If we make any significant changes to this policy that affect you, we will of course tell you personally. If you’d like to double check that we’re being honest and compliant, you are welcome to come back and check it whenever you wish.
WHO WE ARE
Grass Roots Skin® Ltd
This policy applies to you if you are a customer, distributer, therapist, student, supplier, or visitor to our website for the purpose of this policy.
WHAT INFORMATION DO WE COLLECT?
Personal data is any data that can be used to identify any individual directly or indirectly. This includes data collected via telephone, direct marketing, competitions, product purchases, our website and social media platforms. We will only collect necessary date and will not share it with third parties for marketing purposes. Examples of the types of data that we may collect include:
Data you give us directly including but not limited to: name, address, date-of-birth, phone number, credit or debit card details and email address.
Data we collect automatically such as IP address, login data, time zone, browser type, operating system, location information, computer and connection information, browser plug-in types and versions, and other technology on the device used to access our website.
HOW DO WE COLLECT YOUR DATA?
We may collect your data from various sources including directly from yourself, social media platforms, financial institutions and internet browsers.
WHY DO WE COLLECT YOUR DATA?
We will only collect your data when necessary and use it for purposes including but not limited to:
Completing a purchase.
Processing a payment.
Dealing with a complaint.
Improving our services.
To communicate with you.
We do will not share your data with third parties without your consent or for marketing purposes.
HOW DO WE PROTECT YOUR PERSONAL DATA?
We promise to keep and protect your data with the upmost care and respect, only access it when necessary, and will never share it with third parties without prior permission. We will only retain your data for as long as is needed for the purpose that it was collected and as long as is necessary to handle and respond to complaints. We have implemented appropriate measures to ensure that your data will not be lost, accessed in an unauthorised way, altered or disclosed.
WHAT ARE YOUR RIGHTS?
GDPR stands for General Data Protection Regulation. It is European Union Law that replaces the Data Protection Directive. As a data subject you have eight rights that are protected under the GDPR directive.
1. The right to be informed
Organisations need to tell individuals what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.
This information must be communicated concisely and in plain language.
2. The right to access
Individuals can submit subject access requests, which oblige organisations to provide a copy of any personal data concerning the individual. Organisations have one month to produce this information, although there are exceptions for requests that are manifestly unfounded, repetitive or excessive.
3. The right to rectification
If the individual discovers that the information an organisation holds on them is inaccurate or incomplete, they can request that it be updated. As with the right to access, organisations have one month to do this, and the same exceptions apply.
4. The right to erasure (also known as ‘the right to be forgotten’)
Individuals can request that organisations erase their data in certain circumstances, such as when the data is no longer necessary, the data was unlawfully processed or it no longer meets the lawful ground for which it was collected. This includes instances where the individual withdraws consent.
5. The right to restrict processing
Individuals can request that organisations limit the way an organisation uses personal data.
It’s an alternative to requesting the erasure of data, and might be used when the individual contests the accuracy of their personal data or when the individual no longer needs the information but the organisation requires it to establish, exercise or defend a legal claim.
6. The right to data portability
Individuals are permitted to obtain and reuse their personal data for their own purposes across different services. This right only applies to personal data that an individual has provided to data controllers by way of a contract or consent.
7. The right to object
Individuals can object to the processing of personal data that is collected on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority.
Organisations must stop processing information unless they can demonstrate compelling legitimate grounds for the processing that overrides the interests, rights and freedoms of the individual or if the processing is for the establishment or exercise of defence of legal claims.
8. Rights related to automated decision making including profiling
The GDPR includes provisions for decisions made with no human involvement, such as profiling, which uses personal data to make calculated assumptions about individuals.
There are strict rules about this kind of processing, and individuals are permitted to challenge and request a review of the processing if they believe the rules aren’t being followed.
HOW CAN YOU STOP DIRECT MARKETING?
Grass Roots Skin® Ltd promises never to share your details with third parties for marketing but may contact you with exciting offers, news and things that we think you will find interesting about our products and services. We promise not to spam you and to keep it interesting, but please do tell us if we annoy you so that we can improve. If you’d rather not give us a second chance, you can of course stop all communication. We’ll be sad but we won’t take it personally! You can do this by clicking unsubscribe in any of our emails, writing to us, calling us, or sending an email or text. We will update your subscription settings within three days of receiving your request.
CONTACTING THE REGULATOR
We’re a pretty happy bunch at Grass Roots Skin® Ltd and hope that you will give us the chance to deal with your concerns by talking it through. If you feel that your data has not been handles correctly, or you are unhappy with our response – you do of course have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 03031231113 or go online to
If you are have read through all of this information and made it to the end without falling asleep, then first of all – congratulations! If we have missed something and you have any questions, please give us a call, write to us or drop us an email using the details under ‘who we are’.