GDPR Agreement: Our Promise

Introduction

At Dove & Lilly, we design bespoke memorial and funeral stationery with care and compassion. We respect your privacy and handle personal data with the highest standards of security.
This Data Protection Agreement explains how we collect, use, and protect personal information in line with the UK General Data Protection Regulation (GDPR). It applies to all personal data we manage and outlines the responsibilities of Dove & Lilly as the Data Controller and any trusted partners acting as Data Processors.

Our Data Protection Principles

We follow six key GDPR principles to protect your information:

  • Lawfulness, fairness, and transparency – We process data openly and responsibly.
  • Purpose limitation – Data is used only for clear and agreed purposes.
  • Data minimisation – We only collect what is necessary.
  • Accuracy – Information is kept correct and up to date.
  • Storage limitation – We keep data only for as long as needed.
  • Security – Strong safeguards protect your personal data.

Personal Data We Collect

Depending on our relationship with you, we may collect:

  • Clients – Names, contact details, order details, and design preferences.
  • Employees and contractors – Employment, payroll, and contact details.
  • Suppliers and partners – Business contact details, contracts, and payment details.

We only collect the information needed to provide our services, meet legal requirements, or fulfil our agreements with you.

Why We Process Your Data

We process your personal data for these reasons:

  • Consent – When you agree, for example, to receive updates or marketing emails.
  • Contract – To process orders, deliver products, or provide our services.
  • Legal obligation – To comply with tax, employment, and business regulations.
  • Legitimate interest – To improve our services and communicate effectively with you.

Your Rights Under GDPR

You have the right to:

  • Access – See what personal data we hold about you.
  • Rectification – Correct any inaccurate information.
  • Erasure – Request deletion of your data when possible.
  • Restrict processing – Limit how we use your information.
  • Data portability – Receive your data in a portable format.
  • Object – Stop certain types of processing, such as marketing.

You can exercise these rights by emailing us at hello@doveandlilly.co.uk.

How We Protect and Store Your Data

We store personal data only as long as needed for its purpose. We use secure systems, encryption, and access controls to protect it from loss, misuse, or unauthorised access.

Sharing Data and International Transfers

We never sell or rent personal data. We share information only with trusted service providers when needed for payments, deliveries, or legal compliance. If we transfer data outside the UK or EEA, we use approved safeguards such as Standard Contractual Clauses to protect your privacy.

Our Data Processors’ Responsibilities

Any company processing data on our behalf must:

  • Follow our clear instructions.
  • Keep your data secure.
  • Prevent unauthorised sharing.
  • Train their team in GDPR compliance.

Data Breach Policy

If a personal data breach occurs, we will:

  • Inform the UK Information Commissioner’s Office (ICO) within 72 hours, if required.
  • Contact affected individuals if there is a high risk to their rights.
  • Take immediate steps to resolve the issue.

Updates to This Agreement

We may update this Data Protection Agreement if laws change or our services evolve. We will publish any changes on our website.

Contact Us

If you have questions or wish to exercise your GDPR rights, contact:

Data Protection Officer
Dove & Lilly
📧 hello@doveandlilly.co.uk
🌐 www.doveandlilly.co.uk