Isle of Riso customer privacy notice

Registered name: Apprentice Designs t/a Isle of Riso

We are the controller of your personal data.

This privacy notice tells you what to expect us to do with your personal information.

Contact details

Email: info@isleofriso.com

What information we collect, use, and why

Provide services and goods (including delivery)

We collect or use:

  • Names and contact details

  • Addresses

  • Purchase or account history

  • Payment details (including card or bank information for transfers and direct debits)

  • Health information (including dietary requirements, allergies and health conditions)

  • Photographs or video recordings

Special category data:

  • Health information

Operation of customer accounts and guarantees (eg memberships)

We collect or use:

  • Names and contact details

  • Addresses (if required for delivery)

  • Payment details (including card or bank information for transfers and direct debits)

  • Purchase history

  • Account information, including registration details

  • Marketing preferences

Service updates or marketing purposes

We collect or use:

  • Names and contact details

  • Marketing preferences

  • Recorded images, such as photos or videos

  • Purchase or viewing history (where relevant)

  • Records of consent, where appropriate

Event photography: we may take photos or videos at events and use them on our website, social media, newsletters, press releases and other marketing materials. We will ask for consent and provide an opportunity to opt out.

Comply with legal requirements

We collect or use:

  • Name

  • Contact information

  • Financial transaction information

  • Any other personal information required to comply with legal obligations

Dealing with queries, complaints or claims

We collect or use:

  • Names and contact details

  • Addresses

  • Payment details

  • Account information

  • Purchase or service history

  • Financial transaction information

  • Correspondence

Accessibility/dietary accommodations for events

We collect or use:

  • Names and contact details

  • Health information (including dietary requirements, allergies and health conditions)

  • Records of consent, where appropriate

Special category data:

  • Health information

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information.

Your data protection rights include:

  • Your right of access

  • Your right to rectification

  • Your right to erasure

  • Your right to restriction of processing

  • Your right to object to processing

  • Your right to data portability

  • Your right to withdraw consent (where we rely on consent)

To make a data protection rights request, please contact us using the contact details above.

Our lawful bases for the collection and use of your data

Provide services and goods

  • Contract

  • Legal obligation

  • Legitimate interests (our legitimate interests are to run the studio and provide services efficiently, while using only the minimum information needed and keeping it secure)

Operation of customer accounts and guarantees

  • Contract

  • Legitimate interests (our legitimate interests are to administer and protect customer/member accounts and provide account access and support)

Service updates or marketing purposes

  • Consent (for marketing/newsletters)

  • Contract (where necessary for bookings/orders)

  • Legitimate interests (for essential service updates relating to bookings/orders)

Comply with legal requirements

  • Legal obligation

Dealing with queries, complaints or claims

  • Contract (where it relates to a booking/order)

  • Legitimate interests (our legitimate interests are to respond to enquiries, handle complaints, and keep an appropriate record of communications)

Accessibility/dietary accommodations for events

  • Consent

    • Explicit consent (given when you voluntarily provide your health or dietary requirements for an event)

Where we get personal information from

  • People directly

  • Suppliers and service providers

International data transfers

Some of our external service providers (such as Squarespace, Flodesk, Stripe, PayPal and Google) are based outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards are implemented, such as using specific contract clauses approved for use in the UK (Standard Contractual Clauses / International Data Transfer Addendum).

How long we keep information

We keep personal information only for as long as necessary for the purposes set out in this privacy notice. Typical retention periods are:

  • Orders, invoices and financial records (including payment and refund records): up to 6 years (for accounting and tax purposes)

  • Event bookings and related communications: up to 2 years after the event (to manage enquiries and resolve issues)

  • Accessibility and dietary information: deleted within 1 month after the event, unless we need to keep it for an ongoing query, complaint or incident

  • Newsletter subscribers: kept until you unsubscribe or ask us to remove you

  • Enquiries and complaints correspondence: up to 2 years after the matter is closed (longer if there is an ongoing dispute)

  • Event photos and videos used for marketing/press: kept until no longer needed for promotion, and removed sooner if you object or withdraw consent where applicable

Who we share information with

Data processors

  • Luma (events platform): event registration software

  • Flodesk (email marketing platform): email marketing provider

  • Squarespace (website platform): website hosting / e-commerce / memberships

  • Google Drive / Google Workspace: cloud storage and document management

  • Stripe: payment processing provider

  • PayPal: payment processing provider

  • Xero: accounting and bookkeeping software

Others we share personal information with

  • Professional or legal advisors

  • Relevant regulatory authorities (eg HMRC)

  • Organisations we’re legally obliged to share personal information with

  • Publicly on our website, social media or other marketing and information media (eg event photography, where consent is provided)

  • Suppliers and service providers (where needed to run events or fulfil orders)

How to complain

If you have any concerns about our use of your personal information, you can make a data protection complaint to us first using the contact details above.

If you are not satisfied with our response, you can also complain to the Information Commissioner’s Office (ICO).

You can contact the ICO at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Helpline number: 0303 123 1113. Website: https://ico.org.uk/