Our Privacy Policy
This Privacy Policy has been developed to assure you of our commitment to your privacy and that of all our clients, and it sets out how we use and protect any information that you provide us when you use this website, contact us via instagram or email us direct. Nidiah design is governed by Data Protection (Jersey) Law 2018 as “Jersey-GDPR” and the European version of the GDPR (Regulation (EU) 2016/79 of the European Parliament and of the Council of 27 April 2016) as “EU-GDPR” and takes all reasonable care to prevent any unauthorised access to your personal information.

Please read this privacy policy carefully. If you are visiting the website or using any of our services, by continuing to do so, you indicate your agreement to our use of your personal information as set out in this privacy policy.

Information Collection and Purpose
Information that you share with Nidiah Design enables us to provide a service to you, we collect this information by telephone, electronic and written correspondence, via instagram or our website.

We may collect, use, store and transfer different kinds of personal information about you and process the following information about you:

· Identity information – such as your first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender

· Contact information – such as your postal address, email address and telephone numbers

· Financial information – such as your bank account and payment card details 

· Transaction information – such as details about payments to and from you and other details of products and services you have purchased from us

· Profile information – orders made by you, your interests, preferences, feedback and survey responses

· Usage information – including information about how you use our website and services

· We may also ask you for other information that relates to the service you are requesting

· Marketing and communications - including your preferences in receiving marketing from us

  We do not knowingly process personal data of children under 16.

If you fail to provide personal information to us where we need to collect it by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

We do not collect any special categories of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

How we use your personal information

We use information held about you in a number of ways in the provision of our services as follows:

· to administer and protect our business and website, including troubleshooting, auditing and monitoring its use

· data analysis, system maintenance and support and survey processes

· to register new customers of our business who have signed up to or contacted us via our website

· to process your order including managing payments, fees and charges

· to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us

· to provide and improve our services to you

· to notify you about changes to our service, terms or privacy policy

· to ensure that content from our website is presented in the most effective manner for you and for your computer

· to make suggestions and recommendations to you about goods or services that may be of interest to you

We use your personal information on the following bases:

  • To perform a contract, such as engaging with you so that we can provide our services to you

  • To comply with legal and regulatory requirements

We will process and store personal information internally only and will not disclose it to any third parties without prior authorisation. We will, however, provide information when required to do so by law, for example under a court order, or in response to properly made demands, under powers collectively referred to as Data Protection legislation.

New Legislation

The General Data Protection Regulation (GDPR) due on 25th May 2018 provides new rights to individuals regarding the collection, storage and use of their personal data. This privacy policy has been updated to take account of any new requirements under GDPR, which will be enacted in the UK via a revised Data Protection Act.

Data Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place procedures to safeguard and secure the information we collect online.

We do not process data outside of the UK.

Amending or Removing your Details
You may amend your registration details at any time or request the removal of your details from our files by emailing us at sandra@nidiahdesign.com. On receipt of such request we will endeavour to respond to you as soon as possible, but at least within one calendar month. You must provide us with two forms of personal identity to ensure that we only disclose to you information that is relevant to you personally.

Know your rights

Under the JERSEY-GDPR all individuals, who are the owners of their Personal Data, have specific and clear rights, which are;

JERSEY-GDPR: Individual Rights Description

-Right to Erasure

Every individual has the right to be forgotten upon request. The data controller must remove your Personal Data from its systems and request the same of any third-party systems of that controller.

-Right to Access

Every individual has the right to access their Personal Data held about them upon request.

-Right to Portability

Every individual has the right to request their Personal Data and use it for other parties they wish to engage with.

-Right to be Informed

Every individual has the right to be informed about how their Personal Data is being used, which may be provided upon request of the individual, or before the controller changes any use of that data, giving the individual the right to consent or object.

-Right to Objection

Every individual has the right to object to the use of their Personal Data for any purpose proposed by a controller.

-Right to Rectification

Every individual has the right to have errors in their Personal Data to be corrected.

-Right to Restrict

Every individual has the right to restrict the uses of their Personal Data for any specific type of processing.

-Rights on automated decisions & profiling

Every individual has the right to restrict or object to automated decision-making processes or profiling based on their Personal Data.

-Revoke your consent – in accordance with the JERSEY-GDPR, to revoke consent for processing of your Personal Data send an email with the word “Revoke” in the subject field to the email address at the end of this document.

Data Subject Access Request (DSAR) – in accordance with the JERSEY-GDPR,

– you may request us to send you details about any Personal Data that we may hold about you, or

– you may request that we correct any errors, or you may request us to delete any/all Personal Data about you. However as a medical practice, we are obliged to keep records or your treatments with us for 7 years. After that time they will be securely disposed of.

DSAR Fee – In accordance with the JERSEY-GDPR, any DSAR is provided free of charge within 30 days, unless a particular DSAR is subject to other regulatory requirements as defined within the JERSEY-GDPR, in which case we will inform you as required by those specific regulations.

Changes to our Privacy Policy
We may change our privacy policy from time to time and all new policies will be published on our website.