For the purpose of the Data Protection Act 1998 (the Act) and from the 25 May 2018, the EU General Data Protection Regulation 2016/679 (the GDPR), the data controller is Cult Beauty Limited (company no. 6195011), having its registered office at 37 Chamberlain Street, Wells, Somerset BA5 2PQ United Kingdom (“Company/we/us”).
WHAT DO WE COLLECT AND HOW DO WE USE YOUR PERSONAL INFORMATION?
We may automatically collect non-personal information about you such as the type of internet browsers you use or the site from which you linked to our Site. You cannot be identified from this information and it is only used to assist us in providing an effective service on our Site. We may from time to time supply the owners or operators of third party sites from which it is possible to link to our Site with information relating to the number of users linking to our Site from their sites. You cannot be identified from this information.
MARKETING AND COMMUNICATION
It is very important to us that we provide you with the highest level of service. In order to help us do this, from time to time we may contact you using one of the contact methods you have provided, with details of our newsletters, surveys, products and services which we think may be of interest to you, as well as relevant advertising messages. If at any time you do not wish to receive emails from Cult Beauty, please click the 'unsubscribe' link included in the footer of every marketing email we send. Alternatively, send an e-mail message titled "unsubscribe" to firstname.lastname@example.org. Please note that active customers will continue to receive order and account communications from us.
LEGAL BASIS FOR USING YOUR INFORMATION?
Cult Beauty only uses or shares your personal information only where we have a proper reason to do so. These reasons are:
- Contract - your personal information is processed in order to fulfil a contractual arrangement e.g. in order to send you your Order
- Consent – where you agree to us using your information in this way e.g. for storing your payment card details
- Legitimate Interests - this means the interests of Cult Beauty in managing our business to allow us to provide you with the best products and service in the most appropriate way e.g. to manage our stock levels, for business development and risk management
- Legal Obligation – where there is statutory or other legal requirement to use or share the information e.g. when we have to use your information for law enforcement purposes or statutory compliance
Here is a list of the ways that we may use your personal information, and which of the reasons described above we rely on to do so. Where we list legitimate interests as a reason, we also describe below what we believe these legitimate interests are:
WHO WE SHARE YOUR INFORMATION WITH AND WHY
Other than the disclosures referred to in this policy, we will not disclose any personal information without your permission unless we are legally entitled or obliged to do so (for example, if required to do so by Court Order or for the purposes of prevention of fraud or other crime). We will only disclose and/or transfer your personal information to a third party having ensured that steps have first been taken to ensure that your privacy rights continue to be protected. Cult Beauty may disclosure or transfer personal information as part of a reorganisation or a sale of the assets of a Cult Beauty.
Cult Beauty works with a number of national and international trusted suppliers, individuals, agencies and businesses in order to provide you the high quality goods and services you expect from us such as delivery companies, fraud prevention agencies, beauty and cosmetic brands and market research companies amongst others. Some examples of the categories of third parties with whom we share your data are:
Cult Beauty works with a number of trusted partners who supply products and services on our behalf. We will only hold the minimum amount of personal information needed in order to fulfil the orders you place or for them to provide a service on our behalf.
DELIVERY AND LOGISTICS PARTNERS
In order for you to receive your goods, Cult Beauty works with a number of delivery and logistics partners. We only pass limited information to them in order to ensure successful delivery of your order.
Cult Beauty works with businesses and individuals who support our Site and business systems.
Cult Beauty works with marketing companies who help us manage our electronic communications with you or carry out surveys, analytics, and product reviews on our behalf.
PAYMENT PROCESSING COMPANIES
Cult Beauty works with trusted third party payment processing providers in order to securely take and manage payments.
KEEPING OUR RECORDS ACCURATE
We aim to keep our information about you as accurate as possible. If you would like to review or change the details you have supplied us with, or you would like to remove your published Submission from the Site you may do so at any time by using the Contact Us page on this Site.
You should be aware that the internet is an insecure environment. We have implemented technology and employee policies to help safeguard your privacy from unauthorised access and improper use. We will continue to update these measures, as appropriate, when new technology becomes available.
THIRD PARTY SITES AND SOCIAL MEDIA
We cannot be responsible for the privacy policies and practices of other third party sites (including but not limited to Facebook, YouTube, Twitter), or for advertisers on our site, even if you access them using links from our Site and we recommend that you check the policy of each site you visit. If you linked to our Site from a third party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and we recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions. Unless expressly stated, we are not agents for these third party sites or for any third party advertisers on our Site, nor are we authorised to make representations on their behalf.
TRANSFERRING YOUR PERSONAL INFORMATION OUTSIDE THE EUROPEAN ECONOMIC AREA
We may need, as part of the services offered to you though our Site, to communicate your details outside the European Economic Area (“EEA”).
We are obliged to satisfy ourselves before transferring your information to a country outside the EEA that it provides adequate protection for your data protection rights. Cult Beauty only transfers your personal information to those third parties where we can be sure that we can protect your privacy and your rights, for example the third party is located in a country which the EU has deemed to have adequate data protection laws in place, where that third party is certified on the EU-US Privacy Shield or where we have a contract in place with that third party which includes the European Commission's standard data protection clauses. Our Site is hosted on servers located in Ireland.
HOW LONG WE KEEP YOUR INFORMATION
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We will not keep your personal information for longer than is necessary for the purpose or purposes for which they are collected, unless there is another legal reason for us to retain the information. We will take all reasonable steps to destroy or erase from our systems all data which is no longer required. We will keep your personal information for the duration of your account being active and for 7 years after our contract with you has terminated.
WHAT ARE YOUR RIGHTS
We endeavour to process all personal information in line with your rights under GDPR. In particular, You have the rights to:-
- Withdraw your consent to Our processing your personal Information at any time. You can do this at any time by changing your “Preferences” when you log in to your account or by contacting us at email@example.com. In certain circumstances, We can process your personal Information without your consent in line with the lawful processing requirements in GDPR. These include (amongst other reasons) where processing is necessary to comply with a legal obligation, or to protect your vital interests
- Ask us to rectify inaccurate or incomplete personal Information. We would seek to rectify the data as soon as possible and usually within one month unless the request is complex
- Ask us to erase your personal Information. This is commonly referred to as the right to be forgotten. This right is only applicable where there is no compelling reason for the continued processing of your personal Information. There are some circumstances where this right to erasure does not apply and in such cases We would notify You of the reason(s) why We need to retain your personal Information (unless prevented to do so by law)
- Restrict processing of your personal Information where, for example, the data is inaccurate, being processed unlawfully or where the data is no longer relevant to the specific purpose for processing. In such cases, We would retain the data but We would not process it further without your consent, or if processing your Information is for establishing, exercising or defending a legal claim, or for the protection of rights of other individuals, or for public interest reasons. In such circumstances, We would let You know that We intend to lift the restriction on processing your personal Information
- Request access to your personal Information via a subject access request. your request should be made to us in writing and We may ask you for proof of your identity before providing You with the data. There is usually no fee for making such a request however, in limited circumstances, We can charge an administrative fee (which will be based on the administrative cost of providing the information)
- You have the right to ask us not to process your personal Information for marketing purposes (including profiling). We will usually inform You (before collecting your data) if We intend to use your data for such purposes or if We intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms We use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org
- Obtain and reuse your personal Information for your own purposes across different services (right to data portability). This right is only applicable to data that You have provided to us, where We are processing the data based on your consent or for the performance of a contract and when the processing is carried out by automated means. Where this right applies, the data will be provided to You in a structured, commonly used and machine-readable format
Please be aware that we will need to verify your identity before providing any personal information to you. We do this to protect your information. We may also ask you to provide us some additional voluntary information to help us process your request more efficiently.
If at any time you would like to contact us with your views about our privacy practices, or with any enquiry relating to your personal information, you can do so by sending an e-mail to us at email@example.com, or via post at Data Protection Officer, Cult Beauty Limited, 46 Colebrooke Row, London N1 8AF United Kingdom.
If you have any complaints regarding our handling of your personal Information, we would appreciate the chance to deal with your concerns in the first instance. However, if you wish, you may make a complaint directly to the Information Commissioner’s Office, the UK supervisory authority for data protection issues (www.ico.org.uk or 0303 123 1113)