Privacy Policy

Introduction

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit or use our website. We are committed to ensuring the privacy and security of your personal information in accordance with applicable data protection laws, including:

•       The UK General Data Protection Regulation (UK GDPR)

•       The Data Protection Act 2018 (UK)

•       The General Data Protection Regulation (EU GDPR) as applicable in Ireland

•       The Irish Data Protection Act 2018

Please read this policy carefully. By using our website, you acknowledge that you have read and understood this Privacy Policy.

What Personal Data We Collect

We may collect and process the following categories of personal data:

Information You Provide Directly

•       Name, email address, phone number, and postal address (when you complete contact or enquiry forms)

•       Business name and job title (where relevant to your enquiry)

•       Account credentials if you register on our website

•       Any information you include in messages or communications sent to us

Information Collected Automatically

•       IP address and browser type

•       Pages visited, time spent on pages, and referring URLs

•       Device type and operating system

•       Cookie data and similar tracking technologies (see our Cookie Policy)

Information from Third Parties

•       Data from analytics providers (e.g. Google Analytics)

•       Information from social media platforms if you interact with our social media content

•       Publicly available information relevant to our services

How We Use Your Personal Data

We use your personal data only where we have a valid legal basis to do so. The purposes for which we process your data include:

•       Responding to your enquiries and providing customer support

•       Providing, maintaining, and improving our website and services

•       Sending you information about our products and services (where you have consented, or where we have a legitimate interest)

•       Processing transactions and managing your account

•       Complying with legal and regulatory obligations

•       Analysing website usage to improve user experience

•       Detecting and preventing fraud or other unlawful activity

Legal Basis for Processing

Under UK GDPR and EU GDPR, we rely on the following legal bases for processing your personal data:

•       Consent — where you have given clear consent (e.g. subscribing to our newsletter)

•       Contract — where processing is necessary to perform a contract with you

•       Legal Obligation — where we must process your data to comply with the law

•       Legitimate Interests — where processing is necessary for our legitimate business interests, provided these are not overridden by your rights

Who We Share Your Data With

We do not sell your personal data to third parties. We may share your data with:

•       Service providers who support our operations (e.g. website hosting, email platforms, analytics providers), who are bound by data processing agreements

•       Professional advisors such as legal, accounting, or insurance advisors

•       Regulatory authorities or law enforcement agencies where required by law

•       Business partners where you have consented or where necessary to provide a service

Where we transfer data outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions.

How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law. Retention periods vary depending on the nature of the data:

•       Enquiry and contact data: up to 3 years from last contact

•       Customer account data: for the duration of your account and up to 7 years thereafter

•       Financial and transactional records: up to 7 years (as required by tax law)

•       Website analytics data: up to 26 months

When data is no longer required, it is securely deleted or anonymised.

Your Rights

Under UK GDPR and EU GDPR, you have the following rights in relation to your personal data:

•       Right of Access — to request a copy of the personal data we hold about you

•       Right to Rectification — to request correction of inaccurate or incomplete data

•       Right to Erasure — to request deletion of your personal data in certain circumstances

•       Right to Restrict Processing — to request that we limit how we use your data

•       Right to Data Portability — to receive your data in a structured, commonly used format

•       Right to Object — to object to processing based on legitimate interests or for direct marketing

•       Rights related to Automated Decision-Making — not to be subject to solely automated decisions that significantly affect you

To exercise any of these rights, please contact us using the details in Section 2. We will respond within one month. You will not be charged a fee unless your request is manifestly unfounded or excessive.

Cookies

Our website uses cookies and similar technologies to enhance your experience and analyse how our site is used. Cookies are small text files stored on your device.

We use the following types of cookies:

•       Essential Cookies — necessary for the website to function correctly

•       Analytics Cookies — to understand how visitors use our site (e.g. Google Analytics)

•       Marketing Cookies — to deliver relevant advertising (only with your consent)

You can manage or withdraw your cookie consent at any time through your browser settings or our cookie consent tool. Please note that disabling certain cookies may affect the functionality of our website.

Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure. These include:

•       Encryption of data in transit using SSL/TLS

•       Access controls and password protection

•       Regular security reviews and staff training

•       Secure data storage with reputable hosting providers

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals as required by law.

Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to read the privacy policies of any third-party sites you visit.

Complaints and Supervisory Authorities

If you are unhappy with how we handle your personal data, please contact us in the first instance using the details in Section 2. You also have the right to lodge a complaint with the relevant supervisory authority:

UK — Information Commissioner's Office (ICO)

Website: www.ico.org.uk | Helpline: 0303 123 1113

Ireland — Data Protection Commission (DPC)

Website: www.dataprotection.ie | Phone: +353 (0)57 868 4800

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The date at the top of this page will be updated whenever we make significant changes. We encourage you to review this policy periodically.

Where changes are material, we will notify you by email or via a prominent notice on our website.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we process your personal data, please contact us:

Email: enquiries@annyallachicks.com

Post: Abenbury Way, Wrexham Industrial Estate, Wrexham, LL13 9UZ or DO Centre, Block B, Maynooth Business Campus, Maynooth, Co.Kildare W23 W5X7

Phone: 00441978664721 or 00353