Get Me Pampered Limited ("We") are committed to protecting and respecting your privacy. We facilitate a platform for connecting hairdressing and beauty professionals with users seeking hair and/or beauty services (“Services”).
Get Me Pampered Limited of 8 King Edward Street, Oxford, United Kingdom, OX1 4HL is the Data Controller for the purpose of the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and any successor legislation to the GDPR or the Data Protection Act 1998.
You can contact us by emailing us at email@example.com
1. What is Personal Data?
“Personal Data” means any information relating to an identified or identifiable natural person, known as a ‘data subject’, who can be identified directly or indirectly. It may include names, addresses, email addresses, telephone numbers, IP addresses, location data and other similar information. It may also include ‘special categories of personal data’ such as racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union memberships, genetic data, biometric data for the purpose of uniquely identifying a data subject, data concerning health or data concerning a natural person’s sex life or sexual orientation.
2. The information we collect from you and how we collect it
We will collect and process the following Personal Data about you:
2.1 Information you give us. This is information about you that you give us by filling in forms on our site https://getmepampered.com (our site) or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site, subscribe to our Services, make a booking through our site, participate in discussion boards or other social media functions on our site, correspond with us and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, photograph, occupation and professional qualifications and any medical information relevant to the treatments you book.
2.2 Information we collect about you. With regard to each of your visits to our site we will automatically collect the following information:
· technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
· information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.
4. Uses made of the information
In this section we have set out:
· The general categories of Personal Data that we may process;
· The purposes for which we may process that Personal Data; and
· The legal basis for the processing of that Personal Data.
4.1 Service Data – we may process your Personal Data that is provided in the course of the use of our Services. The Service Data may include your name, address, email address, telephone number, photograph and any health or medical information you provide. The Service Data may be processed for the purposes of operating our website, providing our Services, ensuring the security of our website and Services, maintaining back-ups of our databases, notifying you about changes to our Service, marketing our Services to you and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. Where we are processing Personal Data for the purpose of marketing our current or future products or services to you, the basis for this is consent.
4.2 Enquiry Data - we may process information contained in any enquiry you submit to us regarding services. The Enquiry Data may be processed for the purposes of offering, marketing and selling relevant products and/or services to you. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. Where we are processing Personal Data for the purpose of marketing our current or future products or services to you, the basis for this is consent.
4.3 Correspondence Data - we may process information contained in or relating to any communication that you send to us or that is made via our site. The Correspondence Data may include the communication content and metadata associated with the communication. Our site will generate the metadata associated with communications made using the website contact forms and any communication portal. The Correspondence Data may be processed for the purposes of communicating with you, enabling communication between users and professionals and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
In addition to the specific purposes for which we may process your Personal Data set out above, we may also process any of your Personal Data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5. Disclosure of your information
We may share your Personal Data with:
5.1 Our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance cover, managing risks, obtaining advice and managing legal disputes;
5.2 Our business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
5.3 analytics and search engine providers that assist us in the improvement and optimisation of our site; and
5.4 any prospective buyer of our business or assets, or any prospective seller of another business or business assets that we are interested in buying.
In addition to the specific disclosures of Personal Data set out in this Section 5, we may also disclose your Personal Data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
6. Where we store your Data
6.1 Our site is hosted by GoDaddy.com whose data is stored on servers that are based in the USA. This means that their processing of your personal data will involve a transfer of data outside of the European Economic Area.
6.2 Whenever we transfer your personal data out of the EEA in accordance with clause 6.1, we ensure a similar degree of protection is afforded to it by ensuring that we only transfer data to processors if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the USA.
6.3 All information you provide to us is stored on secure servers. We do not store any credit card details. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
6.4 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. Your rights
7.1 In this section we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summary. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
7.2 Your principal rights under data protection law are:
· the right to access;
· the right to rectification;
· the right to erasure;
· the right to restrict processing;
· the right to object to processing;
· the right to data portability;
· the right to complain to a supervisory authority; and
· the right to withdraw consent.
7.3 You have the right to confirmation as to whether or not we process your Personal Data and, where we do, access to the Personal Data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of Personal Data concerned and the recipients of the Personal Data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your Personal Data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. Provision of such information will be subject to you supplying us with appropriate evidence of your identity.
7.4 You have the right to ask us not to process your Personal Data for marketing purposes. You can exercise your right to prevent such processing by unsubscribing at any time. You can also exercise the right at any time by contacting us at firstname.lastname@example.org. We do not share your Personal Data with third parties for marketing purposes.
7.5 Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.
8. Retention and deletion of Data
8.1 This section sets out our data retention procedure, which is designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of Personal Data.
8.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. We may keep an anonymised form of your personal data, which no longer refers to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
8.3 If you are using our Services as a user, your Personal Data will be deleted within twelve months of you closing your account.
8.4 If you are using our Services as a Beauty Professional, we will store your Personal Data for up to two years from the date your Membership Period ends. If there has been no activity during this period, your Personal Data will be deleted.
8.5 Where you have consented to receive marketing communications from us, we will continue to process your Personal Data for marketing purposes until you opt out or withdraw your consent.
8.6 Notwithstanding the other provisions of this section, we may retain your Personal Data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Please contact us for further details of applicable retention periods.