Privacy Policy
Data controller
Data controller |
GDC Beauty Group UK Ltd |
CRN |
GB 584 3218 32 |
Address |
Gladstone House, 77-79 High Street, Egham, Surrey, TW20 9HY
|
|
customerserviceuk@gdcbeautygroup.com |
Phone number |
0044 1784 259988 |
The companies within the GDC BEAUTY GROUP, which include GERMAINE DE CAPUCCINI S.A.U and GDC BEAUTY GROUP UK Ltd, are committed to respecting the privacy of users and the confidentiality and security of personal data, in line with applicable data protection regulations.
Your privacy and the security of your data are our foremost priorities, and this commitment is reflected in the Privacy Policy we consistently uphold to ensure that:
1. You are always aware of the data we collect or process about you and the reasons for doing so.
2. You have control over how we use your data and can readily contact us to exercise your rights regarding the information we hold, its usage and its retention period.
3. You can rest assured that we have implemented robust security measures to ensure the confidentiality of your data and to prevent their loss, alteration or misuse.
Following these principles, you will find the sections of our Privacy Policy below, where we provide all the necessary information for you to maintain control over your data at all times.
2.- What personal data do we process?
All information collected by GDC BEAUTY GROUP UK Ltd is processed in a fair, lawful and transparent manner.
Additionally, the data requested in each processing activity are strictly the minimum necessary to fulfil the informed and intended purpose of each specific case.
This ensures that your data are adequate, relevant and not excessive relative to the purposes for which they are processed. Moreover, your personal data are collected for specific, explicit and legitimate purposes and will not be processed further in a way that is incompatible with these purposes. The data will also be updated as necessary.
Within the various processing activities conducted by the organisation, we collect the following types of data:
- Identification information.
- Commercial information.
- Transactions of goods and services.
- Economic and financial data.
3.- Where do the personal data come from?
Typically, personal data are collected directly from the individuals themselves. However, in certain cases, data may be obtained through third parties, other entities or services that are not directly related to the data subject.
We ensure that this process is communicated to data subjects through the informational clauses found in our various data collection methods, either within a reasonable timeframe or during the initial communication with the data subject.
4.- For what purpose do we process personal data?
At GDC BEAUTY GROUP UK Ltd, personal data are processed for the following purposes:
- Newsletter*: Distributing information via the provided channels about updates, news, products and services related to our company or industry.
- Online Store*: Managing user registrations, processing orders/purchases and providing services.
- Live Chat: Offering immediate responses to queries from interested parties.
*These processes involve creating profiles of our website users to make automated decisions based on the logic outlined in our privacy policy.
5.- How is profile creation conducted?
GDC BEAUTY GROUP UK Ltd may develop a commercial profile based on the information you provide and your interactions with the content we offer, with the aim of sending you personalised information about our products or services, including through electronic means. The lawful basis for this profiling is GDC BEAUTY GROUP UK Ltd’s legitimate interest in understanding the preferences of individuals to deliver tailored information and content that aligns with their interests and activities. No automated decisions will be made solely on the basis of this profile. Users can object to the profiling of their information at any time via the designated channel.
Subscription to our Newsletters: We process your identification and contact data to send you personalised information about our products, promotions, offers, as well as products and offers from our partners. To accomplish this, we create a user profile that helps us customise the information we send, ensuring it matches your tastes and preferences based on your browsing habits, purchase history or even information collected through cookies and similar technologies (for more information on cookie usage, please see our Cookie Policy).
Other marketing and advertising purposes: We use your data to recommend products or offers based on the profile we create from your purchase history, the products you browse on our platforms or the items left in your basket when you do not finalise a purchase. These recommendations may be communicated to you through push notifications, banners or emails regarding abandoned items in your basket. Furthermore, we process your data to show you advertising on other websites, apps or social networks that you frequently use. This advertising typically relies on a profile created from your past purchases, your shopping history or your preferences.
5.- What is the legal basis for processing data?
Typically, the legal basis for processing personal data as described above is the consent of the data subject. This consent is expressed through a declaration or a clear affirmative action, such as ticking a checkbox specifically provided for that purpose, voluntarily subscribing or submitting data via forms. This consent can be withdrawn at any time by contacting the company through its designated communication channels. Generally, we will request your consent for any uses other than those for which you originally provided it.
Specifically, for the processing activities listed below, the following legal bases are applied:
Online Store, Newsletter, Live Chat: Consent: By directly accessing our website and completing forms or sending us data through the specified electronic contact methods, you are agreeing to this Privacy Policy. Thus, we base the processing of your data on your consent. Additionally, we assure you that we will use personal information solely in accordance with this Privacy Policy and, generally, we will seek your consent for any purposes other than those for which it was initially given. Please note that you can withdraw your consent at any time; simply contact us using the methods outlined in this Privacy Policy. To address requests, the data subject must provide the minimum information required. If this is not provided, we cannot process the requests.
6.- For how long do we process personal data?
In general, personal data are processed for as long as necessary to fulfil the purpose for which they were collected, as long as the service provision or contractual relationship is maintained, there is a mutual interest and/or as long as is required by applicable regulations.
7.- Whom do we share personal data with?
To achieve the purposes outlined above, personal data may be shared with:
- Companies within the GdC Beauty Group, including GERMAINE DE CAPUCCINI S.A.U.
- Beauty centres participating in the Club Germaine programme.
- Service providers who act as data processors on our behalf.
7.- Are international data transfers conducted?
We also inform you of data transfers outside the European Economic Area to the European Union and the United States, based on the existence of adequate safeguards compliant with the GDPR. These safeguards are available upon explicit request at legal@gdcbeautygroupuk.com.
Specifically, the following safeguards have been established:
Platform |
International data transfer |
Guarantee |
Klaviyo |
Servers in the United Kingdom and the USA |
Klaviyo adheres to the EU-US Data Privacy Shield Framework principles concerning the processing of personal data received from the European Union. |
Yotpo |
Servers in the United Kingdom |
Declared to have an adequate level of protection by the European Commission. |
9.- What rights can you exercise?
Under European regulations, you have the following rights:
- Access: The right to inquire with the data controller whether your personal data are being processed.
- Rectification: The right to have inaccurate or incomplete data corrected.
- Objection: The right to object to the processing of your personal data or request its cessation.
- Automated individual decisions: The right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects on you or affects you in a similarly significant way.
- Restriction: The right to pause the processing of your personal data under certain circumstances.
- Erasure or to be forgotten: The right to request the deletion of your personal data.
- Portability: The right to have your personal data transferred to another controller in a structured, commonly used and machine-readable format.
- Right to file a complaint with a supervisory authority if you believe the processing does not comply with the regulations.
You can exercise these rights through the following means:
- Send an email to legal@gdcbeautygroupuk.com with documentation verifying your identity (copy of the front of your National Identity Document or equivalent).
- Send correspondence to Gladstone House, 77-79 High Street, Egham, Surrey, TW20 9HY with documentation verifying your identity (copy of the front of your National Identity Document or equivalent).
- Additionally, you may seek assistance from “The Information Commissioner’s Office” (ICO) (https://ico.org.uk/).
We will address your request as quickly as possible, within the time frames established by data protection legislation.
9.- What could be the consequences of not providing the required information?
Data requested in fields marked with an asterisk or identified as mandatory, or provided in the formats where information is requested, are essential for the purposes for which they are collected, such as providing optimal service to the individual, fulfilling a legal obligation imposed on the data controller or as a necessary requirement to enter into a contract. Inclusion of data in other fields is voluntary.
If all required data are not provided, we cannot guarantee that the information and services will be completely tailored to your needs.
As a result, if the necessary data are not provided, or are provided incorrectly or incompletely, it will not be possible to process your request. This may prevent the provision of requested information or the delivery of services.
Furthermore, users must ensure that the information submitted on any forms is truthful, accurate and pertains to their own data.
Our platform services are not intended for minors. Registration is permitted only for individuals over 18 years old. Non-compliance will result in any liabilities from the use of our platforms being the responsibility of the parents or guardians of the minor.
9.- What security measures do we have in place?
The security measures implemented by GDC BEAUTY GROUP UK Ltd comply with the requirements set out in Article 32 of the GDPR.
Taking into account the state of the art, implementation costs, the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of individuals, we have established appropriate technical and organisational measures to ensure a level of security suitable for the risk.
GDC BEAUTY GROUP UK Ltd has implemented sufficient mechanisms to:
• Ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services.
• Restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
• Regularly test, assess and evaluate the effectiveness of the technical and organisational measures taken to ensure processing security.
• Enable data and communication encryption.
Changes to this privacy policy
This Privacy Policy may occasionally be updated to reflect changes in current legislation, updates to our procedures for collecting and using personal information, the introduction of new services or the discontinuation of existing ones. These changes will be effective upon their publication on the website, so it is important that you regularly review this Privacy Policy to stay informed about any updates.