Introduction – Our Commitment to You
Privacy and protection of your personal data
Who We Are
For the purposes of the General Data Protection Regulation (GDPR), the data controller is HairGrade Limited (which we refer to as ‘HairGrade’ in this Notice), a private company limited by shares and which trades as HairGrade in the United Kingdom.
HairGrade is part of a large group of companies operating internationally (“Group”). Personal Data may be shared with other companies within the Group to achieve the purposes set out in this Notice.
For simplicity throughout this Notice, ‘we’ and ‘us’ means HairGrade and its brands
Information we collect, why we collect, and the benefit to you
There are a number of different permitted basis which allows a company to collect and process your personal data, including:
Consent – In specific situations, we can collect and process your data with your consent. For example, if you opt to receive marketing information from us via email/SMS
- Contractual obligations – In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you order an item from us for home delivery, we’ll collect your address details to deliver your purchase, and pass them to our third party courier.
- Legal compliance – We may need to collect and process your data if we have a legal obligation. For example, we can pass on details of people involved in fraud or other criminal activity affecting HairGrade to law enforcement authorities or to external advisers.
- Legitimate interest – In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, when you shop online with us, we monitor your shopping preferences so when you return to our site we can identify you and offer you suggestions based on your browsing history.
We collect information from and about you at various times and in different ways to help us provide you with the best possible service based on our overall understanding of you, as well as to meet our obligations under the law. We use your data to:
- manage your account with us and provide you with products and services you want
- communicate with you and manage our relationship with you
- personalise and improve your experience
- inform you of latest trends, products, services and promotions that you may like
- improve our services, fulfil our administrative purposes, comply with our legal obligations and protect our business
- Depending on how you choose to shop with us, we may collect and process your information as detailed below.
You are able to change how we use your data, you’ll find details in the ‘Your Rights?’ section below.
Sharing your data, why we need to share, and the benefit to our customers
We use a number of partners to help us provide the best possible service, understand what’s important to our customers, and improve what we sell. We sometimes need to share your data in order to achieve this, but we choose our partners carefully, and seek the maximum protection possible to keep your data as safe as possible. We also insist that their data is not shared with anyone else. If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the partners we may share your data with are:
- IT companies who support our website and other business systems and processes.
- Operational companies who help us
fulfilour obligations to you.
For example, delivery companies, debt recovery agencies, training providers, document storage companies, fraud prevention agencies, credit reference agencies.
- Direct marketing companies who help us manage our communications with you.
- Google/Facebook to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites.
- Analytics/Data insight companies.
For example, to manage your data and ensure it is kept up to date; to help us better understand what you like or are interested in so we can send you personalized advertisements; to understand how you use our websites; to obtain feedback on your experience; to understand if you liked our promotions.
- Legal and enforcement bodies where we have a legal obligation or when it is necessary to protect us both.
- Our external professional advisers and insurers.
- In the event that HairGrade is involved in the transfer of any division or the whole business as a going concern to new owners, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.
Where your personal data may be processed
Sometimes we will need to share your personal data with third parties outside the European Economic Area (EEA).
The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway.
We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA such as Australia, India or the USA. For example, this might be required in order to provide support services.
If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. For example, our contracts with third parties will state the standards they must follow at all times. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice and applicable data protection laws.
How long we keep your personal information
We will only keep your personal information for so long as it is necessary for the purpose for which is was collected and for us to fulfil our contractual and legal obligations. We maintain retention records of how long information containing personal data will be retained for.
At the end of the respective retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of customer data retention periods:
- Orders – When you place an order, we may keep the personal data you give us for at least six years so we can comply with our legal and contractual obligations.
- Inactive accounts – If you’ve not used your account or interacted with us for more than three years, your account will be flagged as inactive will be closed and we will delete or
anonymisethe personal data associated with it.
Cookies are tiny text files stored on your computer when you visit certain some
Our Privacy Notice is intended to be helpful to you in explaining why and how we collect and use your personal data and in providing you with information about your rights to control your information. Email us on [email protected] • Call us
If, however, we have been unable to address your concerns or you are unhappy with the way in which we have handled your personal information, you have the right to lodge a complaint with the Information Commissioner’s Office.
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Call: 0303 123 1113 Email: [email protected]