Privacy Policy
Part 1: Data We Hold
Client Sensitive Data
What do we hold?
We hold client data (contact name, personal information, notes, address etc.)
Why do we hold it?
To enable us to use and recall client-centred information in and around their orders.
For how long?
For the period we are actively working together + 12 months
What happens next?
After this period hard data (paper files) will be shredded and soft data will be deleted.
How do we tell them?
Upon booking the prospective client will receive a document by email explaining this and will also be informed at the commencement of the first order.
Who else might we share it with?
No sensitive data is passed onto external contacts. Internally, information may be shared with Koibito Love associates working directly with the client/hotel.
Client Contact Details
What do we hold?
We retain client email addresses.
Why do we hold it?
To enable Koibito Love to contact clients regarding their orders should that be necessary.
For how long?
For the period of 8 years.
What happens next?
Nothing, unless there is a request to the contrary, in which case we shall comply within 48 hours.
How do we tell them?
Koibito Love informs clients at the commencement of their ordering. Koibito Love’s privacy policy is referenced in their terms of business upon the first booking and is published on their website.
Who else might we share it with?
No information is passed onto external contacts. With permission from the client, names, phone numbers or email addresses will be included for referrals from Koibito Love to internal contacts involved in the order.
Part 2: How do we hold data?
Our digital data is held securely on password-protected computers backed up digitally. Our paperwork is held in locked cabinets.
Part 3: Response Strategy
We will do everything possible to avoid or minimise the impact of any breach of privacy. In the unlikely event of a breach then we commit to:
Within 72 hours, contacting the person whose details have been compromised to inform them of of the nature of the breach informing
of the information that may have been compromised
of the actions we are taking
of how we will keep them up to date
Where appropriate, inform the Information Commissioner’s Office (ICO) of the same.
Part 4: External Parties
All Koibito Love associates are required to confirm that they are GDPR compliant before working with any client data.
Part 5: Changes to this Policy
We reserve the right to change this Privacy Policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the website and will be communicated via email to all affected parties.
Part 6: How to contact us
Everyone has the right to “be forgotten”, to be able to have their information updated and to see what we hold that relates to them. Should anyone need to contact us regarding any of the above or any matter relating to GDPR, we can be contacted on thea@koibitolove.com. We commit to reply promptly but certainly within one week.