PRIVACY – THE SKINCARE FARM TRADING AS: BAZ & CO
Last updated: April 2022
1.1 We are committed to protecting your privacy. This notice is to explain how we may use personal information we collect before, during and after your working relationship with us and applies to you if you are:
i) a user of our website at bazandcoskincare.com
ii) an individual client (including a sole trader or partnership) who (i) has contacted us to purchase our services/ products/ signed up to newsletter / entered our competitions; or (i) who we have contacted about the services/products we offer as a business.
iii) or an employee of a corporate client or group company of a corporate/customer client, who (i) has contacted us to purchase our services/products; or (i) who we have contacted about the services/products we offer as a business.
This notice does not form part of any contract to provide services/products.
The personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.
1.4 In this policy, “we”, “us” and “our” refer to Baz and co Ltd or any group company
We are registered in England and Wales under registration number 13505744 and our registered office is at 2, Television Centre, 101 Wood Ln, London W12 7FR
Our principal place of business is at 2, Television Centre, 101 Wood Ln, London W12 7FR
2. HOW WE USE YOUR PERSONAL DATA
2.1 In this Section 3 we have set out:
(a) the general categories of personal data that we may process.
(b) in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
(c) the purposes for which we may process personal data; and
(d) the legal bases of the processing.
Most commonly, we will use your personal information in the following circumstances:
where we need to perform or take preparatory steps to perform, the contract we have entered/shall enter with you.
where we need to comply with a legal obligation; and
where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. These legitimate interests are to formulate and manage our relationship with you as a potential or actual customer, determine our respective rights and obligations and to properly conduct our business.
We may also use your personal information in the following situations, which are likely to be rare:
where we need to protect your interests (or someone else’s interests); and
where it is needed in the public interest.
There are more limited circumstances where we process personal data pursuant to your consent.
We typically collect personal information about our website users/customers when you create an account on our site at bazandcoskincare.com to start purchasing services/products or to register your interest in our services/products, when you make a query and/or complaint or when you correspond with us by phone, e-mail or in some other way.
We also may collect personal information about our clients/customers through other sources such as our group companies where you have entered a competition with our Commercial partners indirectly sources who we run competitions we will make all efforts to ensure that appropriate legal basis for this processing is obtained before processing.
The situations in which we will process your personal information are listed below together with the purpose or purposes for which we are processing or will process your personal information:
2.2 We may process data about your use of our website and services (“usage data“). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency, and pattern of your service use. The source of the usage data is Google Analytics. This usage data may be processed for the purposes of analysing the use of the website and services to conduct data analytics studies and market research to review and better understand market trends within our industry and markets. The legal basis for this our legitimate interests, namely monitoring and improving our website and services.
2.3 We may process your account data (“account data“). The account data may include your name, address, delivery address, telephone number and email address. The account data may be processed for the purposes of administering any account(s) you have with us and managing our relationship with you including dealing with any support, service or product enquiries made by you. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
2.4 We may process information contained in any enquiry you submit to us regarding goods and/or services (“enquiry data“). The enquiry data may be processed for the purposes of offering, marketing, and selling relevant goods and/or services to you. We will ask for your consent before adding you to our marketing. The legal basis for this processing is performance of a contract between you and us and/or taking steps, at your request, to enter such a contract.
2.5 We would like to send you marketing materials from time to time, this can either via email or via targeted ads on social media by creating Custom Audiences using our email database. This means that your email address will be used to serve our ads to you within your Facebook or Instagram newsfeed.
2.6 We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website (“transaction data“). The transaction data may include your contact details, and any credit/debit card and other payment details you provide so that we can receive payments from you and details of the financial transactions with you. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper business records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter such a contract.
2.7 We may process information (“notification data“). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.
2.8 We may process information relating to competitions that you enter into with us and/or through our website (“competition data“). The competition data may be processed for the purpose of entering you in to the competition and marketing if consent is given.
2.9 We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
2.10 Please do not supply any other person’s personal data to us unless we prompt you to do so.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Automated decision making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making unless we have a lawful basis for doing so and we have notified you.
SPECIAL CATEGORY PERSONAL INFORMATION
You may also provide, or we may collect, store and use the following “special categories” of more sensitive personal information regarding you where there is relevant in relation to your instructions:
information about your race or ethnicity, religious beliefs, sexual orientation, and political opinions.
information about your criminal convictions and offences; and
information about your health, including any medical condition.
“Special categories” of particularly sensitive personal information require differing levels of protection. We need to have different justifications for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
with your explicit written consent.
where it is needed to establish, bring or defend legal claims.
where we need to carry out our legal obligations relating to employment law, social security law or social protection law; and
where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.
Less commonly, we may process this type of information where it is needed to protect your vital interests (or someone else’s vital interests) and you are not capable of giving your consent, or where you have already made the information public.
Whilst we are unlikely to process any of the personal information described above, if we do request any of the above special categories of personal information from you, you are not required to provide such information, but if you do not do so, we may not be able to properly provide our services to clients.
3. PROVIDING YOUR PERSONAL DATA TO OTHERS
3.1 We (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
3.2 We may disclose your personal data to our professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
3.3 We may disclose competition data to 3rd parties as identified in the specific competition’s terms and conditions for marketing purposes, where consent has been gained.
3.4 Financial transactions relating to our website and services are handled by our payment services providers, Stripe. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
3.5 In addition to the specific disclosures of personal data set out in this Section 4, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.
3.6 We may use the following third-party service providers named below to process and store your data:
Stripe – who hold billing information for the purpose of processing payments
4. INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
4.1 In certain cases the disclosure of your personal information to a third party as described in this paragraph 4 may involve your personal information being transferred outside of the United Kingdom. This may be to:
a country in the European Economic Area or that is otherwise considered to have data protection rules that are equivalent to those in the United Kingdom; or
a country which is not considered to have the same standards of protection for personal data as those in the United Kingdom, in which case we will take all steps required by law to ensure sufficient protections are in place to safeguard your personal information, including where appropriate putting in place contractual terms approved by the relevant regulatory authorities.
For more information about the circumstances in which your personal information may be disclosed to third parties and the safeguards we put in place to protect your personal information when we do so, please contact us as described in paragraph 12
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
You should take all reasonable steps to keep your personal information held on out IT systems secure, including choosing a secure password if you have an online account with us and not disclosing your passwords to anybody else.
5. RETAINING AND DELETING PERSONAL DATA
5.1 The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you. However, in some cases personal information may be retained on a long-term basis: for example, personal information that we need to retain for legal purposes will normally be retained in accordance with usual commercial practice and regulatory requirements. Generally, where there is no legal requirement, we retain all physical and electronic records for period of  years after your last contact with us. Exceptions to this rule are:
Information that may be relevant to any discrimination claims may be retained until the limitation period for those types of claims has expired.
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if your contact details. You will be able to update some of the personal information we hold about you through any account you hold with us.
6. AMENDMENTS TO THIS POLICY
6.1 We may update this policy from time to time by publishing a new version on our website.
6.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
6.3 You can also obtain an up-to-date copy of our privacy notice by contacting us as described in paragraph •. Should you object to any alteration, please contact us.
7. YOUR RIGHTS
Under certain circumstances, by law you have the right to:
request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
request the erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to stop processing personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground;
request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
object to the processing of your personal information based on legitimate interests, but not if we have a compelling reason to process it;
object to automated decision making (although this does not currently apply as we do not currently carry out automated decision making); and
request the transfer of your personal information to another party.
Where you have given us your consent to use your personal information in a particular manner i.e. where you have given us consent to receive information about products and services you may be interested in, you have the right to withdraw this consent at any time, which you may do by contacting us as described in paragraph 12. Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please use the contact details in paragraph 12.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
8. ABOUT COOKIES
8.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
8.2 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
8.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Additional information about our Cookies Policy here.
9. MANAGING COOKIES
9.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
10. ENQUIRIES, ISSUES AND COMPLAINTS
In the unlikely event that you have any concerns about how we use your personal information, please contact us as described in paragraph 12.
If you make a complaint about our handling of your personal information, it will be dealt with in accordance with our complaints handling procedure accessible by contacting firstname.lastname@example.org
If we are unable to resolve your complaint, you may make a complaint to the Information Commissioner’s Office. Please see https://ico.org.uk/for-the-public/raising-concerns/ for more information.
If you need to contact us about this notice or any matters relating to the personal information we hold on you, you can do so via our emailing us at email@example.com
We hope that the contents of this privacy notice address any queries that you may have about the personal information we may hold about you and what we may do with it. However, if you do have any further queries, comments, or requests, please contact us as described in paragraph 12 above.
Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.