At OH MY GLAM, we are committed to protecting your personal information and respecting your privacy. It is your personal data and we respect that.
We want you to be fully informed about how we use your data, how we keep it secure and your rights.
ABOUT US – WHO ARE OH MY GLAM?
When you place an order on the Website, you are contracting with OH MY GLAM T/A Miraluxe Distribution Limited, but we are part of a wider group of companies that run and operate the OH MY GLAM business elsewhere across the globe. This includes in the US, Hong Kong and UAE. When we refer to the ‘Miraluxe Group’ we are referring to the wider global group of Miraluxe Distribution companies.
You can purchase OH MY GLAM products and services via our retail partners across the UK. Please note that when you are purchasing OH MY GLAM products and/or services through a Retail Partner, either online or in one of their stores, you are contracting directly with that Retail Partner and not with us or the wider group of companies.
Any personal data which you provide to a Retail Partner will be controlled by the Retail Partner and you should visit the Retail Partner’s website or contact them directly if you have any questions about how they process, handle and use your personal data.
ENSURING THE LAWFUL USE OF YOUR DATA
We may sometimes need to use data to comply with our legal obligations (for example to pass on details related to fraud). In other instances, we will ask for your consent to use your data, for example, where you sign-up to receive our email newsletters.
Further details of how we use your personal information are provided below.
WHAT INFORMATION WE COLLECT FROM YOU AND HOW WE USE IT
The information we collect about you and how we will use it, depends on how you interact with us, for example, if you place an order on our Website, contact us with a query by email or make a purchase. The table below provides some examples of the information we collect about you and how we will use it.
|The personal data we collect from you||How we use it||Lawful Basis|
|We will collect the personal data needed to identify you, such as your name, username, password and date of birth. We will also collect your contact details, such as your email address, telephone number and billing/delivery address.||To fulfil your order, for example, by delivering your products to you or to contact you about your order where necessary. For example, Royal Mail, DPD.||To fulfil our contract with you.|
|To allow you to create an account with us.||Legitimate business purposes.|
|To send you email newsletters to keep you up-to-date about our products and services which we think will interest you and our latest offers.||Where you consent.|
|To allow you to book an appointment with us or to attend an event.||Legitimate business purposes|
|So that you can enter competitions, events or prize draws run by us.||Where you consent.|
|To communicate with you in relation to your order or booking, or if you raise an enquiry or complaint with us.||Legitimate business purposes|
|To allow you to complete any surveys we send you (if you wish to) or to comment on or review our products or service, to help us to improve them.||Legitimate business purposes|
|Fraud prevention and detection.||Legal obligation/legitimate business purposes|
|Payment details and details of your transactions.||To take payment of your order and, if required, to give refunds. We do not store any payment card numbers once the transaction has been completed. We will share this data with credit card companies and other payment providers.||To fulfil our contract with you.|
|Fraud prevention and detection.||Legal obligation/legitimate business purposes.|
|Information you provide to us when you contact us by by email, by post or on social media.||Provide you with the support and customer service you have requested.||Legitimate business purposes|
|For data analysis, testing, research and statistical statistics to help us to improve our products and services.||Legitimate business purposes|
|To keep our Website safe and secure.||Legitimate business purposes|
|To make suggestions and recommendations to you and other users of our Website about products or services that may interest you or them.||Legitimate business purposes|
|To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.||Legitimate business purposes|
|Additional information you choose to provide, including your hair colour, eye colour and skin tone.||To assist us to provide you with a more personalised beauty experience.||Legitimate business purposes|
We may share your personal data with other companies within the Miraluxe Group to enable us to run data analysis, develop new products, for other business development purposes and/or to allow another Miraluxe company to perform services on our behalf. Where we do this, we have written contracts in place between the companies within the Miraluxe Group to ensure your privacy is secure and respected.
SHARING YOUR DATA WITH TRUSTED THIRD PARTIES
We share your personal data with trusted third parties to allow us to provide our services to you. When we do share your data with these third parties we only provide the information they need to perform the service. We have written contracts in place with them to ensure they only use your data for the purpose we specify to them and that your privacy is secure and respected.
These trusted third parties include the following:
- Companies that help us fulfil your orders and, where required, get your purchases to you, such as delivery couriers and payment providers. Examples - Royal Mail, DPD, Borderfree, Stripe, PayPal, Apple Pay, Amazon Pay.
- Professional service providers such as website hosting providers, system providers, website analytics providers, advertisers and appointment booking providers, who help us run our business. Examples - Google Analytics, Shopify.
- Social Media or Web platforms to show you products that might interest you while you’re browsing the internet. Examples - Facebook, Instagram, YouTube, Twitter, Pinterest, AddThis.
- Credit reference agencies, law enforcement and fraud prevention agencies, so that we can help tackle fraud. Examples, Stripe, Shopify, PayPal, Amazon Pay, Apple Pay.
We may also share your personal data in connection with a business transition (such as a merger, acquisition by another company, or a sale of all of or portion of our assets). In these circumstances, we may need to share your personal data with a prospective buyer and external professional advisors such as accountants, insurers, lawyers or financial institutions.
We may be required to share your personal data with the police, administrative authorities (such as HMRC) or other enforcement, regulatory or Government bodies, where we are legally obliged to do so.
We will only share your personal data with third parties (including our group companies) for them to use for their own direct marketing purposes when you have given your consent for us to do so.
INFORMATION WE RECEIVE FROM THIRD PARTIES
We may receive information about you from third parties, such as partners we run competitions and events with, for example, our Retail Partners and trade shows or from other organisations we work with, or from publicly available sources, such as Companies House, or information which is published in the media.
Depending on your settings or the privacy policies of social media or messaging services, such as Facebook, Twitter or WhatsApp, we may collect information about you from these sources, with your permission.
We may combine the information you have given us, with information obtained from other sources, but we will only do this when we have a lawful basis to do so.
COUNTRIES OUTSIDE OUR DELIVERY REMIT
In countries where we do not currently deliver, we may work with third parties which enable customers in those countries to purchase our products and have such products delivered directly to them.
SEEING ADVERTISEMENTS FOR OUR WEBSITE ONLINE
We, like many other companies, target OH MY GLAM ads and banners when you are browsing on apps and other websites. We do this by way of various ad exchanges and digital marketing networks. We use various advertising technologies, for instance, ad tag, cookies, pixels, identifiers and web beacons. We also use services offered by some sites and social networks, for example, Facebook's Custom Audiences. The ads and banners you see are based on information that we hold about you, or on your prior use of our Website, for example, products you have browsed previously, content you have read on our Website, or on OH MY GLAM banners or ads that you have engaged with in the past.
INTERNATIONAL TRANSFER OF YOUR PERSONAL DATA
We are a global business and some of our group companies and service providers are located in countries outside of the EU.
As a result, it may be necessary for the personal data that we collect from you to be transferred to or accessed from outside the EU in order for us to provide our services.
CUSTOMERS OUTSIDE THE UK
If you are based outside the UK and place an order on the Website, your personal data will be accessed in the UK by Miraluxe Distribution Limited and the third parties detailed above.
HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
We may also keep hold of some of your personal data if we are required to do so for legal purposes, for example, to meet our legal or regulatory requirements or to prevent fraud and abuse. For example, we will keep your order data for five years after you place an order with us to allow us to comply with our legal obligations.
When we are no longer required to keep your personal data, your data will either be deleted or completely anonymised. For example, by aggregation with other data so that it can be used in a non-identifiable way for business planning and analysis purposes.
ENSURING YOUR PERSONAL DATA IS UP TO DATE AND CORRECT
It is important that the personal data we hold about you is accurate and current. If you have an account with us, please keep your details up-to-date.
We are committed to ensuring that your personal data is secure and we have put in place suitable physical, electronic, contractual and managerial procedures, including our Information Security Management System and Secure Sockets Layer (SSL) encryption, to protect your personal data. Our employees who have access to and process your personal data are obliged to respect the confidentiality and security of your personal data.
THIRD PARTY LINKS
HOW CAN I UNSUBSCRIBE FROM MARKETING COMMUNICATIONS?
We love keeping you up-to-date by email about our latest products, services, offers and events, but if you decide that you don’t want to receive these communications at any point, you can unsubscribe as follows:
Email us at: email@example.com or click on the unsubscribe button on the bottom of any email we send you.
You have the following rights in relation to the personal information we hold about you, to request:
- access to the personal data we hold about you (commonly known as a "data subject access request") including a copy of it.
- the correction of the personal information that we hold about you if it is incomplete or inaccurate (although if you hold an account with us, you may be able to do this in certain cases yourself by visiting the Account Information page on the website);
- the deletion or removal of personal data we hold about you where there is no good reason for us continuing to process it or where you have exercised your right to object to processing (see below);
- for our processing of your personal information to be restricted in certain circumstances, for example if you want to establish its accuracy or the reason for processing it; and
- to obtain a copy of the personal information you’ve provided us with and to reuse it elsewhere or to ask us to transfer it to a third party of your choice.
We may ask you for proof of your identity before dealing with your request, as a security measure to protect your data.
RIGHT TO OBJECT
Where we are processing your personal data on the basis of our legitimate interests, you can ask us to stop processing it and we must do so unless we believe we have an overriding legitimate reason to continue processing your personal data.
If you are dissatisfied with how we have handled your personal data, you have the right to make a complaint to your data protection regulator. In the UK, this is the Information Commissioner's Office (ICO). You can make a complaint to the ICO by calling their helpline on 0303 123 1113 or on their website at www.ico.org.uk/concerns.
We would, however, appreciate the chance to deal with your concerns before you approach the ICO or, (if you’re based outside of the UK, your data protection regulator), so please do contact us in the first instance.
Customers need to be over 18 to create an account with us or to sign up for our newsletter. We will not knowingly collect data about under 18s and if you are under 18, please do not provide us with your personal information. We would ask parents to please ensure that their children that are under 18 do not provide us with any personal information without their permission. If you believe that a child who is under 18 has provided personal data to us, please contact us, using the details below and we will seek to delete that data from our systems.
- by email at firstname.lastname@example.org or
- by post at OH MY GLAM, Data Protection, 21 Lislunnan Road, Kells, Ballymena BT42 3NR, United Kingdom