Privacy and Cookies Policy
This Privacy Notice sets out the basis on which Hair & Beauty2me will process any personal data we collect from you, or which you provide to us, or will be processed by us through your use of our site www.hairandbeauty2me.co.uk
Hair & Beauty 2me is the controller and responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice). We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice.
Contact Us About Your Personal Data If you would like more information or would like to raise any queries, exercise your rights or make a complaint relating to our use of your personal information, you may contact our Data Protection Officer using the following details:
Data Protection Officer
Subject line: DPO
It is important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at: email@example.com From time to time we may email you to check that the personal data we hold for you is accurate and up to date.
What Does This Policy Cover?
Information you give us. This means data/information about you that enables you to be identified, such as your name and contact details, but it can also cover information such as electronic location data. You may give us information about you by filling in forms on our site or by corresponding with us by e-mail, text, social media messaging, social media posting or any other communication that you send us. Where you have provided personal data to us directly, you are consenting to us using that data for the performance of a contract. You can withdraw that consent at any time by contacting firstname.lastname@example.org
- Personal Data
We may collect the following personal data:
- Your name, email address, postal address, phone number, date of birth, business name;
- Financial information; we do not collect or store any financial details;
- Your username provided when users register for a Hair & Beauty2me account, or when we receive an email from a user;
- Data on how you use our website and services including data posted for publication.
- Technical data which can include but is not limited to your IP address, your login data, browser type, operating system, geographic location, page views, and length of visits;
- Your communication preferences and your preferences in receiving marketing from us and our third parties;
- Credit information from third parties
Under the General Data Protection Data Regulations, we must always have a lawful basis for collecting and using personal data. It is in our legitimate business interests to process this data for the following reasons:
- the data is necessary to fulfil any contractual obligations with users;
- you have consented to our use of your personal data;
- to ensure relevant content is provided and our website and online services operate efficiently and securely;
- to grow our business and to decide our marketing strategy.
Your personal data may be used for the following purposes:
- to carry out our obligations between you and us, to supply services and to provide you with any business information;
- to personalise your experience on our website, e.g., in relation to the services, content and user experience;
- to send you business communication, e.g. information, news, and offers on our services;
- to ask you to complete surveys (you will be under no obligation to do this);
- to send you marketing communications where we are allowed by law to do so;
- to respond to your emails, letters and messages and deal with complaints;
- to notify you about changes to our service or variations to terms and conditions;
- to monitor the use of our website and online services;
- to provide relevant website content and advertisements to you;
- to keep records;
- to comply with the law or in response to a court order, government request, or other legal process.
- How We Collect Your Personal Data
- Direct interactions You may give us your Identity, Contact, Financial and Profile Data by filling in forms or by corresponding with us by post, phone, email or otherwise.
- Third parties or publicly available sources We may receive personal data about you from various third parties and public sources as set out below:
- analytics providers such as Google based outside the UK;
- advertising networks such as Facebook based inside or outside the UK;
- search information providers such as Google based outside the UK.
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services;
- Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register based inside or outside the UK.
We also collect use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We do not knowingly collect personally identifiable information from children under 18. If you are a parent or guardian and you are aware that your child has provided us with personal Information, please contact us. If we discover that a child under 18 has provided us with Personal Information, we will delete such information from our servers immediately.
How can you control your data? We aim to give you controls on the use of your data for direct marketing purposes which includes the ability to opt-out of receiving emails/marketing literature from us which you can do by emailing us to unsubscribe.
- Security of Your Personal Data
Hair & Beauty 2me are committed to keeping your data secure. We use a variety of security technologies and procedures to help protect your personal information from unauthorised access and use.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (‘EEA’). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Data Protection Notice. This is done in several different ways including:
- The country we send the data to might be approved by the European Commission as being sufficiently secure;
- The recipient is located in the United States and is a certified member of the approved EU-US Privacy Shield Scheme; or
- The recipient company might have signed up to a contract obliging them to protect your information.
In all such cases, we shall ensure that any transfer of your information is compliant with data protection law.
Please note that the transmission of data via the Internet is not completely secure. Your communications may be routed through a number of countries before being delivered. We cannot guarantee the security of any data transmitted to our Websites, however, once we have received your data, we will use adequate security procedures to prevent unauthorised access.
- Disclosures of your personal data
We may have to share your personal data with the parties set out below:
- External Third Parties including service providers who provide IT and system administration services and professional advisers who provide consultancy, legal and insurance services.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
- Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances you can ask us to delete your data: see below for further information.
Under the GDPR, you have the following rights to be informed of how we collect and use your personal data:
- Right to be informed – the right to be informed about the collection and use of your personal data.
- Right of access – the right to access and to receive a copy of your personal data, and other supplementary information.
- Right to rectification – the right to have inaccurate personal data rectified or completed if it is incomplete.
- Right to erasure – also known as the right to be forgotten. In certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restrict processing – right to restrict the processing of personal data In certain circumstances, that can limit the way that an organisation uses data. This is an alternative to requesting the erasure of your data.
- Right to data portability – the right to receive a copy of your personal data for personal use and/or to have your personal data transmitted from one organisation to another organisation.
- Right to object – the right to object to the processing of your personal data in certain circumstances.
- Rights in relation to automated individual decision-making – making a decision solely by automated means without any human involvement.
- Rights in relation to profiling – automated processing of personal data to evaluate certain things about an individual. Profiling can be part of an automated decision-making process.
- Right to withdraw your consent, where we are using your personal information with your consent.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. Please contact us if you wish to exercise any of these rights.
Users can manage cookies (and delete cookie files) by opening their web browser (such as Chrome, Firefox, or Safari) and finding where cookies are stored. For example, cookie storage can be enabled/disabled in Internet Explorer by clicking “tools,” then “internet options” and selecting the privacy tab.
There are two types of cookie:
- Session cookies only last for your online session and disappear from your computer or device when you close your browser.
- Persistent cookies stay on your computer or device after the browser is closed for a set period of time which is specified by the cookie.
What do cookies do? Cookies serve a wide range of functions, but most fall under the following categories:
Strictly Necessary Cookies are a site’s basic form of memory, used to navigate around a website and use its features. As the name implies, they are essential to a website’s functionality and cannot be disabled by users. They include, for example, cookies that enable you to log into your user account, opening your access to our services. These cookies do not gather information about you that could be used for marketing or remembering where you’ve been on the internet
Performance Cookies collect data for statistical purposes on how visitors use a website, they don’t contain personal information such as names and email addresses, and are used to improve your user experience of a website.
Functionality Cookies are used to recognise you when you return to our website, they can remember your user preferences on your account page These cookies allow our website to store choices you have made about how you would like it to function.
Analytics Cookies These cookies are used to collect information about how visitors access and use our site. This is used to monitor performance, for reporting, and for providing data that will influence the improvements made to the site. The cookies collect information in an anonymous form, including the number of people visiting the site, how many pages they looked at, what pages they visited and how long they stayed.
Advertising Cookies are used to customize a user’s ad experience on a website based on their browsing history. Using the data collected from these cookies, websites and advertising companies can prevent the same ad from appearing again and again, remember user ad preferences, and tailor which ads appear in browsers based on a user’s online activities.
Third Party Cookies for marketing, advertising, and remarketing. We work with third parties who serve advertisements or present offers on our behalf and personalise the content that you see. Cookies may be used by those third parties to build a profile of your interests and show you relevant adverts on other sites. They do not store personal information directly but use a unique identifier in your browser or internet device. If you do not allow these cookies, you will experience less targeted content. An example of this might be where you are shown an advertisement about one of our products or services through a digital or social-media channel encouraging you to visit our website.
Social Networking Tracking Cookies allow users to share content on social media platforms and help link activity between a website and third-party sharing platforms.
How can I control my cookies?
You can use your web browser to:
- Delete all cookies;
- Block all cookies;
- Allow all cookies;
- Block ‘third-party’ cookies (ie, cookies set by online services other than the one you are visiting);
- Clear all cookies when you close the browser;
- Open a ‘private browsing’ / ‘incognito’ session, which allows you to browse the web without recording your browsing history or storing local data such as cookies (you should however be aware of the limitations of this feature in a privacy context); and
- Install add-ons and plugins that extend browser functionality.
Where to find information about controlling cookies
- Microsoft Edge cookies information
- Internet Explorer cookies information
- Chrome cookies information
- Firefox cookies information
- Safari cookies information – mobile devices and desktops
- Opera cookies information
- A number of websites provide detailed information on cookies, includingAboutCookies.org and AllAboutCookies.org.
- The European Interactive Digital Advertising Alliance website Your Online Choices allows you to install opt-out cookies across different advertising networks.
- Google has developed a browser add-on to allow users to opt-out of Google Analytics across all websites which use it. This is also available in the Chrome web store.
- Some browsers include a feature known as ‘Do Not Track’ or DNT. This allows you to indicate a preference that websites should not track you. However, whilst DNT is available in many browsers, websites are not required to recognise its request, so it may not always work. You can get help on how to use DNT in Microsoft Edge, Internet Explorer, Firefox, Chrome, Safari and Opera.
- Internet Explorer has a feature called Tracking Protection Lists which allows you to import a list of websites you want to block.
- For more information on how private browsing works as well as its limitations, visit the support pages for your browser: Microsoft Edge, Internet Explorer, Firefox, Chrome, Safari (mobile and desktop) and Opera.