Privacy Policy
PRIVACY NOTICE
Last updated: April 2026
We are dedicated to safeguarding and preserving your privacy when visiting our website, using our services or communicating electronically with us.
This privacy notice (‘Notice’) provides an explanation about what happens to any Personal Data that you provide to us, or that we collect from you.
By continuing to use our Website and services, which includes reading blogs and articles published on our Website, clicking on third party links through our Website, and/or contacting us via email or any other method (‘Services’), you agree to our Terms and Conditions as outlined on our Website (‘Terms’) and this Notice for the collection and processing of your Personal Data.
This Notice sets out our use of any and all Personal Data collected by us in relation to your use of our website, https://compassionateandtheclassy.com (‘Website’). The Website is operated by Geeta Daswani (‘we’, ‘us’, ‘our’, ‘ourselves’).
For the purposes of processing your Personal Data, we are the Data Controller (as defined under Article 4(7) of the EU General Data Protection Regulation 2016/679 (‘GDPR’) as well as the UK GDPR (the retained EU law version of the General Data Protection Regulation ((EU) 2016/679), as it forms part of the law of England and Wales, Scotland, and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018), and as amended by Schedule 1 to the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019.
Personal Data shall have the meaning given to it under Article 4(1) of the GDPR 2016/679, and the UK GDPR, and which is more particularly defined in this Notice below.
This Notice should be read in conjunction with our Terms. We may amend or update this Notice from time to time and will publish revised versions on our Website. We reserve the right to alter and make changes to this Notice at our sole discretion, and we therefore request all users to regularly refer to our Notice for updates and variations.
The contents of this Notice are as below:
Who is the person responsible for the management of your Personal Data?
What Personal Data do we need/receive?
What are the sources of collection of your Personal Data?
How do we use your Personal Data?
Children’s Privacy
What are the Lawful Bases for processing your Personal Data?
Who may use your Personal Data?
Social Media
How do we store and transfer your Personal Data?
For how long do we store your Personal Data?
Use of Cookies
Marketing Communications
Transfer of your Personal Data outside of the European Economic Area
Changes in Terms of Privacy
Third party Links
Payments
Access to Personal Data
Erasure of your Personal Data
Your Rights in relation to your Personal Data
Further Information on your rights in relation to your Personal Data as an individual
Your right to object to the processing of your Personal Data for certain purposes
Contacting Us
Who is the person responsible for the management of your Personal Data?
As a business operating in the United Kingdom, we are registered with the Information Commissioner’s Office (ICO) under reference number: ZC121689
The person responsible for data protection is Geeta Daswani. For any queries relating to the management of your Personal Data please do not hesitate to send us an email at info@compassionateandtheclassy.com.
What Personal Data do we need/receive?
‘Personal Data’ has been defined under the GDPR and the UK GDPR as ‘any information relating to an identified or identifiable natural person (‘Data Subject’)’. ‘An identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.’
Any references to ‘Personal Data’ in this Notice therefore means information about living individuals, which, alone or in conjunction with other information held by us is capable of identifying them. The GDPR 2016/679, the UK GDPR, The Data Protection Act 2018, The Data (Use and Access) Act (DUAA) 2025, and any other national implementing legislation relating to data protection in the UK, regulate our use of your Personal Data (collectively ‘Applicable Data Protection Law’).
In order to provide our services or for the purposes of conducting our business we may need the following Personal Data from the individuals we are dealing with. (We have tried to cover categories of data that we generally require while providing services to our readers, operating our business, and for maintaining our blog, social media accounts and Website. However, this is not an exhaustive list).
- your name
- your date of birth
- your physical and/or electronic address
- your phone number
- if you are dealing with us on behalf of a company/business entity, the company registration number and registered office address of the company/business entity
- for the purposes of making payments, bank, or debit/credit card details
- details of your visits to our Website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data
- any other information that you provide by filling out forms on our Website or otherwise, such as when you register for information or sign up to our email marketing list
- your social media account details if you follow us on or communicate with us via social media
- any other information provided to us when you communicate with us for any reason
- if our blog, social media accounts and/or Website is accessed by a child below 18 years of age (‘Child’ and ‘Children’ will be construed accordingly), the Child’s parent or guardian will be responsible for their Child’s Personal Data that they share with us.
What are the sources of collection of your Personal Data?
We may obtain Personal Data from you when you contact us or get in touch with us via our Website or social media accounts or when you, or your organisation correspond with us through any means of communication. This includes Personal Data you provide to us when you:
- contact us with a query via our Website, email, telephone, or social media
- ask us to collaborate with you on any assignment
- contact us or authorise anyone to contact us for the purposes of our services
- contact us to provide us your services or goods
- correspond with us to submit any complaints that you may have
- correspond with us to address any complaints we may have raised
- register for a seminar or event where information is shared between fellow members
- register to receive updates, promotional content and/or newsletters from us
- provide us and/or our staff with your personal information, business cards or contact details
- deal with us when we are providing services to our clients (which may be you, your dependent, your organisation or a third party)
- submit identity documents directly to us or to third party agencies commissioned by us to collect your Personal Data for the purposes of carrying out identity checks and due diligence (We shall continue to remain the Data Controller for any Personal Data submitted to third parties in connection with your dealings with us)
- contact us for the purposes of employment or apprenticeships and
- connect with us on social media platforms or join groups created and administered by us on social media.
- communicate with us via messaging platforms including without limitation WhatsApp, Facebook Messenger, Twitter, or Instagram Direct Messenger
We may also collect and retain Personal Data:
- obtained from public sources about you or your organisation, which includes all information available on your website, the Companies House, or other online sources accessible through search engine optimisation searches
- obtained from third parties, that may include our clients, referring partners, professional regulators, public bodies, and other entities, including providers of analysis, screening and database services who have a right to disclose this information to us and
- relating to whether our contacts read electronic correspondence from us or click on links we send them.
How do we use your Personal Data?
The Personal Data that we collect and store relating to you is primarily used to enable us to provide our content and recommendations to you. In addition, we may use your Personal Data for the following purposes:
- to provide you with information requested from us, relating to our services. (We will keep this until you tell us to remove yours or your Child’s Personal Data from our records for these purposes, or until we have reason to believe that you may no longer have any need for this information and our services)
- to meet our contractual commitments to you
- to notify you about any changes to our Website, such as improvements, or service changes, that may affect our services
- to carry out research, including market research, statistical research on site traffic, sales and other commercial information to assist us in improving the services we provide to you and to improve our Website
- for internal use such as governance, quality control and monitoring purposes
- if you are an existing reader/client, we may contact you with information about content and/or services similar to those which were the subject of your previous interest.
- to send you newsletters and other promotional material if you have opted-in
- to connect with you on social media, if you have requested to connect with us and, once connected, to provide you with information and updates about us and our services on social media
Where we have obtained Personal Data for any of the purposes set out in this Notice, we may use it in connection with internal data analysis and also for any of the other purposes set out in this Notice. This does not affect your legal right to object to the use of your Personal Data for direct marketing purposes.
Children’s Privacy
We do not intend to collect and process the Personal Data of anyone under the age of 18 (eighteen) years (‘Child’/’Children’). Although our blog is aimed at creating impact, and we welcome readers of any age bracket to read our content and recommendations, we do not encourage anyone under the age of 18 to share their Personal Data online.
If you are a parent or guardian and you are aware that your Child has provided us with Personal Data without your consent, please contact us at the earliest. As a parent/legal guardian you understand that the onus of controlling your Child’s Personal Data lies on you. If we become aware, after notification by a parent/legal guardian or the Child themself, that Personal Data from the Child was submitted to us without parental/legal guardian’s consent, we will take steps to remove that Personal Data from our servers.
We will not share a Child’s Personal Data with a third-party unless we have a compelling reason to do so, where a Child’s best interests are our primary consideration. For example where it is in the best interests of a Child’s health and safety and/or security for their Personal Data to be shared. In particular we will follow the ICO’s guidance on sharing information to safeguard children.
What are the Lawful bases for processing your Personal Data?
The following are the lawful bases for us processing your Personal Data:
- Article 6.1 (a) of the GDPR 2016/679 and the UK GDPR- Consent
In order to avail of our services which entails content creation and sharing products and services recommendations, you consent to us obtaining and processing your Personal Data. We operate and maintain our blog in accordance with the terms and conditions published on our Website (‘Website Terms’). The Website Terms along with this Notice set out the purposes for which your Personal Data may be obtained and processed by us. By accepting the Website Terms, or by using our Website or by executing a contract with us and by continuing to deal with us you confirm that you have consented to us collecting and processing your Personal Data in accordance with our Website Terms and this Notice.
By expressly opting in to receive our newsletters and promotional material, you consent to us using your email address for the said purposes, in which case the lawful basis for us using your Personal Data is your consent as outlined in Article 6.1 (a) of the GDPR 2016/679, and the UK GDPR.
‘Consent’ as defined under Article 4(11) of the UK GDPR means any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her. Therefore where you opt-in for us to contact you or voluntarily request for our services, you consent to us using your Personal Data to fulfill the requests made by you.
- Article 6.1 (b) of the GDPR 2016/679 and the UK GDPR- Contractual necessity
One of the grounds for obtaining and processing your Personal Data is so that we can perform our services in line with our Website Terms. This includes the collection and use of your Personal Data in order for us to perform our services. Our services entail without limitation creating and making content available for our readers and recommending products and/or services.
- Article 6.1 (c) of the GDPR 2016/679 and the UK GDPR- Compliance with legal obligations
We may have to collect and process Personal Data, where such processing is necessary for compliance with a legal obligation to which we as the Data Controller are subject. In order to comply with certain legislative and regulatory requirements relating to client due diligence, we may have to collect and process your Personal Data. Consequently, we may process your Personal Data to carry out identity checks and maintain records of client due diligence.
We may employ third party service providers for the purposes of carrying out client identity checks, or for processing your Personal Data for the purposes of due diligence. However, we remain the Data Controllers.
- Article 6.1 (f) of the GDPR 2016/679, and the UK GDPR- Legitimate interests
In circumstances where you are a client or an employee of or independent contractor for our business, we may have to process your Personal Data to promote and pursue legitimate interests of the public and/or our organisation, and/or yours as our client or employee/independent contractor. In order that we provide our services effectively and safely it is in our legitimate interest that we collect information from you.
In terms of promotional material, if you unsubscribe from our mailing list or revoke your consent to receive our newsletters and promotional material, the corresponding Personal Data will be removed from our mailing list and will no longer be processed for these purposes. Including your email address in our blocking list is effected in order to safeguard our legitimate interests under Article 6.1 (f) of the GDPR 2016/679, and the UK GDPR. Our legitimate interests lie in not sending you any e-mails in the future.
v. Grounds covered by the Data (Use and Access) Act 2025
We may also process your Personal Data on the following grounds:
- Recognised Legitimate Interest, i.e. for purposes classified as ‘recognised legitimate interest’ by the DUAA 2025, for example, for responding to emergencies, or for the purposes of protecting public security or safeguarding vulnerable individuals
Who may use your Personal Data?
We may disclose your Personal Data:
- to enforce our policies, to comply with our legal obligations (such as if we are required to disclose your Personal Data under a court order, legal requirement and/or regulatory requirement) or in the interests of security, public interest, or law enforcement in any country where we have entities or affiliates. For example, we may respond to a request by a law enforcement agency or regulatory or governmental authority, including without limitation, customs authorities of a country. We may also disclose Personal Data in connection with actual or proposed litigation, or to protect our property, security, people and other rights or interests
- to our employees, independent contractors, consultants such as our accountants, bookkeepers and solicitors, partners and/or third parties who help deliver our services to you, including without limitation website designers, brand owners, couriers, etc.. These parties will have access to your Personal Data as necessary to perform their functions, but they may not use that Personal Data for any other purpose. Our contracts with all third parties processing our clients’ Personal Data shall outline their obligations relating to data protection.
- We may also use email marketing platforms such as WordPress, Stan Store, and Google to co-ordinate our messages. Your name and email address may therefore be saved on their servers.
Social Media
Please remember that when you share information publicly on the Website or on social media platforms, for example a comment on a blog post or within social media groups, it may be indexable by search engines, including Google, which may mean that the information is made public. We therefore encourage you not to publish your Personal Data on social media platforms.
When you participate in conversations on social media your Personal Data may be visible to members of the concerned social media group and to the public in general. Please note that you participate in social media related activities at your sole discretion, and we shall not be liable for the access and use of your Personal Data by third parties via social media, including circumstances, where third parties contact you or initiate a conversation with you, on social media or otherwise, as a result of your Personal Data being made available to them via social media groups or any activity you participate in through social media platforms or by connecting with us on social media.
Also please note you may be tracked by Instagram (Meta), WhatsApp, YouTube and/or LinkedIn cookies if you access our profile via these social media platforms. The links to their respective privacy policies have been provided below:
1. Instagram (Meta)- privacy policy
2. WhatsApp- privacy policy
3. YouTube and Google- privacy policy
4. LinkedIn- privacy policy
Seminars, Webinars and Group Activities
If you participate in seminars, webinars and/or any other group activity organised by us you agree that:
- other members participating in the seminar, webinar and/or group activity will be privy to your Personal Data as well as to your information, including without limitation, confidential information (as defined in our Website Terms) that you share with the group. By participating in group activities, you therefore explicitly consent to your Personal Data and/or other information, including confidential information being received by the members of the group
- you will not disclose a group member’s Personal Data and/or confidential information to third parties, save and except where you have the group member’s express written consent to do so
- Neither Compassionate and The Classy nor any persons affiliated with us shall be liable for the use of your Personal Data by members who were privy to your Personal Data and/or confidential information as a result of you attending a group activity organised by us
- If you share your Personal Data and/or other information with attendees of a group activity organised by us you do so at your own will, and neither Compassionate and The Classy nor any officer, director, employee and/or representative thereof shall be liable for the outcome thereof.
How do we store and transfer your Personal Data?
All Personal Data collected by us is stored in a secure manner compliant with the GDPR and the UK GDPR.
Your records are stored:
- On our office computers. Our computers are password protected and backed up regularly.
Your Personal Data may also be stored on servers that may not be located in the United Kingdom and/or the European Economic Area (the EEA). Some of our servers may be located in the United States of America. Consequently, when you use our Website to read content, purchase services or opt in to receive promotional material your Personal Data may be processed by servers located in the United States of America, with less strict privacy laws and the associated risk of your Personal Data being easily accessible in the United States of America.
Should you not wish your Personal Data to be processed in the United States of America you must not:
1. opt-in to receive promotional material from us
2. buy services via our Website, and/or pay using the payment platforms made available on our Website.
A purchase by you of services using our Website and/or using any of the payment platforms on our Website shall constitute your consent to your Personal Data being processed in the United States of America.
We may also transfer Personal Data that we collect from you to locations within and outside of the United Kingdom but within the European Economic Area for processing and storing. Also, it may be processed by staff operating within the European Economic Area who work for us or for one of our affiliates.
Some of the third parties we may transfer your Personal Data to within the UK and/or within the EEA include:
- Professionals we partner with to provide services to you such as brand owners and affiliates.
- Your Personal Data may be stored on our email marketing platforms
We will transfer your Personal Data to a third-party only if it is required by law, or it is necessary to do so in your best interests, or for the purposes of performing our services and conducting our business. We will ensure that third parties with whom we share your Personal Data are made aware of their obligations relating to confidentiality and data protection.
We may share aggregated anonymised data with third parties in order to monitor our services and to ensure consistent quality and safety relating to the services provided to clients.
By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all reasonable steps to make sure that your Personal Data is treated securely and in agreement with this Notice.
Emails– Emails are sent/received by us on devices that are password protected, and as much as possible in a TLS (Transport Layer Security) encrypted format.
Servers and Platforms, hosting and back-end infrastructure
- Website host: We use third-party hosting services for the purposes of hosting data and files that enable our Website to run and be distributed as well as to enable us to run specific features and functions within our website.
Our Website is hosted by Bluehost. While Bluehost’s servers are predominantly located in the United States of America, it is possible that some of these functions work through geographically distributed servers, thereby making it difficult to identify the exact location where the Personal Data is stored.
The details relating to Bluehost are as below:
Personal Data collected: Various types of data as specified in this Privacy Notice
Privacy Policy: Click here
- CMS (Content Management) System: We use WordPress.org as our content management system. It is through WordPress.org that we have created and published our Website. We continue to manage our Website through WordPress.org.
The details relating to WordPress.org are as below:
Personal Data stored: Various types of data specified in this Privacy Notice
Privacy Policy: Click here
- Marketing Platforms- We may use Mailpoet as our email marketing platform to create and send out targeted email marketing campaigns.
The details relating to Mailpoet are as below:
Personal Data stored: Various types of data specified in this Privacy Notice
Mailpoet’s Privacy Policy: Click here
Mailpoet’s compliance with the GDPR: Click here
Security of Personal Data– The transmission of Personal Data via the internet is not completely secure and therefore we cannot guarantee the security of Personal Data sent to us electronically and transmission of such Personal Data is therefore entirely at your own risk.
Sharing Personal Data with other professionals– We will not share your information with other professionals unless it is in accordance with this Privacy Notice or where we have your express written permission to do so (written permission includes permission given via email) or where there is an overriding public interest in disclosing the information without your consent or where your interests in terms of health and safety over-ride our obligation of confidentiality. This is in accordance with the ‘recognised legitimate interest’ lawful basis of processing Personal Data outlined in the DUAA 2025.
Sharing Personal Data for marketing purposes– We will always seek your permission before attributing you in our publicity material such as client testimonials.
Sharing Personal Data in case of emergencies– We will generally share your information/Personal Data with persons nominated as your ‘Emergency Contact’ or where an ‘Emergency Contact’ has not been nominated, with your next of kin only in cases of emergencies where it is in the legitimate interest of the public or in the legitimate interest of our organisation or in your own legitimate interest, as the case may be for us to disclose the Personal Data or where your interests (health and safety) over-ride our obligation of confidentiality. For such circumstances it shall be deemed that you have consented to your information being shared with the recipient of the information. This is also in line with the ‘recognised legitimate interest’ lawful basis of processing Personal Data outlined in the DUAA 2025.
Storing Data and Information-Your Personal Data will be stored securely and will be shared with third parties in accordance with this Privacy Notice.
For how long do we store your Personal Data?
Our policy is that we retain your Personal Data for no longer than necessary for the purposes for which it was collected. On expiry of the afore-mentioned duration, all of the Personal Data is disposed of securely to ensure compliance with Applicable Data Protection Law.
Use of Cookies
On occasion, we may gather information about your computer for our services and to provide statistical information regarding the use of our Website.
Such information will not identify you personally as it is statistical data about our visitors and their use of our site. This statistical data does not identify any personal details whatsoever.
Similarly, to the above, we may gather information about your general internet use by using a cookie file. A cookie is a small text file. Where used, these cookies are downloaded to your computer automatically, typically somewhere within your browser settings files. They help us to improve our Website and your experience of it.
Examples of Cookies we use:
Session Cookies. We use Session Cookies to operate our service. Session Cookies are temporary cookies, as they store information about your current session and then are erased when your browser is closed.
Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
Security Cookies. We use Security Cookies for security purposes.
Other tracking technologies are also used such as beacons, tags, and scripts to collect and track information and to improve and analyse our service.
All computers have the ability to decline cookies. Our Website will display a cookie banner to remind you that when you access our Website, we will place cookies on your device to improve your experience of our Website. We will also give you the option to consent or opt-out of cookies. You can opt-out of cookies by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies you may be unable to access particular parts of our Website.
Our advertisers may also use cookies, over which we have no control. Such cookies (if used) would be downloaded once you click on advertisements (if any) on our Website.
When you interact with us on social media or access information about us through social media your access of information about us via social media platforms may result in you and your activities being tracked by the cookies placed by these social media platforms.
For more information on Cookies and similar technologies you may also want to visit the UK Information Commissioner’s guide on cookies: https://ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/guide-to-pecr/cookies-and-similar-technologies/#consent
Google Analytics- In order to optimise our service, we may apply Google Analytics and our own statistical analyses.
Google Analytics is a web analysis service provided by Google, which is used for the purposes of market research and ensuring that the service meets user requirements. Google Analytics uses ‘cookies’, which are placed on your computer to make it possible to analyse how you make use of the service. The information generated by the cookies about your use of the service (including your pseudonymised IP address) is as a rule transmitted to and stored by Google on servers in the United States of America. Google uses this information in order to evaluate your use of the service and to create reports on activities for the operator of the service. Google may also transmit this information to third parties if this is prescribed by law, or if third parties process the data on behalf of Google. On no account will Google connect your IP address with other Google data. At https://tools.google.com/dlpage/gaoptout?hl=en-GB you can, with effect for the future, opt out of the recording and saving of your Personal Data at any time.
Marketing communications
If you have given permission, we may contact you about any of the following:
- client and purchase information
- occasional information about our services and offers
- updates about our services
- newsletters and other promotional material (if you have opted-in to receiving them)
- new blog posts
- information about services that might benefit you
In compliance with Applicable Data Protection Law, all emails sent by us will clearly state who the email is from and will provide clear information on how to contact the sender. In addition, all email marketing messages will also contain concise information on how to unsubscribe from or remove yourself from our mailing list should you wish to, so that you receive no further email communication from us.
We are committed to keeping your Personal Data confidential. We will use your email address solely to provide timely information about us and our services, and we will maintain the Personal Data you send via email in accordance with Applicable Data Protection Law.
Transfer of your Personal Data outside of the European Economic Area
Your Personal Data may be transferred and stored outside the European Economic Area (EEA) in the circumstances set out in this Notice. Where we are required to do so, we will ensure appropriate safeguards and protections are in place, including undertaking safeguards required to be implemented by the Information Commissioner’s Office such as undertaking a transfer risk assessment, and executing data protection clauses in the form of the International Data Transfer Agreement (IDTA), an International Data Transfer Addendum to the EU Standard Contractual Clauses or the UK Binding Corporate Rules (UK BCRs) as applicable.
Change in Terms of Privacy
We reserve the right to alter this Notice. Any changes to this Notice will be posted on this page. This Website is controlled and operated within the United Kingdom. We make no representations that materials, information, or content available on or through this Website are appropriate or available for use in other locations, and access to them from territories where, accessing such materials, information, or content is illegal or prohibited. Those who choose to access this Website from other locations do so on their own volition and are responsible for compliance with applicable local laws.
Third Party Links
You might find links to third party websites on our Website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their privacy policies whatsoever as we have no control over them.
Payments
In order to enable our consumers to purchase products or services sold via our Website, we use third-party services for payment processing (for example, payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your Personal Data is governed by their respective privacy policies. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
You may also come across third party links for payment processing on e-commerce and/or other websites that we recommend to you or to which you were directed through our Website. Each of these websites is operated by separate entities and your use of their website(s) and/or services will be governed by their respective privacy policies.
Access to Personal Data
The GDPR, UK GDPR, The Data Protection Act 1998 as well as DUAA 2025 give you the right to access the Personal Data that we hold about you provided that we are able to provide this based on reasonable and proportionate searches. We will provide the Personal Data that we hold on you free of charge as long as it hasn’t been provided to you already. If the Personal Data is a copy of information already provided or is excessive, then an administration cost of £10 will be charged. Should you wish to receive details that we hold about you please contact us by emailing us at info@compassionateandtheclassy.com. You will need to provide suitable evidence that you are the person that the Personal Data pertains to before we will release it. We will endeavour to provide the Personal Data requested by you within one month of receipt of your request provided that we have all the information we need in relation to your request.
Verifying your identity where you request access to your Personal Data:
Where you request access to your Personal Data, we are required by law to use all reasonable measures to verify your identity before doing so. These measures are designed to protect your Personal Data and to reduce the risk of identity fraud, identity theft or general unauthorised access to your Personal Data.
How we verify your identity:
Where we possess appropriate Personal Data about you on file, we will attempt to verify your identity using that Personal Data. If it is not possible to identify you from such information, or if we have insufficient Personal Data about you, we may require original or certified copies of certain documentation in order to be able to verify your identity before we are able to provide you with access to your Personal Data. We will be able to confirm the precise information we require to verify your identity in your specific circumstances if and when you make such a request.
Erasure of your Personal Data
You have a right to erasure of your Personal Data. Once we have received your request for erasure, we will ensure all Personal Data we hold on you is erased within one month of the receipt of the request unless we are required to retain your Personal Data under a legal requirement as outlined in this Notice.
Your rights in relation to your Personal Data
Subject to certain limitations on certain rights, you have the following rights in relation to your Personal Data, which you can exercise by sending us an email at info@compassionateandtheclassy.com.
- to request access to your Personal Data and information relating to our use and processing of your Personal Data
- to request the correction or deletion of your Personal Data
- to request that we restrict our use of your Personal Data
- to receive Personal Data which you have provided to us in a structured, commonly used and machine-readable format (for example a CSV file) and the right to have that Personal Data transferred to another data controller (including a third party data controller)
- to object to the processing of your Personal Data for certain purposes (for further information, see the section below titled ‘Your right to object to the processing of your Personal Data for certain purposes’) and
- to withdraw your consent to our use of your Personal Data at any time where we rely on your consent to use or process that Personal Data. Please note that if you withdraw your consent, this will not affect the lawfulness of our use and processing of your Personal Data on the basis of your consent before the point in time when you withdraw your consent.
- to prevent us using your Personal Data for direct marketing
- to have (in certain circumstances) inaccurate Personal Data corrected, blocked, or destroyed
- to access a copy of your Personal Data that is undergoing processing (‘subject access rights’)
- to object to automated decisions. We do not, however, use automated decision making.
- data portability, which allows you to get and use your Personal Data for different purposes
- a right to object to processing that is likely to cause or is causing damage or distress.
If you want to (1) tell us to stop using your Personal Data or withdraw consent from us processing your Personal Data for any of the purposes mentioned in this Notice (2) exercise your subject access rights (3) tell us about inaccurate Personal Data you think we hold on you or (4) object to a use you believe we’re making of your Personal Data which is causing, or is likely to cause damage or distress, please contact us by emailing us at: info@compassionateandtheclassy.com.
If you are dissatisfied with the way we handle your Personal Data, and have a grievance, may we request you to fill out the following form and email it back to us at info@compassionateandtheclassy.com. We will acknowledge receipt of your complaint within 30 (thirty) days from the receipt of your complaint, and will investigate it without undue delay.
Complaint Form
Your name:
Your email address:
Date of complaint:
Do you remember when you had shared your Personal Data with us?
Instance giving rise to the complaint:
What Personal Data is the subject of your complaint?
Could you briefly describe your grievance?
Do you wish to submit any supporting documents such as emails, screenshots etc.?
In accordance with Article 77 of the GDPR, you also have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work of an alleged infringement of the GDPR.
For the purposes of the UK, the supervisory authority is the Information Commissioner’s Office (ICO), the contact details of which are available here: https://ico.org.uk/global/contact-us/
You are entitled to make a complaint at the Information Commissioner’s Office (ICO) https://ico.org.uk/make-a-complaint/
The ICO’s address is:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Further information on your rights in relation to your Personal Data as an individual
The above rights are provided in summary form only and certain limitations apply to many of these rights. For further information about your rights in relation to your Personal Data, including any limitations which apply, please visit the following pages on the ICO’s website:
- https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
You can also find out further information about your rights, as well as information on any limitations which apply to those rights, by reading the underlying legislation contained in Articles 12 to 22 and 34 of the GDPR, which is available here: https://gdpr-info.eu
Your right to object to the processing of your Personal Data for certain purposes
You have the following rights in relation to your Personal Data, which you may exercise in the same way as you may exercise your rights described above by writing to us at info@compassionateandtheclassy.com.
- to object to us using or processing your Personal Data for direct marketing purposes (including any profiling we engage in that is related to such direct marketing).
You may also exercise your right to object to us using or processing your Personal Data for direct marketing purposes by:
- clicking the unsubscribe link contained at the bottom of any marketing email we send to you and following the instructions which appear in your browser following your clicking on that link.
Contacting Us
We welcome any queries, comments or requests you may have regarding this Notice. Please do not hesitate to contact us at info@compassionateandtheclassy.com.
