to process it.
N.B. Each Data request will be subject to a 10.00 Euro processing fee.
Under the GDPR we have 30 days to comply with your request unless we have a legal obligation preventing us to do so; in which case we will share that reason with you.
11°) I have a question that is not covered in this document:
Please contact our Data Protection Champion, Suhajda Karl firstname.lastname@example.org
12°) What data do you collect when I visit your site?
When you access our website we will also collect certain data from you. If you would like more information about this, please click here to view our website Privacy Statement & Cookies Policy.