Any information you provide to us shall be collected and processed fairly, lawfully and in accordance with the relevant data protection and privacy laws and regulations applicable from time to time, including the Data Protection Act (Chapter 586 of the Laws of Malta) and the Data Protection Regulation (EU) 2016/679 (“GDPR”), as may be amended from time to time.
The Controller of Personal Data
The Data Controller responsible for your personal data is:
The Beauty Store Ltd.
Triq V. Menville, Ibragg,
Swieqi, SWQ 2160
Company registration number C 95564
The personal data acquired by The Beauty Store Ltd. may be shared with D&D International Ltd. with registration number C 95564 with registered address at Triq V. Menville, Ibragg, Swieqi, SWQ 2160. D&D International Ltd. is a related company to The Beauty Store Ltd.
What is Personal Data?
Personal data refers to any information that identifies you and that we may collect, use, share, store and transfer in physical or electronic form.
Legal Basis for Processing Personal Information
We have the following lawful basis to process your personal information:
- To operate the Site and to provide you with our services;
- To monitor and improve the Site and our services;
- To administer your account by creating and managing your account, provide you with customer support and respond to your requests;
- To communicate with you about your account, our services and the Site;
- To comply with our legal and regulatory obligations and to enforce the Terms and Conditions of our Site and services.
- The establishment, exercise or defence of legal claims or proceedings;
- To prevent, detect and fight fraud or other illegal or unauthorised activities;
- To communicate with you by email about products or services that we think may interest you;
- From time to time, we may ask for your consent to use your information for certain specific reasons such as for example, to send you marketing material which we think may be suitable for you, including any relevant promotions and offers. Such marketing communications will only be sent to you if you have consented thereto through an ‘Opt-in’.
Which Personal Data do we collect and how do we use it?
When you register on our Site and create an account, may collect and use any type of Personal Data which is entrusted to us, including the following kinds of personal data:
Identity Identification as, name & surname, title, birthday, residential address, nationality, telephone phone and/or mobile number, photos
We may use Identity Information for the following reasons:
- To fulfil any agreement, we may have with you and to meet our contractual obligations stipulated therein;
- To provide beauty treatments, consultancy and/or beauty advice
- To send you service communication by email, SMS or otherwise, such as order updates
- To reply to any communications that you might send us from time to time;
- To create and manage your account on the Site;
- To comply with our legal and regulatory obligations;
- For statistical analysis purposes;
- For the establishment, exercise and/or defence of legal proceedings or claims;
- For recruitment and employment purposes;
- To record and deal with complaints we may receive;
- For security and identity verification;
- To improve our Site and services by sending you feedback from time to time
- To send periodic communications to keep you informed about the services that we provide you with as well as other updates, security alerts and support messages
Please note that we may use your email address to confirm your opening of an account, to remind you to complete the registration process and to send you other important notices and changes which may occur from time to time. At times, we can also use your email address to confirm or otherwise any changes you may make to your account. Since these emails are not of a marketing nature, you cannot choose to opt out from receiving this type of communication from us.
Financial information such bank account and payment card information
We may use Financial Information for the following reasons:
- To withdraw payments and offer refunds
- For security, fraud prevention and detection
Transactional information that includes details relating to previous items, products or services that you purchased from us and details about payments
We may use Transactional Information for the following reasons:
- To provide items and items and consultancy services that you purchase from us
- To provide customer care and support
- To handle order returns
- To see what products and services you like
Technical information such as Internet Protocol Address, browser type and version, operating system, date/time stamp, browser plug-in types and other technological information relating to the device you use to access our Site;
We may use Technical Information for the following reasons:
- To improve and, keep our Site secure
- To see what products and services you like
Profile information including, name, surname, username, birthday, password, payment details, order history, favourite products, brand preferences and correspondence with us
We may use Profile Information for the following reasons:
- To make suggestions and recommendations to you about products or services that may be of interest to you
- To provide beauty treatments, consultations and/or beauty advice
- To see what products and services you like
Contact History includes records of details that you have provided us with when communicating with us by email, live chats or social media.
We may use Contact History Information for the following reasons:
- To train our staff
- To provide customer service and support
We may use Marketing Information for the following reasons:
- To communicate with you by email, SMS or other means and let you know about our products and services
Please note that where your personal data is used by us, and you have a choice for example to receive direct marketing, you will always be afforded the option of stopping further contact by unsubscribing and controlling these consent options.
Sensitive Personal Data
As part of our consultancy services, we may ask you to provide us with sensitive personal data that relates to your skin and health, including skin allergies and skin conditions and any underlying health issues that you may suffer from. From our end, we warrant that we shall process sensitive personal data lawfully and on a valid legal basis for processing as stipulated above.
Your Rights at Law:
The rights afforded to yourself in connection to your personal data are the following:
- Right of Access: the right to obtain for us confirmation as whether or not personal data concerning you is being processed, and where that is the case, access to the personal data and the additional information as outlined in the regulations. Limitations to this right will only be applicable if provided in terms of law. We will try our best to process your request within 1 month, or 2 months if the request is particularly complex;
- Right to Rectification: the right to request for your personal data to be amended or updated where it is inaccurate or incomplete;
- Right to Erasure (“Right to be Forgotten”): the right to request that we delete your personal data, subject to our legal obligations and, the exercise or defence of any legal claims
- Right to stop direct marketing messages;
- Right to Restrict: the right to request that we stop processing all or some of your personal data;
- Right to Object: the right to object at any time, to object to us processing your personal data on grounds relating to your particular situation and the right to object to your personal data being processed for direct marketing purposes;
- Right to Data Portability: the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service; and
- Right not to be subject to Automated Decision-making: the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect;
- The right to complain to your data protection regulator. In Malta, the data protection regulator is the Information and Data Protection Commissioner.
You will not be requested to pay any fees to access your data unless your request is unfounded, repetitive or excessive.
Retention Period of Personal Data
We will retain data subjects’ personal data for as long as we need it for legitimate business purposes and as permitted by applicable law. We may retain your personal data for longer periods than required by law if it is not prohibited by law and we need it for our legitimate business purposes. We reserve to access your data even if your account is closed for our legitimate business purposes (such as fraud prevention and enhancing the users’ safety and security) or we are required to comply with applicable laws.
Upon your request we will delete or anonymise your personal data so that it no longer identifies you. However, this is limited as there are instances in which we are legally obliged by law to retain your personal data. These may include situations where there is an unresolved issue/claim/dispute relating to yourself where we are legally obliged to keep your personal data for legal and similar obligations for a specified period of time and where it is necessary for our legitimate interests such as fraud and crime prevention.
Disclosure of Personal Data
There may be instances where we have to share your personal data with various categories of persons. We may disclose your personal data our employees who may be assigned to carry out The Beauty Store’s functions to provide you with our services.
Your personal data may also be disclosed to third-party service providers, for example contracted IT consultants who may have access to our information or which may require such data in order to be able to assist us in handling the relationship which we have with you as well as professional consultants and advisers. When we share your personal information with such third parties, we make sure that such parties make use of this data in a manner which ensures safety and security to your personal data.
We may disclose your Personal Data to enforcement/government/legal authorities if we are required to comply with any applicable law, a summons, a warrant, a court or regulatory order, or other statutory requirement. In the case we have reason to suspect any form of illegal usage of our services. We also reserve the right to, on a voluntary ex officio basis, share your Personal data with relevant law enforcement agencies in connection with any investigation of suspected or actual illegal activity.
Your information will not be supplied, sold, rented or traded to others for any reason without your prior consent.
Children Under 18
Our services are restricted to users who are 18 years of age or older. We do not permit users under the age of 18 on our Site and we do not knowingly collect or process personal data from anyone under the age of 18.
We may use your information such as your email address to send you information that we may think it is of interest to you. You will only receive such marketing communications if you have requested such information yourself or purchased items from us, and in each case, you have not opted out from receiving such communications.
You may choose to stop receiving marketing communications from us by contacting us at [email protected] or by clicking on the ‘unsubscribe’ button within the email to stop any communications relating to that specific type of email.
Security of Your Personal Data
Please note that no method of transmission over the internet or method of electronic storage is fully secure. Therefore, please be aware that while we will take all necessary steps to ensure the protection of your data, we cannot provide any guarantee should the security be compromised through no fault of our own.
However, we will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal data by adopting appropriate data collection, storage and processing practices and carry out periodic reviews of same, such as the use of secure servers, use the firewalls and the use of back-up systems.
We may suspend your use of all or part of the Site without notice if we suspect or detect any breach of security. If you believe that your account or information is no longer secure, please contact us at [email protected]
Transfers to Third Countries and Safeguards
We do not usually transfer personal information overseas. However, where the need arises to transfer your personal data outside the European Union, we will ensure that such information is transferred in accordance with appropriate clauses to ensure adequate technical and organisational security measures.
As part of our recruitment process, or in case you send us a Curriculum Vitae in connection to a job application through our Site, we may collect and process such personal data. If your application is unsuccessful, we may keep this information on file for up to one year in case of any future employment opportunities for which you may be suited. We will ask for your consent before we keep your data for this purpose, and you are free to withdraw your consent at any time.
We will only ask for your information that is necessary to fulfil our indicated purpose to process your application or to fulfil any legal or regulatory requirements and your information will only be used to assess your suitability for employment.
Please note that this policy may change from time to time therefore we encourage you to refer to this policy periodically.
Complaints and Concerns
If you have any concerns with regards to our privacy methods and processes, you have the right to contact us at [email protected]
Last Updated: 18th May 2020