Data Protection Policy

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is Alcumlow.

​

This policy explains how Alcumlow collects, handles, and stores personal information. These rules apply regardless of whether data is stored electronically, on paper, or in other formats. Personal information must be:

• Collected and processed lawfully, fairly, and transparently

• Used only for specified, explicit, and legitimate purposes

• Adequate, relevant, and limited to what is necessary

• Accurate and kept up to date

• Stored securely and retained only as long as necessary

• Not disclosed unlawfully

 

We are committed to fair information practices and ethical data management. A copy of this policy is included in the Maison De Bois Terms and Conditions Contract.

 

10. 1 Data Storage 

 

• Paper records are kept in secure, authorised places. When not required, they are stored in locked drawers or filing cabinets. Paper records no longer required are shredded securely.

• Electronic records are protected against unauthorised access, accidental deletion, and malicious activity:

• Strong, unique passwords are used and changed regularly.

• Data is stored on designated drives with frequent backups.

• Servers containing personal data are located in secure areas.

• All servers and computers are protected by approved security software and firewalls.

 

10. 2 Data Use

 

All individuals who are the subject of personal data held by Maison De Bois Limited are entitled to:

​

• Know what information we hold about them and why.

• Access their personal data (subject access request).

• Request correction of inaccurate data.

• Request erasure of data where lawful.

• Restrict or object to processing in certain circumstances.

• Request portability of their data where applicable.

 

We will respond to such requests within one month, in line with UK GDPR requirements.

 

10. 3 Disclosing Data

 

• Personal data is processed only where a lawful basis applies (e.g., contract performance, legal obligation, consent, legitimate interests).

​

• In certain circumstances, UK GDPR and the Data Protection Act allow personal data to be disclosed to law enforcement agencies without the consent of the data subject. Alcumlow will only disclose data when legally required and after verifying the legitimacy of the request, seeking advice from directors or legal advisers where necessary.

 

 

10.4 Testimonials 

 

• With your consent, Alcumlow may display personal testimonials on our website, brochures, and venue materials. If you wish to update or delete your testimonial, please contact us directly.

 

10. 5 Sharing and Communications

 

• We do not sell or lease your personal information to third parties. We may share your information with trusted business partners (e.g., catering companies, registrars) solely to deliver contracted services. These partners are required to process your data only as necessary and in compliance with UK GDPR.

• We do not sell or lease your personal information to third parties.

• Email Communications: Alcumlow uses Mailchimp, a third‑party email marketing platform, to send newsletters, updates, and event information to our brides and grooms.

• Mailchimp acts as a data processor on our behalf. Your personal data (such as name and email address) is stored securely within Mailchimp and used only for communication purposes.

• You can unsubscribe from these communications at any time by clicking the “unsubscribe” link in our emails or contacting us directly.

 

10. 6 Children 

 

• We will not ask for information from children under 12 years of age.

 

10.7 Website

 

• The Alcumlow website does not collect personal information about individuals, except when specifically and knowingly provided by such individuals. Our site may collect personal information such as your name, email address and phone number. To help us improve your experience, we might track your use of our website. You must take reasonable steps to ensure you are aware of and/or consents to the various matters detailed in this Policy, including the fact that personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, and the individual's right to obtain access to that information.

 

• As with most websites, we gather certain information automatically and store it. This information may include IP addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data. We use this data to analyse usage of the site.​

​​

• Our website may include social media features (e.g., Facebook, Instagram, Twitter). These features may collect your IP address and set cookies. Your interactions with these features are governed by the privacy policies of the respective platforms.

 

10.8 Security of your Data

 

• We follow high standards to protect personal information during transmission and storage. However, no method of transmission or storage is 100% secure. We are committed to protecting your privacy and will never release your personal information to third parties without your consent, except where legally required.

 

• We are committed to our client’s privacy. Our pledge is that we will never release your personal information to any third party without your consent.

 

10.9 Data Retention and Changes to Privacy

 

• We reserve the right to change our Privacy Policy at any time, but we will not do so without posting the modified Privacy Policy on our website. We encourage you to review our Privacy Policy whenever you visit our website, so you’ll always understand how your information will be used.

• Personal data will be retained only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Once data is no longer required, it will be securely deleted or destroyed.​