Privacy Policy

Data Privacy Summary

Who are we?

We are SUNNY FIELDS ENTERPRISE LIMITED, trading as “Little Freddie”. We are considered to be the “controller” of your personal data. That basically means that for any data we hold on you, that could identify you as an individual, we have a duty to protect that data in line with data protection laws.

The purpose of this privacy notice to make sure you are informed about the personal data we hold on you, why we hold it and generally how we comply with the regulation.

Our address is:
Little Freddie
31a Great Sutton Street
London
EC1V 0NA

If you want to talk to us about this, the person in charge of Data Protection is Carl Morris. You can email him here: carl.morris@littlefreddie.com.

Little Freddie takes data protection seriously:

  • Our data processing activities are always in line with the General Data Protection Regulation (GDPR)
  • We keep to a minimum the information we hold about you
  • We use your data to provide our services to you, respond to your enquiries, manage our relationship with you, meet our legal obligations, and improve our website
  • We delete your data when it is no longer needed for these things
  • You have privacy rights as an individual
  • We do not carry out automated profiling
  • We take security seriously
  • We don’t record calls
  • We are happy to talk to you about how we process and protect your data.

Tell me more…

To see more about how we use your personal data, read the notice or notices which apply best to your relationship with us:

Online Customer Privacy Notice

What data we hold

As one of our online customers, we will hold the following personal information about you for the length of time that we consider you to an existing customer:

  • The information that is needed to fulfil our contract with you. This will be your contact details (we need to know who you are) and any delivery detail you gave us. Also, because you need to pay for the items, we pass your payment details to Shopify but we don’t store them ourselves after the transaction has gone through. These details are held in our secure systems and only shared with companies that supply us with our secure online shopping services.
  • Because you are an existing customer, we will contact you from time to time to let you know about our goods and services that may be of interest to you. We do this because we think you would benefit from this, and we might too. We will always give you the option to opt out of receiving marketing emails from us and if you do that we promise we won’t send you marketing emails again. This data is also held in our secure systems and is shared with the UK based company who carry out our marketing function for us.
  • If you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received so that we know what we have said to whom. This is a legitimate thing for a business to do to ensure that both parties are happy with the service levels between them.
  • Technical personal data is also captured when you use the website and that is processed to protect our users from cyber-attacks and also for us to see which bits of our website are being used the most, which in term helps us with our strategic planning, a legitimate thing for companies to do.

Details of the technical personal data that we process is below:

  • We generate log files from various servers when you visit our website: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
  • Our website uses cookies to distinguish you from other users of our website in order to provide increased functionality and service. This not only helps us to provide you with a better experience but also to help us improve our website and services. Please see our Cookies Policy for further information about how we collect and use data collected through our use of cookies. 
  • Unless you have adjusted your web browser settings (if and where possible) to refuse cookies, our system will issue cookies as soon as you visit our website or related online services. However, in doing so, you may find that certain functionality or services may be impaired or unavailable to you.
  • The cookies we use only contain anonymous information to improve the services we offer and do not contain personal information.
  • Our website, like many others, uses Google Analytics – a web analytics tool provided by Google to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Google can provide more details about their cookies.

We use the logs from our servers to assist in our firm's security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic). We have legal and regulatory obligations to protect our clients and their information and strategy planning is a legitimate thing for a business to do.

Transfers of your data

We transfer or process data outside the European Economic Area because we use third parties, based in the US. These parties are signed up to the US Privacy Shield which means the EU considers them to have adequate measures in place, in line with EU data protection laws, to protect your personal data. Our data servers are currently based in China and Hong Kong with our parent company. We recognise that those countries do not have an adequacy agreement in place so we are putting contractual measures in place prior to May 25th to ensure GDPR approved adequacy.

Like many EU businesses, we transfer data to Mailchimp who act as a processor for our marketing emails and/or newsletters. Mailchimp also acts as a controller for some of your data once this is passed to them. We recommend therefore that you read their privacy policy here https://mailchimp.com/legal/privacy/#contacts to understand exactly what they do with this data and see how you can opt out of them using your data for analytics purposes.
We are aware that Mailchimp expects us to have got permission for your data to be used this way, but we do not believe that we are in a position to get consent on behalf of another company when we have no control over how they use the data.

Third parties

We also have a small number of companies providing services to us. These are our processors and we have confirmed that they all meet the requirements of EU data protection laws. They are mentioned in the relevant parts of our privacy statement so you are aware of when we use them.

Technical and operational security

As an organisation, Little Freddie is committed to protecting personal data through physical and operational security measures. All our computers and servers are protected by physical security, our laptops are password protected, our mobile phones are encrypted, and access to computers and laptops is restricted with each staff member having their own unique login credentials. If you have particular security requirements, please call us to discuss how we can support you.

Your rights

You have lots of rights in respect of our processing of your personal data. The relevant rights are:

  • Request a copy of your personal data and information about our processing of it
  • Request that we delete information on you if we do not need to hold it
  • Request that we correct any personal data that we hold on you
  • Request that we stop processing your data, for certain things, e.g. marketing, although we can still hold it
  • Request that we move your data to another organisation’s IT system electronically.

If you want to exercise any of these rights, please just contact us using carl.morris@littlefreddie.com. You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/global/contact-us/postal-addresses/.

Contact us

If you want to talk to us about this, the person in charge of Data Protection is Carl Morris. You can email him here: carl.morris@littlefreddie.com.

Employee Privacy Notice

If you are an employee, please refer to our employee handbook for information about how we use your personal data.

If you want to talk to us about this, the person in charge of Data Protection is Carl Morris. You can email him here: carl.morris@littlefreddie.com.


Supplier Privacy Notice

What data we hold

As one of our suppliers, we will hold the following personal information about you for as long as we have a relationship with you or think we might want to buy products or services from you, or for the duration of a dispute with you (which we hope won’t happen).

  • We hold the information that is needed to fulfil our contract with you. This will be your contact details (we need to know who you are so we can do business with you) and your payment details. After all, you do expect us to pay you.
  • We sometimes pass your contact details on in the form of recommendations to other companies looking for suppliers by word of mouth. We see this as a legitimate thing for a business to do; it helps you grow your business and benefits everyone in the network. If you don’t want us to recommend you, just let us know.
  • If you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received so that we know what we have said to whom. This is a legitimate thing for a business to do to ensure that both parties are happy with the service levels between them.
  • If you use our website, technical personal data is also captured that is processed to protect our users from cyber attacks and also for us to see which bits of our website are being used the most, which in term helps us with our strategic planning, a legitimate thing for companies to do.

Technical Data

  • We generate log files from various servers when you visit our website: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
  • Our website uses cookies to distinguish you from other users of our website in order to provide increased functionality and service. This not only helps us to provide you with a better experience but also to help us improve our website and services. Please see our Cookies Policy for further information about how we collect and use data collected through our use of cookies.
  • Unless you have adjusted your web browser settings (if and where possible) to refuse cookies, our system will issue cookies as soon as you visit our website or related online services. However, in doing so, you may find that certain functionality or services may be impaired or unavailable to you.
  • The cookies we use only contain anonymous information to improve the services we offer and do not contain personal information.

We use the logs from our servers to assist in our firm's security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic). We have legal and regulatory obligations to protect our clients and their information and strategy planning is a legitimate thing for a business to do.

Our website, like many others, uses Google Analytics – a web analytics tool provided by Google to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Google can provide more details about their cookies.

Transfers of your data

We transfer or process data outside the European Economic Area because we use third parties, based in the US. These parties are signed up to the US Privacy Shield which means the EU considers them to have adequate measures in place, in line with EU data protection laws, to protect your personal data. Our data servers are currently based in China and Hong Kong with our parent company. We recognise that those countries do not have an adequacy agreement in place so we are putting contractual measures in place prior to May 25th to ensure GDPR approved adequacy.

Third parties

We also have a small number of companies providing services to us. These are our processors and we have confirmed that they all meet the requirements of EU data protection laws. They are mentioned in the relevant parts of our privacy statement so you are aware of when we use them.

Technical and operational security

As an organisation, Little Freddie is committed to protecting personal data through physical and operational security measures. All our computers and servers are protected by physical security, our laptops are password protected, our mobile phones are encrypted, and access to computers and laptops is restricted with each staff member having their own unique login credentials. If you have particular security requirements, please call us to discuss how we can support you.

Your rights

You have lots of rights in respect of our processing of your personal data. The relevant rights are:

  • Request a copy of your personal data and information about our processing of it
  • Request that we delete information on you if we do not need to hold it
  • Request that we correct any personal data that we hold on you
  • Request that we stop processing your data, for certain things
  • Request that we move your data to another organisation’s IT system electronically.

If you want to exercise any of these rights, please just contact us on carl.morris@littlefreddie.com. You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/global/contact-us/postal-addresses/.

Contact us

If you want to talk to us about this, the person in charge of Data Protection is Carl Morris. You can email him here: carl.morris@littlefreddie.com.

Website Visitor Privacy Notice

What data we hold

  • We generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
  • Our website uses cookies to distinguish you from other users of our website in order to provide increased functionality and service. This not only helps us to provide you with a better experience but also to help us improve our website and services. Please see our Cookies Policy
  •  for further information about how we collect and use data collected through our use of cookies. 
  • Unless you have adjusted your web browser settings (if and where possible) to refuse cookies, our system will issue cookies as soon as you visit our website or related online services. However, in doing so, you may find that certain functionality or services may be impaired or unavailable to you.

We use the logs from our servers to assist in our firm's security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic). We have legal and regulatory obligations to protect our clients and their information and strategy planning is a legitimate thing for a business to do.

The cookies we use only contain anonymous information to improve the services we offer and do not contain personal information. It is also important to point out that not all cookies used by this website are created by us. These cookies (referred to as third-party cookies) are covered below:

Google Analytics
Our website uses Google Analytics – a web analytics tool provided by Google to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Google can provide more details about their cookies.

Technical data
We use the logs from our servers to assist in our firm's security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic). We have legal and regulatory obligations to protect our clients and their information and strategy planning is a legitimate thing for a business to do.

Like many EU businesses, we transfer data to Mailchimp who act as a processor for our marketing emails and/or newsletters. Mailchimp also acts as a controller for some of your data once this is passed to them. We recommend therefore that you read their privacy policy here https://mailchimp.com/legal/privacy/#contacts to understand exactly what they do with this data and see how you can opt out of them using your data for analytics purposes.
We are aware that Mailchimp expects us to have got permission for your data to be used this way, but we do not believe that we are in a position to get consent on behalf of another company when we have no control over how they use the data.

Transfers of your data

We transfer or process data outside the European Economic Area because we use third parties, based in the US. These parties are signed up to the US Privacy Shield which means the EU considers them to have adequate measures in place, in line with EU data protection laws, to protect your personal data. Our data servers are currently based in China and Hong Kong with our parent company. We recognise that those countries do not have an adequacy agreement in place so we are putting contractual measures in place prior to May 25th to ensure GDPR approved adequacy.

Third parties

We also have a small number of companies providing services to us. These are our processors and we have confirmed that they all meet the requirements of EU data protection laws. They are mentioned in the relevant parts of our privacy statement so you are aware of when we use them.

Your rights

You have lots of rights in respect of our processing of your personal data. The relevant rights are:

  • Request a copy of your personal data and information about our processing of it
  • Request that we delete information on you if we do not need to hold it.

If you want to exercise any of these rights, please just contact us on carl.morris@littlefreddie.com. You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/global/contact-us/postal-addresses/.

Contact us

If you want to talk to us about this, the person in charge of Data Protection is Carl Morris. You can email him here: carl.morris@littlefreddie.com.

Potential Employee of Little Freddie Privacy Notice


What we hold

If you have applied for a job with us then we will hold the following information until such time as your application for a specific role is either successful or unsuccessful:

  • The information that you provided on your CV or application form. This information is held with the potential intention of starting a contract with you.
  • If you attend an interview, we will hold interview notes. This is a legitimate thing for us to do and ensures that we make the correct and unbiased decision on the best candidate.
  • If your application is successful then your data is processed as per the Fair Processing Notice available in the employee handbook.
  • If your application is unsuccessful then your CV and interview notes will be stored for 6 months just in case there are any disputes on either side or if that particular role becomes vacant again. This is a legitimate thing for a business to do.
  • If you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received so that we know what we have said to whom. This is a legitimate thing for a business to do to ensure that both parties are happy with the service levels between them.
  • Technical personal data is also captured if you use our website and that is processed to protect our users from cyber attacks and also for us to see which bits of our website are being used the most, which in term helps us with our strategic planning, a legitimate thing for companies to do.

Note: we do not accept unsolicited CVs; these are deleted immediately. We also do not keep old CVs beyond what we have stated above. CVs go out of date quickly and we have an obligation to have correct data in our systems, as well as having a lawful reason for holding it. “Just in case” is not a good reason.

Details of the technical personal data that we process is below:

  • We generate log files from various servers when you visit our website: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
  • Our website uses cookies to distinguish you from other users of our website in order to provide increased functionality and service. This not only helps us to provide you with a better experience but also to help us improve our website and services.Please see our Cookies Policy for further information about how we collect and use data collected through our use of cookies. 
  • Unless you have adjusted your web browser settings (if and where possible) to refuse cookies, our system will issue cookies as soon as you visit our website or related online services. However, in doing so, you may find that certain functionality or services may be impaired or unavailable to you.
  • The cookies we use only contain anonymous information to improve the services we offer and do not contain personal information.
  • Our website, like many others, uses Google Analytics – a web analytics tool provided by Google to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Google can provide more details about their cookies.

We use the logs from our servers to assist in our firm's security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic). We have legal and regulatory obligations to protect our clients and their information and strategy planning is a legitimate thing for a business to do.

Transfers of your data

We transfer or process data outside the European Economic Area because we use third parties, based in the US. These parties are signed up to the US Privacy Shield which means the EU considers them to have adequate measures in place, in line with EU data protection laws, to protect your personal data. Our data servers are currently based in China and Hong Kong with our parent company. We recognise that those countries do not have an adequacy agreement in place so we are putting contractual measures in place prior to May 25th to ensure GDPR approved adequacy.


Third parties

We also have a small number of companies providing services to us. These are our processors and we have confirmed that they all meet the requirements of EU data protection laws. They are mentioned in the relevant parts of our privacy statement so you are aware of when we use them.

Technical and operational security

As an organisation, Little Freddie is committed to protecting personal data through physical and operational security measures. All our computers and servers are protected by physical security, our laptops are password protected, our mobile phones are encrypted, and access to computers and laptops is restricted with each staff member having their own unique log on credentials. If you have particular security requirements, please call us to discuss how we can support you.

Your rights

You have lots of rights in respect of our processing of your personal data. The relevant rights are:

• Request a copy of your personal data and information about our processing of it
• Request that we delete information on you if we do not need to hold it
• Request that we correct any personal data that we hold on you
• Request that we stop processing your data, for certain things.

If you want to exercise any of these rights, please just contact us on carl.morris@littlefreddie.com.

You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/global/contact-us/postal-addresses/.

Contact us

If you want to talk to us about this, the person in charge of Data Protection is Carl Morris. You can email him here: carl.morris@littlefreddie.com.

Not a Customer Privacy Notice

What data we hold

If you signed up to receive information about our goods and services, then we hold data based purely on your consent (which we captured when you signed up). We also abide by the PECR regulations when we contact you. We hold this information for as long as we think you will be interested in our goods and services or until you ask us not to.

  • We only hold the information you gave us (contact details) and whenever we contact you, you will have the option to opt out of further communications from us
  • We will always give you the option to opt out of receiving marketing emails from us and if you do that we promise we won’t send you marketing emails again. This data is also held in our secure systems and is shared with the UK based company who carry out our marketing function for us.
  • Technical personal data is also captured when you use the website and that is processed to protect our users from cyber attacks and also for us to see which bits of our website are being used the most, which in term helps us with our strategic planning, a legitimate thing for companies to do.

Technical data

  • We generate log files from various servers when you visit our website: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
    Our website uses cookies to distinguish you from other users of our website in order to provide increased functionality and service. This not only helps us to provide you with a better experience but also to help us improve our website and services. Please see our Cookies Policy for further information about how we collect and use data collected through our use of cookies. 
  • Unless you have adjusted your web browser settings (if and where possible) to refuse cookies, our system will issue cookies as soon as you visit our website or related online services. However, in doing so, you may find that certain functionality or services may be impaired or unavailable to you.
  • The cookies we use only contain anonymous information to improve the services we offer and do not contain personal information.
  • Our website, like many others, uses Google Analytics – a web analytics tool provided by Google to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Google can provide more details about their cookies.

Transfers of your data

We transfer or process data outside the European Economic Area because we use third parties, based in the US. These parties are signed up to the US Privacy Shield which means the EU considers them to have adequate measures in place, in line with EU data protection laws, to protect your personal data. Our data servers are currently based in China and Hong Kong with our parent company. We recognise that those countries do not have an adequacy agreement in place so we are putting contractual measures in place prior to May 25th to ensure GDPR approved adequacy.

Third parties

We also have a small number of companies providing services to us. These are our processors and we have confirmed that they all meet the requirements of EU data protection laws. They are mentioned in the relevant parts of our privacy statement so you are aware of when we use them.

Technical and operational security

As an organisation, Little Freddie is committed to protecting personal data through physical and operational security measures. All our computers and servers are protected by physical security, our laptops are password protected, our mobile phones are encrypted, and access to computers and laptops is restricted with each staff member having their own unique login credentials. If you have particular security requirements, please call us to discuss how we can support you.

Your rights

You have lots of rights in respect of our processing of your personal data. The relevant rights are:

  • Request a copy of your personal data and information about our processing of it
  • Request that we delete information on you if we do not need to hold it
  • Request that we correct any personal data that we hold on you
  • Request that we stop processing your data, for certain things, e.g. marketing, although we can still hold it (we have to put it on a suppression list to make sure we don’t accidentally contact you again for example)
  • Request that we move your data to another organisation’s IT system electronically.

If you want to exercise any of these rights, please just contact us on carl.morris@littlefreddie.com. You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/global/contact-us/postal-addresses/.

Contact us

If you want to talk to us about this, the person in charge of Data Protection is Carl Morris. You can email him here: carl.morris@littlefreddie.com.

Get the freshest Little Freddie news

We'll only use your details to send you the latest information about Little Freddie's goods and services, we won't pass your details onto any third parties.
Don't worry, your data is secure with us, for more information see our privacy policy page.