We are committed to protecting and treating your personal data in compliance with UK data protection legislation in force including the Data Protection Act 2018 (“DPA”) or any successor legislation, as well as the United Kingdom General Data Protection Regulation (UK GDPR) 2021 or any successor legislation from time to time in force, (collectively referred to as “the Regulations”).
You have the right to object to us processing your personal data for our legitimate business interests or for direct marketing purposes (including any related profiling). For more information about your rights and how you can exercise them, please see the section Your rights.
Personal data is any information which identifies you personally whether directly (for example, your name) or indirectly (for example, information about your use of our products and services).
We collect your data in 4 ways:
The data we collect about you includes:
What are Cookies?
What cookies are used on this Site?
The cookies we and our business partners use on our Site are broadly grouped into the following categories:
How can I reject or opt out of receiving cookies?
Third party cookies
Some of the cookies described in the “What Cookies are used on our Site” section above are stored on your machine by third parties when you use our Site. Third parties may also read cookies on your browser to collect information or to serve content or advertisements to you. We have no control over these cookies or how the third parties use them. They are used to allow that third party to provide a service to us, for example analytics. For more information on these cookies and how to disable them, please see:
Data protection law requires us to only process your personal data if we satisfy one or more legal grounds. These are set out in data protection law, and we rely on a number of different grounds for the processing we carry out. These are as follows:
In certain circumstances, we process your personal data after obtaining your consent to do so for the purposes of:
Necessary for the performance of a contract and to comply with our legal obligations
It is necessary for us to process your basic contact details, payment details and information about the business you represent for the performance of the Trading Terms or Terms of Trading between us. In particular, we rely on this legal ground to:
If you choose not to give some or all of the aforementioned information to us, this may affect our ability to provide our products and services to you.
In certain circumstances, we also use your personal data only to the extent required in order to enable us to comply with our legal obligations, including to detect, investigate and prevent fraud.
Necessary for the purposes of our legitimate business interests or those of a third party
It is sometimes necessary to collect and use your personal data for the purposes of our legitimate interests as a business, which are to:
Where we think there is a risk that one of your interests or fundamental rights and freedoms may be affected, we will not process your personal data unless there is another legal ground for us to do so (either that we have obtained your consent to the processing, or it is necessary for us to perform our contract with you or to comply with our legal obligations).
We may provide your personal data to our suppliers and service providers who provide certain business services for us and act as “processors” of your personal data on our behalf. In addition, we may disclose your personal data if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to protect the rights, property, or safety, of our business, our customers or others. This includes, in specific cases, exchanging information with other organisations for the purposes of fraud protection.
We retain your personal data for no longer than is necessary for the purposes(s) for which it was provided. What this means in practice will vary between different types of data. When determining the relevant retention periods, we consider factors including:
Otherwise, we securely erase your personal data from our systems when it is no longer needed.
You have the following rights regarding your personal data:
1. Rights to be informed
2. Right of access
3. Right to rectification You are entitled to have your personal data corrected if it is
inaccurate or incomplete.
4. Right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enable you to request the deletion or removal of your personal data where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
5. Right to restrict processing
You have the right to ‘block’ or supress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further.
6. Right of data portability
You have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
7. Right to object to processing
You have the right to object to us processing your personal data for our legitimate business interests or for direct marketing purposes (including in each case any related profiling).
8. Right to withdraw consent to processing
If you have given your consent to us to process your personal data for a particular purpose (for example, direct marketing), you have the right to withdraw your consent at any time (although if you do so, it does not mean that any processing of your personal data up to that point is unlawful).
9. Right to make a complaint to the data protection authorities
You have the right to make a complaint to the Information Commissioner’s Office (ICO) if you are unhappy with how we have handled your personal data or believe our processing of your personal data does not comply with data protection law.
If you would like to exercise your data protection rights or if you are unhappy with how we have handled your personal data, please feel free to contact us:
Email us at: email@example.com
Write to us at: Olive & Gracie Beauty & Wellbeing, 2 Northload Street, Glastonbury, Somerset BA6 9JJ
If you’re not satisfied with our response to any enquiries or complaint or believe our processing of your personal data does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) by: