Privacy Statement regarding use of Your Personal Data by Bia Organics Skin Care Limited– Effective from 22/11/2018
Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of their personal information, in both paper and electronic format.
Bia Organics Skin Care Limited (“we”, “us”, “our” or “BIA” ) of Unit 03 Marina Commercial Park, Centre Park Road, Cork T12 EY86 is committed to protecting the privacy and security of your personal data, which is data identifying you or from which you can be identified.
This privacy statement is a privacy statement that we must provide to you in accordance with Irish data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), and the Data Protection Acts 1988 to 2018, as such laws may be updated from time to time, (“data protection laws”).
Where we need to process your personal data in connection with our operations or services, or where we have a legal obligation to process your personal data (for example, in order to comply with our legal obligations), we will not be able to provide you with the full benefit of our operations or services if you do not provide this information to us.
This privacy statement applies to all people who are living individuals about whom we process personal data in the course of our operations (“you” and “your”) who visit and/or interact with our website https://www.biabeauty.com (the “Website”) and to all subsequent correspondence or communications with those people, whether by email using email addresses from our Website, telephone or VOIP.
BIA is a "controller". This means that we are responsible for deciding how we hold and use personal data about you. It is important that you read this privacy statement so that you are aware of how and why we are using your personal data.
1. The personal data we collect and use about you
In this privacy statement when we refer to “personal data” this means any information identifying you that you give to us via the Website (namely your name, address, telephone number, product preferences, skin type and email address) or information from which you can be identified.
2. How your personal data is collected by us
3. How we will use information about you and the basis for that use
We gather and process your personal information on the Website for a variety of reasons and rely on a number of different legal bases to use that information. For example, if you opt to receive emails from us BIA will add you to our mailing list once you have made a purchase transaction with us in order to inform you, as one of our customers of future products and special offers. You can opt out of these mailing lists at any time by contacting us or clicking on the unsubscribe button.
We use your personal information to perform business contract obligations, to manage your requests for information about our business, processing payments in the course of our business, to prevent unauthorised access to your information and to meet our legal and regulatory obligations.
We all the categories of information in the list above (in section 1) primarily to enable us to carry out the following actions with your personal data:
- to determine how best to respond to your communications to us via the Website;
- to provide goods and services to you or others;
- to verify the personal information you have provided to us;
- to perform the acts that you ask us to perform using your data, such as contacting you to supply products that ordered on the Website to you; and/or
- to comply with applicable laws, tax and regulatory reporting obligations.
For each of the situations listed in which your personal data is processed, one, several, or all of the following grounds justify this use of your personal data: (1) processing is necessary for the performance of a contract to which you are party or in order to take steps at your request; (2) processing is necessary to comply with our legal obligations; and/or (3) to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override our legitimate interests.
What happens if you do not give us personal data or tell us when it changes?
It is important that the personal data we hold about you is accurate and current. You agree to notify us without delay in the event of any change in the personal data that we hold about you, to enable us to comply with our obligations, including to keep information up to date. If you fail to provide certain information when requested by us, or by our processor(s) on our behalf, we may not be able to give you the full benefit of our services or to respond to your communications. In addition, we may be prevented from complying with our obligations to you as we require your personal data to perform our obligations, or we may be prevented from complying with our legal obligations or applicable laws. This may also be the case if you exercise your rights to erasure or restriction of processing, or object to our processing of your personal data (as described in section 9).
You can contact us at any time using the details set out in section 11.
4. Third Party Information
We may from time to time supply the owners or operators of third party websites from which it is possible to link to our Website with information relating to the number of users linking to our Website from other websites. However BIA will not include personal information in this data, nor will it share or sell your personal information to third party suppliers who provide services on our behalf.
5. Sharing your personal data
We will only ever share your personal data with third parties in connection with our obligations to you. We will share your personal data with third parties where required by law or where we have a legitimate interest in doing so.
6. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to BIA, its agents, processors and other third parties who have a business need to know about the personal data that you give to us. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Although we cannot guarantee against any loss, misuse, unauthorised disclosure, alteration or destruction of data, we take reasonable steps to prevent this from happening. We have put in place measures to protect the security of your personal data.
Please note however that where you are transmitting information to us or to our service provider over the internet or another telecommunications network this can never be guaranteed to be 100% secure. For any payments which we take from you or pay to you online we will use a recognised third party online secure payment system, and we are not responsible for the security of this system. You should contact these third parties for information about the security of these internet, telecommunications systems or payment systems if you need further information.
7. How long will we hold and use your personal data for?
If you have opted or consented to be included in our Website mailing list then on a yearly basis we will contact you to remind you that you can opt not to stay on our mailing list unless you have requested to be removed from the mailing list. as long as you are involved in a business relationship with us. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for; see section 3 of this privacy statement. Your personal data will be retained by us for any period required by law. Some of your personal data may need to be retained because of circumstances such as a legal dispute or regulatory investigation, which would not normally be subject to retention.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We review our retention of personal data regularly, to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personal data except that we will retain your personal data in an archived form in order to be able to demonstrate compliance with future legal obligations.
8. Your rights in connection with the personal data we hold about you
You have the right, subject to some conditions and limited exceptions contained in the data protection laws (such as those set out below), to:
- Request access to your personal data that we hold about you.This right enables you to receive a copy of this personal data from us;
- Request correction of the personal data that we hold about you.This right enables you to have any incomplete or inaccurate information we hold about you corrected;
- Request erasure of your personal data. This right enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below);
- Where we hold and process your personal data in order to comply with legal obligations, such as compliance with tax requirements and exemptions, or for the establishment exercise or defence of legal claims, your right to ask us to delete or remove your personal data is limited;
- Object to our processing your personal data where we are relying on a legitimate interest (or those of a third party) in order to justify the basis for our processing your personal data and there is something about your particular situation which makes you wish to object to processing on this ground;
- Request that we restrict processing of your personal data.This right enables you to ask us to suspend the processing of your personal data, e.g., if you want us to establish its accuracy or the reason for processing it; and
- Request the transfer of your personal data to another party where you provided that information to us.
We are not under an obligation to rectify or delete your personal information where to do so would prevent us from meeting our contractual obligations to you, or where we are required or permitted to process your personal information for legal purposes or otherwise in accordance with our legal obligations.
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact Tracey Ryan, by email at firstname.lastname@example.org setting out in writing your request clearly, including by specifying the personal data to which the request relates. We recommend that you provide as much detail as possible in your when sending requests to us, and that you identify yourself clearly, so that we can deal with your query properly and efficiently.
- What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the personal data, or to exercise any of your other rights. We may ask you to provide us with your current name and address, proof of identity (a copy of your driving licence, passport or two different utility bills that display your name and address), and once verified we will delete this data. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
- Fees for our response to your requests
Generally you will not have to pay a fee to access, or to exercise any of your other rights in connection with, your personal data. However, we may charge you a reasonable fee if your request for access to your data is clearly unfounded or excessive and/or we are permitted by data protection laws to do so; alternatively, we may refuse to comply with the request in such circumstances.
9. Changes to this privacy statement
This privacy statement is introduced with effect from 25 May 2018. We reserve the right to change this privacy statement at any time (for example, to comply with changes in laws or regulations, our practices, procedures and organisational structures, requirements imposed or recommended by supervisory authorities or otherwise). Any changes to the privacy statement will be communicated to you in writing by us where we are legally required to do so.
Changes to this privacy statement shall be applicable on the effective date set out in the updated privacy statement and the latest version of this privacy statement will be available to view on the Website available at https://www.biabeauty.com/content/privacy-notice.
10. How to contact us
If you have any queries or complaints regarding our use of your personal data or the contents of this privacy statement you may contact Tracey Ryan, by email at email@example.com, or by phone at 00 353 (0) 21 4967941
If you are still dissatisfied with how we have handled your complaint, you may contact the Data Commission’s Office and may lodge a complaint by emailing firstname.lastname@example.org or writing to the following address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois. You can visit the website of the Data Protection Commission at www.dataprotection.ie for more details.
Alternatively, you may wish to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies.
Some of these grounds for processing will overlap, and there may be several grounds which justify our use of your personal data.