PRIVACY NOTICE 

The privacy and security of your personal information is extremely important to us. This privacy notice explains how and why we use your personal data, to make sure you stay informed and to ensure you're confident about giving us your information. 

We'll keep this page updated to show you all the things we do with your personal data. This notice only applies if you interact with Selfless by Hyram, The INKEY List, Brand Evangelists for Beauty Limited and Brand Evangelists for Beauty Inc in any way (customer or employee) visit our website - desktop or mobile, email, call or write to us. In certain circumstances we may also provide an extra privacy notice, which will always refer to this page. 

To be clear, we'll never sell your personal data and will only share it with organisations we work with when it's necessary and the privacy and security of your data is assured. 

Who are 'we'? 

In this notice, whenever you see the words 'we', 'us', 'our', 'Selfless' all refers to Selfless by HyramSelfless by Hyram is only for exclusive use by Brand Evangelists for Beauty. 

Brand Evangelists For Beauty Limited (Reg. Co. number 10787576) or Brand Evangelist for Beauty Inc (US entity) is a beauty company and a beauty product development house. We carry out commercial trading activities via our website www.beforbeauty.co.ukwww.theinkeylist.com , www.selflessbyhyram.com and other derivatives of these main trading names where we promote and sell our current brands and products and share details of our new and upcoming brands. 

Brand Evangelist for Beauty Inc is the US entity

If you have any questions in relation to this privacy notice or how we use your personal data they should be sent to dpo@beforbeauty.co.uk or addressed to the Data Protection Officer, Unit 6B, Oldknows Mill, St Anns Hill Road, Nottingham, NG3 4GN. 

What personal data do we collect? 

Your personal data (any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address) will be collected and used by us. 

We'll only collect the personal data that we need. 

We collect personal data in connection with specific activities such as placing an order, conducting research, employment etc. 

You can give us your personal data by filling in forms on our website, making a purchase via our website, participating in discussion boards, subscribing to take part in research on our website or other social media functions on our website, entering a competition, promotion or survey or by corresponding with us (by phone, email) or in the future by creating a Selfless by Hyram account. 

This personal data may include name, title, address, date of birth, age, gender, employment status, email address, telephone numbers, personal description, photographs, usernames and passwords. 

Personal data provided by you 

This includes information you give when interacting with us; when your placing an order or communicating with us. For example: 

  • Personal details (name, date of birth, email, address, telephone, etc) 
  • Financial information (payment information such as credit, debit card or PayPal details) 

Information from third parties 

We may in the future, buy anonymous external data (e.g. census data, Experian MOSAIC, etc) and combine it with your personal data at an aggregated level to build profiles which may help us work out what you're most likely to want to hear from us about and how. 

How we use your personal data 

We'll only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation (from 25 May 2018)/UK Data Protection Act and Privacy of Electronic Communication Regulation. 

Personal data provided to us will be used for the purpose or purposes outlined in any fair processing notice in a transparent manner at the time of collection or registration where appropriate, in accordance with any preferences you express. If asked by the police, or any other regulatory or government authority investigating suspected illegal activities, we may need to provide your personal data. 

Your personal data may be collected and used to help us complete your order or request. Below are the main uses of your data: 

Marketing communications 

Your privacy is important to us, so we'll always keep your details secure. We'd like to use your details to keep in touch about things that you may be interested in, but we will not do this without your specific consent. 

If you choose to hear from us we may send you information based on what is most relevant to you or things you've told us you like. We may also show you relevant content online. This might be about products or competitions we think you might want to hear about. 

We'll only send these to you if you agree to receive them and we will never share your information with companies outside of our umbrella of Brand Evangelists for Beauty for inclusion in marketing. (We may however share cookie data with third parties to help with our own advertising targeting). If you agree to receive marketing information from us, you can change your mind at a later date. 

Personal data provided to us may also be profiled to help us with advertising targeting. Or we may use your personal data to find online users with a similar profile to yourself who may be interested in our products or services. 

We may sometimes use third parties to capture some of our data on our behalf, but only where we are confident that the third party will treat your data securely, in accordance with our terms and in-line with the requirements set out in the GDPR. 

How you can change your contact preferences. 

We'd love to keep in touch, but we understand that you might change your mind in the future. If you want to stop hearing from us we ensure it's as east to opt out as opt in. All of our email marketing contains an unsubscribe link which will remove you from our email list immediately. Alternatively you can email us directly at hey@beforbeauty.co.uk and we'll ensure that you are removed from all mailing lists. 

Please note that you will still continue to receive contact from us when required to provide relevant information in relation to services provided by us to you, for example order confirmation, order and delivery updates or feedback on our services. 

We'll always act upon your choice of how you want to receive communications (for example, by email, post or phone). 

Please note that you will still receive information from us 

Recipients of data (third-party processing) 

We may at times, pass your personal data on to third-party service providers contracted to us in the course of dealing with you. These may include for example but not limited to, couriers, fulfilment houses, credit card processing companies or other services required in the fulfilment of your order. In addition, this may also include marketing and advertising services. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the legal purpose of our business. When they no longer need your data to fulfil this service, they will dispose of the details securely. We only use sub-contracted processors who have demonstrated sufficient guarantees of compliance. 

If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent unless we are legally required to do otherwise. 

Retention period 

We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. We are required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. 

We will generally process personal data for a period of six years. After this period, the data will be anonymised and used for reference purposes only. 

Your rights as a data subject 

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights: 

The right to be informed 

  • We will inform you of what personal information we collect and how this is used. This privacy notice is how we inform you of this information. 
  • We will inform you of any changes to the way we process your data. 

The right of access 

  • You have the right to request a copy of the information that we hold about you. 

The right of rectification 

  • You have a right to correct data that we hold about you that is inaccurate or incomplete. 

The right to erasure 

  • In certain circumstances you can ask for the data we hold about you to be erased from our records. 

The right to restrict processing 

  • Where certain conditions apply to have a right to restrict the processing. 

The right to data portability 

  • You have the right to have the data we hold about you transferred to another organisation. 

The right to object 

  • You have the right to object to certain types of processing such as direct marketing. 

Rights in relation to automated decision making and profiling 

  • You also have the right not to be subject to automated processing or profiling. 

Profiling 

We know it's important to our customers that we use our resources appropriately. So, we use automated profiling and targeting to help us understand our customers and make sure that: 

  • our communications (e.g. emails) and services (e.g. our website) are relevant, personalised and interesting to you 
  • our services meet the needs of our customers 
  • we use our resources responsibly and keep our costs down 

We use specific tools to profile how you interact with us online, for example, Adobe Analytics, Google Analytics and Shopify CMS. Much of the information we collect is aggregated, however we may also collect some personal data for the use of personalising your experience, optimising our marketing campaigns, and to ensure the site is functioning as intended. 

The personal information that is collected includes transactional information (i.e. order number) We will also collect data on individual user activity when they create or log into a Selfless by Hyram account. This information takes the form of an encrypted string. If you've agreed that we can contact you for marketing purposes, we may also gather additional information about you from external sources, for example: updates to address and contact information, or publicly available information regarding your wealth, earnings and employment at an aggregate level. This analysis may be carried out by us or by third party organisations working for us. We may also host encrypted personal data on third party websites (e.g. social media platforms) to ensure that you only see relevant, personalised and interesting content from those organisations. 

Opting Out of Interest Based Advertising 

Please click the following link to opt out of Interest based advertising -http://optout.networkadvertising.org 

Recruitment and employment 

In order to comply with our contractual, statutory, and management obligations and responsibilities, we process personal data, including Special Category Personal data, from job applicants and employees. 

Such data can include, but isn't limited to, information relating to health, racial or ethnic origin, and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data, without explicit consent. Further information on what data is collected and why it's processed is given below. 

Contractual responsibilities: Our contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts. 

Statutory responsibilities: Our statutory responsibilities are those imposed through law on the organisation as an employer. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, equal opportunities monitoring. 

Management responsibilities: Our management responsibilities are those necessary for the organisational functioning of the organisation. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, e-mail address and telephone number. 

Special Category personal data 

The Act defines Special Category personal data as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions. 

In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee. 

(a) We will process data about an employee's health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee's knowledge and, where necessary, consent. 

(b) We will process data about, but not limited to, an employee's racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions. 

(c) Data about an employee's criminal convictions will be held as necessary. 

Disclosure of personal data to other bodies 

In order to carry out our contractual and management responsibilities, we may, from time to time, need to share an employee's personal data with one or more third party supplier. 

To meet the employment contract, we are required to transfer an employee's personal data to third parties, for example, to pension providers and HM Revenue & Customs. 

In order to fulfil our statutory responsibilities, we're required to give some of an employee's personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs.

Klarna

In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.

General information on Klarna you can find here. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarna’s privacy policy.

Updating your data and marketing preferences 

We want you to remain in control of your personal data. If, at any time, you want to update or amend your personal data or marketing preferences please contact us via hey@beforbeauty.co.uk 

Complaints 

In the event that you wish to make a complaint about how your personal data is being processed by us, you have the right to lodge a complaint directly with our data protection representative: dpo@beforbeauty.co.uk 

In the event you wish to make a compliant on how your initial complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority. The contact details are: 

Information Commissioner's Office 

Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF 

www.ico.org.uk 

UK Calls - 0303 123 1113 

Outside UK - +44 1625 545 700