1. Introduction
At Miss Mayfair, we are committed to protecting the confidentiality and privacy of our customers, employees, and business partners. This policy explains how we collect, use, store, and safeguard personal and confidential information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Scope
This policy applies to:
- All personal data collected through our website, social media, and customer interactions
- Information shared by customers, employees, suppliers, and partners
- All staff, contractors, and third parties who handle confidential information on behalf of the company
3. What Information We Collect
We may collect and process the following types of information:
- Personal details (name, email address, phone number, billing/shipping address)
- Payment and transaction information
- Order history and customer preferences
- Website usage data (cookies, IP address, browsing behaviour)
- Communications with our customer service team
We only collect information that is necessary for legitimate business purposes.
4. How We Use Confidential Information
We use collected data to:
- Process and deliver orders
- Provide customer support and respond to enquiries
- Improve our website, products, and services
- Send order updates and relevant marketing communications (where consent is given)
- Comply with legal and regulatory obligations
We will never sell or rent personal data to third parties.
5. Confidentiality Obligations
All employees and authorised personnel must:
- Treat all customer and business information as strictly confidential
- Access information only when required for their job role
- Not disclose confidential data to unauthorised parties
- Follow internal security and data protection procedures at all times
Any breach of confidentiality may result in disciplinary action and/or legal consequences.
6. Data Sharing
We may share information with trusted third parties only when necessary, including:
- Payment processors
- Delivery and logistics providers
- IT and website service providers
- Legal or regulatory authorities when required by law
All third parties are required to maintain strict confidentiality and comply with data protection laws.
7. Data Security
We implement appropriate technical and organisational measures to protect personal and confidential data, including:
- Secure servers and encrypted connections (SSL)
- Restricted access to sensitive information
- Regular security monitoring and updates
While we take all reasonable precautions, no online transmission can be guaranteed to be completely secure.
8. Data Retention
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. When no longer required, data is securely deleted or anonymised.
9. Your Rights
Under UK data protection laws, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate information
- Request deletion of your data (where legally applicable)
- Object to or restrict certain processing activities
- Withdraw consent for marketing communications at any time
To exercise your rights, please contact us using the details below.
10. Cookies & Tracking
Our website uses cookies and similar technologies to enhance user experience, analyse traffic, and personalise content. You can manage or disable cookies through your browser settings.
11. Policy Updates
We may update this Confidentiality & Data Protection Policy from time to time to reflect legal, technical, or business changes. The latest version will always be available on our website.
This policy is designed to comply with the UK GDPR and the Data Protection Act 2018.