1. Our approach to privacy
1.2 We operate estilistas.co.uk, where you can read updates and information about our services, and find instructions on how to use and purchase our services (the "Site"). The Site also includes a members-only area (“Members Area”) which includes information about products available from third-parties.
2. Who is responsible for the use of your personal information
2.1 Estilistas is a trading name of Simon Hamp & Noelia Santana (a Partnership, registered in the UK), which is the controller of the personal information we hold about you in connection with your use of the Site and the Apps. This means that we determine and are responsible for how your personal information is used.
3. Personal information we collect from you when you use the Site, contact us or purchase our products, and how we use it
3.1 We collect personal information that you voluntarily submit directly to us when you use the Site. This can include information you provide to us when you order and pay for a service through our Site, correspond with us by phone, email or otherwise in relation to the Site or our products, submit reviews or subscribe to our mailing lists, newsletters or other forms of marketing communications.
3.2 We will indicate to you where the provision of certain personal information is required in order for us to process your order, respond to your query or otherwise provide you with functionality of the Site. If you choose not to provide such personal information, we may not be able to process your order, provide support or respond to your other requests.
3.3 When you use the Site, the categories of information we collect may include:
a) the type and quantity of products you order;
b) your contact details, such as your name, email address and phone number;
c) your delivery address;
d) your payment details, such as your method of payment and billing address;
e) your preferences as to how we communicate with you and how our Site is displayed; and
f) the content of any queries or requests you submit to us.
We use this information to process any orders you place through our Site, to address your questions and concerns, to contact you and to help us develop new products and services.
3.4 Annex 1 sets out further detail about the categories of personal information we collect about you and how we use that information when you use the Site, as well as the legal basis which we rely on to process the personal information and recipients of that personal information.
4. Information we collect automatically about your use of our Site
4.1 We also automatically collect personal information indirectly about how you access and use the Site and Members Area, and information about the device you use to access the Site or the Apps. For example, we may collect:
a) information about the features you use and the pages you view on the Site;
b) information about your device (such as your IP address, device identifier, device type, model and manufacturer); and
c) information about your usage patterns (such as how often you use the Site and your language settings).
We use this information to provide you with the features and functionality of the Site, to monitor and improve the Site and to develop new products and services.
4.2 Annex 3 sets out further information about the categories of personal information we collect about you automatically and how we use that information. The table also lists the legal basis which we rely on to process the personal information and recipients of that personal information.
4.3 We may link or combine the personal information we collect about you and the information we collect automatically. This allows us to provide you with a personalised experience regardless of how you interact with us.
4.4 We may anonymise and aggregate any of the personal information we collect (so that it does not directly identify you). We may use anonymised information for purposes that include testing our IT systems, research, data analysis, improving the Site and developing new products and features.
5. How long will we store your personal information
5.1 We will usually store the personal information we collect about you for no longer than necessary for the purposes set out in Annex 1, Annex 2 and Annex 3, in accordance with our legal obligations and legitimate business interests.
5.2 We may, however, need to retain your personal information for longer if we are required to do so by law.
6. Recipients of personal information
6.1 In addition to the recipients listed in Annexes 1, 2 and 3, we may also share your personal information with the following (as required in accordance with the uses set out in Annexes 1, 2 and 3):
a) Service providers and advisors: we may share your personal information with third party vendors and other service providers that perform services for us or on our behalf, which may include providing professional services, such as legal and accounting services, mailing, email or chat services, fraud prevention, web hosting, or providing analytic services.
b) Social media: we may use "lookalike" analytics functions, such as "Facebook Lookalike Audiences", to identify new potential customers on the basis that they might share some characteristics with you. If you interact with us through social media, such as if access our Site in response to an advert on a social media platform, we may therefore share your personal information with social media platforms to enable them to identify users similar to you, such as users that have liked the same pages or content as you.
c) Purchasers and third parties in connection with a business transaction: your personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business.
d) Law enforcement, regulators and other parties for legal reasons: we may share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to
(i) comply with the law and the reasonable requests of law enforcement;
(ii) detect and investigate illegal activities and breaches of agreements, including our Terms and Conditions of Use and Terms and Conditions of Sale; and/or
(iii) exercise or protect the rights, property, or personal safety of Estilistas, its users or others.
6.2 Other than as set out above, we may also share statistics and insights developed by us from your personal information. These statistics and insights are derived from anonymised and aggregated information, such that it would not be possible to identify you (directly or indirectly) or even single you out from this information.
7. Marketing and advertising
7.1 From time to time we may contact you with information about our products and services, including sending you marketing messages and asking for your feedback on our products and services.
7.2 Most marketing messages we send will be by email. For some marketing messages, we may use personal information we collect about you to help us determine the most relevant marketing information to share with you.
7.3 We will only send you marketing messages if you have given us your consent to do so. You can update your preferences about the emails you receive from us at a later date, including withdrawing your consent, by clicking on the link at the bottom of our marketing emails.
8. Storing and transferring your personal information
8.1 Security. We implement appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored on secure servers. We will NEVER send you unsolicited emails or contact you by phone requesting your account ID, password, credit or debit card information or national identification numbers.
8.2 International Transfers of your Personal Information. The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in, where we and our third party service providers have operations. If you are located in the UK or European Economic Area ("EEA"), your personal information may be processed outside of the UK or EEA including in the United States.
8.3 In the instance of such a transfer, we ensure that:
a) the personal information is transferred to countries recognised as offering an equivalent level of protection; or
b) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission or UK Information Commissioner.
9. Your rights in respect of your personal information
9.1 In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:
a) Right of access. You have the right to obtain:
i) confirmation of whether, and where, we are processing your personal information;
ii) information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods;
iii) information about the categories of recipients with whom we may share your personal information; and
iv) a copy of the personal information we hold about you.
b) Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
c) Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
d) Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
e) Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
9.2 You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
9.4 You may also review and edit some of the personal information you have submitted to us through the appropriate functionality on our Site.
9.5 Due to the confidential nature of data processing we may ask you to provide proof of identity when exercising the above rights. This can be done by providing a scanned copy of a valid identity document or a signed photocopy of a valid identity document.
9.6 We will seek to respond to any request relating to your rights within one month of receipt of such request.
9.7 Where, given the complexity of the claim or the number of requests received, the above deadline cannot be met, we will inform you of the extended deadline in which we will respond to your request. Such extension may not be more than two months from the date on which we notify you that an extension is required.
9.8 Where we do not follow up on your request, we will inform you within the one month deadline of the grounds on which we have based our decision and of your right to refer a complaint to your national data protection authority.
10. Cookies and similar technologies used on our website
10.2 Traditional cookies are pieces of code that allow for personalisation of our Site experience by saving your information such as user ID and other preferences. A cookie is a small data file that we transfer to your computer's hard disk for record-keeping purposes.
10.3 Cookies and similar technologies help us to provide you with a good experience when you browse our Site and also allows us to monitor and analyse how you use and interact with our Site so that we can continue to improve our Site. It also helps us and our advertising partners to determine products and services that may be of interest to you, in order to serve you targeted advertisements.
10.4 We use the following types of cookies:
a) Strictly necessary cookies. These are cookies that are required for the operation of our Site. They include, for example, cookies that enable you to use a shopping basket or pay for products through our Site.
b) Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us to improve the way our Site works, for example, by ensuring that users are finding what they are looking for easily. We may use third-party analytics tools to help us measure traffic and usage trends for the Site and to understand more about the demographics of our users.
c) Functionality cookies. These are used to recognise you when you return to our Site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
d) Targeting cookies. These cookies record your visit to our Site, the pages you have visited and the links you have followed. We will use this information to make our Site and any advertising displayed on it, and the marketing messages we send to you more relevant to your interests. We may also share this information with third parties who provide a service to us for this purpose.
10.5 Please see Annex 4 for more information about the cookies we use on the Site.
10.6 The cookies we use are designed to help you get the most from our Site but if you do not wish to receive cookies, most browsers allow you to change your cookie settings. Please note that if you choose to refuse all cookies you may not be able to use the full functionality of our Site. These settings will typically be found in the "options" or "preferences" menu of your browser. In order to understand these settings, please use the "Help" option in your browser for more details.
10.7 Please note that deleting or blocking cookies may not be effective for all types of tracking technologies, such as Local Storage Objects (LSOs).
10.8 If you would like to find out more about cookies and other similar technologies, please visit www.allaboutcookies.org or the Network Advertising Initiative's online sources at www.networkadvertising.org.
11. Tracking technologies used in our emails
11.1 Our emails may contain tracking technologies that provide us with information about your interactions with our emails, including identifying if and when you have opened an email that we have sent you, how many times you have read it and whether you have clicked on any links in that email. This helps us measure the effectiveness of our marketing email campaigns, make the emails we send to you more relevant to your interests and to understand if you have opened and read any important administrative emails we might send you.
11.2 Most popular email clients will allow you to block these technologies by disabling certain external images in emails. You can do this through the settings on your email client – these generally give you the option of choosing whether emails will display "remote images", "remote content" or "images" by default.
11.3 Some browsers also give you the option of downloading and installing extensions that block tracking technologies.
12. Interest-based advertising
12.1 We DO NOT participate in interest-based advertising or use any third-party advertising companies to serve you targeted advertisements based on your browsing history and use of the Site.
12.2 Our affiliates and other partners may use interest-based advertising. Please consult their respective privacy policies for more details.
12.3 You may be able to limit the use of identifiers for interest-based advertising on a particular device through the settings on your device by selecting "limit ad tracking" (iOS) or "opt out of interest based ads" (Android). You may also be able to opt-out of some, but not all, interest-based ads served by mobile ad networks by visiting youradchoices.com/appchoices and downloading the mobile AppChoices app.
12.4 To learn more about interest-based advertising and how you may be able to opt-out of some of this advertising, you may wish to visit:
a) the Network Advertising Initiative’s online resources, at www.networkadvertising.org/choices;
b) the DAA’s resources at www.aboutads.info/choices; and/or
c) Your Online Choices at www.youronlinechoices.eu.
12.5 Please note that opting-out of receiving interest-based advertising through the NAI’s and DAA’s or Your Online Choices online resources will only opt you out from receiving interest-based ads on that specific browser or device, but you may still receive interest-based ads on your other devices. You would need to perform the opt-out on each browser or device you use.
12.6 Some of these opt-outs may not be effective unless your browser is set to accept cookies. If you delete cookies, change your browser settings, switch browsers or devices, or use another operating system, you will need to opt-out again.
12.7 Please note that opting out of interest-based advertising does not mean you will no longer see advertising on your device; it means that adverts may no longer be tailored to your interests and therefore less relevant to you.
13. Links to third party sites
13.1 The Site may, from time to time, contain links to and from third party websites, including those of our partner networks, advertisers, partner merchants, news publications, and retailers. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.
14. Our policy towards children
14.1 Our Site is not directed at persons under 18 and we do not knowingly collect personal information from any persons under 18. If you become aware that your child has provided us with personal information, without your consent, then please contact us using the details below so that we can take steps to remove such information and terminate any account your child has created with us.
15. Changes to this policy
16. Notice to you
17. Contacting us
17.2 If we are unable to deal with any issues you raise with us, you also have the right to lodge a complaint with your national data protection authority.
a) If you are in the UK, your local data protection authority is the Information Commissioner’s Office (ICO).
b) If you are in the EU, further information about how to contact your local data protection authority is available at ec.europa.eu/about-edpb/about-edpb/members_en.
17.3 Should you wish to delete your personal data that we store, you can close your Estilistas account by using the in-app account deletion function. Please note that this will delete your account and personal data from our Site immediately and cannot be undone. Alternatively, you can contact us at firstname.lastname@example.org.