PRIVACY POLICY

YOUR PRIVACY IS IMPORTANT TO US,
PLEASE READ THE FOLLOWING TO FULLY UNDERSTAND OUR PRIVACY POLICY.

This Privacy Policy was last updated: 24th October 2019

1. ABOUT US

After BeautyLtd (“After Beauty”) operates the website, www.afterbeauty.com, and manages personal data as a Data Controller.We are registered in England and Wales under company registration number11797683 and our registered address is 189 Piccadilly, St James’s, London W1J 9ES.

For issues relating to data protection the person responsible on behalf of After Beauty is Jerry Taechaubol, email:angels@afterbeauty.com

2. POLICY STATEMENT

After Beautyis committed to the principles of data protection and aims to be open, honest and transparent with our use of personal data. 

The purpose of this Privacy Policy is to provide you with a clear explanation of when, why and how we collect and use personal data, as well as an explanation of an individual’sstatutory rights. This Privacy Policy is not intended to override the terms of any contract you have with us, nor any rights you might have under applicable data privacy law.

We will take all reasonable stepsto ensure that personal data is safeguarded and kept in accordance with applicable data protection law.By providing us with your personal data, you warrant that you are over 18 years of age.

3. POLICY ACCEPTANCE

Use of this website https://afterbeauty.com constitutes your legal agreement to the terms within this Privacy Policy and your acceptance of the policy is deemed to occur upon your first use of the website. You are required to read and accept this Privacy Policy when you make engage with us.The details contained within this policy may change from time to time andon each visit to the website you should refer to this page to ensure that you are aware of and accept any changes.

4. WHAT PERSONAL DATA DO WE COLLECT?

We will only collect information about you if we have a lawful reason to do so. 

We collect personal datawhich is information that relates to an identified or identifiable individual. It does not include data that has been anonymised.We may collect, use, store and transfer different kinds of personal data about you when we provide services or interact with you. This may include the following categories of data:

     (a) Identity Data - title, first name, last nameor similar identifiers. If you interact with us through social media, this may include your social media user name;

     (b) Contact Data - billing address, email address and telephone numbers;

     (c) Technical Data - includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access this website;

     (d) Profile Data –your username and password, purchases or orders made by you, your interests, preferences, images and videos uploaded, feedback and other responses;

     (e) Geographical Data - information setting out your primary address to control the use of location services in most mobile devices and desktop settings;

     (f) Usage Data - information about how you use our website and services;

     (g) Marketing and Communications Data - includes your preferences in receiving marketing from us and our third parties and your communication preferences.

5. HOW DO WE COLLECT PERSONAL DATA?

We may collect personal information about you through the following:

Contact Us

 Personal details provided when contacting us through the website areprocessed so that we canrespond to your communicationswith details of our services and answer any queries. Data is held on the grounds of being legitimate to our business interests.

Emails

We retain copies of emails sent to us and any personal data will be held in accordance with this Privacy Policy on the basis of being legitimate to our business interests. 

Telephone calls

Calls to us may be recorded and any data relating to the call may be retained by us. The data will be held on the basis of being for our legitimate business interests or in order to fulfil our contractual obligations if you are a client of ours.

Other direct interactions

We will collect your data when you fill in forms, correspond with us by post or online chat. This includes personal data you provide when you: sign up to receive our services; make enquiries or request information be sent to you; use our services; ask for information to be sent to you; engage with us on social media; submit feedback; or contact us directly.

Recruitment

We will hold any information you have provided on an application form, or copy of your CV, for recruitment purposes only. We will not disclose that information to any third party without your consent. If your application is unsuccessful, we may hold the information for up to 12 months, after which time it will be deleted.

Reviews

We may ask for a review of our services and these may be published on our website or social media, however,your personal details are not published or available for any other user or third-party to see.

Orders and Subscriptions

Personal details provided during registration, booking and ordering for products and/or services on our website are processed so that we can fulfil our obligations, operate our business and respond to your communications. Data is held in preparation for entering into an agreement, as a legitimate business interest and with your consent.

Social media

We use social media to engage with users and link to pages we manage. We do not keep any specific data that identifies you as an individual user but hold details of our followers on these platforms. You should refer to the Privacy Policies of these channels to understand how they treat your data in relation to linking to our site.

Facebook:      https://www.facebook.com/privacy/explanation

Google:          https://policies.google.com/privacy?gl=uk

Instagram:     https://wellbeing.instagram.com/safety

LinkedIn:       https://www.linkedin.com/legal/privacy-policy?trk=%7Berror-page%7D-privacy-policy

Pinterest:      https://policy.pinterest.com/en-gb/privacy-policy

Twitter:          https://twitter.co.uk/privacy

YouTube:      https://policies.google.com/privacy?hl=en

If you send us a direct message via social media, the details may be retained by us only as relevant to any ongoing contract or to further our legitimate business interests or as required for legal purposes. The third-party provider may also retain details in accordance with their Privacy Policy.

Visits to our website

When you visit our website, we do not attempt to identify you as an individual user, and we will not collect personal data about you unless you specifically provide this to us.

As you interact with our website, technical data may be automatically processed through the use of cookies, details of which are explained in our Cookie Policy.

Special categories of personal data

We do not generally collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Children

We do not market this website at those under 16 years old. Consistent with the GDPR we will never knowingly request personally identifiable information from anyone under the age of 16 years old.

We will take appropriate steps to delete any personal data of individuals less than 16 years of age that has been collected on our website upon learning of the existence of such data.

6. INFORMATION WE GET FROM OTHER SOURCES

From time to time, we may need to obtain information from third parties about you. This will only apply where it is necessary to provide our services and as permitted by law.  

We may receive personal data relating to your identity and contact data from data partners, data from any third parties who are permitted by law or have your permission to share your personal data with us.

7. HOW WE USE YOUR DATA

Within the EU, data protection law requires us to have a “legal basis” for processing personal data. The legal bases we rely on are: 

  •  Performance of a contract we are about to enter into or have entered into with you;
  •  Compliance with a legal or regulatory obligation;
  •  Carrying out activities that are legitimate to our business interests;
  •  Consent. However, generally, we shall not rely on consent as a legal basis for processing your personal data other than where the law requires it. Where our legal basis is consent, you have the right to withdraw consent any time.

We may use the personal data we collect from you as outlined in this table:

Use ofpersonal data Type of data Legal basis
To register you on our website

Performance of a contract or to take steps to enter into a contract

To provide, manage and personalise our services to you, respond to communications

Where necessary for the performof our agreement or to take steps to enter into an agreement

It is in our legitimate interests to make sure that our customer accounts are well-managed, and to provide a high standard of service

To process payments for our services


Performance of a contract

Necessary to comply with a legal obligation

To administer and improve the website

It is in our legitimate interests to develop and improve our products and services, so that we can continue to provide products and services that our customers want to use, and to make sure we continue to be competitive

To send email notifications which have been specifically requested

It is in our legitimate interests to give you information about our products and services that you may be interested in

To send marketing communications, where expressly agreed

In the case of electronic marketing we have your consent to do so

To provide third parties with statistical information about our users

It is in our legitimate interests to better understand how our customers use our products and what changes we could make to improve them

To ask for feedback, a testimonial or review

It is in our legitimate interests to better understand how our customers use our products and what changes we could make to improve them

To deal with enquiries and complaints made by or about you relating to the website


It is in our legitimate interests to make sure that our customer accounts are well-managed, so that our customers are provided with a high standard of service

To recover debt and exercise other rights we have under any agreement with you, as well as to protect ourselves against harm to our rights and interests in property

Where the law requires this

It is in our legitimate interests to ensure that we can recover debts owed to us, as well as making sure our assets are protected

Users contacting this website and/or its owners do so at their own discretion and provide any such personal data requested at their own risk. Your personal data is kept private and stored securely until a time it is no longer required or has no use.

Our legitimate interests

When we use our legitimate interests as the legal basis for processing your personal data, we will consider and balance any potential impact on you and your rights before we process your personal data. We will only then proceed where we believe our interests are not overridden by the impact on you. Our legitimate business interests include the management of our business operations.

8. SHARING INFORMATION

Disclosure

We don’t share, sell, or distribute your data to third parties, except as contractually agreed with you or as provided in this Privacy Policy.We may disclose your personal data if we are required to do so by law, in connection with any legal proceedings, and in order to establish, exercise or defend our legal rights, or if otherwise legally permitted.

Data Processors

We may use Data Processors who act on our instruction in relation to the management of your data and they must adhere to all data protection laws and regulations. We will ensure that any Data Processors used only operate on our written instructions and comply with their obligations under applicable data protection law.You will be informed of any other Data Controllers who have access to your data and who may determine processing activities separately to us, or as a Joint Data Controller.

Our products are available online through Shopify and you are advised to refer to their Privacy Policy which shall apply to any transaction carried out through our ‘Shop’. See https://www.shopify.com/legal/privacy

We also use Retail Pro software to facilitate our website and you are referred to their Privacy Policy at https://www.retailpro.com/Privacy

Appointments for treatments utilise a third party system, Treatwell, and you are referred to their policy at https://www.treatwell.co.uk/info/privacy-policy/

We may disclose personal data to a third-party to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change such as this happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

Marketing

We may carry out direct marketing by email, phone, text or post, where we have a lawful basis to do so.

We will ask for your consent to receiving marketing communications (including newsletters) when you register on the website and you have the option not to give consent and to withdraw consent given at any time. You may withdraw your consent for us to contact you by email to angels@afterbeauty.com. If you ask us to not send you marketing emails, we will continue to hold enough information about you to maintain a record of your preference not to receive emails.

Non-personally identifiable information may be provided to third parties for marketing, advertising or other uses.

External links

Users of the website are advised to adopt a policy of caution before clicking on any external web links. Clicking an external link will take the user away from our website. Once you leave our website or are redirected to a third-party website, plug-in or application, you are no longer governed by this Privacy Policy or our website’s terms and conditions. We cannot guarantee or verify the contents of any externally linked website and users click on external links at their own risk. After Beautyand its owners cannot be held liable for any damages, or the consequences of visiting any external links.

Social media platforms

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are subject to our terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate and/or engage with them with due care and caution in regard to their own privacy and personal details. This website nor its owners will not ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.

After Beautyuses social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised that before using such social sharing buttons, that they do so at their own discretion, and should consider that the social media platform may track and save requests to share a web page, through the users’ social media platform account.

Payment Processing

In order to process your account and take payment for services or goods purchased from After Beauty we will take your Debit/Credit card details. Payments are processed in compliance with the PCI (Payment Card Industry) and all card holder’s data is safeguarded when handled by After Beauty staff.

We also accept payments through PayPal, Shopify, Google Pay and Apple Pay and you are advised to refer to their Privacy Policies for further details on how they handle personal data.

PayPal: https://www.paypal.com/webapps/mpp/ua/privacy-full

Shopify: https://www.shopify.com/legal/privacy

Google Pay: https://policies.google.com/privacy

Apple Pay: https://www.apple.com/uk/legal/privacy

9. DATA RETENTION

We keep your personal datafor as long as is necessary for the purposes described in this Privacy Policy. This reflects our needs to provide contracted services and to meet our legal, statutory and regulatory obligations. The need to retain information is regularly reviewed and data will be disposed of securely when no longer required.

10. DATA SECURITY

We have in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such system and are required to keep the information confidential.

We take appropriate steps to ensure processing of personal data is carried out safely, however, we cannot guarantee the security of data transmitted through our website or by email. Any transmission is at the users’ own risk.

11. DATA TRANSFERS

We are based in the UK but sometimes your personal information may be transferred outside the European Economic Area. If we do so we’ll make sure that suitable safeguards are in place, such as using standard contractual clauses which have been approved by the European Commission, unless certain exceptions apply.

12. RIGHTS OF DATA SUBJECTS

After Beautyrecognises a data subjects rights and will uphold these in accordance with data protection laws. You are entitled to see the information held about you and you may ask us about any of the following:

Subject access requests (SAR)

Data subjects(i.e. individuals) have the right to access personal dataheld by us by submitting a subject access requestby email toangels@afterbeauty.com. We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information. In limited circumstances a fee may apply.

Right to rectification

Data subjects have the right to request that personal data is amended or changed ifit is inaccurate or incorrect.We will act on any such request without delay.

Right to erasure

Data subjects have the right to ask us to delete personal data from our systems without giving any reason and at any time. We will act on anysuch request without delay.

Right to restrict processing

Data subjects have the right to rectification or erasure of personal data in the following circumstances:

- Personal data is not accurate;

- The processing of data is unlawful;

- Data is required to exercise legal rights or defend legal claims;

- Data is unlawful,although there may be lawful grounds for processing, which override this right.

Right to data portability

Data subjects have the right to obtain and request the transfer of their data to different service providers.

Right to object

Data subjects have the right to object to the processing of personal data at any time based on their particular situation. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data if permitted to do so on a valid legal basis.

Right not to be subject to decisions based on automated processing

Automated decision-making is where a decision is made about you by a computer system without any human involvement. Profiling is the automated processing of personal information to assess certain things about you. We do not use any automated decision-making systems and we do not profile individuals.

Using your rights

If you wish to invoke any of these rights, you should contact the person responsible for data protection by email toangels@afterbeauty.com

There is usually no fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in limited circumstances.

13. DATA BREACHES

We will report any unlawful breach of data as required by the GDPR within 72 hours of the breach occurring, if it is considered that there is an actual, or possibility, that data within our control including the control of our data processors, has been compromised. If the breach is classified as ‘high risk’ we will notify all data subjects concerned using an appropriate means of communication. We will report any relevant breaches to the ICO, see below.

14. CHANGES TO OUR PRIVACY POLICY

We reserve the right to change this Privacy Policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website.You will be deemed to have accepted any changes to the terms of the privacy policy on your next visit of the website following the amendment.

15. REPORTING COMPLAINTS

If you want to raise a concern about the use of your personal data, you can contact us by email to angels@afterbeauty.com

If you wish to raise rights as an EU citizen under data protection law, you can formally raise a concern or complaint to the supervisory authority applicable in your country of residence.