Data Privacy Notice
How We Handle Your Personal Data Your data and privacy are important and we will handle them securely, fairly and legally at all times. Beauty Stable complies fully with the General Data Protection Regulation (GDPR) and below we tell you about what data we collect and how we store and use it.
What Information Do We Collect?
We keep all the data that you give us when you sign up with us or make a purchase. This information is shown in your account and much of it can be changed by you at any time. These are things like your name, address, email, telephone number etc.
We store only the last 4 digits of your credit card so that you can identify which card you use to buy your services. We do NOT keep or even see your CVV security number.
If you call us we may record the call so that we have a record of what has been said. Similarly, we keep a record of all contact with you via email.
What Information We Do Not Collect?
We don't see and therefore do not store or use your credit/debit card security number (CVV).
We do not keep the content of any websites browsed, and we do not keep records of the websites you visit or the times and dates you visited them.
We do not record the content of your calls unless you press the 'call record' button on your phone, use our Call Recording Service, Virtual PA Service or make or receive a call from customer services.
We regularly delete stored voicemails, faxes and text messages.
Where We Keep Your Data - Security
The security of your personal data is a very major concern for us. We have legal obligations to keep it safe and handle it with care and the penalties for not doing so are very high.
We store your personal data securely and it's backed up in two geographically separated locations so that it cannot be lost in the event of a catastrophic failure in our data centres or systems.
How Do We Use Your Information?
The GDPR says that we are allowed to use and share your personal data only where we have a proper reason for doing so.
The permitted Legal Bases for processing are set out in article 6 of the GDPR. At least one of these must apply whenever we process your personal data:
Consent: you have given clear consent for us to process your personal data for a specific purpose (for example, marketing)
Contract: the processing is necessary for a sale we have with you, or because you have asked us to take specific steps before entering into a contract.
Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
Vital interests: the processing is necessary to protect someone's life.
Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
If you require a copy of the information held. You can contact us via firstname.lastname@example.org