Privacy Policy
Introduction – Our Commitment to You
Privacy and protection of your personal data is important to us and we are committed to ensure you are fully informed about your rights and how we use your data. Our Privacy Notice will tell you how we collect and use your data to improve your experience with us. We’ll make sure we collect and store your data securely and only retain it for as long as we need to. You will always be in control of the way we use your data and communicate with you, and should you wish to make a change you will easily be able to do so in store, via your online account or by emailing us at info@lushsalonsupplies.co.uk
Who we are
For the purposes of the General Data Protection Regulation (GDPR), the data controller is Lush Salon Supplies (which we refer to as ‘LUSH’ in this Notice), a private company limited by shares and which trades as Lush Salon Supplies in the United Kingdom.
For simplicity throughout this Notice, ‘we’ and ‘us’ means Lush and its brands Information we collect, why we collect, and the benefit to you. There are a number of different permitted basis which allows a company to collect and process your personal data, including:
- Consent – In specific situations, we can collect and process your data with your consent. For example, if you opt to receive marketing information from us via email/SMS
- Contractual obligations – In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you order an item from us for home delivery, we’ll collect your address details to deliver your purchase, and pass them to our third party courier.
- Legal compliance – We may need to collect and process your data if we have a legal obligation. For example, we can pass on details of people involved in fraud or other criminal activity affecting Lush to law enforcement authorities or to external advisers.
- Legitimate interest – In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, when you shop online with us, we monitor your shopping preferences so when you return to our site we can identify you and offer you suggestions based on your browsing history.
We collect information from and about you at various times and in different ways to help us provide you with the best possible service based on our overall understanding of you, as well as to meet our obligations under the law. We use your data to:
- manage your account with us and provide you with products and services you want
- communicate with you and manage our relationship with you
- personalise and improve your experience
- inform you of latest trends, products, services and promotions that you may like
- improve our services, fulfil our administrative purposes, comply with our legal obligations and protect our business
Sharing your data, why we need to share, and the benefit to our customers
We use a number of partners to help us provide the best possible service, understand what’s important to our customers, and improve what we sell. We sometimes need to share your data in order to achieve this, but we choose our partners carefully, and seek the maximum protection possible to keep your data as safe as possible. We also insist that their data is not shared with anyone else. If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the partners we may share your data with are:
- IT companies who support our website and other business systems and processes.
- Operational companies who help us fulfil our obligations to you.
For example, delivery companies, debt recovery agencies, training providers, document storage companies, fraud prevention agencies, credit reference agencies.
- Direct marketing companies who help us manage our communications with you.
- Google/Facebook to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites.
- Analytics/Data insight companies.
For example, to manage your data and ensure it is kept up to date; to help us better understand what you like or are interested in so we can send you personalised advertisements; to understand how you use our websites; to obtain feedback on your experience; to understand if you liked our promotions.
- Legal and enforcement bodies where we have a legal obligation or when it is necessary to protect us both.
- Our external professional advisers and insurers.
- In the event that LUSH is involved in the transfer of any division or the whole business as a going concern to new owners, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.
Where your personal data may be processed
Sometimes we will need to share your personal data with third parties outside the European Economic Area (EEA).
The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway.
We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA such as Australia or the USA. For example, this might be required in order to provide support services.
If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. For example, our contracts with third parties will state the standards they must follow at all times. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice and applicable data protection laws.
How long we keep your personal information
We will only keep your personal information for so long as it is necessary for the purpose for which is was collected and for us to fulfil our contractual and legal obligations. We maintain retention records of how long information containing personal data will be retained for.
At the end of the respective retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of customer data retention periods:
- Orders – When you place an order, we may keep the personal data you give us for at least six years so we can comply with our legal and contractual obligations.
- Inactive accounts – If you’ve not used your account or interacted with us for more than three years, your account will be flagged as inactive will be closed and we will delete or anonymise the personal data associated with it.
- CCTV – CCTV images are automatically deleted after 30 days.
Cookie policy
Cookies are tiny text files stored on your computer when you visit certain some pages, or perform certain online actions. Our websites use cookies to distinguish you from other users of our websites, and maintain settings and actions that might be important to you – for instance we use a cookie to remember a product you’ve put in your basket to keep it there for the next time you visit. Cookies help us to provide you with a good experience when you browse our sites.
We use cookies to perform banner advertising on other websites, with ads that present you with products we think may be of interest.
For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.
Your rights
You have certain rights to control your information and the manner in which we process it. This includes:
- A right to request us to correct inaccurate information, or update incomplete information;
Please refer to Updating Your Details section below as to how to do this. - A right to withdraw your consent where you have given us your consent to process your data;
- A right to object to our use of your information (where we rely on our legitimate interests to use your personal information) provided we do not have any continuing lawful reason to continue to use and process your information. When we do rely on our legitimate interests to use your personal information for direct marketing, we will always comply with your right to object;
- A right to object to us processing your information for direct marketing purposes, including profiling you for the purposes of direct marketing;
- You can withdraw any consent that you have previously given to us or to change your preferences on any automatic benefits that we action – e.g. everyone is automatically eligible to receive our trade flyer in the post which is sent monthly and contains the forthcoming month’s promotions – however if you no longer wish to receive this information please see the ‘Updating Your Details’ section below on how to opt out. Please note that if you chose to withdraw your consent for personalisation, due to our system constrains, this will stop all marketing communications we send to you.
- A right to ask that your information is erased (or restricted), provided we do not have any continuing lawful reason to continue to use and process your information;
- A right to get access to your personal information
- The Right to request that your information is transferred to another controller in a structured data file (in a commonly used and machine readable format)
To make such a request please write to, Lush Salon Supplies – Stafford Ltd, 20 Greyfriars, Stafford, ST16 2SA or email info@lushsalonsupplies.co.uk. If we choose not to action your request we will explain to you the reasons for our refusal. To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice, and, where applicable, further information to help us search for your personal information, where a specific request is received. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to make the request.
We will respond to your request within 1 month of us verifying your identity.
You can exercise the above rights and/or manage your information as detailed in the Updating Your Details section.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
You can learn more about your rights specific to Lush by reading this Privacy Notice or for more general advice, you can refer to here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
Contact
Our Privacy Notice is intended to be helpful to you in explaining why and how we collect and use your personal data and in providing you with information about your rights to control your information. Email us on info@lushsalonsupplies.co.uk. • Call us on: 01785 331330 Or write to us at: Lush Salon Supplies – Stafford Ltd, 20 Greyfriars, Stafford, ST16 2SA
If, however, we have been unable to address your concerns or you are unhappy with the way in which we have handled your personal information, you have the right to lodge a complaint with the Information Commissioner’s Office.
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Call: 0303 123 1113 Email: casework@ico.org.uk
Updating your details
If any of your personal information changes, you can update your personal details at any time by logging into your online account page and updating the My Details page. Alternatively, you can call us on 01785 331330 or visit your local store who will be happy to help. You can also email us at info@lushsalonsupplies.co.uk with details of the changes required.
Marketing communications
When you sign up for a Trade Card, you can decide how you would like to be contacted with marketing communications. You can easily manage your marketing preferences including opting out from receiving marketing communications at any time by logging into your online account page and going to the My Communication Preferences page.
Alternatively, you can call us on 01785 331330 or visit your local store who will be happy to help update your communication preferences. You can also email us at info@lushsalonsupplies.co.uk with details of the changes required.
Changes to our Privacy Notice
We may make changes to this Privacy Notice in the future. We will publish any changes on our website and where appropriate, we will notify you by email.