Glo Laser and Beauty (Pty) Ltd.

PRIVACY AND COOKIES NOTICE

Last updated: 1 October 2019

  1. ABOUT THIS PRIVACY AND COOKIES NOTICE
    • The website www.globeauty.co.za (the Site) is operated by Glo Laser and Beauty (Pty) Ltd. (“we”, “us”, “our”), a company incorporated in South Africa under company registration number 2015/225438/07. Our registered office is at 323 Lynwood Road, Menlo Park, Pretoria, Gauteng, 0081.
    • We are committed to protecting your privacy and complying with our data protection obligations under the Data Protection Act, Protection of Personal Information Act.
    • When you interact with us or use the Site, we act as the data controller of your personal data. This means that we are responsible for processing your personal data and deciding how to use it. This privacy and cookies notice explains the types of personal data we may collect about you when you interact with us, why we collect it, what we use it for and what rights you have over that data. Personal data is any information about an identifiable person. Processing is anything we do with your personal data, including using, storing, sharing and deleting it.
    • This notice was last updated on the date shown at the top. We may change this notice at any time by posting an updated version on the Site and will make reasonable efforts to bring any material changes to your attention. You may wish to check it before using the Site as any changes will be effective from the date that they are made.
  2. CONTACT INFORMATION
    • If you have any concerns or would like further information about our use of data or this notice in general, you can contact Mr Caldeira at 323 Lynwood Road, Menlo Park, Pretoria, Gauteng, 0081.
  3. WHAT INFORMATION DO WE COLLECT?
    • We collect, store and use the types of personal data set out in the table at the end of this notice.
  4. HOW WILL WE USE YOUR PERSONAL DATA?
    • We will use your personal data for the purposes set out in the table at the end of this notice.
    • Targeted Marketing regarding profiling.
    • Subject to paragraph 5, you have the right to object to profiling activities where these are carried out for the purposes of direct marketing, for our legitimate interests or for a task which is in the public interest.
  5. HOW DO WE SHARE YOUR PERSONAL DATA?
    • When we share personal data, we do so in accordance with Data Protection law. We may share certain personal data:
      • with group, associated or affiliated companies including Glo Express, for internal administrative purposes.;
      • with employees, contractors, consultants or advisers, to facilitate sales and for general commercial purposes.;
      • with parties who provide products or services to us, such as, user analytics, email services, payment processing, advertising, user notification and feedback functionality, delivery couriers, marketing companies who help us manage our communications with you etc;
      • with government or quasi-governmental organisations, law enforcement and other regulatory authorities or third parties when required or permitted by law, including but not limited to in response to court orders, for the prevention and detection of crime and to protect intellectual property and any other legal rights;
      • if the Company or part of the business is sold, transferred or integrated with another business, with our advisers, a prospective purchaser, a prospective purchaser’s advisers or the new owner of the Company to facilitate the process; and
    • We may also provide third parties with aggregated but anonymised information and analytics about our customers. Before we do so we will make sure that it does not identify you.
    • In some cases, when we share personal data, it will involve the transfer of that personal data to countries outside the EEA which have different data protection standards to those which apply in the EEA.
    • Where we transfer personal data outside the EEA we will ensure that there are adequate safeguards to protect your privacy rights under Data Protection Law.
  6. USE OF COOKIES AND SIMILAR TECHNOLOGIES
    • We and our third-party service providers use cookies and similar technologies to collect information about, and relevant to, your usage of the Site. Cookies are small text files that are stored on your computer when you visit the Site. It is standard practice to use cookies to make your experience better when using a website.
    • We use the following categories of cookies and similar technologies on this Site:
      • Strictly necessary cookies: These cookies are essential to enable you to move around the Site and use its features. Without these cookies, services you have asked for (such as remembering your login details or the items you placed in your basket) cannot be provided.
      • Analytics cookies: These cookies collect information about how you use the Site, for instance which pages you go to most often, what searches you perform and if you get error messages from web pages. The information these cookies collect can be used to improve how the Site works.
      • Customisation cookies: These cookies allow the Site to remember choices you make (such as your user name) and provide enhanced, more personal features. These cookies cannot track your browsing activity on other Sites.
      • Security cookies: These cookies form part of our security features, for example, by helping us detect malicious activity or violations of our terms of use.
      • Social media cookies: These cookies allow you to share your activity on the Site on social media such as Facebook and Twitter. These cookies are not within our control. Please refer to the privacy policies of the social networks in question for information regarding how their cookies work.
      • Targeting or advertising cookies: These cookies record your visit to the Site, the pages you have visited and the links you have followed. We use this information to make our Site and the advertising displayed on it more relevant to your interests. [We may also share this information with third parties for this purpose.
    • When you visit the Site for the first time (and periodically after that), we will request your consent to the setting of all cookies other than strictly necessary cookies.
    • You can delete existing cookies and disable some or all types of cookies in future if you wish. To disable some or all types of cookies, you will have to change the settings on your browser. If you change your mind, you can enable cookies again at any time. Disabling cookies on your browser may stop the Site from working properly.
    • To find out more about cookies, please visit www.allaboutcookies.org.
  7. THIRD-PARTY LINKS
    • This Site contains links to other websites over which we have no control. We are not responsible for and do not review or endorse the privacy policies or practices of other Sites which you choose to access from this Site. We encourage you to review the privacy policies of those other Sites, so you can understand how they collect, use and share your personal information.
  8. YOUR RIGHTS
    • We respect your rights to privacy and will respond to requests for access or control over information about you in accordance with Data Protection Law. We may require you to verify your identity before we take any action.
    • Depending on the reason we have your personal data, you have a right to:
      • access the personal information we hold about you (commonly known as subject access);
      • request that we correct or complete personal information we hold about you that is inaccurate or incomplete;
      • request that we erase your personal information in some circumstances, or object to our processing it as detailed at paragraph 5;
      • restrict how we use your personal information, in certain circumstances;
      • request that we provide you with copies of your personal information in a machine-readable format or transfer it across different services; and
      • where we have asked for your consent to process your data, to withdraw this consent.
    • These rights are limited in some situations under Data Protection Law – for example, where we can demonstrate that we are under a legal obligation to process your data.
    • If you wish to exercise any of these rights, please contact us using the details in paragraph 2
    • Your right to object

You have a right to object to our processing of your personal data and ask us to stop doing so. If we are processing your personal data or direct marketing purposes (which includes profiling to the extent that it is related to such direct marketing) and you object to this, we will stop processing your personal data immediately.

If our processing of your personal data is in the public interest or pursuant to our legitimate interests and you object to this, we will stop processing your personal data unless we have compelling reasons which override your interests, or our use of your personal data is for the establishment, exercise or defence of legal claims.

  • We hope that we can satisfy any queries you may have about the way we process your data.
  1. DATA RETENTION
    • Your personal data will only be kept for as long as necessary for our purposes. Specific periods are set out in the table at the end of this notice.
  2. DATA PROTECTION PRINCIPLES
    • We process your personal data in accordance with the following principles:
      • we process your personal data lawfully, fairly and in a transparent way;
      • we collect your personal data for specified, explicit and legitimate purposes; any further processing we do is compatible with the original purposes for which for which we collected it;
      • we only process personal data which is adequate, relevant and limited to what is necessary to achieve the purpose for which it is processed;
      • we take reasonable steps to ensure that all personal data is accurate and kept up to date where necessary;
      • we do not store personal data in a form which identifies you for any longer than is necessary for the purposes of processing; and
      • we process personal data securely and in a way that protects against unauthorised or unlawful processing, accidental loss, destruction or damage.
    • When we ask for your personal data we will tell you whether you are required by law or contract to provide it, and what will happen if you do not provide the data.
    • Any request for consent to the processing of your personal data will be made directly to you and will include information about why we require the personal data and what will be done with it.
  3. WHAT IS OUR LAWFUL BASIS FOR PROCESSING?
    • We will only process personal data when we have a lawful basis for doing that processing. The table at the end of this notice sets out the lawful basis we rely on for each type of data we process.
    • We will choose one of the lawful bases in the GDPR and POPIA to justify how we use your personal data. These are:
      • Consent: You have given consent to the processing of your personal data for one or more specific purposes.
      • Contract: The processing is necessary for the performance of a contract with you or in order to take steps at your request before entering into a contract.
      • Legal obligation: We need to process your personal data to comply with a legal obligation.
      • Vital interests: The processing is necessary to protect the vital interests of you or another person.
      • Public interest: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of some official authority.
      • Legitimate interests: Processing is necessary for the purposes of legitimate interests pursued by us or someone else, except where such interests are overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.
    • Accountability: Ensure that all the principles contained in POPI and all the measures that give effect to these principles are complied with.

Who will be tasked with the responsibility of compliance in your organisation? This individual will be held liable for non-compliance in certain situations!

How will this individual ensure the organisation is POPI compliant?

  • Processing Limitation: Personal information may only be processed in a fair and lawful manner and only with the consent of the data subject.

From whom may you collect a data subject’s personal information?

When may you process personal information?

  • Purpose Specification: Personal information may only be processed for specific, explicitly defined and legitimate reasons.

Are you familiar with the various laws that allow for the collection of personal information?

Can you link all personal information collected to legitimate reasons for collecting?

For what time period may you retain personal information?

How must personal information be destroyed?

  • Further Processing Limitation: Personal information may not be processed for a secondary purpose unless that processing is compatible with the original purpose.

Does your business process personal information again after it has been collected?

Is the secondary processing aligned with the original intent and how do you ensure that it is?

  • Information Quality: How do you ensure accuracy of personal information?

How do you ensure that personal information is reliable and accurate at all times?

What processes do you have in place to allow data subjects, such as customers and employees, to update their personal information?

  • Openness: The data subject whose information you are collecting must be aware that you are collecting such personal information.

What evidence do you have that your customers and/or employees consented to the collection of their personal information?

How do you inform your customers of their right to lodge a complaint with the Information Regulator?

  • Security Safeguards: Personal information must be kept secure against the risk of loss, unauthorised access, interference, modification, destruction and disclosure.

How do you determine which employees are permitted access to what personal information?

How would you be alerted when personal information is accessed or modified without authorisation?

  • Data Subject Participation: Data subjects may request whether their personal information is held, as well as the correction and/or deletion of any personal information held about them.

What processes do you have in place to ensure such a request from a customer and/or employee is adhered to?

Does your current system allow for customer and/or employee information to be deleted?

TABLE OF PERSONAL INFORMATION WE USE

 

The table below sets out detailed information about our purposes for processing, the basis for processing and the retention period for the personal data.

 

Category of personal data

 

Purpose of processing

 

Lawful basis for processing

 

Retention period

 

Name and contact details

 

To deliver your purchases to you’; ‘To send you order updates’; ‘For fraud prevention and detection.

 

Compliance with legal obligations
Consent
For three years since you last logged on to the Site’; ‘For three years since you gave consent, or until you withdraw consent if earlier’.
Date of birth

 

‘For fraud prevention and detection’, ‘To ensure legal sale of age-restricted products’.Compliance with legal obligations
Consent
‘For three years since you last logged on to the Site’.

 

Payment information

 

‘For fraud prevention and detection’, ‘To ensure legal sale of age-restricted products’.Compliance with legal obligations
Consent
‘For three years since you last logged on to the Site’.
Contact history‘To provide customer service and support’, ‘To train our staff’.Compliance with legal obligations
Consent
‘For six years since you last logged on to the Site’.
Saved items in online shopping basket‘To sell products and services to you’.

 

 

Compliance with legal obligationsUntil you complete your order or for seven days after the item is saved.

 

 

Purchase history

 

‘To provide customer service and support and handle returns’.

 

Compliance with legal obligations‘For six years after purchase’.
Browser, device and Site usage information

 

 ‘To improve the Site’, ‘To protect the Site against fraud’, ‘To set default options for you, such as language and currency’.

 

Compliance with legal obligationsFor three years since you last logged on to the site.
Information from linked accounts

 

‘To enable you to log into the Site simply without having to create a specific account’.Compliance with legal obligations‘For three years since you last logged on to the Site’.
Responses to surveys, competitions and promotions

 

‘To run the survey, competition or promotion’.Compliance with legal obligations‘For six years’.
Customer comments and product reviews

 

‘To improve our products and services’, ‘Where relevant, to establish, exercise or defend legal claims’.Compliance with legal obligations‘For six years’.
CCTV images

 

‘To keep our staff and premises safe’. 

 

‘For one month’.
Information generated in the course of the use of our products and services

 

‘For internal research and development purposes’, ‘To improve and test the features and functions of our Site’.Compliance with legal obligations‘For four years’.
Information collected through cookies and similar technologies‘To conduct and store site usage analytics, statistical and trend analysis and market research’, ‘To generate customer profiles to facilitate marketing initiatives’.

 

Compliance with legal obligationsThree years after you last visited the Site.
0

Start typing and press Enter to search