PLEASE READ THIS POLICY CAREFULLY, IF YOU DO NOT ACCEPT THESE TERMS YOU ARE ADVISED NOT TO USE THE WEBSITE
This policy was last updated: 7 June 2020
Use of this website, www,lashharmony.co.uk, constitutes your legal agreement to the terms within this policy and your acceptance of this policy is deemed to occur upon your first use of the website.
Lash Harmony may change this policy from time to time by updating this page. You should check this page before using the website to ensure that you are aware of and accept any changes.
About this Policy
We will take all reasonable steps to ensure that personal information is safeguarded and kept in accordance with the law.
By providing us with your data, you warrant that you are over 13 years of age.
The correspondence address of Lash Harmony is New England House, 555 Lincoln Road, Peterborough PE1 2PB.
Where we manage personal data, we identify as a Data Controller and recognise and act on our obligations under applicable data protection laws. For any issues relating to data protection the person responsible is Inesa Svetkina.
What personal data do we collect?
Information that you provide to us is retained and processed in accordance with UK data protection legislation. This includes data given to us from the following:
General communications with us
Details of phone calls to us may be recorded and any data may be retained and processed on the basis of being for our legitimate business needs or in order to fulfil our contractual obligations if you are a client of ours.
We use social media to engage with users and link to our Facebook and Instagram pages. We do not keep any specific data that identifies you as an individual user but we do have limited details of our followers on these platforms. You should refer to the Privacy Policies of these channels to understand how they treat your data in relation to linking to our site.
We may ask you for a testimonial in relation to our services that may be used on our website or social media. Your full name may be used if you give us consent.
Special categories of data
Some of the information you provide to us may be considered sensitive personal data which includes information about a data subjects ethnic or racial origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life or criminal record. We will take appropriate measures to ensure the confidentiality of any special category data.
We do not market this website at those under 18 years old. Consistent with the GDPR we will never knowingly request personally identifiable information from anyone under the age of 16 years old.
We will take appropriate steps to delete any personal data of individuals less than 16 years of age that has been collected on our website upon learning of the existence of such data.
Information we get from other sources
From time to time, we may need to obtain information from third parties about you. This will only apply where it is necessary to provide our services and as permitted by law.
How do we use your data?
We may use the information we collect from you in the following ways:
- To administer and improve the website;
- To personalise the content and your experience of the website;
- To allow us to respond to communications sent to us;
- To process your transactions;
- To send you email notifications which you have specifically requested;
- To send to you marketing communications, where expressly agreed;
- To provide third parties with statistical information about our users;
- To ask for feedback, reviews or testimonials;
- To publish photographs representative of our services for promotional purposes;
- To deal with enquiries and complaints made by or about you relating to the website.
Users of this website do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.
We may use Data Processors who act on our instruction in relation to the management of your data and they must adhere to all data protection laws and regulations. We will ensure that any Data Processors used only operate on our written instructions and comply with their obligations under the GDPR. You will be informed of any other Data Controllers who have access to your data and who may determine processing activities separately to us, or as a Joint Data Controller.
We will send you marketing emails if we have your consent or if we have an ongoing relationship with you which qualifies as a legitimate business interest. Where consent is used as the legal basis for processing, you have the option not to give consent and to withdraw consent at any time. You may withdraw your consent by contacting us at firstname.lastname@example.org. Non- personally identifiable visitor information may be provided to third parties for marketing, advertising or other uses.
Social media platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are subject to our terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate and/or engage with them with due care and caution in regard to their own privacy and personal details. This website nor its owners will not ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
Lash Harmony uses social sharing buttons which help share web content directly from web pages to the social media in question. Users are advised that before using such social sharing buttons, that they do so at their own discretion, and should consider that the social media platform may track and save requests to share a web page, through the users’ social media platform account.
Lash Harmony uses Woohoo to host the online store and to process customer payments for our products and training courses. This third party follows standard procedures and requirements as laid down by applicable law to ensure that your personal information is kept secure and is protected to the highest standards. Transactions processed through a third party provider are not stored or processed by Lash Harmony.
You may be asked for your personal identification information on behalf of Lash Harmony and you should refer to the individual company’s privacy policies for further information:
Apple Pay: https://www.apple.com/uk/legal/privacy
We keep your personal information in accordance with our Data Retention Policy which reflects our needs to provide services to you as contracted and also as required to meet legal, statutory and regulatory obligations. The need to hold information is regularly reviewed and data will be disposed of when no longer required.
Your personal data is only accessible by a limited number of persons who have special access rights to our systems and are required to keep the information confidential. We take appropriate steps to ensure the safe processing of personal data, however, we cannot guarantee the security of data transmitted through our website or by email. Any transmission is at your own risk.
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so the GDPR has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Lash Harmony will only transfer your personal data in accordance with relevant data protection law and if this is to a country outside of the EEA it will be to a country where there are ‘adequate’ or appropriate safeguards in place. The circumstances of this are:
EU-US Privacy Shield which provides similar protection to personal data shared between Europe and the US.
Rights of Data Subjects
Lash Harmony recognises a data subjects rights and will uphold these in accordance with data protection laws. You are entitled to see the information held about you and you may ask us about any of the following:
Subject access requests
Data subjects (i.e. individuals) have the right to access personal data that is held by submitting a subject access request (SAR) to Lash Harmony. We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information. A subject access request can be made by emailing us email@example.com
Right to rectification
Data subjects have the right to request that we amend or change personal information that is inaccurate or incorrect.
Right to erasure
Data subjects have the right to ask us to delete personal information from our systems without giving any reason and at any time. We will act on any such request without delay.
Right to restrict processing
Data subjects have the right to rectification or erasure of personal data in the following circumstances:
- Personal data is not accurate;
- The processing of data is unlawful – data subjects may request that processing is restricted;
- Data is required to exercise legal rights or defend legal claims;
- Data is unlawful but there may be lawful grounds for processing, which override this right.
Right to data portability
Data subjects have the right to obtain and request the transfer of their data to different service providers.
Right to object
Data subjects have the right to object to the processing of data at any time based on their particular situation. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data under lawful grounds.
Right not to be subject to decisions based on automated processing
We do not use any automated processing that results in any automated decision based on a data subject’s personal information.
Using your rights
If you wish to invoke any of these rights, you should contact the person responsible for data protection by emailing us at firstname.lastname@example.org
We will report any unlawful breach of data as required by the GDPR within 72 hours of the breach occurring, if it is considered that there is an actual, or possibility, that data within our control including the control of our data processors, has been compromised. If the breach is classified as ‘high risk’ we will notify all data subjects concerned using an appropriate means of communication. We will report any relevant breaches to the ICO, see below.