Make Me Feel (“We”) are committed to protecting and respecting your privacy. For the purposes of the relevant data protection legislation, the “controller” is Make Me Feel Ltd, 25 Abbeville road. SW4 9LA London. We can be contacted at email@example.com or 0208 675 1207. Marine Vincent will be the Data Protection Officer.
TYPES OF PERSONAL DATA WE COLLECT
We may collect, use, store and transfer different kinds of personal data about you, as follows:
- Name, address, email address, telephone number
- Sometimes for Prescription pick up service we have access to your prescription, your date of birth and your NHS number
The minimum information that we need from you so that you can receive your electronic receipts, collect loyalty points, receive our monthly newsletter, receive notification of a special order and get the best service we can is having your name and an email address and telephone number. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
WHEN DO WE COLLECT INFORMATION
You may give us your name, email address, telephone number by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you subscribe to our newsletter, purchase on our website or at the shop or book an appointment
We may receive personal data about you from various third parties [and public sources] as set out below:
- When you book a consultation via Treatwell or Findoc we will have access to your details necessary for your appointment.
- When you purchase on NearSt, we will also have access to your name and address.
- We can also get some details on our twitter, Instagram and Facebook account
WHY DO WE COLLECT INFORMATION
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances, and on the following lawful bases:
- Where we need to perform the contract (sell on our website or in the shop) we are about to enter into or have entered into with you, we will need to process name and email address and sometilmes mailing address.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, we will need to process to inform you about events or if we need to communicate with you for a specific reason (special order arrive, problem to be discussed, appointment to be moved , …)
- Where we need to comply with a legal or regulatory obligation.
We also use your personal data in the following ways: [INSERT DETAILS OF TYPE OF DATA USED, PURPOSE FOR WHICH IT IS USED, AND LEGAL BASIS ON WHICH IT IS PROCESSED E.G. CONSENT/LEGITIMATE INTERESTS]
- SENDING OUR MONTHLY NEWSLETTER OR SPECIAL PROMOTION AFTER AUTHORISATION (VIA MAILCHIMP)
- SENDING 24H REMINDER FOR APPOINTMENT
- FOR PERFORMING PRIZE DRAW
WHEN WILL WE SHARE YOUR PERSONAL DATA?
We do not share your personal data with any third parties for marketing purposes. We shall however, share your personal data with third parties for the following reasons:
- Consultant whom you have been referred to
- Findoc and Treatwell for booking your appointments
- Streatham Pharmacy who is the provider of the medication
We reserve the right to disclose or share your personal data in order to comply with any legal requirements, enforce our terms and conditions, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business and other customers. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
WHERE WILL WE STORE YOUR PERSONAL DATA?
The data are stored in different third party websites :
- Findoc for medical appointments (Data are Encrypted and website is GDPR compliant)
- Treatwell for beauty appointments (Data are Encrypted and website is GDPR compliant)
- EPOSNOW system (referred as the till) : password changed regularly
- Shopify: password changed regularly
- NearSt : password changed regularly
- Mailchimp : password changed regularly
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
HOW LONG WILL WE KEEP HOLD OF YOUR PERSONAL DATA
How long we store your personal information depends upon the type of information we are holding and the purpose for which we need it
We shall keep your data for the period of time you hold an account with us, to enable us to contact you, keep a record of your past orders and supply you with any new orders. We shall not keep your personal information for any longer than necessary to fulfil our obligations to you or to meet our legitimate business interests or legal requirements. Usually our general Data retention period is 7 years.
Where you have given us your permission to contact you for marketing purposes, we shall contact you every year from the date on which you originally gave your permission to ensure that you still wish to be contacted in this way.
Under certain circumstances, you have the following rights:
- to request that we provide you with a copy of the information we hold about you (“Access Request”);
- to request that we rectify any information we hold about you (“Right to Rectification”);
- to request that we erase any information we hold about you (“Right to be Forgotten”);
- to restrict the level of processing we carry out with your information (“Restriction of Processing”);
- to obtain from us all personal data we hold about you in a structured, machine readable form, and have this information transmitted to another organisation (“Data Portability”);
- to object to our processing your information in certain ways (“Right to Object”); and
- to withdraw your consent at any time to our processing of your data.
We shall comply with any request made under this section as soon as possible, and normally within one month from the date of your request. However, if necessary, for example if your request is particularly complex or we receive a number of similar requests, we may extend this period by an additional two months, but we shall notify you if we need to do this.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). Please note that where we receive requests under this section which are manifestly unfounded or excessive, for example because they are repetitive in nature, we may charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested or refuse to act on the request.
You can find out more about or exercise any of the above rights by emailing us at firstname.lastname@example.org. You also have the right to lodge a complaint with the Information Commissioners Office if you are unhappy in any way with how we treat your personal information.
THIRD PARTY WEBSITES
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.