Privacy Policy



Deborah Lough Privacy Notice

This privacy notice provides you with details of how we collect and process your personal data.
If you need to contact us for any reason to do with your data, you should contact Deborah Lough, at:
Email: admin@deborahloughcostumes.com
Postal address: Studio G18, The Art House, Drury Lane, Wakefield, WF1 2TE
You have the right to receive copies of all or part of the information we hold on you at any time, free of charge. Just contact Deborah as detailed above.
Information will be provided to you within one month from the date we receive your query.
We may need to ask you some questions in order to verify that you are the person requesting the information, to ensure that we don't reply to a false request for your information from a third party.
The UK supervisory authority for data Protection is the Information Commissioner's Office (www.ico.org.uk). We are not registered with them, as we are in an exempt category, but if you are not happy with any aspect of how we use and / or collect your data, you do still have the right to complain to them.
If you do have a complaint, we'd appreciate it very much if you would contact us first, giving us a chance to resolve it for you ourselves.

It is a part of the General Data Protection Regulations that the information we hold about you must be both accurate and up to date. If the information you have given us changes at any time, please let us know by emailing admin@deborahloughcostumes.com

International Transfers of Personal Data
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data as those within it do. European law therefore only allows these transfers to take place if set out criteria are met. As a number of the suppliers we use (for website provision, email lists, payment processing, etc) are outside the EEA, this will necessarily involve a transfer of your data outside the EEA. However, we will only transfer your data to countries that have a similar or greater degree of protection for personal data as that granted under EU / UK law. Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield, which requires them to provide similar protection to personal data shared between the EU and the US.

*Addendum – as of 16 July 2020, the Court of Justice for the European Union ruled that the EU-US Privacy Shield is invalid, as the US does not offer adequate privacy to personal data. (Details on the ruling can be read here as a PDF document ). As this leaves things in some flux, we are doing our best to use companies that hold to the highest possible data privacy policies. If you want further specific information about companies that we use that involve the transfer of your data outside the EU, please contact us at admin@deborahloughcostumes.com

The information we collect.
Your personal data is any information from which you may be identified. It does not mean anonymous data from which you cannot be identified.
The types of data we may process or hold about you will vary depending on whether you are a newsletter subscriber (when there will be less information), or a client (when there will be more information). Information we might use includes:
Identity Data – we ask for your first name, last name, date of birth. Contact Data – we ask for your email address.
Financial Data – may include your bank account and payment card details.
Transaction Data - may include details about payments between us and other details of purchases made by you
Technical Data may include your login data, internet protocol (IP) addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
Profile Data - may include your your interests, preferences, feedback and survey responses.
Usage Data - may include information about how you use our website, products and services. Marketing and Communications Data - may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.

We may also use your data to create 'Aggregated Data' – for example, we may use your usage data to work out the percentage of newsletter users who are opening an email, or clicking on a link. Aggregated Data itself is not Personal Data, because individuals cannot be identified from it.
If the aggregated data is linked to the personal data, then it is all considered as, and treated as, personal data.

Sensitive Data Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
We do not collect any Sensitive Data about you.
We do not collect any information about criminal convictions and offences.

How we collect your data
Direct interactions: You may provide data by filling in forms on our website, or in person at an event.
Automated technologies or interactions: As you use our website, and newsletters, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies. See here for more information on what a cookie is and how it is used en.wikipedia.org/wiki/HTTP_cookie
Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:
Contact information and technical data from our email newsletter provider MailChimp, who are based in the USA.
Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as: Stripe, based in the USA. Other financial transactions may be processed by Paypal (based in the US), or by Sum Up (based in the UK). Our website is hosted by Yahoo. If you pay via one of the methods mentioned above, your payment information will be held by those companies. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
We may also gain data about you from our participation in various social media platforms – this will be split between personal data, such as names and profile pictures, and anonymised data, such as broad location.

How we use your personal data
We use your personal data for the following purposes:
To maintain our records, in compliance with laws on record-keeping
To fulfil orders placed by you
To create and send you emails about our business and our activities, blog posts, website news, etc.

We will use it for no other purpose without first gaining your permission.
We only share your information with any third parties if it is in order to fulfil the above stated purposes. It will not be shared or used for any other purpose, and we will ensure that it is always held in a secured format.
The legal bases for us holding and using your information for our newsletter are set out below.
By filling out a form, or ticking a box, to be added to our mailing list, you are giving us your permission to hold and use your data. You can withdraw that permission at any time, either by clicking the 'unsubscribe' link in any email, or by emailing admin@deborahloughcostumes.com.

This is your 'right to be forgotten', under the terms of the GDPR.
(Please note that your ‘right to be forgotten’ does not apply where we are holding records to meet legal requirements.)

​If you subscribed to our newsletter by filling in a form in person, the original hard copies will be kept with other hard-copy paperwork, in a locked filing cabinet, and your information transferred to Mailchimp manually. This is because we have to be able to prove that you have given us your permission. You have the same ‘right to be forgotten’, and immediately upon unsubscribing via the methods above, the original hard copy will be destroyed.



NB as this table is in picture format, due to the limitations of the website software, if you need it in an accessible format (that can be read by reading software, for example), please contact us at admin@deborahloughcostumes.com



Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If you want to find out more about how the processing for the new purpose is compatible with the original purpose, please email admin@deborahloughcostumes.com
If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground for doing so.
We may process your personal data without your knowledge or consent where this is required or permitted by law.

Disclosures of your personal data
We may have to share your personal data sometimes, for the reasons set out in the above table, in order to carry out these activities – examples of this include where we have to share info with our IT suppliers, and where we are legally obliged to do so.

Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We keep basic information about our clients (including names and addresses, etc) for seven years after their order has been placed.
In some circumstances you can ask us to delete your data, but we cannot always do this, because sometimes we have a legal obligation to retain the data as part of our records.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you, and can no longer identify you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.



Deborah Lough Privacy Policy, 20.09.2020



© Deborah Lough – All designs, text, and photos, and other content are design right or copyright Deborah Lough, 1997-2020