-
1.1 This privacy policy sets out how we use your personal data and what your rights are in respect of it.
1.2 We may change this privacy policy from time to time. If we make significant changes in the way we treat your personal information, or to the privacy policy, we will make that clear on this website, or by some other means such as email, so that you are able to review the changes before you continue to use our website.
1.3 This page was last updated on 16 March 2021.
-
2.1 We are your data controller for the purposes of the personal data we will collect.
2.2 Beauty & the Boutique Limited is a limited company registered in England with the company registration number 07670293, with its registered address at Beauty And The Boutique, 86-90 Paul Street, London,England, EC2A 4NE.
2.3 If you wish to contact us in relation to this notice, please email us at:
-
3.1 This privacy policy applies to all customers of Beauty and the Boutique, including visitors to, and users of, beautyandtheboutique.com, and any apps we may publish in the future.
3.2 The table below sets out the personal data that we will collect, why we collect it, the legal basis on which we rely and how long we will keep it.
Type of data
Reason we process it
Legal basis our processing
How long we keep it
User account data, including your name, address, your email address, a hashed password, your mobile phone number, and your order history.
· To administer your user account, if you create one.
· To fulfil your orders.
· To deal with any queries you have about your order and/or to process returns.
It is necessary for the performance of our contract with you for the product or service that you order.
Failure to provide this data may mean we are unable to fulfil your order, deal with your queries or process your returns (as the case may be).
Six years from the date your account was last used.
· To group your previous orders.
· If you create an account, to save your details for future orders, to make things easier for you on your next visit.
· To confirm your identity next time you visit.
Our legitimate interest in (a) linking your orders to better understand what products you are interested in; (b) increasing sales by reducing the amount of data you submit each time you place an order; and (c) ensuring only you are able to access your account.
To recall defective products.
Compliance with our legal obligations not to distribute unsafe products.
To bring or defend legal claims.
To effect product recalls, in the unlikely event that they are required.
Our legitimate interest in establishing, exercising or defending legal claims.
To prevent fraud.
Our legitimate interest in preventing loss through fraud.
The details of any query, correspondence or complaint we receive from you.
To deal with your queries and/or complaints.
Where you have already purchased the relevant product: necessary to perform our contract with you.
Where you have not yet purchased the product: necessary preparatory steps for entering into a contract with you for the products or services that you would like to order.
Without this personal data, we would not be able to respond to your query, correspondence or complaint.
Six years from the date your account was last used.
To bring or defend legal claims.
Our legitimate interest in establishing, exercising or defending legal claims.
The contents of your virtual shopping basket.
To allow you to purchase items on our website.
Necessary preparatory steps for entering into a contract with you for the products or services that you would like to order.
Without this data we would not be able to take your order.
You will be logged out after 24 hours from your last activity on our website but items will remain in your basket for 14 days from when added to your basket.
To retrieve your basket next time you visit, if you are logged in.
Our legitimate interest in increasing ordering convenience for our users.
One year from the date of your last visit (but you can delete the cookie used to retrieve your basket at anytime via your browser settings).
Data relating to items you have saved, for instance the item, size and other product attributes.
To provide our “saved items” functionality to you when you click “save item”.
Necessary for the performance of an implied limited contract with you to save the items you have asked us to.
Without this data we would not be able to offer you this functionality.
Until the end of your website visit, or if you are logged in when you save the item, for 60 days from the date on which you saved it.
Your name and email address.
To email you our “Beauty Secrets” eBook where you have requested it.
Consent.
Immediately, unless we use this data for another purpose.
To send marketing material to you.
Our legitimate interest in marketing our products and services.
Note: we rely on the “soft opt-in” exception under the Privacy and Electronic Communication Regulations 2003.
Until you withdraw your consent, unless we need this for another purpose. We will put in place procedures to refresh consent on a regular basis.
To carry out market research on how our website is used, our user’s views, and what we could do better.
Consent
Data relating to your visits to our website, for instance which pages you visited, how long you spent on them, the dates and times you visited, the searches you have made on our website, and whether you have “abandoned” a shopping cart.
Data which you volunteer to us when creating your account on our website.
Data obtained from a social media account you have linked to your account on our website (we may obtain this data at the time of registration or at a later date).
Your purchase history.
To understand how our customers, or certain categories of customers, use our website.
Consent.
Until consent is withdrawn / cookies are disabled.
To understand what products and services are most likely to be of interest to you, in order to tailor the emails you send you.
Consent
Until consent is withdrawn/cookies are disabled.
Tracking technologies linked to your browsing session, e.g. cookies and tracking pixels.
To display adverts to you on other websites, including social media networks, for products that we think you may be interested in (known as “re-targeting”).
Consent
Until consent is withdrawn / cookies are disabled.
Demographic information about you.
In order to target you with display advertising based on your demographic information.
Note: we do not have access to this information – the advertising platform, e.g. Facebook, allows us to select demographic criteria for our adverts. We will not however see who fits or is targeted by these demographic criteria.
Consent
Until cookies expire (24 hours after you log in).
Your email address.
To create “look-a-like” audiences on advertising platforms, which share similar interests or demographics to all or a sample of our existing customers.
Consent
Until consent is withdrawn.
Data collected by our web servers, including your IP address, the type of device you are using and its operating system, the name of your ISP
To maintain access logs for the purposes of technical troubleshooting and detecting potential security threats.
Our legitimate interest in maintaining and securing our website and systems.
Seven days from when you accessed our website.
The page you viewed and when you accessed it and the website from which you came.
To maintain access logs for the purposes of technical troubleshooting and detecting potential security threats.
Consent
Until consent is withdrawn/cookies are disabled.
3. 3 Where multiple retention periods apply to one category of data, the relevant retention period will be the longest one(although we will stop using that category of data for a purpose when the retention period for that purpose expires).
3.4 Where our legal basis for processing is:
(a) consent, you have the right to withdraw consent at any time (see the section titled “With drawing consent” below); or
(b) legitimate interests, you may have the right to object to our processing (see the section titled “Objecting to legitimate interests processing” below).
3.5 Other than the personal data set out above, we also collect certain non personal data, which might derive from personal data.For instance we may keep statistical information and log data about number of visits to a our website, or how visitors have navigated through our website, without keeping log information that is attributed to you. Unless it is impossible to re-identify you from this information, we will treat it as personal data.
Type of data Reason we process it Legal basis our processing How long we keep it User account data, including your name, address, your email address, a hashed password, your mobile phone number, and your order history.
Some of this data may be obtained from your social media account where you use that account to register on our website.
- To administer your user account, if you create one.
- To fulfil your orders.
- To deal with any queries you have about your order and/or to process returns.
It is necessary for the performance of our contract with you for the product or service that you order.
Failure to provide this data may mean we are unable to fulfil your order, deal with your queries or process your returns (as the case may be).
- To group your previous orders.
- If you create an account, to save your details for future orders, to make things easier for you on your next visit.
- To confirm your identity next time you visit.
Our legitimate interest in (a) linking your orders to better understand what products you are interested in; (b) increasing sales by reducing the amount of data you submit each time you place an order; and (c) ensuring only you are able to access your account.
To recall defective products.
Compliance with our legal obligations not to distribute unsafe products.
To bring or defend legal claims.
To effect product recalls, in the unlikely event that they are required.
Our legitimate interest in establishing, exercising or defending legal claims.
To prevent fraud.
Our legitimate interest in preventing loss through fraud.
Six years from the date your account was last used.
The details of any query, correspondence or complaint we receive from you.
To deal with your queries and/or complaints.
Where you have already purchased the relevant product: necessary to perform our contract with you.
Where you have not yet purchased the product: necessary preparatory steps for entering into a contract with you for the products or services that you would like to order.
Without this personal data, we would not be able to respond to your query, correspondence or complaint.
To bring or defend legal claims.
Our legitimate interest in establishing, exercising or defending legal claims.
Six years from the date your account was last used.
The contents of your virtual shopping basket.
To allow you to purchase items on our website.
Necessary preparatory steps for entering into a contract with you for the products or services that you would like to order.
Without this data we would not be able to take your order.
Two hours from last activity on our website.
To retrieve your basket next time you visit, if you are logged in.
Our legitimate interest in increasing ordering convenience for our users.
One year from the date of your last visit (but you can delete the cookie used to retrieve your basket at anytime via your browser settings).
Data relating to items you have saved, for instance the item, size and other product attributes.
To provide our “saved items” functionality to you when you click “save item”.
Necessary for the performance of an implied limited contract with you to save the items you have asked us to.
Without this data we would not be able to offer you this functionality.
Until the end of your website visit, or if you are logged in when you save the item, for 60 days from the date on which you saved it.
Your name and email address.
To email you our “Beauty Secrets” eBook where you have requested it.
Consent.
Immediately, unless we use this data for another purpose.
To send marketing material to you.
Our legitimate interest in marketing our products and services.
Note: we rely on the “soft opt-in” exception under the Privacy and Electronic Communication Regulations 2003.
Until you withdraw your consent, unless we need this for another purpose.
To carry out market research on how our website is used, our user’s views, and what we could do better.
Our legitimate interest in improving our website, products and services.
Data relating to your visits to our website, for instance which pages you visited, how long you spent on them, the dates and times you visited, the searches you have made on our website, and whether you have “abandoned” a shopping cart.
Data which you volunteer to us when creating your account on our website.
Data obtained from a social media account you have linked to your account on our website (we may obtain this data at the time of registration or at a later date).
Your purchase history.
To understand how our customers, or certain categories of customers, use our website.
Our legitimate interest in understanding how our website is used in order to increase user satisfaction and improve its website.
Twenty six months from visit. To understand what products and services are most likely to be of interest to you, in order to tailor the emails you send you.
Our legitimate interest in increasing user satisfaction and sales.
Four years from your visit. Tracking technologies linked to your browsing session, e.g. cookies and tracking pixels.
To display adverts to you on other websites, including social media networks, for products that we think you may be interested in (known as “re-targeting”).
Our legitimate interest in increasing user satisfaction and sales.
90 days from the date that you visit. Demographic information about you.
In order to target you with display advertising based on your demographic information.
Note: we do not have access to this information – the advertising platform, e.g. Facebook, allows us to select demographic criteria for our adverts. We will not however see who fits or is targeted by these demographic criteria.
Our legitimate interest in marketing our products and services to persons most likely to be interested in them.
As set by Facebook. You email address.
To create “look-a-like” audiences on advertising platforms, which share similar interests or demographics to all or a sample of our existing customers.
Our legitimate interest in optimising our marketing activities.
We will only retain your email address for as long as we have a reason to, as set out above. Data collected by our web servers, including your IP address, the type of device you are using and its operating system, the name of your ISP, the page you viewed and when you accessed it and the website from which you came.
To maintain access logs for the purposes of technical troubleshooting and detecting potential security threats.
Our legitimate interest in maintaining and securing our website and systems.
Seven days from when you accessed our website. -
We obtain your personal data in the following ways:
4.1 directly from you, for instance where you signup to our website, purchase something from us, communicate with us, orother wise voluntarily providing personal data to us;
4.2 automatically when you use our website. For instance:
(a) like most websites, we use cookies (which are smaller text files sent between your web browser and our services) to provide or improve certain functionality and, in certain cases where you provide your explicit consent, to track which of our pages you visit (see section 11 below / Cookies).
(b) our web server automatically collects certain information about your use of our website, for instance some key settings on your device, what type of device you are using, the operating system on your device, the website from which you came and your IP address; and
4.3 from commercial organisations for the purposes of fraud prevention, and in some cases for the purposes of assessing whether we can provide you credit.
-
5.1 In general, access to your personal data will be restricted to those who have a need to access it in order to carry out their duties (for example our customer services team).
5.2 However, we will also share your personal data with the following external third parties in some circumstances:
(a) fraud prevention agencies or other third parties that assist us in preventing fraud or other forms of risk;
(b) regulators such as the ICO, and government authorities such as HMRC or the police, if we are required to do so by law or if the regulator or authority requests it and we regard that request as reasonable;
(c) our insurers, legal advisers or other third parties who need access to it in the context of managing, investigating or defending claims or complaints;
(d) in connection with re-organisations, mergers and acquisitions of all or part of our business;
(e) organisations that process your data on our behalf who are not allowed to use your data for any other purpose, for instance our web hosts and the companies we use to pick, pack and deliver your orders;
(f) other companies within our group, for instance where they provide us services; and
(g) where you have consented to do us doing so.
5.3 We also use Google Analytics. See (see section 11.5 below / Cookies) for an explanation of the use of Google Analytics and how your personal information will be used byGoogle.
5.4 Where we share your personal data with our service providers, we have contracts with those service providers setting out how they must handle your personal data, including not to use your personal data other than in accordance with our instructions.
5.5 Where we have been able to full anonymise personal data, we may share that anonymised data with third parties, for instance to report to some of the brands about interest in their products.
-
6.1 In certain limited circumstances, we may export personal data outside of the European Economic Area for processing, and we may use third party service providers who do the same.
6.2 We only do that if there is a good reason to doit and where either:
(a) There are adequate safeguards in place (such as the appropriate contractual arrangements with suppliers, or adequacy decisions, depending on the destination country); or
(b) we are otherwise permitted by data protection law (for instance, where you consent or such transfer is necessary to provide our service to you).
6.3 We use Google Analytics. For further information about where Google will transfer your personal data to, please see (see section 11.5 below / Cookies).
-
7.1 You can opt-out from electronic marketing sent by Beauty and the Boutique by:
(a) by emailing our customer services team at: help@beautyandtheboutique.com
(b) by following the unsubscribe link which we include at the bottom of all electronic marketing emails
-
8.1 Where we process your personal data on the basis of our legitimate interests for direct marketing purposes (relying on the soft opt-in), you always have the right to object to that processing. To object to direct marketing, please follow the instructions for opting-out from electronic marketing immediately above.
8.2 Where we process your personal data on the basis of our legitimate interests, and the processing isn’t direct marketing, you have the right to object to other processing on the basis of our legitimate interests, but we might not have to cease processing where you do so if either:
(a) we are able to demonstrate compelling legitimate grounds for the processing which override your interests; or
(b) where that legitimate interest is the establishment, exercise or defence of legal claims.
To object to legitimate interests processing, please contact us using the details at the top of this notice.
Type of data Reason we process it Legal basis our processing How long we keep it User account data, including your name, address, your email address, a hashed password, your mobile phone number, and your order history.
Some of this data may be obtained from your social media account where you use that account to register on our website.
- To administer your user account, if you create one.
- To fulfil your orders.
- To deal with any queries you have about your order and/or to process returns.
It is necessary for the performance of our contract with you for the product or service that you order.
Failure to provide this data may mean we are unable to fulfil your order, deal with your queries or process your returns (as the case may be).
- To group your previous orders.
- If you create an account, to save your details for future orders, to make things easier for you on your next visit.
- To confirm your identity next time you visit.
Our legitimate interest in (a) linking your orders to better understand what products you are interested in; (b) increasing sales by reducing the amount of data you submit each time you place an order; and (c) ensuring only you are able to access your account.
To recall defective products.
Compliance with our legal obligations not to distribute unsafe products.
To bring or defend legal claims.
To effect product recalls, in the unlikely event that they are required.
Our legitimate interest in establishing, exercising or defending legal claims.
To prevent fraud.
Our legitimate interest in preventing loss through fraud.
Six years from the date your account was last used.
The details of any query, correspondence or complaint we receive from you.
To deal with your queries and/or complaints.
Where you have already purchased the relevant product: necessary to perform our contract with you.
Where you have not yet purchased the product: necessary preparatory steps for entering into a contract with you for the products or services that you would like to order.
Without this personal data, we would not be able to respond to your query, correspondence or complaint.
To bring or defend legal claims.
Our legitimate interest in establishing, exercising or defending legal claims.
Six years from the date your account was last used.
The contents of your virtual shopping basket.
To allow you to purchase items on our website.
Necessary preparatory steps for entering into a contract with you for the products or services that you would like to order.
Without this data we would not be able to take your order.
Two hours from last activity on our website.
To retrieve your basket next time you visit, if you are logged in.
Our legitimate interest in increasing ordering convenience for our users.
One year from the date of your last visit (but you can delete the cookie used to retrieve your basket at anytime via your browser settings).
Data relating to items you have saved, for instance the item, size and other product attributes.
To provide our “saved items” functionality to you when you click “save item”.
Necessary for the performance of an implied limited contract with you to save the items you have asked us to.
Without this data we would not be able to offer you this functionality.
Until the end of your website visit, or if you are logged in when you save the item, for 60 days from the date on which you saved it.
Your name and email address.
To email you our “Beauty Secrets” eBook where you have requested it.
Consent.
Immediately, unless we use this data for another purpose.
To send marketing material to you.
Our legitimate interest in marketing our products and services.
Note: we rely on the “soft opt-in” exception under the Privacy and Electronic Communication Regulations 2003.
Until you withdraw your consent, unless we need this for another purpose.
To carry out market research on how our website is used, our user’s views, and what we could do better.
Our legitimate interest in improving our website, products and services.
Data relating to your visits to our website, for instance which pages you visited, how long you spent on them, the dates and times you visited, the searches you have made on our website, and whether you have “abandoned” a shopping cart.
Data which you volunteer to us when creating your account on our website.
Data obtained from a social media account you have linked to your account on our website (we may obtain this data at the time of registration or at a later date).
Your purchase history.
To understand how our customers, or certain categories of customers, use our website.
Our legitimate interest in understanding how our website is used in order to increase user satisfaction and improve its website.
Twenty six months from visit. To understand what products and services are most likely to be of interest to you, in order to tailor the emails you send you.
Our legitimate interest in increasing user satisfaction and sales.
Four years from your visit. Tracking technologies linked to your browsing session, e.g. cookies and tracking pixels.
To display adverts to you on other websites, including social media networks, for products that we think you may be interested in (known as “re-targeting”).
Our legitimate interest in increasing user satisfaction and sales.
90 days from the date that you visit. Demographic information about you.
In order to target you with display advertising based on your demographic information.
Note: we do not have access to this information – the advertising platform, e.g. Facebook, allows us to select demographic criteria for our adverts. We will not however see who fits or is targeted by these demographic criteria.
Our legitimate interest in marketing our products and services to persons most likely to be interested in them.
As set by Facebook. You email address.
To create “look-a-like” audiences on advertising platforms, which share similar interests or demographics to all or a sample of our existing customers.
Our legitimate interest in optimising our marketing activities.
We will only retain your email address for as long as we have a reason to, as set out above. Data collected by our web servers, including your IP address, the type of device you are using and its operating system, the name of your ISP, the page you viewed and when you accessed it and the website from which you came.
To maintain access logs for the purposes of technical troubleshooting and detecting potential security threats.
Our legitimate interest in maintaining and securing our website and systems.
Seven days from when you accessed our website. -
The law gives you certain rights in respect of the personal data that we hold, which you should be aware of:
9.1 You have the right to obtain your personal data from us except in limited circumstances. If certain criteria are met, we may charge you a fee to respond to such requests;
9.2 You have the right to require us to rectify any inaccurate personal data we hold concerning you;
9.3 Taking into account the purposes of the processing, you may also have the right to have incomplete personal data completed, by means of providing a supplementary statement or otherwise;
9.4 You have the right to require us to erase your personal data on certain limited grounds (including where they are no longer necessary for the purpose for which they were collected or where we rely on consent, which you withdraw, and there is no other legal ground for the processing);
9.5 Where we process personal data either on the basis of consent or contractual necessity, you provided the personal data to us, and we process that personal data by automated means, you have the right to require us to give you your data in a commonly used electronic format;
9.6 You have the right to object to our processing of personal data which we process on the grounds of our legitimate interests, as detailed in the paragraph titled “objecting to our legitimate interest processing” above;
9.7 You have the right to require us to restrict the processing of your personal data on certain grounds, including where:
(a) you contest the accuracy of the personal data and want us to restrict processing of your personal data while we verify its accuracy;
(b) the processing is unlawful, but you request a restriction of the processing rather than erasure;
(c) we (as controller) no longer need the data for the purposes of the processing, but you have told us you require us to retain that personal data for you to establish, exercise or defend legal claims; or
(d) you have objected to us processing your personal data on grounds of legitimate interests and want us to restrict processing of your personal data while we consider your objection.
9.8 If you would like to exercise any of these rights, please contact us using the details set out at the top of this notice.
-
Should you have any complaints or issue with our treatment of your personal data, you may lodge a complaint with the Information Commissioner’s Office (ico.org.uk).
-
11.1 We use cookies when you visit our site. Cookies are small text files placed on your browser, typically made up of text and numbers. Those text and numbers will correspond with a record on our webserver, which can contain information about you or your website visit.
11.2 We may use other technologies that allow us todo similar things where more appropriate to do so. For instance we may use“tracking pixels” which are tiny image files that are used to track your movements across our website.
11.3 There are four main types of cookies – here’s how and why we use them.
(a) site functionality cookies – these cookies allow you to navigate the site and use our features, such as “Add to Bag” and “Save for Later”. These are the only cookies that we will use without your consent on the basis that it is impossible for our website to function properly without site functionality cookies.
(b) site analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and your shopping experience. We will only use these cookies with your consent.
(c) customer preference cookies – when you are browsing or shopping on our website these cookies will remember your preferences (like your language or location), so we can make your shopping experience as seamless as possible, and more personal to you. We will only use these cookies with your consent; and
(d) targeting or advertising cookies – these cookies are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns. We will only use these cookies with your consent.
11.4 For the placing of all non-essential cookies, you can, of course, withdraw your consent at any time by: (a)opting-out by way of our cookie consent banner that appears the first time you visit our website; (b) deleting our cookies; or (c) by managing your browser’s cookie preferences. For guidance on how to manage your preferences please see aboutcookies.org or www.allaboutcookies.org Further information about cookies can be found at ico.org.uk/for-the-public/online/cookies/
11.5 GoogleAnalytics, a tool provided by Google, Inc., to help us to understand how individuals use our Website. Google also does a number of things with your data in its own right. You can read about how Google uses your data here. Google will transfer your data to the United States and possibly other countries. You can learn about that, and how to exercise your rights in respect of those transfers, here. You can manage what Google does with your data at the Google Ad Settings page. Google also offers browser plugins to block Google Analytics, which you can download here.
1.6 Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to take advantage of certain functions of our site, and the complete Beauty And The Boutique user experience that we pride ourselves on providing our customers.