Who we are and what we do
We are a beauty and wellbeing business.
We collect the personal data of the following types of people to allow us to undertake our business:
Prospective and live client contacts;
Supplier contacts to support our services;
Employees, consultants, temporary workers.
We collect information about you to carry out our core business and important activities.
We want to reassure you that we take the collection, use and retention of your personal information seriously and below we specify how we use the information we have about you.
Information you give to us or we collect about you
In order to fulfil our legal and business obligations we collect your Personal Data such as your name, address, company details, telephone numbers, corporate or personal email address.
When you visit our web site our web server stores the IP address of your Internet Service Provider and the date and duration of your visit;
By using this website and entering your Personal Data, you consent to processing and use of your data as described in this privacy statement.
Information we collect about you when you visit our website
With regards to each of your visits to our site we will automatically collect the following information:
- Technical information, including the Internet protocol (IP) address used to connect your device to the Internet, your log on information if applicable, browser type and version, browser plug-in types and versions, operating system and platform
- Information about your visit, including the full Uniform Resource Locators (ULR), clickstream to, through and from our site (including date and time), products/services you viewed or searched for, page response times, download/upload errors, length of visit, page interaction information (such as scrolling, clicks and mouse-overs).
Purposes of the processing and the legal basis for the processing
Our legal basis for the processing of personal data is our legitimate business interests. Described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.
We will rely on contract if we are negotiating or have entered into a placement agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation.
We will rely on legal obligation if we are legally required to hold information on you to fulfil our legal obligations.
We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent, if legally required.
Our Legitimate Business Interests
To maintain, expand and develop our business we need to record the personal data of client contacts.
Should we want or need to rely on consent to lawfully process your data we will request your consent orally, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time.
We do not undertake automated decision making or profiling. A person will always be involved in the decision-making process.
Most browsers automatically accept cookies, but you can deactivate this function at any time and set your browser to notify you whenever a cookie is sent. If you want to know how to do this please look at the help menu on your browser. However, switching off cookies may restrict your use of our web site.
Disclosure of your information
We will share your personal information with staff and some third parties, including:
- Employees, business partners, suppliers and sub-contractors for the performance and compliance obligations of any contract we enter into with them or you;
- Sub-contractors including email marketing specialists, event organisers, payment and other financial service providers;
- Analytics and search engine providers that assist us in the improvement and optimisation of our site;
We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests. We hold your data with a view to providing future services to you and to manage the business relationship. In the event that the business relationship ceases we confirm that we will delete personal data in accordance with our internal data retention policies and our legal obligations.
We segregate our data so that we keep different types of data for different time periods. The criteria we use to determine whether we should retain your personal data includes:
- the nature of the personal data;
- its perceived accuracy;
- our legal obligations;
We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) system.
Our current retention notice is available upon request.
We will never use your personal data for marketing purposes.
Our site may, from time to time, contain links to and from the websites of our Social Media Platforms on Twitter, LinkedIn and Facebook as well as partner websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The GDPR provides you with the following rights. To:
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party in certain formats, if practicable.
- Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link: https://ico.org.uk/concerns/
Rights of access, modification and objection
Please contact us in the event that:
- You have any queries about the information that we hold about you;
- You wish to inform us of any changes to your information or wish to correct the information we hold about you;
Please contact us in the event that you:
- Have any requests with regard to our processing of your personal data;
- Decide at any time that you no longer wish to receive emails from us
- Wish to access information held about you. On request, we will provide information in writing about your information stored on our database;
- Do not wish us to hold your information, you are entitled to tell us at any time and we will remove all such information from our database.
Access to information
The Data Protection Act 1998 and the GDPR give you the right to access information held about you. We also encourage you to contact us to ensure your data is accurate and complete.
Your right of access can be exercised in accordance with the Act and the GDPR.
A subject access request should be submitted here.
We have technical and organisational security measures in place to ensure the security of your information and to protect it against deliberate or accidental manipulation, destruction, loss or unauthorised access.
Changes to this Policy