GLORY SKIN LTD
DATA PROTECTION POLICY
Glory Skin LTD is committed to being transparent about how it collects and uses your personal data to meet its data protection obligations. This policy sets out Glory Skin LTD’s commitment to data protection, and individual rights in relation to personal data.
"Personal data" is any information that relates to an individual who can be identified from that information. Processing is any use that is made of data, including collecting, storing, amending, disclosing or destroying it.
Data protection principles
Glory Skin LTD processes personal data in accordance with the following data protection principles:
· Glory Skin LTD processes personal data lawfully, fairly and in a transparent manner.
· Glory Skin LTD collects personal data only for specified, explicit and legitimate purposes.
· Glory Skin LTD processes personal data only where it is adequate, relevant and limited to what is necessary for the purposes of processing.
· Glory Skin LTD keeps accurate personal data and takes all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay.
· Glory Skin LTD keeps personal data only for the period necessary for processing.
· Glory Skin LTD adopts appropriate measures to make sure that personal data is secure, and protected against unauthorised or unlawful processing, and accidental loss, destruction or damage.
Glory Skin LTD tells individuals the reasons for processing their personal data, how it uses such data and the legal basis for processing in its privacy notices. It will not process personal data of individuals for other reasons. Personal data will only be used in connection with Glory Skin LTD and the business we carry out.
Glory Skin LTD keeps a record of its processing activities in respect of personal data in accordance with the requirements of the General Data Protection Regulation (GDPR).
As a data subject, individuals have a number of rights in relation to their personal data.
Subject access requests
Individuals have the right to make a subject access request. If an individual makes a subject access request, Glory Skin LTD will tell him/her:
· whether or not his/her data is processed and if so why, the categories of personal data concerned and the source of the data if it is not collected from the individual;
· to whom his/her data is or may be disclosed, including to recipients located outside the European Economic Area (EEA) and the safeguards that apply to such transfers;
· for how long his/her personal data is stored (or how that period is decided);
· his/her rights to rectification or erasure of data, or to restrict or object to processing;
· his/her right to complain to the Information Commissioner if he/she thinks Glory Skin LTD has failed to comply with his/her data protection rights; and
· whether or not Glory Skin LTD carries out automated decision-making and the logic involved in any such decision-making.
Glory Skin LTD will also provide the individual with a copy of the personal data undergoing processing. This will normally be in electronic form if the individual has made a request electronically, unless he/she agrees otherwise.
If the individual wants additional copies, Glory Skin LTD will charge a fee, which will be based on the administrative cost to Glory Skin LTD of providing the additional copies.
To make a subject access request, the individual should send the request to: email@example.com In some cases, Glory Skin LTD may need to ask for proof of identification before the request can be processed. Glory Skin LTD will inform the individual if it needs to verify his/her identity and the documents it requires.
Glory Skin LTD will normally respond to a request within a period of one month from the date it is received. In some cases, such as where Glory Skin LTD processes large amounts of the individual's data, it may respond within three months of the date the request is received. Glory Skin LTD will write to the individual within one month of receiving the original request to tell him/her if this is the case.
If a subject access request is manifestly unfounded or excessive, Glory Skin LTD is not obliged to comply with it. Alternatively, Glory Skin LTD can agree to respond but will charge a fee, which will be based on the administrative cost of responding to the request. A subject access request is likely to be manifestly unfounded or excessive where it repeats a request to which Glory Skin LTD has already responded. If an individual submits a request that is unfounded or excessive, Glory Skin LTD will notify him/her that this is the case and whether or not it will respond to it.
Individuals have a number of other rights in relation to their personal data. They can require Glory Skin LTD to:
· rectify inaccurate data;
· stop processing or erase data that is no longer necessary for the purposes of processing;
· stop processing or erase data if the individual's interests override Glory Skin LTD's legitimate grounds for processing data (where Glory Skin LTD relies on its legitimate interests as a reason for processing data);
· stop processing or erase data if processing is unlawful; and
· stop processing data for a period if data is inaccurate or if there is a dispute about whether or not the individual's interests override Glory Skin's legitimate grounds for processing data.
To ask Glory Skin to take any of these steps, the individual should send the request to firstname.lastname@example.org.
Glory Skin LTD takes the security of personal data seriously. Glory Skin LTD has internal policies and controls in place to protect personal data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except in the proper performance of their duties.
Where Glory Skin LTD engages third parties to process personal data on its behalf, such parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical measures to ensure the security of data.
If Glory Skin LTD discovers that there has been a breach of personal data that poses a risk to the rights and freedoms of individuals, it will report it to the Information Commissioner within 72 hours of discovery. Glory Skin LTD will record all data breaches regardless of their effect.
If the breach is likely to result in a high risk to the rights and freedoms of individuals, it will tell affected individuals that there has been a breach and provide them with information about its likely consequences and the mitigation measures it has taken.
International data transfers
Glory Skin LTD will not transfer personal data to countries outside the EEA.
Personal data processed by us
We process personal data that we obtain with your consent through your application to join the member register and through your ongoing relationship with us. This will include your name, e-mail address and information about your purchases from us.
How we use the personal data
We always process personal data in accordance with applicable law, and we have implemented appropriate security measures to protect your personal data from misuse, unauthorised access or disclosure, loss, alteration or destruction. We process your personal data to provide you with information about our products, services, news, events, promotions and other activities that may be of interest to you and to develop and improve our products and services. In addition, we may process personal data to fulfil our legal obligations under law. We may share your personal data with our service providers (e.g. those storing your personal data or sending out emails on our behalf) in connection with the above purposes. This will be done confidentially and only to the extent permitted by applicable laws. Some of these providers may be located outside of the EEA including the US. Some of these countries may not have equivalent data protection laws to that which applies in your country. However, when we transfer your data, we will keep it secure and ensure that appropriate safeguards are in place to ensure there is adequate protection. We will keep your data until you decide to leave the member register. If we sell all or part of our business, or make a sale or transfer of assets, including a sale in bankruptcy or are otherwise involved in a merger or business transfer, we may transfer your personal data to a third party as part of that transaction.
Your consent and your choices
By joining our member register you agree that we may contact you by email with respect to our products, services, news, events, promotions and other activities that may be of interest to you. You also agree that we may use the information you provide in connection with the member register to develop and improve our products and services and to serve as a basis for market and customer analysis to send you tailored and personalised communications. Once you join, you will be sent a one off email asking you to confirm your membership. If you do not respond, your membership will not be confirmed and we will not process your personal data as set out in this Policy. Once you have joined the member register, you may at any time choose to withdraw your consent to receiving marketing material from us and terminate your membership in the member register by contacting us at GLORY SKIN LTD, or following the unsubscribe link in any email communication. If you wish to access your personal data, you should contact GLORY SKIN LTD, and give sufficient information to enable you and your data to be identified. You may also have the right to ask us to rectify, block, complete, erase, restrict and object to the processing of data which relates to you and to request an explanation about the processing by contacting GLORY SKIN LTD, . In the EEA, you may also make a complaint to the relevant supervisory body or seek a remedy through the courts if you believe your rights have been breached. There are exceptions to these rights so access may be denied, for example where we are legally prevented from making a disclosure. In all cases, the provision of personal information in connection with the member register is voluntary. If you have any other questions regarding this Policy, you are welcome to contact us at GLORY SKIN LTD, . We may continue to process your personal data as required for us to fulfil our legal obligations.