Privacy Policy
Drop The Boss is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website at ledyatt.co.uk and use our services.
This policy complies with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.
Last Updated: September 23, 2025
Data Controller
Drop The Boss is the data controller for the personal information we collect and process. Our contact details are:
Address: 12 Threadneedle Street, London EC2R 8AY, United Kingdom
Email: [email protected]
Information We Collect
Personal Information You Provide
When you interact with our Website, we may collect personal information that you voluntarily provide, including:
- Contact Information: Name, email address when you contact us or subscribe to updates
- Communication Data: Messages, feedback, and correspondence you send to us
- Marketing Preferences: Your choices regarding marketing communications
- Survey Responses: Information provided in surveys or feedback forms
Information Automatically Collected
When you visit our Website, we automatically collect certain information through cookies and similar technologies:
- Technical Data: IP address, browser type, device information, operating system
- Usage Data: Pages visited, time spent on pages, click patterns, referring websites
- Location Data: General geographic location based on IP address
- Performance Data: Website loading times, error reports, technical diagnostics
Information from Third Parties
We may receive information about you from third-party sources, including:
- Analytics Providers: Website usage statistics and user behavior data
- Social Media Platforms: Information when you interact with our social media content
- Marketing Partners: Aggregated demographic and interest data for advertising purposes
How We Use Your Information
We process your personal data for the following purposes:
Website Operation and Improvement
- Providing and maintaining Website functionality
- Analyzing Website performance and user experience
- Troubleshooting technical issues
- Ensuring Website security and preventing fraud
Communication and Support
- Responding to your inquiries and support requests
- Sending important updates about our services
- Providing customer support and assistance
- Processing feedback and suggestions
Marketing and Promotion
- Sending marketing communications (with your consent)
- Personalizing content and recommendations
- Conducting market research and surveys
- Analyzing marketing campaign effectiveness
Legal and Compliance
- Complying with legal obligations and regulations
- Protecting our rights and interests
- Preventing illegal activities and abuse
- Maintaining records for regulatory purposes
Legal Basis for Processing
Under UK GDPR, we must have a legal basis for processing your personal data:
- Consent: When you have given clear consent for specific processing activities
- Legitimate Interests: For our business operations, security, and marketing (where not overridden by your rights)
- Legal Obligation: To comply with legal requirements and regulations
- Contract Performance: To fulfill our obligations under any agreements with you
Data Sharing and Disclosure
We may share your personal information in the following circumstances:
Service Providers
We work with trusted third-party service providers who assist with:
- Website hosting and technical support
- Analytics and performance monitoring
- Email communication services
- Marketing and advertising platforms
- Payment processing (when applicable)
Legal Requirements
We may disclose your information when required by law or to:
- Comply with legal processes or court orders
- Protect our rights, property, or safety
- Investigate potential violations of our terms
- Cooperate with law enforcement agencies
Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity, subject to the same privacy protections.
Data Security
We implement appropriate technical and organizational measures to protect your personal information against:
- Unauthorized access or disclosure
- Accidental loss or destruction
- Malicious attacks and data breaches
- Inappropriate use or processing
Our security measures include:
- Encryption of data in transit and at rest
- Regular security assessments and updates
- Access controls and authentication systems
- Staff training on data protection practices
Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy:
- Contact Information: Retained while you remain subscribed to our communications
- Website Usage Data: Typically retained for 24-36 months for analytics purposes
- Support Communications: Retained for 3 years for quality assurance and legal purposes
- Marketing Data: Retained until you withdraw consent or object to processing
Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
Right of Access
You can request information about the personal data we hold about you, including details about processing activities.
Right to Rectification
You can request correction of inaccurate or incomplete personal information.
Right to Erasure
You can request deletion of your personal data in certain circumstances, such as when it’s no longer needed for the original purpose.
Right to Restrict Processing
You can request that we limit how we process your personal data in specific situations.
Right to Data Portability
You can request a copy of your personal data in a structured, machine-readable format.
Right to Object
You can object to processing of your personal data for marketing purposes or based on legitimate interests.
Right to Withdraw Consent
You can withdraw consent for processing activities that rely on your consent at any time.
Exercising Your Rights
To exercise any of your rights, please contact us at:
Email: [email protected]
Address: 12 Threadneedle Street, London EC2R 8AY, United Kingdom
We will respond to your request within one month. In complex cases, we may extend this period by two additional months with notification.
International Data Transfers
If we transfer your personal data outside the UK, we ensure appropriate safeguards are in place, such as:
- Adequacy decisions by UK authorities
- Standard contractual clauses approved by UK authorities
- Binding corporate rules or certification schemes
- Explicit consent for specific transfers
Children’s Privacy
Our Website is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately.
Cookies and Tracking Technologies
We use cookies and similar technologies as described in our Cookie Policy. For detailed information about cookies, please refer to our separate Cookie Policy document.
Updates to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:
- Update the “Last Updated” date at the top of this policy
- Notify you through our Website or email communications
- Obtain new consent where required by law
Contact Us
If you have questions about this Privacy Policy, concerns about our data practices, or wish to make a complaint, please contact us:
Email: [email protected]
Address: 12 Threadneedle Street, London EC2R 8AY, United Kingdom
Supervisory Authority
If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection supervisory authority:
Website: ico.org.uk
Helpline: 0303 123 1113
This Privacy Policy is effective as of September 23, 2025
