Effective Date: [17/08/2023]
This Privacy Notice (referred to as the "Notice") provides you with information how Woof Brands Ltd, trading as Skin Woof, a company incorporated in England and Wales with registration number 10528960, having its registered office at Enterprise House, The Courtyard, Old Courthouse Road, Bromborough, Wirral CH62 4UE, United Kingdom (referred to as "the Company", "we", "us", or "our"), collects, uses, shares, and safeguards the personal information of individuals ("users", "you" or "your") who visit or make use of our e-commerce skincare and beauty supplement business website, https://www.skinwoof.com/ (referred to as the "Website").
We respect your privacy and are committed to maintaining your trust. We comply with the UK General Data Protection Regulation (GDPR) and other relevant data protection laws.
If you do not agree with this Privacy Notice you should not use our Website, by continuing to access or use our Website, you are confirming that you have read and accept to the collection, use, sharing, and storage of your personal information as described in this Notice.
1. Collection and Use of Personal Information
1.1 We will only gather, collect, process, or store any Personal Data with a lawful purpose
- that is necessary for processing an enquiry or valuation;
- that is necessary to deliver the Website to the device used by you;
- to take the necessary steps to enter into and in the performance of a contract with you;
- for internal records that we are legally obliged to keep;
- to deal with complaints, disputes, and legal actions;
- to manage, monitor, maintain a stable website that is compatible with popular devices and software;
- to monitor and generate statistics for the use of the website;
- to monitor and maintain the security of the website and protect against misuse or fraud;
- where necessary to protect the vital interest of you or another person;
- to send commercial communications to you (including newsletters, notifications, special offers, discounts) where you request, or consent, or in some limited circumstances where you do not object, to such communications.
2. Information We Collect
We collect information and data when you interact with our Website, including:
- the country from where you gain access to the Website;
- the IP address allocated to you by your internet service provider at the time you access the website;
- the browser used by your device;
- the operating system used by your device;
- the screen resolution and other settings of the device you use;
- the web pages that you visit or view;
- the length of time you spend on a webpage;
- the referral source, if any (the way how you arrived at the Website);
With the exception of the IP address this information is anonymised and you cannot be personally identified from it, therefore it is not classified as Personal Data.
2.1 The information is used to generate Website usage reports and statistics which helps the us to
- maintain a Website that is user friendly and compatible with popular equipment and software;
- identify errors in the Website;
- see which pages are popular and which are not;
- analyse and maintain the security of the Website;
- see what search terms or referral sources are being used to find the Website.
2.2 The IP address is used by our server to deliver the website to your device and may be used to assist identifying the device used should misuse or fraud occur.
2.4 You will need to provide us with your personal information if you
- make an enquiry about our website or products;
- purchase products from our store;
- create an account to simplify the process of purchasing ur products;
- subscribe to a repeating monthly order;
- submit a review;
- make a complaint;
- request or agree to receiving newsletters, special offers or other commercial communications.
2.5 The types of personal information we collect include but are not limited to:
- Contact and identification information such as name, address, email address, and phone number.
- Payment information required to process your order.
2.6 This information is collected, processed and stored with the lawful purposes of
- entering into a contract;
- performing a contract – to fulfil an order placed by you;
- processing a transaction;
- a legitimate interest to respond to a communication from you, or manage and maintain an account;
- keeping sales records that we are legally obliged to keep.
2.7 If you would like to give the Company a review or feedback, we may, with your consent, publish your review or feedback on our website r in publicity material, however we will, if requested anonymise the Personal Data and only use your first name and general location, for example ‘Sonia from London’ or ‘S from London’
If we use consent as the lawful purpose for collection and processing your personal information, for example, to send commercial communications or publish a review or use non-essential cookies, you can change your mind at any time and withdraw your consent by contacting us at firstname.lastname@example.org.
4. Sharing Your Personal Information
4.1 We will not share your Personal Data with anyone except as stated within this section.
4.2 The Personal Data that you provide in the forms to make an enquiry or make a purchase will need to be shared with our internet and network service provider as it passes through their networks and systems.
4.3 We will need to use third party software to perform certain functions, for example to store your Personal Details in an electronic file on the Company’s computers or third party servers or on the cloud, this is considered to be sharing your Personal Information with the software.
4.4 Your email address will be shared with our email service provider when we communicate with you through email.
4.5 We will need to share your Personal Information with employees, insofar as reasonably necessary so the Company can
- deal with an enquiry or request;
- enter in and perform a contractual obligation for example when fulfilling an order;
- comply with its legal obligations for keeping records;
- in connection with any legal proceedings or prospective legal proceedings;
- with the purchaser (or prospective purchaser) of any business, asset, or account which the Company are (or are contemplating) selling;
- under an order of a court.
4.6 We will need to share your personal and payment information with our payment processor when you are making a payment, and
- All payments are processed by a third party payment processing merchant and in full compliance with all recognised standards and security requirements.
- The payment processing merchant will use full encryption to ensure your payment card information remains secure, this means that orders can only be accepted from web browsers that permit communication through Secure Socket Layer (SSL) technology, it is not possible to place an order via an unsecured connection. Most web browsers support SSL.
- The Company only collect and pass your payment card details to the processing merchant, no payment card details are retained or stored by the Company.
- A payment processing merchant is bound by strict rules and regulations for the collection, use and storage of your payment card details.
4.7 We may engage other businesses for website, IT or analytic support and maintenance who on rare occasions, whilst performing their services may have access to your Personal Information. These businesses will be working under a contract for services that contain strict conditions in relating to accessing Personal Data and will be subject to confidentiality undertakings.
4.8 The lawful purpose for sharing your Personal Information will be a legitimate interest, the performance of a contract or it is legal requirement. We will not otherwise share your Personal Information without first obtaining your express consent.
5. International Transfers
Your Personal Information will not knowingly be stored or transferred outside of the UK, however it is possible that either our or your internet service provider may route the transmission of data through other countries, in addition if cloud storage is used this may involve servers located outside of the UK. We shall, as far as is reasonable possible, ensure that all countries meet the requirements and standards of the GDPR.
6. Automated Processing
The Company shall not use automated processing of your Personal Data to form or make decisions except where authorised or required by law (for example for the calculation of taxes due from a purchase); or you have given your express consent. If the Company uses any automated processing you are entitled to request details of the automated process.
We employ security measures to protect your Personal Information and will take all reasonable technical and organisational precautions to prevent access by unauthorised persons, unlawful processing, accidental loss, alteration, destruction, and damage including
- using secure socket layer technology (SSL);
- storing of data on a secure, password protected, and firewall protected systems;
- limiting access to data to only personnel who need access for the performance of a contract or the administration and management of an account;
- using where ever possible encryption, anonymising or pseudonymisation.
8. Data Retention
8.1 Personal Data shall usually be retained only for as long as necessary to fulfil the purpose which it was collected.
8.2 The Company may retain Personal Data for longer than is necessary for the purpose which it was collected to comply with a legal obligation, for example the retention of financial transactions for accounting purposes or where may be a need to exercise or defend a legal right which means the some information may be retained for up to six years.
9. Your Rights
9.1 Under the GDPR you have the right
- to know the identity and contact details of the Data Controller and Data Protection Officer (where applicable);
- to know the purpose and legal basis for processing your Personal Data, and where processing is based on the legitimate interests of the Data Controller, what those legitimate interest are;
- to know whether your Personal Data is transferred or processed beyond the EU and that appropriate safeguards are in place.
- to access your Personal Data
- to erase Personal Data.
- to restrict processing.
- to portable data.
- to withdraw consent
- to complain.
9.2 The Company takes the issue of protecting your Personal Data seriously and may ask you to verify your identity before fulfilling certain requests to access or modify your personal information.
10. The Right of Access
10.1 You may require the Company to provide you with any Personal Information held about you, this is often referred to as a Subject Access Request.
10.2 To request a copy of any Personal Data the Company holds contact the company in writing.
10.3 The Personal Data will be provided free of charge except where a request is manifestly unfounded or excessive (for example it is a repetitive request, or where the Company needs to process large amounts of data) in which case the Company may make a charge for reasonable administrative costs in dealing with the request or refuse to respond but the Company must provide a justifiable reason for refusing to respond.
10.4 The Company shall provide the requested Personal Data within one month of receipt of the request, however where there is a substantial amount of information or it is difficult to collate the Company may extend this timeframe by one month by providing you notice.
10.5 Where Personal Data is stored electronically the Company may make arrangements which allow you to access the data via a secure connection to an electronic file.
11. The right to erase Personal Data.
11.1 You have the right in certain circumstances to instruct the Company to erase your Personal Data (also known as the right to be forgotten) where:
- The Personal Data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- You withdraw your consent.
- You object to the processing and there is no overriding legitimate interest for continuing the processing.
- The Personal Data was unlawfully processed or obtained.
- The Personal Data must be erased to comply with a legal obligation.
- The Personal Data is processed in relation to the offer of information services to a child.
11.2 Where you have the right and you issue an instruction to erase your Personal Data the Company shall use all reasonable efforts to
- Inform all third parties to whom your Personal Data has been shared, of the requirement to erase your Personal Data which they hold;
- In the event that your Personal Data has been published online the Company shall endeavour to ensure that any links or references are also removed, however due to the caching of information it may take same time before the Data is no longer visible or available, for example in search engines;
11.3 The Company may refuse to erase your Personal Data only
- to exercise the right of freedom of expression and information;
- to comply with a legal obligation;
- for the performance of a public interest task or exercise of official authority;
- for public health purposes in the public interest;
- archiving purposes in the public interest, scientific research historical research or statistical purposes; or
- the exercise or defence of legal claims.
12. The right to restrict processing.
12.1 The Company shall, upon your request, restrict the processing of your Personal Data if the following circumstances arise:
- where you contest the accuracy of the Personal Data the Company shall restrict the processing until investigated and verified the accuracy of the Personal Data.
- where you have objected to the processing where it was necessary for the performance of a public interest task;
- the lawful purpose for processing the Personal Data was a legitimate interests, and the Company are considering whether its legitimate grounds override your grounds.
- when processing is unlawful, and you oppose erasure and you request restriction instead.
- if the Company no longer need the Personal Data but you require the information to establish, exercise or defend a legal claim.
12.2 Where processing of your Personal Data is restricted, the information shall be stored but no further processing shall occur.
12.3 The Company shall inform any third party to whom your Personal Data was shared or disclosed that the data is restricted.
12.4 The Company shall inform you when and restricted period comes to an end.
13. The right to portable data
Any Personal Data which is stored by the Company electronically where the lawful purpose for processing is consent or for the performance of a contract, the Company shall hold that Personal Data in a portable format (readable in a format that will be commonly used on other computer systems) and shall provide this information to you or directly to another organisation (where technically feasible) upon your request.
14. The right to complain
If you are unhappy with the way the Company collect or store your Personal Data you can make a complaint to the Information Commissioners Office, however the Company would appreciate the opportunity to provide an explanation or put things right before you make a complaint to the Information Commissioner.
15. The right to withdraw consent.
15.1 If you provide your consent to process your Personal Data in a particular way, you may withdraw your consent at any time by informing the Company at the address at the bottom of this Notice.
15.2 Upon receipt of a notice withdrawing your consent the Company shall stop processing the Data except:
- where is it necessary for the performance of a contract;
- where there are compelling legitimate grounds for the processing, which override your interests, rights, and freedoms;
- the processing is for the establishment, exercise, or defence of legal claims;
- where the processing of the Personal Data is carried out under an obligation in law.
16. Changes to this Privacy Notice
We reserve the right to amend this Notice at any time. Changes and clarifications will take effect immediately upon their posting on the Website. We encourage you to periodically check this Notice for updates
17. Contact Us
For any queries, concerns, or requests about this Notice , your personal data, or to exercise your rights, you can contact our Privacy Compliance Officer at email@example.com or by post at:
Woof Brands Ltd.,
Enterprise House, The Courtyard,
Old Courthouse Road, Bromborough,
Wirral CH62 4UE,