GirlyGlam
MAKEUP & BEAUTY
Privacy & Cookie Policy...
Last updated: January 2020
www.girlyglam.co.uk ('Website') is provided by Zoe Hunter ('I'/'me'/'my').
In doing so, I may be in a position to receive and process personal information relating to you. As the controller of this information, I'm providing this Privacy Notice ('Notice') to explain my approach to personal information. This Notice forms part of my Terms & Conditions, which governs the use of this Website.
I intend only to process personal information fairly and transparently as required by data protection law including the General Data Protection Regulation (GDPR). In particular, before obtaining information from you (including through use of cookies) I intend to alert you to this Notice, let you know how I intend to process the information (including through use of cookies) and (unless processing is necessary for at least one of the 5 reasons outlined in clause 2 below) I'll only process the information if you consent to that processing. The GDPR also defines certain 'special categories' of personal information that's considered more sensitive. These categories require a higher level of protection, as explained below.
Of course, you may browse parts of this Website without providing any information about yourself and without accepting cookies. In that case, it's unlikely I'll possess and process any information relating to you.
I'll start this Notice by setting out the conditions I must satisfy before processing your data. The Notice also explains some of the security measures I take to protect your personal information, and tells you certain things I will or won't do. You should read this Notice in conjunction with the Terms & Conditions.
Sometimes, when you take a new service or product from me, or discuss taking a new service or product but decide against, I might wish to provide you with further information about similar services or products by email or other written electronic communication. In that situation, I will always give you the opportunity to refuse to receive that further information and if you change your mind please let me know. I'll endeavour to remind you of your right to opt-out on each occasion that I provide such information.
1 Identity and contact details
1.1 Place of business: 20 Avenue Road, Gorleston On Sea, Great Yarmouth, Norfolk, NR31 6NZ
2 When I'm allowed to collect information from you
I will only collect personal information relating to you if one of the following conditions have been satisfied:
2.1 You have clearly told me that you are content for me to collect that information for the certain purpose or purposes that I will have specified.
2.2 The processing is necessary for the performance a contract that I have with you.
2.3 The processing is necessary so that I can comply with the law.
2.4 The processing is necessary to protect someone's life.
2.5 The processing is necessary for performance of a task that's in the public interest.
2.6 The processing is necessary for my or another's legitimate interest - but in this case, I'll balance those interests against your interests.
3 How to consent
3.1 At the point of collecting the information, I'll endeavour to explain how I intend to use the information and which of these purposes apply. If I rely on consent, I'll provide you with the opportunity to tell me that you're happy to provide the information.
3.2 If at any point in time you change your mind and decide that you don't consent, please let me know and I'll endeavour to stop processing your information in the specified manner, or I'll delete your data if there is no continuing reason for possessing it.
3.3 If you don't consent to a particular bit of processing, I'll endeavour to ensure that the Website and my service continue to operate without the need for that information.
4 Sensitive information
4.1 Certain information I collect may be considered to be in a special category of personal information. In particular, it may relate to your health.
4.2 If I do collect such information as specified in clause 4.1, I'll also ensure that one of the additional reasons for processing outlined in Article 9 of the GDPR applies.
5 Types of personal data we collect:
Personal data means any information that may be used to identify you, such as, your name, phone number, email address or postal address.
There is a Get in Touch facility available on this website which will collect and provide GirlyGlam with the information you enter into the text boxes and the tick box preferences you have made. In light of GDPR I have endeavoured to make sure that the information I request is absolutely necessary and of Legitimate Interest to allow me to process your enquiry. This is otherwise known under GDPR as Legal Basis and is a requirement in law. In addition, I now include tick boxes to allow you to choose how you would like us to maintain contact with me, so that you can be sure your details won't be added to a company newsletter for example if you don't wish to receive such correspondence.
If you decide to book me for your event, I will of course require further information from you. Practical information such as directions and parking instructions. In addition, most clients will need to complete a medical questionnaire. This is a legal requirement and is a condition of my Public Liability Insurance.
Another example of personal information - Photos, are often taken of our work for two reasons:
1- At make-up and hair trials so that we can have a visual reminder of what we did for your special day. These are never shared before your event date.
2 - On the day of your event so that we can show off our skills to prospective clients on both this website and our social media accounts including but not limited to Facebook, Instagram, Twitter, Pinterest and Google+.
You will always be asked if you are happy for us to use your images and there is a space on the consultation form for you to sign to say if you are happy or not for images to be shared.
If you refuse to provide information requested, then if that information is necessary for a service I provide to you I may need to stop providing that service.
6 Using your personal information
6.1 Data protection, privacy and security are important to me, and I shall only use your personal information for specified purposes and shall not keep such personal information longer than is necessary to fulfil these purposes. The following are examples of such purposes. I have also indicated below which GDPR justification applies, however it will depend on the circumstances of each case. At the time of collecting I will provide further information, and you may always ask for further information from me.
6.1.1 To help me to identify you when you contact me. This will normally be necessary for the performance my contract.
6.1.2 To help me to administer and to contact you about improved administration of any services and products I have provided before, do provide now or will or may provide in the future. This will often be necessary, but sometimes the improvements will not be necessary in which case I will ask whether you agree.
6.1.3 To allow me to carry out marketing analysis and customer profiling (including with transactional information), conduct research, including creating statistical and testing information. This will sometimes require that you consent, but will sometimes be exempt as market research.
6.1.4 To allow me to contact you by written electronic means (such as email, text or multimedia messages) about products and services offered by me where:
6.1.4.1 these products are similar to those you have already purchased from me,
6.1.4.2 you were given the opportunity to opt out of being contacted by me at the time your personal information was originally collected by me and at the time of my subsequent communications with you, and
6.1.4.3 you have not opted out of me contacting you.
6.1.5 To allow me to contact you in any way (including mail, email, telephone, visit, text or multimedia messages) about products and services offered by me and selected partners where you have expressly consented to me doing so.
6.1.6 I may monitor and record communications with you (including phone conversations and emails) for quality assurance and compliance.
6.1.6.1 Before doing that, I will always tell you of my intentions and of the specific purpose in making the recording. Sometimes such recordings will be necessary to comply with the law. Alternatively, sometimes the recording will be necessary for my legitimate interest, but in that case I'll only record the call if my interest outweighs yours. This will depend on all the circumstances, in particular the importance of the information and whether I can obtain the information another way that's less intrusive.
6.1.6.2 If I think the recording would be useful for me but that it's not necessary I'll ask whether you consent to the recording, and will provide an option for you to tell me that you consent. In those situations, if you don't consent, the call will either automatically end or will not be recorded.
6.2 I will not disclose your personal information to any third party except in accordance with this Notice, and in particular in these circumstances:
6.2.1 They will be processing the data on my behalf as a data processor (where I'll be the data controller). In that situation, I'll always have a contract with the data processor as set out in the GDPR. This contract provides significant restrictions as to how the data processor operates so that you can be confident your data is protected to the same degree as provided in this Notice.
there are two main Data Processors whom we also use to process your information.
6.2.1.1 Our website provider allows secure access to the Get in Touch forms you complete, copies of which are forwarded to the company email account. Here is a link to their privacy policy: www.vistaprint.co.uk/customer-care. If you would rather not have your details travel to us via Vistaprint, you can instead email your responses to us direct at girlyglam.mail@gmail.com.
6.2.1.2 We use Go Formz, a third-party app to collate and store information taken at your appointment including your medical questionnaire. This is a secure app, completed forms are downloaded onto the company computer. Consultation forms remain on the app until your event, after which they are completely and manually deleted. Here is a link to their privacy policy: www.goformz.com/privacy
6.2.2 Sometimes it might be necessary to share data with another data controller. Before doing that I'll always tell you. Note that if I receive information about you from a third party, then as soon as reasonably practicable afterwards I'll let you know; that's required by the GDPR.
6.2.3 Alternatively, sometimes I might consider it to be in your interest to send your information to a third party. If that's the case, I'll always ask whether you agree before sending.
6.3 Where you give me personal information on behalf of someone else, you confirm that you have provided them with the information set out in this Notice and that they have not objected to such use of their personal information.
6.4 In connection with any transaction which I enter into with you:
6.5 I may allow other people and organisations to use personal information I hold about you in the following circumstances:
6.5.1 If I, or substantially all of my assets, are acquired or are in the process of being acquired by a third party, in which case personal information held by me, about my customers, will be one of the transferred assets.
6.5.2 If I have been legitimately asked to provide information for legal or regulatory purposes or as part of legal proceedings or prospective legal proceedings.
6.5.3 I may employ companies and individuals to perform functions on my behalf and I may disclose your personal information to these parties for the purposes set out above, for example, for sending postal mail and email, removing repetitive information from customer lists, analysing data, providing marketing assistance, providing search results and links (including paid listings and links) and providing customer service. Those parties will be bound by strict contractual provisions with me and will only have access to personal information needed to perform their functions, and they may not use it for any other purpose. Further, they must process the personal information in accordance with this Notice and as permitted by the GDPR. From time to time, these other people and organisations to whom I may pass your personal information may be outside the European Economic Area. I will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Notice and the GDPR.
7 Protecting information
7.1 I have strict security measures to protect personal information.
7.2 I work to protect the security of your information during transmission by using appropriate technology to encrypt information you input.
7.3 I maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer information. My security procedures mean that I may occasionally request proof of identity before I disclose personal information to you.
8 The internet
8.1 If you communicate with me using the internet, I may occasionally email you about my services and products. When you first give me personal information through the Website, I will normally give you the opportunity to say whether you would prefer that I don't contact you by email. You can also always send me an email (at the address set out below) at any time if you change your mind.
8.2 Please remember that communications over the internet, such as emails and webmails (messages sent through a website), are not secure unless they have been encrypted. Your communications may go through a number of countries before they are delivered - this is the nature of the internet. I cannot accept responsibility for any unauthorised access or loss of personal information that is beyond my control.
9 Cookies and other internet tracking technology
9.1 When I provide services, I want to make them easy, useful and reliable. This sometimes involves placing small amounts of information on your computer, which is sent back to me at a later time. These are called 'cookies'. These cookies are listed in the table at clause 9.5. Some websites don't use cookies but use related technology for gaining information about website users such as JavaScript, web beacons (also known as action tags or single-pixel gifs), and other technologies to measure the effectiveness of their ads and to personalise advertising content. Multiple cookies may be found in a single file depending on which browser you use.
9.2 Where applicable, this section of the Notice also relates to that technology but the term 'cookie' is used throughout.
9.3 Some of these cookies are essential to services you've requested from me, whereas others are used to improve services for you, for example through:
9.3.1 Letting you navigate between pages efficiently
9.3.2 Enabling a service to recognise your computer so you don't have to give the same information during one task
9.3.3 Recognising that you have already given a username and password so you don't need to enter it for every web page requested
9.3.4 Measuring how many people are using services, so they can be made easier to use and that there is enough capacity to ensure they are fast
9.4 To learn more about cookies, you may wish to visit: www.allaboutcookies.org, www.youronlinechoices.eu or www.google.com/policies/technologies/cookies/
9.5 As with any other information I may collect from you, I'll work to protect the security of your information during transmission by using by using appropriate technology to encrypt information you input.
9.6 The Website may include links to third-party websites. I do not provide any personally identifiable customer personal information to these third-party websites unless you've consented in accordance with this privacy notice.
9.7 I exclude all liability for loss that you may incur when using these third-party websites.
10 Further information
10.1 If you would like any more information or you have any comments about this Notice, please either write to me at Data Protection Manager, Zoe Hunter, 20 Avenue Road, Gorleston On Sea, Great Yarmouth, Norfolk, NR31 6NZ, or email me at girlyglam.mail@gmail.com.
10.2 Please note that I may have to amend this Notice on occasion, for example if I change the cookies that I use. If I do that, I will publish the amended version on the Website. In that situation I will endeavour to alert you to the change, but it's also your responsibility to check regularly to determine whether this Notice has changed.
10.3 You can ask me for a copy of this Notice by writing to the above address or by emailing me at girlyglam.mail@gmail.com. This Notice applies to personal information I hold about individuals. It does not apply to information I hold about companies and other organisations.
10.4 If you would like access to the personal information that I hold about you, you can do this by emailing me at girlyglam.mail@gmail.com or writing to me at the address noted above. There is not normally a fee for such a request, however if the request is unfounded, repetitive or excessive I may request a fee or refuse to comply with your request. You can also ask me to send the personal information I hold about you to another controller.
10.5 I aim to keep the personal information I hold about you accurate and up to date. If you tell me that I'm holding any inaccurate or incomplete personal information about you, I will promptly amend, complete or delete it accordingly. Please email me at girlyglam.mail@gmail.com or write to me at the address above to update your personal information. You have the right to complain to the Information Commissioner's Office if I don't do this.
10.6 You can ask me to delete the personal information that I hold about you if I relied on your consent in holding that information or if it's no longer necessary. You can also restrict or object to my processing of your personal information in certain circumstances. You can do this by emailing me at girlyglam.mail@gmail.com or writing to me at the address noted above.
10.7 How long we keep your personal data for:
10.7.1 Emails: We delete emails after 7 years as they often contain information that is connected with your Consultation Forms. However, in most cases these can be deleted upon request. In the event that we cant, we would explain fully the reasons why.
10.7.2 Consultation forms: We have a legal obligation to keep these for 7 years from the date of treatment in order to satisfy company insurance requirements. For those who were under 18 on the day of treatment, forms have to be kept for 7 years from the date of their 18th birthday.
10.7.3 Invoices and Account: To satisfy HMRC rules, these documents must be kept for 5 years after the 31 January submission deadline of the relevant tax year. These documents are carefully filed at the end of each accounting year and are not accessed again until the date they can be destroyed unless there is a legal obligation that requires access.
10.7.4 Images: A selection of images of our clients may be displayed on this website and our Social Media Accounts as listed above. We don't display images without your permission and they can be removed on request.
10.8 I will tell you if there is a breach, or a likely breach, of your data protection rights.
Regular updates of the Privacy Policy are completed, requiring you to check back on this Policy from time to time. This version was updated in January 2020.