CONTENTS OF PRIVACY NOTICE
1. Privacy Promise
2. Who is Selina Morgan-Gayle.com/the Controller?
3. Changes to the Privacy Notice and changes to your details
4. What is our Legal bases for processing data information
5. What kind of data information do we collect?
6. When do we collect your personal data information?
7. How and why do we use your personal data?
8. How is this data information shared?
9. How do we protect information shared to third parties?
10. How do we protect your personal data
11. How long will we keep your personal data?
12. Where your personal data may be processed
13. What are your rights over your personal data?
14. Third party web links
15. How can you stop the use of your personal data for direct marketing
16. International Transfers
1. PRIVACY PROMISE
This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe. We take your privacy seriously and we respect your privacy and data protection rights. This privacy notice aims to give you information on how we collect and process your personal data through your use of our websites, our, products and our services, including any data you may provide through our websites, our services when you sign up to receive information, news, offers, discounts, promotions and updates, or place and order product from us, take part in a competition, complete a survey, provide feedback, or otherwise purchase a product or service.
Please take time to read this privacy notice in full, together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you, to ensure that you understand and are happy with how we collect and process your personal data. This privacy notice supplements the other notices and is not intended to override them. We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how Selina Morgan-Gayle.com uses your data; for example we will explain
things such as our payment procedure, and how we combine data in Selina Morgan-
Gayle.com build a picture of you. We hope the following sections will answer any questions you have but if not, please do get in touch with us.
2. WHO IS SElINA MORGAN-GAYLE/THE CONTROLLER?
Selina Morgan-Gayle.com is a Online company details of which can be found at
www.selinamorgan-gayle.com This privacy notice is issued by Selina Morgan-Gayle.com. On behalf of Selina Morgan-Gayle we refer to “we”, “us” or “our” in this privacy notice, we are responsible for processing your data. Selina Morgan-Gayle is the controller and is responsible for our websites, products and services.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Data Protection Controller using the details below:
You have the right to make a complaint at any time to the Information Commissioner’s
Office (ICO), the supervisory authority for data protection issues in the UK (phone: 0303 123 1113 or at www.ico.org.uk/concerns). However, we would appreciate the chance to deal with your concerns before you approach the ICO, so please feel free to contact us in the first instance.
3. CHANGES TO THE PRIVACY NOTICE AND CHANGES TO YOUR DETAILS
We will need to update this privacy notice from time to time as the law and/or our business changes and develops. We will endeavour to tell you in advance by sending a service message to you if we hold your email address. However, it is your responsibility to check the website regularly to seek any changes. If you continue to use our website, product and/or services after we have changed our privacy notice, we will take this as an indication that you accept the changes. It is important that the personal data that we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
4. WHAT IS OUR LEGAL BASES FOR PROCESSING DATA INFORMATION?
The law on data protection sets out a number of different reasons for which a company
may collect and process your personal data, including: Consent: In specific situations, we can collect and process your data with your consent. Contractual obligations: In certain circumstances, we need your personal data to comply with our contractual obligations. Legal compliance: If the law requires us to, we may need to collect and process your data. Legitimate interest: In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
5. WHAT KIND OF DATA INFORMATION DO WE COLLECT?
Details of your interactions with us through phone calls, email, postal or online.
For example, we collect notes from our conversations with you, details of any complaints or comments you make, details of purchases/bookings you made, code, voucher redemptions, brands you show interest in, web pages you visit and how and when you contact us. Payment card information. Your comments, product and service reviews.Of course, it’s always your choice whether you share such details with us.
6. WHEN DO WE COLLECT YOUR DATA INFORMATION?
When you visit our website, to sign up to our mailing list
When you visit our website to contact us through the contact form
When you buy products and services, or redeem vouchers or codes on the phone, or online.
When you engage with us on social media.
When you download or install a product
When you contact us by any means with queries, complaints etc.
When you ask us to email you information about a product or service.
When you enter prize draws, competitions, offers or promotions.
When you book any kind of appointment with us or book to attend an event
When you choose to complete any surveys or Feedback forms we send you.
When you comment on or review our products and services.
Any individual may access personal data related to them, including opinions.
When you fill in any forms.
When you’ve given a third party permission to share with us the information they hold
information with us about the product or service you have purchased.
We collect data from publicly-available sources when you have given your consent to share information or where the information is made public as a matter of law.
7. HOW AND WHY DO WE USE THIS DATA INFORMATION?
We want to give you the best possible customer experience. One way to achieve that is to get the purest picture of you. We then use this to offer you promotions, products and services that are most likely to interest you. The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service. Of course, if you wish to change what we hold about you can do so at anytime. Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
Direct interaction: you may give us your name, surname, telephone number, email address,
billing/delivery address, postal address, card information by filling in forms or by corresponding with us by post, phone, email, social media or otherwise. This includes personal data you provide when you purchase our products or services, subscribe to our services, news, offers, promotions and updates or groups, request marketing to be sent to you, enter a competition or promotion, complete a survey or give us feedback.
Social Media Interactions: our website and services may allow you to interact with them by using your social media applications. This interaction may result in us collecting some of your social media content (including posts and comments, pictures and video footage), but only where this content is in the public domain and/or where this content has been sent by you to us in a private message via social media; and also your Technical, Profile and Marketing and Communications Data, surveys or Feedback.
Automated Technologies: as you interact with our website and our services, we may
automatically collect Technical Data about your equipment, browsing actions and patterns. Other Third Parties or Publicly Available Sources: we may receive personal data about you from various third parties and public sources as set out below:
Technical Data from analytics providers such as Google, advertising networks search information providers. Marketing and Communications Data and Technical Data from online advertising data providers such as Google based outside the EEA.
Contact, Financial and Transaction Data from providers of technical, payment and delivery services. Profile Data and Marketing and Communications Data from social media providers such as Facebook, Linkedin, Twitter, Instagram based inside and outside of the EEA Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register based inside the EEA. We process your information by bring in compliance with section 4 mentioned above.
8. HOW IS THIS DATA INFORMATION SHARED?
We cannot run our business or provide many of the services and benefits you expect to
receive without involving other people and businesses. We only share your information in accordance with the laws applicable to us and for the purposes set out in section 4
We share your personal data with:
Providers: (acting as controllers or processors) who are all based in the EEA and who
provide IT, HR, system administration services and for whom you may have agreed can
provide you with marketing communications.
Service providers: (mainly acting as processors, but sometimes as controllers) who help us provide our websites, hosting, payment services, Wi-Fi networks and related services to you; for example, mailchimp and paypal.
Affiliated third parties: (acting as processors and controllers) that provide services to us such as market research, voucher/code supply and redemption, marketing insight services and data analytics services. Rewards, promotions & offers companies: (acting as controllers) which you have signed up to, in order for you to receive the rewards and benefits they offer. Any new business partners: (acting as controllers or processors) we may have over time; for example if we enter into a joint venture, reorganisation, partnership, investors, business merger or sale of part of our business, the other party may receive some or all of your information. Our professional advisors: (acting as controllers or processors); for example, our lawyers, insurers and insurance brokers, when they need it to provide advice to us or help us obtain insurance.
Law enforcement: The Police, the Health and Safety Executive, local authorities, Her Majesty’s Revenue and Customs (HMRC), the Courts and any other central or local government bodies (acting as controllers or processors) where we are required to do so to comply with our legal obligations, or where they request it and we may lawfully disclose it, for example for the prevention and detection of crime or to report serious health and safety incidents. We also may share the information we collect with other third parties where we are legally obliged to do so; for example, to comply with a court order.
9. HOW DO WE PROTECT INFORMATION SHARED TO THIRD PARTIES?
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
We provide only the information they need to perform their specific services.
They may only use your data for the exact purposes we specify in our contract/agreement with them. We work closely with them to ensure that your privacy is respected and protected at all times. If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
10. HOW DO WE PROTECT YOUR PERSONAL DATA?
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it. Including where we share your information with our suppliers and partners, to protect your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. We secure access to all transactional areas of our websites and apps using ‘https’ technology. sensitive data such as payment card information is secured to ensure it is protected. We regularly monitor our system for possible vulnerabilities and attacks, and have security on our website.
11. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The precise length of time we hold your personal data for varies depending on the individual circumstances, but in determining the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a nonidentifiable way for statistical analysis and business planning. We regularly review our retention periods to ensure that we are not keeping your data for longer than necessary.
12. WHERE YOUR PERSONAL DATA MAYBE PROCESSED?
We only process your personal data when allowed to do so by law. Most commonly, we will process your personal data: With your consent and please note that you have the right to withdraw your consent at any time by contacting us. Where we need to perform a contract we are about to enter into, or have entered into, with you. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Where we need to comply with a legal or regulatory obligation.
Your data will be processed to:
Process and deliver a product or service that you have ordered from us
Sign up forms
Manage our relationship with you
Your data will be processed through:
13. WHAT ARE YOUR RIGHTS OVER YOUR PERSONAL DATA?
In certain circumstances, you may have the right to request access, transfer, rectification and/or erasure of the personal data that we process about you. You may also have the right to object to and/or restrict our processing of your personal data. Details of the rights are set out below.
Human intervention: you may request human intervention where a decision has been made about you based solely on automated processing, and/or you may challenge that decision (for example our recruitment process where we collect information relating to whether or not a candidate has unspent criminal convictions).
Access: you may request access to your personal data, which enables you to receive a copy of the personal data that we hold about you and to check to see if we are processing it lawfully. Transfer: you may request that we transfer your personal data to you or a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Rectification: you may request rectification of the personal data that we hold about you.
This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Erasure: you may request erasure of the personal data that we hold about you. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. Object: you may object to how we are processing your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Restriction: you may request that we restrict how we process your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Withdrawal of Consent: where we have relied on your consent to process your personal data you will have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. To exercise any of these rights please contact us using the details in section 2. The ICO regulates most UK data and information laws. To learn more about your rights, visit the ICO website at www.ico.org.uk.
14. THIRD PARTY WEB LINKS
Our websites and/or the service, product may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, mobile app and/or service, we encourage you to read the privacy notice of every website, plug-in and/or application that you visit.
15. HOW YOU CAN STOP THE USE OF YOUR PERSONAL DATA FOR DIRECT MARKETING
There are several ways you can stop direct marketing communications from us:
Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails from that particular division.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
16. INTERNATIONAL TRANSFERS
For all International Customers By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes. Sometimes we will need to transfer your personal data between countries to enable us to supply the goods or services you’ve requested. In the ordinary course of business, we may transfer your personal data from your country of residence to ourselves and to third parties located in the UK. By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes. This may occur because our information technology storage facilities and servers are located outside your country of residence, and could include storage of your personal data on servers in the UK. We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that’s not set out in this Privacy Notice. We’ll also make sure we adequately protect the confidentiality and privacy of your personal data.