What is your Personally Identifiable Information ("PII”) or personal data?
Your Personal data or PII means any information relating to you which can identify you either directly or indirectly. It may include your name, address, email address, phone number, credit debit card number, IP address, location data, purchase history for example ("Personal Data”).
In what ways do we process your Personal Data?
We will only process your Personal Data, in accordance with applicable law, for the following purposes:
- creating and maintaining your profile and user account, if you become our registered user;
- offering and providing our services to you in a personalised way, for example, we may provide suggestions based on your previous searches to enable you to identify suitable products and services. This may also include, where legally permitted, processing data related to your location;
- handling and fulfilling your orders, if you request services from us such as the provision of a report. This may also include processing of information that we receive from third parties, for example, your email address from Facebook should you access the report though logging in via your Facebook account;
- enabling our suppliers and service providers to carry out certain functions on our behalf, including verification, technical, logistical or other functions, as may be required, in order to fulfil your orders and provide the services;
- resolving any disputes, if you wish to dispute any part of our offering, so that we can do things such as further investigate the problem;
- sending you personalised marketing communications, where you have agreed that we may do so, in order to keep you informed of our and our selected partner's products and services, which we consider may be of interest to you;
- serving personalised advertising to your devices; delivering ads based on your interests ascertained from your past searches, visits of subpages and purchases on our websites, and other data obtained through the use of "cookies" placed on your devices. Please see our Cookie Statement ;
- ensuring the security of your account and our business, preventing or detecting fraud or abuses of our website, for example, by requesting verification information in order to reset your account password;
- developing and improving our products and services, for example, by reviewing visits to our website and its various subpages, demand for specific goods and services and User comments;
- legitimate business interests pursued by us as a business, except where such interests are overridden by your interests and fundamental rights. For example, this includes things such as disclosures to our investors or advisors who may help us improve our business and services to you; and
- to comply with a legal obligation, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law;
In what ways may may disclose your Personal Data to third parties?
There are circumstances where we wish to disclose or are compelled to disclose your Personal Data to third parties. This will only take place in accordance with the our legal obligations and for the purposes listed above. These scenarios include disclosure:
- to our outsourced service providers or suppliers to facilitate the provision of our services to you, for example, the disclosure to our data centre provider for the safe keeping of your Personal Data, webhosting provider through which your Personal Data may be collected, identity verification partners in order to verify your identity against public databases;
- to advisors, investors and potential advisors or investors;
- to our affiliate partners who enable us to deliver things like more personalised products for you and cheaper prices for the products you love;
- subject to your consent, to our marketing partners, who may contact you by post, email, telephone, SMS or by other means. If you do not wish to be contacted, you may unsubscribe by clicking here;
- to third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
- to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your Personal Data will be permanently transferred to a successor company;
- to public authorities where we are required by law to do so; and
- to any other third party where you have provided your consent.
Circumstances where we may transfer your Personal Data to a country outside of the United Kingdom
How long will we retain your Personal Data?
Your Personal Data will normally be retained for a period of 3 years following your last use of our services. That way, you don't have to set up your account again if take a long break from using SkinNinja
Where may retain your Personal Data for a longer period where we have a legal obligation to do so or where we have a legitimate and lawful purpose to do so. However, we will not retain any of your Personal Data that is no longer required for the purposes set out in this Policy.
The retention of your Personal Data will be subject to periodic review so we can stay up to date with best practice and make sure we are always behaving reasonably to you.
We may keep an anonymised form of your Personal Data, which will no longer refer to you or identify you, for statistical purposes and improving our services.
Data protection law gives you numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of, you Personal Data. You also have the right to lodge a complaint with the relevant data protection authority if you believe that your Personal Data is not being processed in accordance with applicable data protection law.
Right to make subject access request. You may request copies of your Personal Data. If you would like to make a request for copies of the Personal Data we hold about you, you may do so by writing to us at: email@example.com. Please state that you are making a "Subject Access Request” so we can make sure your request is processed appropriately. You may also be required to submit a proof of your identity.
Right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete Personal Data.
Right to withdraw consent or object to processing of your personal data. You may, as permitted law, withdraw your consent to the processing of your Personal Data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your Personal Data is essential.
Right to erasure. You may request that we erase your Personal Data and we will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping your Personal Data, such as, a legal obligation that we have to comply with.
Your right to lodge a complaint with the supervisory authority.On top of our legal obligations, we try our best to be fair. If you don't think we are doing either, or if you just have a question, we would love to hear from you. Alternatively, you also have the right to contact the relevant supervisory authority with your complaint. To contact the Information Commissioner's Office in the United Kingdom, please visit the ICO websitefor instructions.