For the purpose of the Data Protection Act 1998 (the Act) and from the 25 May 2018, the EU General Data Protection Regulation 2016/679 (the GDPR), the data controller is EXCLUSIVE BEAUTY CLINIChaving its registered office at 1 Wharf Road, Wharf Road, Frimley Green, Camberley, United Kingdom, GU16 6LE
Date of last update: 08July 2018
WHAT DO WE COLLECT AND USE PERSONAL INFORMATION FOR?
IN ORDER TO:
- reply to your enquiries and requests for information;
- receive and process orders submitted by you;
- customise the service we provide to you;
- carry out our obligations in relation to any agreement you have with us;
- verify your identity;
- anticipate and resolve problems with any goods or services supplied to you;
- carry out market research and tracking of sales data;
- publish on the Site, at our discretion, your Submission comments.
If you place an order with us, you will need to set up an account before ordering. During this set up we will ask you to provide some personal information such as:
- Full name;
- Postal address and/or billing address;
- Telephone number(s);
- Email address;
- Age and/or Date of Birth;
If you place an order with us, we will also ask for your payment details.
We also ask you for other optional information such as what sort of device you use such as a mobile telephone or PDA or tablet, how you heard about our Site and what sort of subjects interest you. If you choose to give us this information, we will use it to help us to provide you with the best possible service that is personalised to your needs and preferences. Although we do not make it compulsory to give us every item of information we ask for, the more information you volunteer (and the more accurate it is), the better we can tailor our services for you.
LOG FILES/IP ADDRESSES
When you visit our Site, we automatically log your IP address (the unique address which identifies your computer on the internet) which is automatically recognised by our web server. We use IP addresses to help us administer the Site and to collect broad demographic information for aggregate use. Your IP address is also logged when you make a purchase as a fraud prevention measure required by the payment gateway.
CREDIT AND DEBIT CARD INFORMATION
If you select the option to allow us to store your card details, then we will do so using the Worldpay System. If you select a Repeat Purchase Product, then we will automatically store your card details via the Worldpay System.
The Worldpay System is a safe way of Exclusive Beauty Clinickeeping card details without actually storing them.
We may automatically collect non-personal information about you such as the type of internet browsers you use or the site from which you linked to our Site. You cannot be identified from this information and it is only used to assist us in providing an effective service on our Site. We may from time to time supply the owners or operators of third party sites from which it is possible to link to our Site with information relating to the number of users linking to our Site from their sites. You cannot be identified from this information.
INFORMATION PLACED ON YOUR COMPUTER
We may store some information (commonly known as a “cookie”) on your computer when you look at our Site. This information facilitates your use of our Site and helps us to understand how our Site is used. You can erase or block cookies from your computer if you want to (your help screen or manual should tell you how to do this), but certain Exclusive Beauty Clinic services may not work correctly or at all if you set your browser not to accept cookies.
IMPROVING OUR SERVICE
Staff from Exclusive Beauty Clinic, or from our service providers, may contact you from time to time using the contact means you have supplied to us in order to get your views and comments on the service we provide to you.
INFORMATION ABOUT PRODUCTS AND SERVICES.
It is very important to us that we provide you with the highest level of service. In order to help us do this, from time to time we may contact you using one of the contact methods you have provided, with details of our newsletters, surveys, products and services which we think may be of interest to you. If at any time you do not wish to receive these details, then send an e-mail message titled “unsubscribe” to email@example.com.
HOW DO WE USE YOUR INFORMATION?
Data Protection says that Exclusive Beauty Clinic is allowed to use and share your personal data only where we have a proper reason to do so. The law says we must have one or more of these reasons and these are:
- Contract – your personal information is processed in order to fulfil a contractual arrangement e.g. in order to send you your Order.
- Consent – where you agree to us using your information in this way e.g. for storing your payment card details.
- Legitimate Interests – this means the interests of Exclusive Beauty Clinic in managing our business to allow us to provide you with the best products and service in the most secure and appropriate way e.g. to transfer your data to certain Third Party’s such as delivery partners.
- Legal Obligation – where there is statutory or other legal requirement to share the information e.g. when we have to share your information for law enforcement purposes.
- Here is a list of the ways that we may use your personal information, and which of the reasons described above we rely on to do so. Where we list legitimate interests as a reason, we also describe below what we believe these legitimate interests are.
|What We Use Your Personal Information For||Our Reasons (Legal Basis)||Our Explanation of Cult Beauty’s Legitimate Interests|
|Set up your beauty account||Legitimate Interests||Process efficiency in dealing with such activity.|
|Storing payment cards||Consent||N/A|
|Process your orders||Contract||N/A|
|Notify you of your order status||Legitimate Interests||Process efficiency in dealing with such activity, and to make improvements to our services.|
|Manage your account/ provide customer services to you. This may include: transfers oitside the EEA to countries who undertake customers services/communications activities call recording data verification customer complaints/queries.||Legal Obligation/Legitimate Interests(depending on nature of services)||Keeping your record up to date, handling our customer contact efficiently and effectively, working out which of our products and services may interest you and telling you about them.|
|To detect, investigate and report financial crime(e.g. Fraud).||Legal Obligation/Legitimate Interests||Developing and improving how we deal with financial crime. Complying with any legal obligation placed on us by regulators such as FCA. Complying with with any regulations that apply to us. Process efficiency in dealing with such activity, and to make services and process improvements.|
|Undertake website personalisation and administration||Legitimate Interests||Developing products, services, applications and designs that attract and retain customers. Improving customer interaction with our sites. Defining types of customers for new products or services.|
|Marketing communications to inform you of special offers, promotions, new lines and sales. Provide with you online advertising.||Legitimate Interests||Developing products, services, applications and designs that attract and retain customers. Improving customer interaction with our sites.|
|Notifying you about enhancements to our services, such as to changes the website and new services that may be of interest to you.||Legitimate Interests||Developing products, services, applications and designs that attract and retain customers. Improving customer interaction with our sites.|
|Contact you to undertake customer satisfaction surveys, invite you to provide product reviews or for market research.||Legitimate Interests||Developing products, services, applications and designs that attract and retain customers. Improving customer interaction with our sites.|
|Mentaining network and data security||Legitimate Interests||To maintain the security of our network this in turns help us to maintain the safety and confidentially of your information|
|Logistic planning, demand forecasting, management information and research.||Legitimate Interests||We use information about shopping habbits, products bought and volumes, to help us to respond to demand, ensure the right products get to the right products get to the right areas and to help us plan our ranges.|
WHO WE SHARE YOUR INFORMATION WITH AND WHY
Other than the disclosures referred to in this policy, we will not disclose any personal information without your permission unless we are legally entitled or obliged to do so (for example, if required to do so by Court Order or for the purposes of prevention of fraud or other crime).
We will only disclose and/or transfer your personal information to a third party either as part of a reorganisation or a sale of the assets of Exclusive Beauty Clinic, or having ensured that steps have first been taken to ensure that your privacy rights continue to be protected.
Exclusive Beauty Clinicworks with a number of national and international trusted suppliers, individuals, agencies and businesses in order to provide you the high quality goods and services you expect from us such as delivery companies, fraud prevention agencies, beauty and cosmetic brands and market research companies amongst others. Some examples of the categories of third parties with whom we share your data are:
Exclusive Beauty Clinicworks with a number of trusted partners who supply products and services on our behalf. We will only hold the minimum amount of personal information needed in order to fulfil the orders you place or provide a service on our behalf.
DELIVERY AND LOGISTICS PARTNERS
In order for you to receive your goods, Exclusive Beauty Clinicworks with a number of delivery and logisitics partners. We only pass limited information to them in order to ensure successful delivery of your order.
Exclusive Beauty Clinicworks with businesses and individuals who support our website and our other business systems.
Exclusive Beauty Clinicworks with marketing companies who help us manage our electronic communications with you or carry out surveys and product reviews on our behalf.
PAYMENT PROCESSING COMPANIES
Exclusive Beauty Clinicworks with trusted third party payment processing providers in order to securely take and manage payments.
KEEPING OUR RECORDS ACCURATE
We aim to keep our information about you as accurate as possible. If you would like to review or change the details you have supplied us with, or you would like to remove your published Submission from the Site you may do so at any time by using the Contact Us page on this Site.
You should be aware that the internet is an insecure environment. We have implemented technology and employee policies to help safeguard your privacy from unauthorised access and improper use. We will continue to update these measures, as appropriate, when new technology becomes available.
TRANSFERRING YOUR PERSONAL INFORMATION OUTSIDE THE EUROPEAN ECONOMIC AREA
We may need, as part of the services offered to you though our Site, to communicate your details outside the European Economic Area (“EEA”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EEA or one of our service providers / IT Support staff is located in a country outside of the EEA.
We are obliged to satisfy ourselves before transferring your information to a country outside the EEA that it provides adequate protection for your data protection rights. The EEA comprises of the EU countries and Norway, Iceland and Liechtenstein. Countries outside the EEA may not have similar data protection laws to the EEA.
If we do transfer your information outside of the EEA in this way, we will take reasonable steps to ensure that your privacy rights continue to be protected.
Our Site is hosted on servers located in the United Kingdom.
HOW LONG WE KEEP YOUR INFORMATION
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.
We will not keep Your personal data for longer than is necessary for the purpose or purposes for which they are collected, unless there is another legal reason for us to retain the data. We will take all reasonable steps to destroy or erase from our systems all data which is no longer required.
WHAT ARE YOUR RIGHTS
We endeavour to process all personal data in line with Your rights under the GDPR. In particular, You have the rights to:-
- Withdraw Your consent to Our processing Your personal data at any time. You can do this at any time by changing Your “Preferences” when you log in to Your account or by contacting Us at firstname.lastname@example.org,.uk. In certain circumstances, We can process Your personal data without Your consent in line with the lawful processing requirements in GDPR. These include (amongst other reasons) where processing is necessary to comply with a legal obligation, or to protect your vital interests.
- Ask Us to rectify inaccurate or incomplete personal data. We would seek to rectify the data as soon as possible and usually within one month unless the request is complex
- Ask Us to erase Your personal data. This is commonly referred to as the right to be forgotten. This right is only applicable where there is no compelling reason for the continued processing of Your personal data. There are some circumstances where this right to erasure does not apply and in such cases We would notify You of the reason(s) why We need to retain Your personal data (unless prevented to do so by law).
- Restrict processing of Your personal data where, for example, the data is inaccurate, being processed unlawfully or where the data is no longer relevant to the specific purpose for processing. In such cases, We would retain the data but We would not process it further without Your consent, or if processing your data is for establishing, exercising or defending a legal claim, or for the protection of rights of other individuals, or for public interest reasons. In such circumstances, We would let You know that We intend to lift the restriction on processing Your personal data.
- Request access to Your personal data via a subject access request. Your request should be made to Us in writing and We may ask you for proof of your identity before providing You with the data. There is usually no fee for making such a request however, in limited circumstances, We can charge an administrative fee (which will be based on the administrative cost of providing the information).
- You have the right to ask Us not to process Your personal data for marketing purposes (including profiling). We will usually inform You (before collecting your data) if We intend to use your data for such purposes or if We intend to disclose your information to any third party for such purposes. You can exercise Your right to prevent such processing by checking certain boxes on the forms We use to collect your data. You can also exercise the right at any time by contacting us at email@example.com
- Obtain and reuse Your personal data for Your own purposes across different services (right to data portability). This right is only applicable to data that You have provided to Us, where We are processing the data based on Your consent or for the performance of a contract and when the processing is carried out by automated means. Where this right applies, the data will be provided to You in a structured, commonly used and machine-readable format.
If at any time you would like to contact us with your views about our privacy practices, or with any enquiry relating to your personal information, you can do so by sending an e-mail to us at Exclusive Beauty Clinic firstname.lastname@example.org, or via post at Data Protection Officer, Exclusive Beauty Clinic, 1 Wharf Road, Camberley GU16 6LE. You are entitled to ask for a copy of the information we store about you (for which we may charge a small fee) and can ask for that information to be corrected or erased where appropriate.
If you have any complaints regarding our handling of Your personal data, we would appreciate the chance to deal with your concerns in the first instance. However, if you wish, you may make a complaint directly to the Information Commissioner’s Office, the UK supervisory authority for data protection issues (www.ico.org.uk or 0303 123 1113)