Eden Retreat Aesthetics is a sole-trader and having its registered office at Eden Retreat, Grinsdale, Carlisle, CA5 6DS (we, us and our). For the purposes of the Data Protection Act 1998, as that Act may be amended or replaced, (“Data Protection Legislation”), we are the data controller.
We are committed to protecting your privacy. This policy explains how we use personal data we may obtain from or about you in relation to your use of our Services or the Site.
To help makes things clearer we use the following terms to describe the different categories of individuals:
- Browser: means any person accessing our Site.
- User: means (i) an individual to whom we are contracted to provide the Services (being a sole trader or someone using the Services in a personal capacity) or (ii) an individual employee, consultant or contractor of one of our customers, who is authorised to use the Services by that customer.
Information we may collect from you
We may collect and process the following information about you:
- Query Information: this is the information you provide when you use the Contact section of our Site to send a message or ask a question or to request one of our guidance materials or subscribe to our educational emails.
- Registration Information: this is the email log-in and password details if you are a User.
- Account Information: this is the information on a User’s use of the Services.
- Survey Information: this is information from surveys that we may, from time to time, run on the Site for research purposes, if you choose to respond to, or participate in, them.
When you interact with the Site, we try to make that experience simple and meaningful. When you visit our Site, our web server sends a cookie to your computer or mobile device (as the case may be). Cookies are small pieces of information which are issued to your computer or device when you visit a website or access or use a mobile application and which store and sometimes track information about your use of the Site. Several cookies we use last only for the duration of your Site session and expire when you close your browser. Other cookies are used to remember you when you return to the Site and will last for longer.
We use only “analytical” cookies in order to:
- remember that you have visited us before; this means we can identify the number of unique visitors we receive;
- customise elements of the promotional layout and/or content of the pages of the Site; and
- collect anonymous statistical information about how you use the Site (including how long you spend on the Site) and where you have come to the Site from, so that we can improve the Site and learn which parts of the Site are most popular.
Most web and mobile device browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browser or mobile device. Please note, however, that by blocking or deleting cookies used on the Site, you may not be able to take full advantage of the Site.
Uses made of your information
We will use the information held about you in the following ways:
- we use Query Information to deal with and respond to your comments, queries and requests;
- we use Cookie Information as explained in the Cookie section above;
- we use Registration Information in relation to setting up your account to enable us to provide our Services;
- we use Registration Information to contact Users about any changes to the Services.
- we use Account Information to check that use of the Services is in accordance with our customer agreements;
- we use Registration Information for the purposes of security, and prevention and detection of fraud;
- we use Registration Information to contact Users with marketing materials where we are entitled to do; and
- we use Survey Information for the purposes of market research.
Basis for processing
- We are entitled to use your data as described in paragraph 1 above as we are responding to your request and therefore have your consent to this processing.
- We are entitled to use your data as described in paragraphs 3, 4 and 5 as we require to do this as part of our contractual obligations to provide the Services.
- We are entitled to use your data as described in paragraphs 2, 6, 7 and 8 above as the purposes stated are within our legitimate interests.
We share personal information in the following ways:
- In the event that we sell or buy any business or assets, in which case we may disclose personal data to the prospective seller or buyer of such business or assets but only to the extent this is reasonably necessary and cannot reasonably be redacted.
- We may disclose your personal information if we are under a duty to disclose or share your personal data to comply with any legal obligation.
- We may disclose personal information if we believe that such action is necessary to prevent fraud or cyber-crime or to protect the Site or rights, property or personal safety of any person.
- We may disclose your personal information to a third-party technology partner with who we engage with to provide any discrete element of our Services or the technology platform on which it runs (“Third Party Provider”). All disclosures or transfers of personal data to any Third-Party Provider will only be for specific agreed purpose and shall be in accordance with applicable data protection legislation.
Basis for processing
- We are entitled to disclose your data as described in paragraphs 1, 2 and 5 above as the purposes stated are all within our legitimate interests.
- We are entitled to disclose your data as described in paragraph 3 on the basis that we are legally required to do so.
- We are entitled to disclose your data as described in paragraph 4 above as the purposes stated are necessary to protect interest of the individuals concerned.
The Site may, from time to time, make chat rooms, message boards, news groups and/or other public forums available to its users. Any information that is disclosed in these areas becomes public information and you should exercise caution when using these and never disclose your personal information.
The Site may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.
We place great importance on the security of all personally identifiable information associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal information. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.
You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via the Site whilst it is in transit over the internet and any such submission is at your own risk.
It is advisable to close your browser when you have finished your user session to help ensure others do not access your personal information if you use a shared computer or a computer in a public place.
Storage of your information
Information that you submit via the Site is sent to and stored on secure servers located in the United Kingdom and Ireland. This is necessary to process the information. Information submitted by you may be transferred by us to our other offices and/or to the third parties mentioned in the circumstances described above (see Information sharing), which may be situated outside the European Economic Area (EEA) and may be processed by staff operating outside the EEA. The countries concerned may not have similar data protection laws to the EEA. Where we transfer your information, we will take all steps required by Data Protection Legislation to ensure that your privacy rights continue to be protected.
How long we will store your personal data
We only store your information for as long as is necessary for the purpose it was obtained or for any additional purpose we have explained to you. We also implement policies to regularly audit the personal data we hold to ensure we do not retain any personal data for longer than we are entitled to.
Under Data Protection Legislation there are various rights which can apply in respect of information held about an individual. These rights are as follows:
- Access to information: You have the right to request a copy of the information we hold about you. If you would like a copy of some or all your personal information, please email us @ firstname.lastname@example.org
- Ensuring accuracy of information: We want to make sure that your personal information is accurate and up-to-date. You may ask us to correct or complete information that is inaccurate or incomplete.
- Right to erasure: You may have a right to erasure, which is more commonly known as the ‘right to be forgotten’. This means that in certain circumstances you can require us to delete personal information held about you.
- Ability to restrict processing: You may also have the right to require us to restrict our use of your personal information in certain circumstances. This may apply, for example, where you have notified us that the information we hold about you is incorrect, and you would like us to stop using such information until we have verified that it is accurate.
- Right to data portability: You may have the right to receive personal data we hold about you in a format that enables you to transfer such information to another data controller (e.g. such as another service provider).
- Review by an independent authority: You will always have the right to lodge a complaint with a supervisory body. The relevant authority in the UK is the Information Commissioner’s Office.
- Preventing direct marketing: We do not sell your data. From time to time, we may send emails containing information about new features and other news about us. This is considered direct marketing. You have the right to stop us from contacting you for these purposes. We will always inform you if we intend to use your personal data for such purposes, or if we intend to disclose your information to any third party for such purposes. You can usually exercise your right to prevent such marketing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com.
- Objecting to other uses of your information: You may also have the right to object to our use of your information in other circumstances. Where you have consented to our use of your personal data, you have the right to withdraw such consent at any time. You may do this by contacting us at firstname.lastname@example.org.