Privacy Policy

Last updated: 16th January 2025

Our Contact Details

Name: Lily Attwell-Rowan
Email: Lily@lilyattwellrowan.co.uk

The Type of Personal Information We Collect

We collect and process the following types of personal information:

  • Personal identifiers, contacts, and characteristics (e.g., name, email address, and other contact details).

How We Get the Personal Information and Why We Have It

Most of the personal information we process is provided directly by you for one of the following reasons:

  • You have contacted us via our website, email, or other communication channels.
  • You have signed up for a newsletter or requested updates.
  • You are a client and have provided the details necessary for our services.

We use this information to:

  • Respond to enquiries and communicate with you.
  • Provide and manage our services.
  • Send relevant updates or marketing communications (if you have opted in).

We do not share your personal information with third parties.

Lawful Bases for Processing Under UK GDPR

Under the UK General Data Protection Regulation (UK GDPR), we rely on the following lawful bases:

  • Your consent – for marketing communications (which you can withdraw at any time).
  • Contractual obligation – to provide services to clients.
  • Legitimate interest – to respond to enquiries and operate the business effectively.

How We Store Your Personal Information

We take data security seriously. Your information is stored securely in password-protected and encrypted systems. We use Two-Factor Authentication (2FA) on:

  • Email
  • OneDrive (cloud storage)
  • HubSpot (CRM system)
  • FreeAgent (accounting software)

If we introduce new software or tools, we will ensure they meet equivalent security standards, including encryption and access controls. Access to your data is restricted to authorised personnel only.

Data Retention

We retain personal data based on its purpose:

  • General enquiries (e.g., contact forms, emails): Retained for up to one year after our last communication unless a further conversation arises.
  • Client data (contracts, invoices, service records): Retained for six years for legal and tax compliance.
  • Marketing preferences (e.g., newsletter sign-ups): Stored until you withdraw consent.

Once data is no longer needed, we securely delete it from our systems, including emails, cloud storage, and CRM records.

Your Data Protection Rights

Under data protection law, you have rights including:

  • Right of access – You can request copies of your personal data.
  • Right to rectification – You can ask us to correct inaccurate or incomplete data.
  • Right to erasure – You can ask us to delete your data in certain circumstances.
  • Right to restriction of processing – You can ask us to limit how we use your data.
  • Right to object to processing – You can object to how we use your data in certain cases.
  • Right to data portability – You can request that we transfer your data to another organisation or to you.

You will not be charged for exercising your rights. We will respond within one month.
To make a request, please contact Lily@lilyattwellrowan.co.uk.

How to Complain

If you have concerns about how we handle your personal data, you can contact us at Lily@lilyattwellrowan.co.uk.

You can also complain to the Information Commissioner’s Office (ICO):

Address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline: 0303 123 1113
Website: www.ico.org.uk