Privacy Policy
PRIVACY POLICY
DEBBIE LUKAS DESIGNS, A WRITER'S JOURNEY & THE ENCHANTED STATIONERY STUDIO
Last Updated: 10 September 2025
1. INTRODUCTION
I, Debbie Lukas, trading as Debbie Lukas Designs ("I," "me," or "my business") am committed to protecting your privacy and personal data. This Privacy Policy explains how I collect, use, store, and protect your information in accordance with UK GDPR, the Data Protection Act 2018, and the Data (Use and Access) Act 2025.
2. WHO I AM
I am a sole trader based in the UK, providing creative design services. For data protection purposes, I am the data controller of your personal information. As a sole trader, I am personally responsible for ensuring compliance with data protection laws. By that, I do not share, sell or expose any of your information to anyone without a court order. The business may also trade under A Writer's Journey and The Enchanted Stationery Studio. All rules apply.
3. INFORMATION I COLLECT
I may collect the following types of personal data:
3.1 Contact Information: Name, email address, phone number, postal address
3.2 Business Information: Company name, job title, business requirements
3.3 Project Data: Design briefs, preferences, feedback, and project communications
3.4 Payment Information: Billing address, payment method details (processed securely by third-party providers)
3.5 Website Data: IP address, browser type, pages visited, time spent on site
3.6 Communication Records: Email correspondence, meeting notes, project discussions
4. HOW I COLLECT YOUR INFORMATION
4.1 Directly from you: When you contact me, request services, or provide project information
4.2 Through my website: Via contact forms, cookies, and analytics
4.3 During service delivery: Through project communications and feedback
4.4 From third parties: Referrals or recommendations (with appropriate consent)
5. LAWFUL BASIS FOR PROCESSING
I process your personal data under the following lawful bases:
5.1 Contract: To provide design services and fulfil my contractual obligations
5.2 Legitimate Interests: For business administration, marketing to existing clients, and service improvement
5.3 Consent: For marketing communications to new prospects and newsletter subscriptions
5.4 Legal Obligation: To comply with accounting, tax, and other legal requirements
6. HOW I USE YOUR INFORMATION
I use your personal data to:
6.1 Provide design services and manage projects
6.2 Communicate about your projects and requirements
6.3 Process payments and maintain financial records
6.4 Improve my services and customer experience
6.5 Send relevant marketing communications (with consent)
6.6 Comply with legal and regulatory requirements
6.7 Protect my business interests and prevent fraud
7. DATA SHARING AND DISCLOSURE
As a sole trader, I may need to share your information with:
7.1 Service Providers: Payment processors (such as PayPal or Stripe), cloud storage providers, email services (under data processing agreements)
7.2 Professional Advisors: My accountant, solicitor, business consultants (under confidentiality obligations)
7.3 Legal Requirements: When required by law, court orders, or regulatory authorities
7.4 Business Transfers: In the unlikely event I sell my business (with appropriate safeguards)
I never sell your personal data to third parties for marketing purposes.
8. INTERNATIONAL TRANSFERS
Some of the service providers I use may be located outside the UK (such as cloud storage or email services). When I transfer data internationally, I ensure appropriate safeguards are in place, including:
8.1 Adequacy decisions by the UK government
8.2 Standard contractual clauses approved by the ICO
8.3 Certification schemes and codes of conduct
9. DATA RETENTION
I retain your personal data for as long as necessary to:
9.1 Active Projects: Duration of project plus 2 years for warranty and support
9.2 Financial Records: 7 years for accounting and tax purposes (HMRC requirement)
9.3 Marketing Communications: Until you withdraw consent or I determine it's no longer relevant
9.4 Legal Requirements: As required by applicable laws
10. DATA SECURITY
As a sole trader, I take personal responsibility for protecting your data and implement appropriate measures:
10.1 Encrypted data transmission and storage
10.2 Regular security updates on all devices and software
10.3 Secure password management and access controls
10.4 Secure backup procedures for all client data
10.5 Regular security assessments and improvements
10.6 Physical security of devices and documents
11. YOUR RIGHTS UNDER UK GDPR
You have the following rights regarding your personal data:
11.1 Access: Request copies of your personal data (subject to a reasonable and proportionate search)
11.2 Rectification: Correct inaccurate or incomplete information
11.3 Erasure: Request deletion of your data in certain circumstances
11.4 Restriction: Limit how I process your data
11.5 Portability: Receive your data in a structured, machine-readable format
11.6 Objection: Object to processing based on legitimate interests or for marketing
11.7 Automated Decision-Making: Rights regarding automated processing and profiling
12. EXERCISING YOUR RIGHTS
To exercise your rights:
12.1 Contact me directly using the details in section 16
12.2 I will respond within one month (extendable by two months for complex requests)
12.3 I may request identification to verify your identity
12.4 Most requests are free, though I may charge for excessive or repeated requests
13. COOKIES AND WEBSITE ANALYTICS
My website uses cookies and similar technologies:
13.1 Essential Cookies: Required for website functionality
13.2 Analytics Cookies: To understand website usage and improve user experience
13.3 Marketing Cookies: For targeted advertising (with consent)
13.4 You can manage cookie preferences through your browser settings
14. MARKETING COMMUNICATIONS
14.1 I may send marketing communications to existing clients based on legitimate interests
14.2 New prospects will only receive marketing with explicit consent
14.3 All marketing emails include easy unsubscribe options
14.4 You can opt out at any time by contacting me directly
15. PRIVACY BY DESIGN
In accordance with UK GDPR requirements, I implement privacy by design principles:
15.1 Data protection considerations are built into all my business processes
15.2 I conduct privacy impact assessments for any high-risk processing
15.3 Regular reviews ensure ongoing compliance with privacy requirements
16. CONTACT INFORMATION
For any privacy-related questions or to exercise your rights, please contact me directly:
Data Controller: Debbie Lukas (Sole Trader)
Trading As: Debbie Lukas Designs, A Writer's Journey & The Enchanted Stationery Studio
Email: debbielukas@outlook.com
Phone: Available upon request
Address: Available upon request
17. COMPLAINTS
If you're not satisfied with how I handle your personal data, you can:
17.1 Contact me directly to resolve the issue
17.2 Complain with the Information Commissioner's Office (ICO)
ICO Website: ico.org.uk
ICO Helpline: 0303 123 1113
18. CHANGES TO THIS POLICY
I may update this Privacy Policy to reflect changes in law, my practices, or services. I will:
18.1 Post updates on my website
18.2 Notify you of significant changes via email
18.3 Ensure the "Last Updated" date reflects any changes
19. DATA PROTECTION RESPONSIBILITIES
As a sole trader, I do not need to appoint a Data Protection Officer. I personally handle all data protection matters and take full responsibility for compliance with UK data protection laws.
20. BUSINESS CONTINUITY
In the event of illness or other circumstances affecting my ability to operate, I have arrangements in place to ensure your data remains secure and your rights can still be exercised. Emergency contact details are available upon request.