Privacy Policy

Home  >  Privacy Policy

PLEASE READ THIS POLICY CAREFULLY, IF YOU DO NOT ACCEPT THESE TERMS YOU ARE ADVISED NOT TO USE THE WEBSITE

This policy was last updated: 7 June 2020

Use of this website, www,lashharmony.co.uk, constitutes your legal agreement to the terms within this policy and your acceptance of this policy is deemed to occur upon your first use of the website.

Lash Harmony may change this policy from time to time by updating this page. You should check this page before using the website to ensure that you are aware of and accept any changes.

About this Policy

Lash Harmony understands that your privacy is important to you and that you care about how your personal data is used and shared online. This privacy policy sets out how Lash Harmony collects and processes your personal data.

We will take all reasonable steps to ensure that personal information is safeguarded and kept in accordance with the law.

By providing us with your data, you warrant that you are over 13 years of age.

About Us

The correspondence address of Lash Harmony is New England House, 555 Lincoln Road, Peterborough PE1 2PB.

Where we manage personal data, we identify as a Data Controller and recognise and act on our obligations under applicable data protection laws. For any issues relating to data protection the person responsible is Inesa Svetkina.

What personal data do we collect?

Information that you provide to us is retained and processed in accordance with UK data protection legislation. This includes data given to us from the following:

General communications with us

Our ‘Contact Form’ is used to collect your name and email as well as your message, so that we can contact you and provide details of our services to you and deal with general company business. We may retain copies of emails sent to us. Your personal information will be processed by us in accordance with this Privacy Policy and will be on the basis of being legitimate to our business interests.

Details of phone calls to us may be recorded and any data may be retained and processed on the basis of being for our legitimate business needs or in order to fulfil our contractual obligations if you are a client of ours.

Social media

We use social media to engage with users and link to our Facebook and Instagram pages. We do not keep any specific data that identifies you as an individual user but we do have limited details of our followers on these platforms. You should refer to the Privacy Policies of these channels to understand how they treat your data in relation to linking to our site.

Facebook: https://www.facebook.com/privacy/explanation

Instagram: https://help.instagram.com/519522125107875

If you send us a direct message via social media, the details may be retained by us only as relevant to any ongoing contract or to further our legitimate business interests or as required for legal purposes. The third party provider may also retain details in accordance with their Privacy Policy.

Testimonials

We may ask you for a testimonial in relation to our services that may be used on our website or social media. Your full name may be used if you give us consent.

Training

When you book onto and attend one of our training sessions we may collect your personal data and record your attendance at that training session. Your personal data will be processed in accordance with this Privacy Policy.

Special categories of data

Some of the information you provide to us may be considered sensitive personal data which includes information about a data subjects ethnic or racial origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life or criminal record. We will take appropriate measures to ensure the confidentiality of any special category data.

Children

We do not market this website at those under 18 years old. Consistent with the GDPR we will never knowingly request personally identifiable information from anyone under the age of 16 years old.

We will take appropriate steps to delete any personal data of individuals less than 16 years of age that has been collected on our website upon learning of the existence of such data.

Information we get from other sources

From time to time, we may need to obtain information from third parties about you. This will only apply where it is necessary to provide our services and as permitted by law.

You are advised to refer to our Cookie Policy for details of information automatically collected.

How do we use your data?

We may use the information we collect from you in the following ways:

  • To administer and improve the website;
  • To personalise the content and your experience of the website;
  • To allow us to respond to communications sent to us;
  • To process your transactions;
  • To send you email notifications which you have specifically requested;
  • To send to you marketing communications, where expressly agreed;
  • To provide third parties with statistical information about our users;
  • To ask for feedback, reviews or testimonials;
  • To publish photographs representative of our services for promotional purposes;
  • To deal with enquiries and complaints made by or about you relating to the website.

Users of this website do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.

Sharing Information

Disclosure

We don’t share, sell, or distribute your data to third parties, except as contractually agreed with you or as provided in this Privacy Policy. We may disclose your personal information if we are required to do so by law, in connection with any legal proceedings, and in order to establish, exercise or defend our legal rights, or if otherwise legally permitted.

Data Processors

We may use Data Processors who act on our instruction in relation to the management of your data and they must adhere to all data protection laws and regulations. We will ensure that any Data Processors used only operate on our written instructions and comply with their obligations under the GDPR. You will be informed of any other Data Controllers who have access to your data and who may determine processing activities separately to us, or as a Joint Data Controller.

Marketing

We will send you marketing emails if we have your consent or if we have an ongoing relationship with you which qualifies as a legitimate business interest. Where consent is used as the legal basis for processing, you have the option not to give consent and to withdraw consent at any time. You may withdraw your consent by contacting us at info@lashharmony.co.uk. Non- personally identifiable visitor information may be provided to third parties for marketing, advertising or other uses.

External links

Users of the website are advised to adopt a policy of caution before clicking on any external web links. Clicking an external link will take the user away from our website. Once you leave our website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s terms and conditions. We cannot guarantee or verify the contents of any externally linked website and users click on external links at their own risk. Lash Harmony and its owners cannot be held liable for any damages, or the consequences of visiting any external links.

Social media platforms

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are subject to our terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate and/or engage with them with due care and caution in regard to their own privacy and personal details. This website nor its owners will not ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.

Lash Harmony uses social sharing buttons which help share web content directly from web pages to the social media in question. Users are advised that before using such social sharing buttons, that they do so at their own discretion, and should consider that the social media platform may track and save requests to share a web page, through the users’ social media platform account.

Payment processing

Lash Harmony uses Woohoo to host the online store and to process customer payments for our products and training courses. This third party follows standard procedures and requirements as laid down by applicable law to ensure that your personal information is kept secure and is protected to the highest standards. Transactions processed through a third party provider are not stored or processed by Lash Harmony.

You may be asked for your personal identification information on behalf of Lash Harmony and you should refer to the individual company’s privacy policies for further information:

PayPal: https://www.paypal.com/webapps/mpp/ua/privacy-full

Apple Pay: https://www.apple.com/uk/legal/privacy

Data Retention

We keep your personal information in accordance with our Data Retention Policy which reflects our needs to provide services to you as contracted and also as required to meet legal, statutory and regulatory obligations. The need to hold information is regularly reviewed and data will be disposed of when no longer required.

Data Security

Your personal data is only accessible by a limited number of persons who have special access rights to our systems and are required to keep the information confidential. We take appropriate steps to ensure the safe processing of personal data, however, we cannot guarantee the security of data transmitted through our website or by email. Any transmission is at your own risk.

Data Transfers

Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so the GDPR has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.

Lash Harmony will only transfer your personal data in accordance with relevant data protection law and if this is to a country outside of the EEA it will be to a country where there are ‘adequate’ or appropriate safeguards in place. The circumstances of this are:

EU-US Privacy Shield which provides similar protection to personal data shared between Europe and the US.

Rights of Data Subjects

Lash Harmony recognises a data subjects rights and will uphold these in accordance with data protection laws. You are entitled to see the information held about you and you may ask us about any of the following:

Subject access requests

Data subjects (i.e. individuals) have the right to access personal data that is held by submitting a subject access request (SAR) to Lash Harmony. We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information. A subject access request can be made by emailing us info@lashharmony.co.uk

Right to rectification

Data subjects have the right to request that we amend or change personal information that is inaccurate or incorrect.

Right to erasure

Data subjects have the right to ask us to delete personal information from our systems without giving any reason and at any time. We will act on any such request without delay.

Right to restrict processing

Data subjects have the right to rectification or erasure of personal data in the following circumstances:

  • Personal data is not accurate;
  • The processing of data is unlawful – data subjects may request that processing is restricted;
  • Data is required to exercise legal rights or defend legal claims;
  • Data is unlawful but there may be lawful grounds for processing, which override this right.

Right to data portability

Data subjects have the right to obtain and request the transfer of their data to different service providers.

Right to object

Data subjects have the right to object to the processing of data at any time based on their particular situation. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data under lawful grounds.

Right not to be subject to decisions based on automated processing

We do not use any automated processing that results in any automated decision based on a data subject’s personal information.

Using your rights

If you wish to invoke any of these rights, you should contact the person responsible for data protection by emailing us at info@lashharmony.co.uk

Data Breaches

We will report any unlawful breach of data as required by the GDPR within 72 hours of the breach occurring, if it is considered that there is an actual, or possibility, that data within our control including the control of our data processors, has been compromised. If the breach is classified as ‘high risk’ we will notify all data subjects concerned using an appropriate means of communication. We will report any relevant breaches to the ICO, see below.