1. Data Controller
Bonessselbowei operates this website and is the data controller responsible for your personal information. Our address is 155 Praed St, Tyburnia, London W2 1RL, United Kingdom. Contact: chat@bonessselbowei.world, telephone +44 20 7706 3114.
2. Information We Collect
We may collect the following categories of personal data:
- Identity data: name provided via contact forms.
- Contact data: email address and telephone number when supplied.
- Communication data: messages you send through our enquiry form.
- Technical data: IP address, browser type, device information, and pages visited.
- Marketing and communications data: your preferences for receiving information from us.
- Cookie preference data stored in your browser localStorage.
3. How We Use Your Data and Lawful Bases
We process personal data only where we have a lawful basis under UK GDPR:
- Consent: when you submit a contact form, opt in to marketing, or accept non-essential cookies.
- Contract: when processing is necessary to deliver programmes you have booked.
- Legitimate interests: to respond to enquiries, maintain website security, prevent fraud, and improve our services, balanced against your rights.
- Legal obligation: where we must retain records for tax, accounting, or regulatory purposes.
4. Marketing Communications
We will not send marketing emails or messages without your consent. You may withdraw consent at any time using the unsubscribe link in emails or by contacting us directly.
5. Data Retention
Enquiry correspondence is retained for up to twenty-four months unless a longer period is required for contractual or legal obligations. Programme records are kept for up to seven years where required for accounting purposes. Technical logs are kept for up to twelve months. Cookie preferences remain in localStorage until you clear them.
6. Data Sharing
We do not sell personal data. Information may be shared with processors who assist with hosting, email delivery, payment processing, or analytics, under written data processing agreements compliant with UK GDPR. We may disclose data when required by law or to protect our legal rights.
7. International Transfers
Where data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, such as UK International Data Transfer Agreements or adequacy regulations, as applicable.
8. Security Measures
We implement appropriate technical and organisational measures including encrypted connections (HTTPS), access controls, staff training, and periodic review of data handling procedures.
9. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.
10. Your Rights
Under UK data protection law you have the right to:
- Request access to your personal data
- Request correction of inaccurate data
- Request erasure in certain circumstances
- Restrict or object to processing in certain circumstances
- Data portability where processing is based on consent or contract
- Withdraw consent at any time where processing is based on consent
To exercise your rights, contact us using the details above. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
11. Children's Data
Our services are directed at adults aged eighteen and over. We do not knowingly collect data from children.
12. Changes to This Policy
We may update this policy periodically. Material changes will be reflected on this page with a revised date.