SECTION 1 - INFORMATION COLLECTED
When you subscribe to Basic Beauty Box, as part of the buying and selling process, we collect the personal information you give us such as your name, address, email address, credit card information and your Cratejoy username and password. Once the buying process has been completed, each month we will then collect your product information.
We will collect your name and email address from you when you expressly give your permission for us to market to you about our offers and services.
We may collect information you provide us when you enter a Basic Beauty Box competition , whether this be through our site or a third-party.
We do not collect any personal information about you unless it is voluntarily provided by you. Basic Beauty Box will never sell, rent or share your personal information, including your e-mail address, with any third parties for marketing purposes without your express permission.
SECTION 2 - HOW WE USE YOUR INFORMATION
We use this information to get your monthly preferences, process and fulfil your order and to notify you of your order status or cancellation. As a subscriber, we all also keep you up to date with relevant news and products for as long as your subscription is active.
If given consent, we will provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about.
We will also use your information to manage and respond to any queries or complaints made to our team or to notify you about changes to our service.
We also rely on the following legal basis, under data protection law, to process your personal data :
Because it is in our legitimate interests as an e-commerce provider to maintain and promote our services. We are always seeking to understand more about our customers in order to offer the best products and customer experience. We use information about you to tailor your view of the site, to make it more interesting and relevant in respect of the products and offers on view.
Because the processing is necessary to perform a contract with you, or take steps prior to entering into a contract with you (e.g. where you have made a purchase with us, we use your personal data to process the payment and fulfil your order).
Because we have obtained your consent (e.g. where you contact us with a query or if you consent to receive marketing from us).
SECTION 3 - CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will ask you directly for your expressed consent.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org. You can also click the 'unsubscribe' link in any marketing email we send to you.
SECTION 4 - HOW WE PROTECT YOUR DATA
We are committed to protecting the information we receive from you. We follow reasonable technical and management practices to help protect the confidentiality, security and integrity of data stored on our system. While no computer system is completely secure, we believe the measures we have implemented reduce the likelihood of security problems to a level appropriate to the type of data involved.
We use Stripe and Paypal payment systems's through Cratejoy to store and secure your payment information and execute transactions securely. All archived credit card information is maintained in a secure and safe environment. We do not store any of your payment data on our servers. If you have any questions regarding your payment data, please email email@example.com.
We use service providers based around the world. Consequently, your personal data may be processed in countries outside of Europe, including in countries where you may have fewer legal rights in respect of your data than you do under local law. If we transfer personal data outside the European Economic Area we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate safeguards, in particular the EU’s standard contractual clauses. Please contact us if you would like more information about these safeguards.
We will keep your personal data for as long as we need it for the purposes set out in the above sections, and so this period will vary depending on your interactions with us. For example, where you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing, tax and warranty purposes. We may also keep a record of correspondence with you (for example if you have made a complaint about a product) for as long as is necessary to protect us from a legal claim. Where we no longer have a need to keep your information, we will delete it.
Please note that where you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing emails in future.
If you are unhappy with the way we are using or storing your data, please do get in touch. Please note that you also have the right to lodge a complaint with the supervisory authority.
SECTION 5 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms & Conditions.
SECTION 6 - CRATEJOY
Our store is hosted on Wix and Cratejoy. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Cratejoy's data storage, databases and the general Cratejoy application. They store your data on a secure server behind a firewall.
SECTION 7 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 8 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org.