To ensure that our organisation meets the requirements of the General Data Protection Regulation (GDPR) and other relevant legislation, we have appointed a Data Protection Officer (DPO) who maintains a comprehensive understanding of relevant information security best practices, holding more than five years’ experience implementing and auditing information security controls.
UK Remy Hair Extensions is an Information Commissioners Office (ICO) registered “Data Controller” and receives updates and guidance from the ICO on privacy matters and information security issues.
WHO ARE WE?
UK Remy Hair Extensions LTD (Owner and operator of www.prestigehairextensions.com)
UK Remy Hair Extensions LTD
8 Bridle Way
TYPES OF INFORMATION WE PROCESS
Information about your Account: Account information includes your name and email address and other details such as contact phone number. The source of the account data is you, provided when signing up for an account. Account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is your consent provided when you create an account, or our legitimate interests, namely the proper administration of our website and business.
Information submitted for Publication: This includes data you provide for publication on our website (and/or our social media channels) such as product reviews, blog posts and media contributions including images and videos of our products in use. Please note that any images or videos which demonstrate our products are likely to include you (or your clients) and they should be provided with the consent of any individual pictured or referenced. Publication data may be processed for the purposes of enabling such publications and administering our website and services. The legal basis for processing this data is your consent which is provided on submission of publication data via any of our communication channels, or our legitimate interests, namely the proper administration of our website and business.
Information about Enquiries: This includes data contained in any enquiry you may submit to us regarding products and/or services offered by UK Remy Hair Extensions LTD. This information may be processed for the purposes of offering, marketing or selling relevant products and/or services to you, applicable to the enquiry you have made. The Legal basis for processing this information is your consent which is provided on making an enquiry via any of our communication channels, or our legitimate interests, namely the proper administration of our website and business. Following an enquiry, we will not provide further marketing information without your consent.
Customer Relationship Information: This includes information such as your title, name, employer, role, contact details and any information contained in communications between UK Remy Hair Extensions LTD and you. The source of this information is you. This information may be processed for the purposes of managing our relationships with customers, communicating with customers, keeping records of those communications and promotion of our products or services (specific consent is required for the purposes of marketing correspondence). The legal basis for processing this information is your consent or our legitimate interests, namely the proper management of our customer relationships.
Information about your Orders & Transactions: This includes information about your orders, this may include your contact details and any purchases of products through our website. UK Remy Hair Extensions LTD utilises the payment gateway “Braintree” for all transactions which occur on this website. Braintree is a GDPR compliant service. We do not have visibility, store or process any of your financial information or card details. Order and transaction data may be processed for supplying purchased goods to you via one of our shipping services, and for keeping proper records of transactions. The legal basis for processing this information is the performance of a contract between you and us created when ordering products and services, and our legitimate interests, namely the proper administration of our website and business.
Marketing Information: We may process information that you provide to us for subscribing to our email notifications and/or newsletters. The legal basis for this processing is your consent, provided when signing up to our newsletter or our pre-GDPR re-subscription request e-mail. You may still receive correspondence from us via e-mail in relation to product orders (i.e. Abandoned Cart E-mails & Purchase confirmation e-mails.) but will only receive marketing information if you have provided specific consent.
Correspondence Information: We may process information contained in/or relating to any communication that you send to us. The correspondence data may include the communication content (such as text, images, video, and any metadata associated with communication.) Our website may generate metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is your consent which is provided when you contact us via a communication channel or our legitimate interests, namely the proper administration of our website, business and communications with users.
We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
In addition to the specific purposes for which we may process your personal data set out in this section we may also process your personal data where such processing is necessary for compliance with a legal obligation to which we are subject.
WHO DO WE SHARE THIS INFORMATION WITH?
We may share your personal information with third-party ‘Data Processors’ to enable our business activities and provide you with a secure and effective service. We do this in a transparent manner and will never share more personal information than is required to complete a specific business function.
Currently we use the following third-party services:
- E-Mail Marketing: OmniSend.
- Help Desk & Enquiries Management: Xsellco.
- Payment Gateway: Braintree.
- Tracking and Targeted Advertising Services: Facebook Marketing and Google Analytics/AdWords.
- Shipping Solutions: Royal Mail & Parcel Force
- eCommerce Solutions: Linnworks & Magento 2
- Customer Services: MoneyPenny
HOW DO WE PROTECT YOUR INFORMATION?
- We employ a Data Protection Officer who ensures our organisation is compliant with the requirements of GDPR and relevant privacy/information security legislation.
- Our organisation operates a culture of continuous self-improvement. Our employees are actively encouraged to highlight any security concerns, allowing us to identify areas for improvement and refine our security processes and policies through all levels of the organisation.
- We ensure that all third-party data processors used by our organisation are compliant with the requirements of the GDPR and relevant legislation.
- We ensure that appropriate standards of technology and operational security have been implemented and are regularly reviewed to protect your personal information from loss, misuse, or unauthorised alteration/destruction.
HOW LONG DO WE RETAIN YOUR INFORMATION?
We will retain your personal data on our systems for as long as you continue to use our services or until you withdraw consent for us to do so. Should you wish for us to stop processing and remove this information, a request can be submitted to our DPO via the following E-mail Address: email@example.com. We may also process your personal information for as long as is necessary to comply with our legal obligations.
We will conduct a review of the personal data we hold each year to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing and remove your personal data, although we may retain some personal data in an archived form to be able to comply with future legal obligations e.g. compliance with accounting and tax requirements or in the establishment, exercise or defence of legal claims.
YOUR RIGHTS UNDER THE GDPR
Under the GDPR you have the following rights in relation to your personal information:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
More information on these rights has been published in an ICO guide to GDPR, this can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
In the event that any personal information we hold or process is involved in a data breach, we will inform both you and the ICO within 72 hours of identifying the breach.
Should you wish to exercise any of your rights under the GDPR, our DPO will be happy to discuss this with you and will aim, were possible, to complete actions relating to a request within a 30-day timeframe.
There is no administration fee associated with making requests in relation to your rights under the GDPR, however there are some circumstances (such as frequent repetition of a request) in which we reserve the right to charge a small administration fee, in such cases the basis for doing this will be explained in response to the request.
PRIVACY ENQUIRIES & COMPLAINTS
If you have any questions about how we secure, use and share your data, please do not hesitate to contact our Data Protection Officer using the following e-mail address: firstname.lastname@example.org or alternatively by post at our mailing address.
We are committed to helping you understand how we use your personal data and happy to help you with any enquiries, however should you have any complaint with the way we have handled your data or responded to any request relating to your rights, you are able to raise a complaint directly with the ICO (www.ico.org.uk).
A cookie is a file containing an identifier that is sent by a web server to a web browser and stored. The identifier is sent back to the server each time the browser requests a page from the server.
Cookies may be either persistent cookies or session cookies: a persistent cookie will be stored by a web browser and will remain valid until its expiry date, unless deleted by the user before the expiry date. A session cookie will expire when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Magento 2 utilises a number of cookies which are key to the correct function of our website. These cookies collect information, such as your device type and IP address, providing us with the ability to;
- Remember who you are following log in, so that you do not need to authenticate at each click.
- Monitor the performance of our website.
- Allow you to browse between products without having to return back from the home page at each click.
- remember what is in your shopping cart before you decide to checkout.
- Ensure your data is processed securely.
Magento 2 uses the following first-party cookies;
|Cookie Name||Cookie Description|
|guest-view||Stores the Order ID that guest shoppers use to retrieve their order status.|
|login_redirect||Preserves the destination page the customer was navigating to before being directed to log in.|
|mage-messages||Tracks error messages and other notifications that are shown to the user, such as the cookie consent message, and various error messages, The message is deleted from the cookie after it is shown to the shopper.|
|mage-translation-storage||Stores translated content when requested by the shopper.|
|product_data_storage||Stores configuration for product data related to Recently View/Compared Products|
|recently_compared_product||Stores product IDs of recently compared products.|
|recently_compared_product_previous||Stores product IDs of previously compared products for easy navigation.|
|recently_viewed_product||Stores product IDs of recently viewed products for easy navigation.|
|recently_viewed_product_previous||Stores product IDs of previously viewed products for easy navigation.|
|stf||Records the time messages are sent by the SendFriend module|
|X-Magento_Vary||Configuration setting that improves performance when using Varnish static content caching.|
|amz_auth_err||(Used by Amazon Pay) Value “1’ indicates an authorization error.|
|amz_auth_logout||(Used by Amazon Pay) Value “1” indicates that the user should be logged out.|
|form_key||A security measure that appends a random string to all form submissions to protect the data from Cross-Site Request Forgery (CSRF).|
|mage-cache-sessid||The value of this cookie triggers the cleanup of local cache storage. When the cookie is removed by the backend application, the Admin cleans up local storage, and sets the cookie value to “true.”|
|mage-cache-storage||Local storage of visitor-specific content that enables ecommerce functions.|
|mage-cache-storage-section-invalidation||Forces local storage of specific content sections that should be invalidated.|
|persistent_shopping_cart||Stores the key (ID) of persistent cart to make it possible to restore the cart for an anonymous shopper.|
|private_content_version||Appends a random, unique number and time to pages with customer content to prevent them from being cached on the server.|
|section_data_ids||Stores customer-specific information related to shopper-initiated actions such as display wish list, checkout information, etc.|
|store||Tracks the specific store view / locale selected by the shopper.|
UK Remy Hair Extensions uses Google Analytics to gather information about website use through deployment of third-party cookies. The information gathered relating to our website is used to create reports about the use of our website and is anonymised.
Google Analytics uses the following Cookies;
|Cookie Name||Cookie Description|
|__utmt||Used to throttle request rate.|
|__utmv||Stores visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor-level custom variable. This cookie is updated every time data is sent to Google Analytics.|