Privacy Policy

Who we are

We are Oh So Savvy Limited and our website address is:

What personal data we collect and why we collect it

The following personal data may be collected, held, and processed by the Oh So Savvy so we can ensure your membership is up to date and contact you with the latest Savvy news.

Full name

Email address

NOTE: We do not hold bank details or credit/debit card information. All of that data is controlled and processed by Stripe.


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Account & Password

Account details and passwords are for the sole use of the person to whom they are issued. If Oh So Savvy believes that an account or password is being used by an unauthorised person or that the user is breaching these terms and conditions, then the account will be suspended and the user notified.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


We use Google Analytics to help analyse the use of our website which uses cookies to collect standard internet log and visitor behaviour information in an anonymous form. Consent for the use of the Google Analytics will have been obtained via the prominent header before the cookies are set. To find out more about Google Analytics or to opt out of being tracked by Google Analytics across all websites please visit

Oh So Savvy will not (and will not allow any third party) to use cookies to track or to collect any personally identifiable information of visitors to our site. We will not associate any data gathered from this site with any personally identifying information from any source as part of our use of the Google statistical analytics tool. Google will not associate your IP address with any other data held by Google. Neither Oh So Savvy nor Google will link, or seek to link, an IP address with the identity of a computer user.

Who we share your data with

We do not share or sell any of your information to third parties.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Additional information

How we protect your data

We do everything we can to protect your data including;

These are the measures we take when working with personal data:

  1. Where any personal data is to be erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), it should be securely deleted and disposed of.  Hardcopies should be shredded, and electronic copies should be deleted.
  2. Personal data may be transmitted over secure networks only; transmission over unsecured networks is not permitted in any circumstances;
  3. Personal data may not be transmitted over a wireless network if there is a wired alternative that is reasonably practicable;
  4. Personal data contained in the body of an email, whether sent or received, should be copied from the body of that email and stored securely.  The email itself should be deleted. All temporary files associated therewith should also be deleted;
  5. Where Personal data is to be sent by facsimile transmission the recipient should be informed in advance of the transmission and should be waiting by the fax machine to receive the data;
  6. Where Personal data is to be transferred in hardcopy form it should be passed directly to the recipient.
  7. No personal data may be shared informally and if an employee, agent, sub-contractor, or other party working on behalf of the Company requires access to any personal data that they do not already have access to, such access should be formally requested.
  8. All hardcopies of personal data, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet or similar;
  9. No personal data may be transferred to any employees, agents, contractors, or other parties, whether such parties are working on behalf of the Company or not, without authorisation.
  10. Personal data must be handled with care at all times and should not be left unattended or on view to unauthorised employees, agents, sub-contractors or other parties at any time;
  11. If personal data is being viewed on a computer screen and the computer in question is to be left unattended for any period of time, the user must lock the computer and screen before leaving it;
  12. All electronic copies of personal data should be stored securely using passwords
  13. Under no circumstances should any passwords be written down or shared between any employees, agents, contractors, or other parties working on behalf of the Company, irrespective of seniority or department.  If a password is forgotten, it must be reset using the applicable method. IT staff do not have access to passwords;

What data breach procedures we have in place

If we have a data breach we following the below procedure;

  1. All personal data breaches must be reported immediately to the Company’s data protection officer.
  2. If a personal data breach occurs and that breach is likely to result in a risk to the rights and freedoms of data subjects (e.g. financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), the data protection officer must ensure that the Information Commissioner’s Office is informed of the breach without delay, and in any event, within 72 hours after having become aware of it.
  3. In the event that a personal data breach is likely to result in a high risk to the rights and freedoms of data subjects, the data protection officer must ensure that all affected data subjects are informed of the breach directly and without undue delay.
  4. Data breach notifications shall include the following information:
    1. The categories and approximate number of data subjects concerned;
    2. The categories and approximate number of personal data records concerned;
    3. The name and contact details of the Company’s data protection officer (or other contact point where more information can be obtained);
    4. The likely consequences of the breach;
    5. Details of the measures taken, or proposed to be taken, by the Company to address the breach including, where appropriate, measures to mitigate its possible adverse effects.

What third parties we receive data from

We have a Facebook tracking pixel on this website, this means we can create custom and lookalike audiences from those who have visited the website, allowing us to show you adverts on Facebook. Your Facebook data or profile is never shared with us and Facebook hold all the dara relating to this.

Get even more knowledge and wisdom, sign up to our newsletter.

Arts Council England Cornwall Council Cultivator ERDF