Elm Beauty (we, us, our) understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website, elmbeauty.ie (“Our Site“) and will only collect and use personal data in ways that are described here, and in a manner that is consistent with Our obligations and your rights under the law. We are the ‘data controller’ in relation to the personal data that We hold, because We control the storage and use of that personal data.
Please read this Privacy & Cookies Policy carefully and ensure that you understand it. Your acceptance of Our Privacy & Cookies Policy is deemed to occur upon your first use of Our Site. If you do not accept and agree with this Privacy & Cookies Policy, you must stop using Our Site immediately.
1. Definitions and Interpretation
In this Policy, the following terms shall have the following meanings:
||means an account required to access and/or use certain areas and features of Our Site;
||means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via Our Site. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 the General Data Protection Regulation (“GDPR“), the Data Protection Act 2018 (or, in the event that the UK leaves the European Union, all legislation enacted in the UK in respect of the protection of personal data); and
||means Elm Beauty, a limited company registered in Ireland under company number 593366 , having its registered address at Elm Beauty, Church Place, Co. Carlow, R39 CR29.
2. Information About Us
Our Site is Elmbeauty.ie operated by Elm Beauty, a limited company registered in Ireland under company number 593366 , having its registered address at Elm Beauty, Church Place, Co. Carlow, R39 CR29.
3. What Does This Policy Cover?
This Privacy & Cookies Policy applies only to your use of Our Site. Our Site may contain links to other websites. Please note that We have no control over how your data is collected, stored, or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.
4. Your Rights
4.1 As a data subject, you have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:
4.1.1 The right to be informed about Our collection and use of personal data;
4.1.2 The right of access to the personal data We hold about you (see section 13);
4.1.3 The right to rectification if any personal data We hold about you is inaccurate or incomplete (please contact Us using the details in section 15);
4.1.4 The right to withdraw your consent – where We rely on your consent to process your personal data, you have the right to withdraw such consent to further use of your personal data.
4.1.5 The right to be forgotten – i.e. in certain circumstances, you have the right to ask us to delete any personal data We hold about you (We only hold your personal data for a limited time, as explained in section 6 but if you would like us to delete it sooner, please contact Us using the details in section 15);
4.1.6 The right to restrict (i.e. prevent), in certain circumstances, the processing of your personal data;
4.1.7 The right to data portability (in certain circumstances, obtaining a copy of your personal data to re-use with another service or organisation);
4.1.8 The right to object to us using your personal data for particular purposes;
4.1.9 The right to make a complaint to the Information Commissioner’s Office (ICO) – if you believe We have breached data protection laws when using your personal data, you have a right to complain to the ICO. You can also visit the ICO’s website at https://ico.org.uk/ for more information. Please note that lodging a complaint will not affect any other legal rights or remedies that you have; and
4.1.10 Rights with respect to automated decision making and profiling.
4.2 We respect your rights and will always consider and assess them but please be aware that there may be some instances where We cannot comply with a request that you make as the consequence might be that in doing so We could not comply with Our own legal or regulatory requirements. As an example, We may be under obligations to hold records of Our dealings with you for certain periods of time.
4.3 If you have any cause for complaint about Our use of your personal data, please contact us using the details provided in section 15 and We will do Our best to solve the problem for you.
5. What Data Do We Collect and How Do We Collect Your Personal Data
5.1.5 Email address
5.1.7 Telephone number
5.1.8 Transactions you make with Us (whether in-store or via Our Site) which may include financial information such as bank details and bank and credit card numbers
5.1.9 Information such as your IP address and details of your shopping preferences, such as which stores you prefer to shop in
5.1.10 Details of your visits to Our Site
5.1.11 Details of when you contact Us by email, post or telephone. Please note that We may keep a record of that correspondence
5.1.12 Any other information from which We can identify you (or which is available on public registers)
5.1.13 Information collected when dealing with any complaints you may have
5.2 We may collect your personal data through some of the following ways:
5.2.1 When you register or use Elmbeauty.ie
5.2.2 When you are registered on the CRM system
5.2.3 When you contact us by telephone, email or post or through other written and verbal communications
5.2.4 When you enter any prize draws or competitions run by Us
5.2.5 When completing any for forms for transactional purposes
5.2.6 From publically available sources such as internet search engines and social media sites
6. How Do We Use Your Data?
6.1 All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with Our obligations and safeguard your rights under the GDPR. For more details on security see section 7, below.
6.2 We will treat all your personal data as private and confidential.
6.3 Our use of your personal data will always have a lawful basis, either because it is necessary for Our performance of a contract with you, because you have consented to Our use of your personal data (e.g. by subscribing to emails), or because it is in Our legitimate interests. Specifically, We may use your data to enable us to:
6.3.1 Process any orders that you make via Our Site or in-store.
6.3.2 Process payments and prevent fraudulent transactions.
6.3.3 With your consent, retain your personal data, preferences and details of your transactions in order to keep you informed by email, post, mobile messaging, telephone and through other digital means including social media platforms, about products and services (including special offers, discounts, promotions, events, competitions and so on) offered by Us, as well as recommending those which We feel will be of particular interest to you.
6.3.4 Register you on Our Site or via one of Our in-store services and where this involves setting you up with an account, We will use your personal data to maintain and update your account (e.g. such as a change of address or change in your marketing preferences).
6.3.5 Improve the content and appearance of Our Site, to ensure that the content is presented in the most effective manner for you.
6.3.6 Administer any prize draws or competitions run by Us. Please refer to the specific terms and conditions for each prize draw or competition.
6.3.7 Carry out assessment and analysis (for example market, customer and product analysis) to enable us to review, develop and improve the products or services which We offer.
6.3.8 Comply with Our legal or regulatory obligations.
6.3.9 For business purposes and activities including maintaining business records, file keeping, strategic business planning and management information.
6.3.10 Respond to any enquiries you have submitted.
6.3.11 Enforce or apply Our terms and conditions and other agreements; or to protect the rights, property, of safety of Us, Our customers or others.
6.4 With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email, telephone, text message or post with information, news and offers on Our products or services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the applicable data protection laws.
7. Where Do We Store Your Data?
7.1 We only keep your personal data for as long as We need to in order to use it for the reason(s) for which it was first collected as described above in section 6, and/or for as long as We have your permission to keep it. If you would like further information regarding the periods for which your personal data will be stored, please contact us using the details set out in section 15.
7.2 Your data will only be stored within the European Economic Area (the “EEA“) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein).
8. Do We Share Your Data?
8.1 We may sometimes contract with third parties to supply products and services to you on Our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising, and marketing. In some cases, these third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the applicable data protection laws.
8.2 We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.
8.3 We may exchange information with other companies and organisations for the purpose of fraud protection and credit risk protection.
8.4 We may disclose information to selected third parties who are engaged to help us run, manage and improve the quality of products and services that We offer, as well as for marketing and fraud and credit checking purposes.
8.5 In certain circumstances, We may be legally required to share certain data held by us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal or regulatory requirements, a court order, or a governmental authority.
9. What is Our Approach to Sending your Personal Data Overseas?
9.1 There may be some instances where your personal data is transferred to countries outside of the EEA such as when We transfer information to third party suppliers who are based outside the EEA or when third parties who act on Our behalf transfer your personal data to countries outside the EEA. Where such a transfer takes place, We will take the appropriate safeguarding measures to ensure that your personal data is adequately protected. We will do so in a number of ways including:
- entering into data transfer contracts and using specific contractual provisions that has been approved by European data protection authorities otherwise known as the “standard contractual clauses”;
- transferring personal data only to companies in the United States who are certified under the “Privacy Shield”. The Privacy Shield is a scheme whereby companies certify that they provide an adequate level of data protection. You can find out more about the Privacy Shield at https://www.privacyshieldgov/; or
- we will only transfer personal data to companies in non-EEA countries who have been deemed by European data protection authorities to have adequate levels of data protection for the protection of personal data.
9.2 We are also entitled under European data protection laws to transfer your personal data to countries outside the EEA where it is necessary for the performance of the contract We have with you.
9.3 Depending on Our relationship and your particular circumstances, We might transfer personal data anywhere in the world.
9.4 If you would like further information regarding Our data transfers and the steps We take to safeguard your personal data, please contact us using the details set out in section 15.
10. What Happens If Our Business Changes Hands?
10.1 We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business. Any personal data that you have provided will, where it is relevant to any part of Our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy & Cookies Policy, be permitted to use that data only for the same purposes for which it was originally collected by us.
10.2 In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted, you will be given the choice to have your data deleted or withheld from the new owner or controller.
11. How Can You Control Your Data?
11.1 In addition to your rights under the GDPR, set out in section 4, when you submit personal data via Our Site, you may be given options to restrict Our use of your data. In particular, We aim to give you strong controls on Our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in Our emails and at the point of providing your details and by managing your Account).
11.2 You may also wish to sign up to one or more of the preference services operating in Ireland: The Telephone Preference Service, the Corporate Telephone Preference Service, and the Mailing Preference Service. These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.
11.3 If at any point you no longer wish us to hold your personal data or you do not wish to receive information from us then there are a number of ways you can unsubscribe. These are as follows:
You can click onto the “unsubscribe” link in any communication that We send to you by email which will automatically unsubscribe you from that type of communication. Each “unsubscribe” link only relates to that specific type of communication (e.g. marketing communications or survey communications). This means that unsubscribing from marketing communications will not automatically unsubscribe you from Our survey communications (or vice versa).
Alternatively, you can contact us by email at email@example.com.
11.4 Our preference options are as follows:
“From time to time, we’d like to send you our latest catalogues, promotions and exclusive offers. If you would like to receive these updates, then please click this box ͏. . You can opt out at any time.”
12. How do we protect your information?
We use a range of organisational and technical security measures to protect your personal data, including the use of encryption and access controls, which We review regularly. We also ensure that Our employees receive appropriate data protection training.
13. How Can You Access Your Data?
You have the right to ask for a copy of any of your personal data held by us (where such data is held). We will provide any and all information in response to your request free of charge (except in certain circumstances). Please contact Us using the contact details below in section 15.
What are cookies?
14.1 A cookie, also known as a browser cookie, is a small text file which may be downloaded to your computer or device when you visit a website or use an app.
14.2 Different types of cookies are used to do different things. These include letting you navigate between different pages on a website efficiently, remembering preference you have given and helping us identify ways to improve your overall site experience. Others are used to provide you with advertising which is more tailored to your interests, or to measure the number of site visits and the most popular pages users visit. This policy sets out the types of cookies that We use and what We use them for.
Are there different types of cookies?
14.3 Yes, there are different types of cookies. Cookies are divided into “first party” and “third party” cookies, and “session” and “persistent” cookies.
“First party” and “third party” cookies
14.3.1 Cookies can be set and controlled by the operator of a website such as Us for this website (known as a ‘first party cookie’) or a third party such as Facebook, for example to display advertisements and social sharing features (known as a ‘third party cookie’).
“Session cookies” and “persistent cookies”
14.3.2 Cookies can also be divided into “session cookies” and “persistent cookies”:
(a) Session cookies
Session cookies are stored in your computer or device’s memory during your browsing session and are automatically deleted from your computer when you leave a website. These cookies usually store a session ID, allowing you to move from page to page without having to log-in repeatedly. They are widely used by commercial websites; for example to keep track of items that a consumer has added to a shopping basket. Session cookies do not collect any information from your computer or device and they expire at the end of your browser session.
(b) Persistent cookies
Third party suppliers
14.6 We work with third-party suppliers who place cookies on your device and report on “web analytics” information. Where such information is made available to us, We have listed these cookies below.
14.7 In addition, We engage third party advertisers and advertising networks to place targeted advertisement cookies. This means that data collected through these cookies will be shared with such parties in order that they can select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to Our advertisers, but We may provide them with aggregate information about Our users to assist them in performing this service. We may also use such aggregate information to help advertisers reach the kind of audience they want to target.
14.8 Please note that although the use of data by Us is covered by this policy, in addition the use of third party cookies is covered by third party cookie policies, which We have referred to in the following tables; alternatively they are available on the relevant company’s website.
14.9 Most web browsers automatically accept cookies and your use of Our Site constitutes your consent to this website setting cookies on your computer or other device.
Learn more about cookies
14.11 To find out more about cookies in general visit aboutcookies.org or allaboutcookies.org (which is run by IBA Europe).
14.12 A guide to behavioural advertising and online privacy has been produced by the internet advertising industry which can be found at www.youronlinechoices.eu. The guide contains an explanation of the Internet Advertising Bureau’s self-regulatory scheme to allow you greater control of the advertising you see.
15. Contacting Us
If you have any questions about Our Site or this Privacy & Cookies Policy, please contact us by email at firstname.lastname@example.org Please ensure that your query is clear, particularly if it is a request for information about the data We hold about you (as under section 12, above).
16. Changes to Our Privacy & Cookies Policy
We may change this Privacy & Cookies Policy from time to time (for example, as the result of changes to law, technologies, or other developments). We will provide you with the most up-to-date notice and you can check Our Site www.elmbeauty.ie periodically