We’ll keep this page updated to show you all the things we do with your personal data. This policy only applies if you interact with Be For Beauty in any way (customer or employee) visit our website - desktop or mobile, email, call or write to us. In certain circumstances we may also provide an extra privacy notice, which will always refer to this page.
To be clear, we’ll never sell your personal data and will only share it with organisations we work with when it’s necessary and the privacy and security of your data is assured.
Who are ‘we’?
In this policy, whenever you see the words ‘we’, ‘us’, ‘our’, ‘Be’, or ‘Be For Beauty’ it refers to Brand Evangelists For Beauty Limited.
Brand Evangelists For Beauty (Reg. Co. number 10787576) is a beauty brand and a beauty product development house. We carry out commercial trading activities via our website www.beforbeauty.co.uk where we promote and sell our current brands and products and share details of our new and upcoming brands.
What personal data do we collect?
Your personal data (any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address) will be collected and used by us.
We’ll only collect the personal data that we need.
We collect personal data in connection with specific activities such as placing an order, conducting research, employment etc.
You can give us your personal data by filling in forms on our website, making a purchase via our website, participating in discussion boards, subscribing to take part in research on our website or other social media functions on our website, entering a competition, promotion or survey or by corresponding with us (by phone, email) or in the future by creating a Be For Beauty account.
This personal data may include name, title, address, date of birth, age, gender, employment status, email address, telephone numbers, personal description, photographs, usernames and passwords).
Personal data provided by you
This includes information you give when interacting with us; when your placing an order or communicating with us. For example:
- Personal details (name, date of birth, email, address, telephone, etc)
- Financial information (payment information such as credit, debit card or PayPal details)
Information from third parties
We may in the future, buy anonymous external data (e.g. census data, Experian MOSAIC, etc) and combine it with your personal data at an aggregated level to build profiles which may help us work out what you’re most likely to want to hear from us about and how.
How we use your personal data
We’ll only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation (from 25 May 2018)/UK Data Protection Act and Privacy of Electronic Communication Regulation.
Personal data provided to us will be used for the purpose or purposes outlined in any fair processing notice in a transparent manner at the time of collection or registration where appropriate, in accordance with any preferences you express. If asked by the police, or any other regulatory or government authority investigating suspected illegal activities, we may need to provide your personal data.
Your personal data may be collected and used to help us complete your order or request. Below are the main uses of your data:
Your privacy is important to us, so we’ll always keep your details secure. We’d like to use your details to keep in touch about things that you may be interested in, but we will not do this without your specific consent.
If you choose to hear from us we may send you information based on what is most relevant to you or things you’ve told us you like. We may also show you relevant content online. This might be about products or competitions we think you might want to hear about.
We’ll only send these to you if you agree to receive them and we will never share your information with companies outside Be For Beauty for inclusion in marketing. (We may however share cookie data with third parties to help with our own advertising targeting). If you agree to receive marketing information from us, you can change your mind at a later date.
Personal data provided to us may also be profiled to help us with advertising targeting. Or we may use your personal data to find online users with a similar profile to yourself who may be interested in our products or services.
We may sometimes use third parties to capture some of our data on our behalf, but only where we are confident that the third party will treat your data securely, in accordance with our terms and in-line with the requirements set out in the GDPR.
How you can change your contact preferences.
We’d love to keep in touch, but we understand that you might change your mind in the future. If you want to stop hearing from us we ensure it’s as east to opt out as opt in. All of our email marketing contains an unsubscribe link which will remove you from our email list immediately. Alternatively you can email us directly at email@example.com and we’ll ensure that you are removed from all mailing lists.
Please note that you will still continue to receive contact from us when required to provide relevant information in relation to services provided by us to you, for example order confirmation, order and delivery updates or feedback on our services.
We’ll always act upon your choice of how you want to receive communications (for example, by email, post or phone).
Please note that you will still receive information from us
Recipients of data (third-party processing)
We may at times, pass your personal data on to third-party service providers contracted to us in the course of dealing with you. These may include for example but not limited to, couriers, fulfilment houses, credit card processing companies or other services required in the fulfilment of your order. In addition, this may also include marketing and advertising services. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the legal purpose of our business. When they no longer need your data to fulfil this service, they will dispose of the details securely. We only use sub-contracted processors who have demonstrated sufficient guarantees of compliance.
If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent unless we are legally required to do otherwise.
Transfers of personal data to third countries
We do not transfer personal data outside of the EEA.
We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. We are required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices.
We will generally process personal data for a period of six years. After this period, the data will be anonymised and used for reference purposes only.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
The right to be informed
- We will inform you of what personal information we collect and how this is used. This privacy notice is how we inform you of this information.
- We will inform you of any changes to the way we process your data.
The right of access
- You have the right to request a copy of the information that we hold about you.
The right of rectification
- You have a right to correct data that we hold about you that is inaccurate or incomplete.
The right to erasure
- In certain circumstances you can ask for the data we hold about you to be erased from our records.
The right to restrict processing
- Where certain conditions apply to have a right to restrict the processing.
The right to data portability
- You have the right to have the data we hold about you transferred to another organisation.
The right to object
- You have the right to object to certain types of processing such as direct marketing.
Rights in relation to automated decision making and profiling
- You also have the right not to be subject to automated processing or profiling.
We know it’s important to our customers that we use our resources appropriately. So, we use automated profiling and targeting to help us understand our customers and make sure that:
- our communications (e.g. emails) and services (e.g. our website) are relevant, personalised and interesting to you
- our services meet the needs of our customers
- we use our resources responsibly and keep our costs down
We use specific tools to profile how you interact with us online, for example, Adobe Analytics, Google Analytics and Shopify CMS. Much of the information we collect is aggregated, however we may also collect some personal data for the use of personalising your experience, optimising our marketing campaigns, and to ensure the site is functioning as intended.The personal information that is collected includes transactional information (i.e. order number) We will also collect data on individual user activity when they create or log into a Be For Beauty account. This information takes the form of an encrypted string. If you’ve agreed that we can contact you for marketing purposes, we may also gather additional information about you from external sources, for example: updates to address and contact information, or publicly available information regarding your wealth, earnings and employment at an aggregate level. This analysis may be carried out by us or by third party organisations working for us. We may also host encrypted personal data on third party websites (e.g. social media platforms) to ensure that you only see relevant, personalised and interesting content from those organisations.
Recruitment and employment
In order to comply with our contractual, statutory, and management obligations and responsibilities, we process personal data, including Special Category Personal data, from job applicants and employees.
Such data can include, but isn’t limited to, information relating to health, racial or ethnic origin, and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data, without explicit consent. Further information on what data is collected and why it’s processed is given below.
Contractual responsibilities: Our contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts.
Statutory responsibilities: Our statutory responsibilities are those imposed through law on the organisation as an employer. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, equal opportunities monitoring.
Management responsibilities: Our management responsibilities are those necessary for the organisational functioning of the organisation. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, e-mail address and telephone number.
Special Category personal data
The Act defines Special Category personal data as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.
In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee.
(a) We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consent.
(b) We will process data about, but not limited to, an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions.
(c) Data about an employee’s criminal convictions will be held as necessary.
Disclosure of personal data to other bodies
In order to carry out our contractual and management responsibilities, we may, from time to time, need to share an employee’s personal data with one or more third party supplier.
To meet the employment contract, we are required to transfer an employee’s personal data to third parties, for example, to pension providers and HM Revenue & Customs.
In order to fulfil our statutory responsibilities, we’re required to give some of an employee’s personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs.
Updating your data and marketing preferences
We want you to remain in control of your personal data. If, at any time, you want to update or amend your personal data or marketing preferences please contact us via firstname.lastname@example.org
In the event that you wish to make a complaint about how your personal data is being processed by us (or third parties as described in 5.0 above), you have the right to lodge a complaint directly with our data protection representative detailed in 1.4 above.
In the event you wish to make a compliant on how your initial complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority. The contact details are:
Information Commissioner’s Office
Wycliffe House Water Lane Wilmslow Cheshire SK9 5AFwww.ico.org.uk
UK Calls - 0303 123 1113
Outside UK - +44 1625 545 700