This Privacy Statement (our Statement) sets out the basis on which any personal data within the meaning of the General Data Protection Regulation (GDPR) (EU) 2016/679 is collected and used by us.
Who we are?
We are Body Love Limited trading as Body Love.
Registered address: Ballinaboola, New Bawn, Co. Wexford.
References to ‘we’, ‘us’ and ‘our’ shall be construed accordingly.
We sell, promote and market beauty products.
Do we collect information?
- You opt in and provide consent to us to contact you via our website or through social media/email;
- You use your credit or debit card to pay for your purchases on our site;
- You interact with us via social media such as Facebook or Instagram;
- You direct message us via various social media platforms;
- You make an inquiry with us;
- You communicate with via email and other correspondence.
What data do we collect?
The data we obtain includes but is not limited to the following:
Name, delivery address, email address and social media ‘handles’.
For clarity, we do not collect or process and sensitive personal data.
We process personal data relating to the following categories of data subject: our employees, our customers who are natural persons, our social media followers and third party employees and contractors who we do business with or who provide services to us.
How do we use personal information?
We use it in order to:
- Provide products and services.
- Process your payment for your purchase.
- Protect both our interests.
- Verify credit or other charge card details.
- Manage your loyalty and reward/discount programme (if applicable).
- Identify ways that we can improve our service.
- Meet our legal and regulatory obligations.
- Provide you with marketing content that you have consented to receive.
- Answer your queries.
- Delivering marketing and events communication.
What legal basis do we have for processing your personal data?
Provided we can identify a legitimate basis for doing so. To use your information lawfully, we rely on one or more of the following basis:
- It is necessary for the performance of a contract to which you are party to with us.
- It is necessary for purposes of the legitimate interests of third parties (except where those interests are overridden by your interests or fundamental rights and freedoms).
- In compliance with legal obligations.
- In protecting the vital interest of you or others.
Usually, we do not rely on consent as a legal basis for processing your data, other than in relation to sending you direct marketing communications. We have ensured that you ‘Opt In’ to receive or continue to receive these services. You have the right to withdraw consent at any time by contacting us.
When do we share personal data?
We share personal data when necessary to provide your services or conduct your business operations with:
(a) Third parties who provide services to us in the course of our business subject that we disclose only the personal information that is necessary for the purpose of the performance of their services and we have contracts in place that guarantee the security of your data and the integrity of our service providers’ systems. These parties include,:
- Software management services providers.
- Payment processor service providers.
- IT service providers.
- Data security consultants in the context of auditing our data security systems, policies and protocols.
Where do we store and process personal data?
We do not transfer your data outside of the European Economic Area (EU members and Iceland, Liechtenstein and Norway) (EEA).
For clarity we do not transfer data outside this area.
How do we secure personal data?
We are committed to protecting and securing your personal data and do not collect sensitive personal data includes certain categories of personal information, such as that about race, ethnicity, religion or health.
Any such transfer of your personal data will be carried out in compliance with applicable law under the Data Protection Act 2018.
When you give us personal information, we take steps to make sure that it’s treated securely. We use strict procedures and technical security measures to safeguard your information in our offices and across all of our computer systems, networks, website and social media platforms. Our security measures include:
Maintaining ongoing confidentiality, integrity, availability, access, and resilience of processing systems and services.
Restoring the availability of and access to personal data, in the event of a physical or technical security breach.
Maintaining high security measures (both IT and physical).
Our internal processes and procedures are reviewed and fit for purpose.
We test and evaluate the effectiveness of our technical and organisation measures.
We ensure our third party service providers and/or contractors are GDPR compliant.
How long do we keep your personal data?
We will hold your data while you are a customer with us and for the minimum period thereafter that we are required pursuant to our legal and regulatory obligations. We will keep your data for no longer than is necessary and then securely delete your data or anonymise it so that it cannot be linked to you.
Your rights in relation to personal data
- Right to Access
Request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please contact us using the contact details mentioned below. We will respond to your request.
- Right to Rectification
Ensure that your personal information held by us is accurate and up to date. If you would like us to correct or remove information you think is inaccurate please contact us using the contact details mentioned.
- Right to object to processing based on legitimate interest
Object to the processing of your personal data on grounds relating your particular situation if we claim that the processing is carried out on the basis that it is necessary for the purposes of our legitimate interests or those of your employer or a third party.
We can only deny your request if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defense of a legal claims.
Receive the personal data which you have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:
The processing is based on consent or on a contract, and the processing is carried out by automated means.
- Right to Erasure
The right to be forgotten. Should you wish for us to completely delete all information that we hold about you please contact us using the contact details mentioned below. The right to require that we no longer contact you for marketing purposes.
- Right to withdraw consent
Where we have relied upon your consent to process your personal data, you have the right to withdraw that consent.
- Right to Complain
You have the right to lodge a complaint (concerning the manner and means of our processing of your personal data) with the Office of the Data Protection Commissioner www.dataprotection.ie.
How to contact us?