Privacy Policy
Company Name: milk_shake Hair UK is part of Red Hot Products Ltd
Trading As: Red Hot Products Ltd
ICO Number: ICO:00010024219
Company Number: 6831515
Our Website: www.milk_shakehaircare.co.uk
Address for all information requests and enquiries: Red Hot Products, Unit 3 & 4, Jacks Way, Hill Barton Business Park, Clyst St Mary, Exeter, EX5 1FG
This privacy policy sets out how © RED HOT PRODUCTS LTD trading as www.milkshakehaircare.co.uk uses and protects any information that you give when you use this website. Red Hot Products are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. Red Hot Products Ltd may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
This website www.milkshakehaircare.co.uk & www.milkshakehaircare.ie is owned and run by Red Hot Products Limited (“milk_shake” or “We”).
milk_shake UK LIMITED PRIVACY POLICY
milk_shake’s ambition is to be an exemplary corporate citizen to help make the world a more beautiful place. We place great value on honesty and clarity, and we are committed to building a strong and lasting relationship with you based on trust and mutual benefit. Part of this commitment means safeguarding and respecting your privacy and your choices. Respecting your privacy is essential to us. This is why we set out “Our Privacy Promise” and our full Privacy Policy below.
OUR PRIVACY PROMISE
1) We respect your privacy and your choices.
2) We make sure that privacy and security are embedded in everything we do.
3) We will not send you marketing communications unless you have asked us to. You can change your mind at any time.
4) We will never sell your personal data or share it with anyone unless you have agreed by email.
5) We are committed to keeping your personal data safe and secure. This includes only working with trusted partners.
6) We are committed to being open and transparent about how we use your personal data.
7) We will not use your personal data in ways that we have not told you about.
8) We respect your rights, and will always try to accommodate your requests as far as is possible, in line with our own legal and operational responsibilities.
For more information about our privacy practices, below we set out what types of personal data we might collect or hold about you, how we use it, who we share it with, how we protect it and keep it secure, and your rights around your personal data.
Note that all of the information set out below may not apply to you. We have explained below an overview of all possible situations in which we could interact together, and one or more of these may apply to you depending on how you have interacted with us For example, if you have not created a Professional Account, then that information will not apply to you.
When you share personal data with us or when we collect personal data about you, we will use it in line with this Privacy Policy. If you have any questions or concerns about your personal data, please contact us at info@red-hotproducts.com
Please note that you must be at least 13 years old or older to use our services, or older where the terms for a specific service require this.
WHO WE ARE
milk_shake (UK) is responsible for the personal data that you share with us. When we say “milk_shake”, “us”, “our” or “we”, this is who we are referring to.milk_shake is the “data controller” for the purposes of applicable data protection laws.
Please see the “Contact Us” section for our contact details.
WHAT IS PERSONAL DATA?
“Personal data” means any information or pieces of information that could identify you either directly (e.g. your name) or indirectly (e.g. through pseudonymised data, such as a unique ID number). This means that personal data includes things like email/home addresses, usernames, profile pictures, personal preferences and shopping habits, user-generated content, financial information, and health information. It could also include unique numerical identifiers like your computer’s IP address or your mobile device’s MAC address, as well as cookies.
This Privacy Policy covers all personal data about you that is collected and used by milk_shake
WHAT PERSONAL DATA DO WE COLLECT FROM YOU AND HOW DO WE USE IT?
You, the consumer, are our priority. You drive what we do. We love hearing from you, learning about you, and creating and delivering products that you enjoy. We know that many of you love interacting with us and because of this, there are many ways that you might share your personal data with us, and ways that we might collect it.
How do we collect or receive your personal data?
We might collect or receive personal data from you via our websites, forms, by telephone, email or brand pages on social media or otherwise. Sometimes you give this to us directly (e.g. when you create an account, when you contact us, when you purchase from our websites or stores), sometimes we collect it (e.g. using cookies to understand how you use our websites) or sometimes we receive your personal data from other third parties, including other entities.
In the table below, we explain:
1) In what context is your personal data collected? This column explains what activity or scenario you are involved in when we use or collect your personal data. For example, whether you are making a purchase, signing up to a newsletter, or browsing a website.
2) What personal data may we hold about you? This column explains what types of personal data we may collect when you take part in a particular activity.
3) How and why we use it? This column explains what we do with your personal data, and the purposes for collecting and using it.
4) What is our legal basis for using your personal data? Whenever we use your personal data, we will have a legal basis to do this. For example, you have asked us to provide a service, you have given us your consent, or we have a legitimate interest in using your personal data.
The legal basis for the processing of your personal data can be:
- Your consent – This applies where you provide your personal data and specifically consent to us using it to provide you with a specific service, for example, so that: you can receive marketing communications from us. If you later ask us to stop sending you marketing communications, we need to keep some of your personal data on a suppression list so that we can make sure we do not contact you again. This is a legal obligation; and we can store certain cookies on your device. We may place targeted advertising cookies (these allow us to tailor services we offer, specifically to you), analytical cookies (these measure your interaction with our site so we can make improvements) on your device.
- The performance of a contract -This applies where you provide us with your personal data in order for us to provide you with a service (e.g. you ask us to create a customer account for you or you wish to purchase a product and we can manage the associated logistics).
- Our legitimate interests – This applies where you provide us with your personal data and we use it to: improve our products and services. By providing us with your personal data, we are able to better understand your needs and expectations when it comes to the products and services we offer. This understanding means we can improve our products and services so they match your needs. This might involve performing analytics on how you use our products, services, and websites/apps/devices, or trying out new functions which we think you might like based on what we know about you. To better engage with you. Where you provide us with your personal data, we may use it to encourage you to be more actively engaged with our products and brands and increase your overall brand engagement and awareness. One way we do this is by tailoring the marketing communications we send you so that you receive the information most relevant to you. To prevent fraud. Where you provide us with your personal data, it means we can action any payment you make when you purchase any of our products and/or services, and importantly, check that your payment is free from fraud. To secure our tools: We may use your personal data to keep our tools (websites//devices) safe and secure. This involves making sure our tools are working properly, and that your personal data is kept secure.
- To comply with a legal obligation – This is where you provide us with your personal data which we need to keep for our legal reasons (e.g. when you make a purchase we need to keep your transaction information to comply with our tax and financial reporting obligations).
- To protect the vital interests of an individual – This is where we use your personal data to protect you (or someone else) where there is evidence of danger to your (or someone else’s) health and/or safety.
The table below sets out which legal basis we rely on when processing your personal data for each context.
When we collect personal data, we will indicate which types of personal data are mandatory via asterisks. Some of the personal data we request from you are either necessary for us to:
– Perform our contract with you (e.g. to deliver the goods you have purchased on our websites/apps);
– Provide you with a service you have asked for (e.g. to provide you with a newsletter);
– Comply with legal requirements (e.g. invoicing).
If you do not provide the personal data marked with an asterisk, this may affect the goods and services that we can provide.
PERSONAL ACCOUNT CREATION AND MANAGEMENT
In which context is your personal data collected?
Where your personal data are collected during the creation or management of an account on milk_shake websites, through a social media login or in store.
What personal data may we hold about you?
- First name and surname;
- Gender;
- Email address;
- Address;
- Phone number;
- Birthday or age range;
- ID/username, and password;
- Personal description or preferences;
- Order details;
- User-generated content; and/or
- Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, or by participating in a contest, game, survey etc.).
How and why we may use it?
-
- To:
- Manage your orders;
- Send you marketing communications (where you have asked us to) which may be tailored to your “profile” (i.e. based on the personal data we know about you and your preferences);
- Offer you a loyalty program;
- Offer personalised services based on your characteristics;
- Allow you to manage your preferences;
- Monitor and improve our websites and apps;
- Run analytics or collect statistics;
- Secure our websites and protect you and us against fraud;
- Respond to your questions and otherwise interact with you; and/or
- Manage any competitions, promotions, surveys or contests you enter.
- Deliver your orders
What is our legal basis for processing your personal data?
- The performance of a contract – so you can create and manage your account;
- Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; and (iv) secure our tools (v) deliver your orders (vi) contact you regarding orders that you have placed on our website (vii) contact you if you are a salon owner or hairdresser who has requested further information about stocking our products; and
- Consent – so you can receive marketing communications from us.
PROFESSIONAL* ACCOUNT CREATION AND MANAGEMENT
*professional accounts are created in relation to a business capacity; they are not for personal use.
In which context is your personal data collected?
Where your personal data are collected during the creation or management of a professional account on milk_shake websites/apps.
What personal data may we hold about you?
- First name and surname;
- Organisation name;
- Gender;
- Professional and personal email address;
- Professional and/or personal address;
- Professional and/or personal phone number;
- ID/username, and password;
- Preferences;
- Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, or by participating in a survey etc.).
How and why we may use it?
To:
- Manage your orders;
- Send you marketing communications (where you have asked us to) which may be tailored to your professional “profile” (i.e. based on the personal data we know about you and your preferences);
- Offer you a loyalty program;
- Offer personalised services based on professional interests and characteristics;
- Allow you to manage your preferences;
- Monitor and improve our websites and apps;
- Run analytics or collect statistics;
- Secure our websites and protect you and us against fraud;
- Respond to your questions and otherwise interact with you; and/or
- Manage any surveys etc. you enter.
What is our legal basis for processing your personal data?
- The performance of a contract – so you can create and manage your professional account;
- Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; and (iv) secure our tools; and
- Consent – so you can receive marketing communications from us.
NEWSLETTER AND MARKETING SUBSCRIPTION
In which context is your personal data collected?
Where your personal data are collected when you subscribe to receive our marketing communications.
What personal data may we hold about you?
- First name and surname;
- Email address;
- Gender;
- Address;
- Phone number;
- Birthday or age range
- ID/username, and password;
- Personal description or preferences;
- Order details;
- User generated content; and/or
- Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, or by participating in a contest, game, survey etc.).
How and why we may use it?
To :
- Send you marketing communications (where you have asked us to) which may be tailored to your “profile” based on the personal data we know or learn about you and your preferences;
- Show you marketing communications on other websites, including social media platforms. Note that you may also see our ads on other websites, including on social media sites, but these may not be tailored to you;
- Keep an up to date suppression list if you have asked not to be contacted;
- Run analytics or collect statistics; and/or
- Send content on your behalf to your friends and/or family.
What is our legal basis for processing your personal data?
- Consent – so you can receive marketing communications from us; and
- Our legitimate interests: (i) to improve our products and services; and (ii) better engage with you.
PURCHASES AND ORDER MANAGEMENT
In which context is your personal data collected?
Where your personal data are collected during the purchase process made on milk_shake website
What personal data may we hold about you?
- First name and surname;
- Email address;
- Address;
- Phone number;
- Personal description or preferences;
- Social media profile (where you use your social media login or share this personal data with us);
- Transaction information including purchased products;
- Payment and information; and/or
- Purchase history.
How and why we may use it?
To:
- Contact you to finalise your order where you have saved your shopping cart or placed products in your cart without completing the checkout process;
- Inform you when a product you wanted to purchase is available;
- Process your order including delivering the product to the address you indicated;
- Manage payment. Please note that your payment information (credit card number/Paypal/bank account details) are not collected by us directly, but by Sage Pay who are secure payment service providers;
- Manage any contact you have with us about your order;
- Secure your transactions against fraud. We may use a third party provider’s solution to detect fraud and make sure that payment is completed;
- Manage any dispute relating to a purchase; and/or
- Run analytics or collect statistics.
What is our legal basis for processing your personal data?
- The performance of a contract – so you can make purchase and we can manage the associated logistics.
- Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; and (iv) secure our tools.
- To comply with a legal obligation – to keep information we are required to.
ONLINE BROWSING
In which context is your personal data collected?
Where your personal data are collected by cookies or similar technologies (“cookies”*) when you browse milk_shake website where we have cookies.
For information on the specific cookies placed on a particular website/app, please check the cookies table or tool available on the specific website/app.
*cookies are small text files stored on your device (computer, tablet or mobile) when you are on the Internet, including on milk_shake websites.
What personal data may we hold about you?
Data related to your use of our websites, including:
- Where you came from;
- Login details;
- Pages you looked at;
- Duration of your visit; and/or
- Products you selected to create your basket.
- Technical information:
- Your IP address;
- Browser information;
- Device information; and/or
- Your unique ID which is given to each visitor, and the expiration date of the ID.
How and why we may use it?
We use cookies, together with other personal data you have already shared with us (such as previous purchases, or whether you’re signed up to our email newsletters) for the following purposes:
- To deliver targeted advertising, that is to show you:
- online advertisements for products which may be of interest to you, based on your previous behaviour; and/or
- ads and content on social media platforms or other websites.
You can opt out of targeted advertising by using the function available on our website (where applicable), or in your browser settings. For opting out of targeted advertising on social media platforms, please visit the relevant social media platform to explore the options they may provide.
- To tailor our services for you, that is to:
- show you recommendations, marketing, or content based on your profile and interests; and/or
- display our websites in a tailored way, for example, show you products we think you might like.
- To allow our websites to function properly, that is to:
- ensure the proper display of content;
- create and remember your shopping cart;
- create and remember your account login details;
- interface personalisation, such as language, or any user-interface customisation (i.e. parameters attached to your device including your screen resolution or font preference), etc.; and/or
- improve our websites, for example, by testing new ideas or layouts.
- To ensure our websites are secure and safe, and to protect you against fraud or misuse of our websites/apps or services, for example through performing troubleshooting.
- To run statistics, that is to:
- avoid visitors being recorded twice;
- know users’ reaction to our advertising campaigns.
- improve our offers; and/or
- understand how you discovered our websites/apps.
To allow sharing of our content on social media.
What is our legal basis for processing your personal data?
- Consent – to store cookies on your device.
- Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii secure our tools.
PROMOTIONS
In which context is your personal data collected?
Where your personal data are collected during a competition, game, contest, promotional offer, sample request, survey etc.
What personal data may we hold about you?
- First name and surname;
- Gender;
- Email address;
- Address;
- Phone number;
- Photo;
- Birthday or age range;
- ID/username, and password;
- Personal description or preferences;
- Order details;
- Social media profile (where you use your social media login or share this personal data with us);
- User generated content; and/or
- Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, or by participating in a contest, game, survey etc.).
How and why we may use it?
To:
- Complete tasks that you have asked us to, for example to manage your participation in the promotion, including to take into account your feedback and suggestions;
- Run analytics and statistics;
- Add your participation to your profile so we can understand your interests and preferences.
What is our legal basis for processing your personal data?
- The performance of a contract – so you may entered into the promotion/we can deliver the prize).
- Our legitimate interests: (i) to improve our products and services; and (ii) better engage with you.
USER GENERATED CONTENT
In which context is your personal data collected?
Where your personal data are collected when you submit content (for example images or ratings and reviews) on one of our websites/social media platforms, or accept our re-use of any content you posted on social media platforms.
What personal data may we hold about you?
|
Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, or by providing your own content such as photos or a review, or a question via the chat function available on some websites).
How and why we may use it?
To:
- Use the content you have created and/or shared in accordance with the specific terms and conditions accepted by you e.g. to post your review/content and to promote our products;
- Run analytics and statistics; and/or
- Add your content to your profile so we can understand your interests and preferences.
What is our legal basis for processing your personal data?
|
USE OF WEBSITES AND DEVICES
In which context is your personal data collected?
Where your personal data are collected as part of your use of our websites and/or devices.
What personal data may we hold about you?
- First name and surname;
- Email address;
- Location;
- Birth day and/or age range;
- Personal description or preferences, including characteristics such as skin tone, skin/hair type; and/or
- Application or device usage data.
How and why we may use it?
To:
- Provide you with the service(s) you requested (e.g. test our products virtually, enable you to purchase our products, provide you with advice and notifications regarding your sun exposure, hair routine etc.);
- Analyse your personal characteristics and recommend appropriate products (including bespoke products) and routines;
- Monitor and improve our apps and devices; and/or
- Run analytics and statistics.
What is our legal basis for processing your personal data?
|
ENQUIRIES
In which context is your personal data collected?
Where your personal data are collected when you ask questions relating to our brands, our products and their use, or your purchases, account or rights.
What personal data may we hold about you?
- First name and surname;
- Phone number;
- Email address;
- Other information you have shared with us about yourself in relation to your enquiry (which may include welfare and health data).
How and why we may use it?
- To:
- Answer and manage your enquiries;
- Run analytics and statistics; and/or
- Add your questions or concerns to your profile so we can understand your interests and preferences.
What is our legal basis for processing your personal data?
- The performance of a contract – to respond to your enquiries.
- Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii) secure our tools.
Automated Decision Making
Automated decision making means the ability to make decisions using technology, without human involvement.
We may use automated decision making in the following circumstances:
- For the purposes of securing transactions placed through our websites/ against fraud. We may use a third party provider’s solution to protect against fraud. The method of fraud detection is based on a number of different data prediction and data intelligence techniques that may change over time, to keep up with technological advancement. These may include, for example, data comparison or association, or detecting unusual data patterns. This fraud detection process may be completely automated or may involve some human intervention where the final decision is taken by a person.
As a result of automatic fraud detection, you may experience a delay in the processing of your order/request whilst we review your transaction. You may be limited or excluded from using a service if a risk of fraud is identified.
You have the right to access the information on which we base our decision.
Profiling
This means automatically processing personal data to evaluate certain personal aspects about an individual, in particular to analyse or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
When we send or display personalised communications or content, we may use some profiling techniques. This means that we may collect personal data about you in the different scenarios mentioned in the table above, and use this data to analyse, evaluate, or predict your personal preferences, interests, behaviour and/or location.
Based on our analysis, we then send or display communications and/or content specifically tailored to your interests and needs.
You may have the right to object at any time to the use of your personal data for “profiling”. Please see “Your Rights and Choices” section below.
Who may access your Personal data?
Your personal data may be accessed by milk_shake UK and Ireland. Access will always be controlled on a need-to-know basis, and only provided where it is necessary to provide you with requested services or to allow us to perform any necessary or legitimate functions.
Your personal data may also be processed on our behalf by our trusted third party suppliers.
We rely on trusted third parties to perform a range of business operations on our behalf. We only provide them with the information they need to perform the service, and we require that they do not use your personal data for any other purpose. We will always use our best efforts to make sure that all third parties we work with will keep your personal data secure. Examples include:
- Third parties that assist and help us in providing digital and e-commerce services such as social listening, store locator, loyalty programs, identity management, ratings and reviews, CRM, web analytics and search engine, user generated content curation tools;
- Advertising, marketing, digital and social media agencies to help us to deliver advertising, marketing, and campaigns, to analyse their effectiveness, and to manage your contact and questions;
- Third parties required to deliver a product to you e.g. postal/delivery services;
- Third parties that assist and help us in providing IT services, such as platform providers, hosting services, maintenance and support on our databases as well as on our software and applications;
- Payment service providers and credit reference agencies for the purpose of assessing your credit score and verifying your details where this is a condition of entering into a contract with you;
- Third parties that assist us for customer care and customer vigilance purposes.
The legal basis for this sharing is our legitimate interests – (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; (iv) secure our tools and design new features; (v) manage your orders; and (vi) use appropriate suppliers
We may also disclose your personal data to third parties:
- In the event that we sell any or part of our business or assets, we may disclose your personal data to the prospective buyer of such business or assets. If milk_shake or a part of its assets are acquired by a third party, personal data we hold about our consumers relating to those assets will be one of the transferred assets. In such cases, your personal data will be processed by the buyer acting as the new data controller and its privacy policy will govern the processing of your personal data.
- If we are under a duty to disclose or share your personal data in order to comply with a legal obligation, or in order to enforce or apply our terms of use/sales or other terms and conditions you have agreed to; or to protect the rights, property, or safety of milk_shake, our consumers, or others.
- In other circumstances if we have your consent or we are permitted to do so by law.
Where we Store your Personal data
The personal data that we collect from you may be transferred to, accessed in, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our service providers.
Where milk_shake transfers personal data outside of the EEA, this will be done in a secure and lawful way. As some countries may not have laws governing the use and transfer of personal data, we will take steps to make sure that third parties adhere to the commitments set out in this Privacy Policy. These steps may include reviewing third parties’ privacy and security standards, and/or entering into appropriate contracts (on the basis of the template adopted by the EU Commission and available via its homepage).
For further information, please contact us as per the “Contact” section below.
How Long Do We Keep Your Personal data
We will keep your personal data for as long as we need it to provide you with your requested service(s) or to meet our commercial or legal obligations.
To determine the retention period of your personal data, we consider several criteria to make sure that we do not keep your personal data for long than is necessary or appropriate. These criteria include:
- The purpose for which we hold your personal data;
- Our legal and regulatory obligations in relation to that personal data, for example any financial reporting obligations;
- Whether our relationship with you is ongoing, for example, you have an active account you continue to receive marketing communications, or you regularly browse or purchase off our websites);
- Whether you are no longer actively participating or engaging with our brands, for example, you do not open our emails, visit our websites, or share user generated content;
- Any specific requests from you in relation to the deletion of your personal data; and
- Our legitimate business interests in relation to managing our own rights, for example the defence of any claims.
When we no longer need to retain your personal data, it will be deleted or be anonymised so that you can no longer be identified from it.
Is my Personal data Secure?
We are committed to keeping your personal data secure, and taking all reasonable precautions to do so. We contractually require that trusted third parties who handle your personal data for us do the same.
We always do our best to protect your personal data and once we have received your personal data, we use strict procedures and security features to try to prevent unauthorised access. As no transmission of information via the internet is completely secure, we cannot guarantee the security of your personal data transmitted to our site although. Any transmission is therefore at your own risk.
Links to Third Party Sites
Our websites may, from time to time, contain links to the websites of our partner networks, advertisers and/or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you share any personal data with these websites.
Social Media and User Generated Content
Some of our websites and apps allow users to submit their own content. Please remember that any content submitted to our social media platforms can be viewed by the public, and you should be cautious about providing certain personal data e.g. financial information or address details. We are not responsible for any actions taken by other individuals if you post personal data on one of our social media platforms and we recommend that you do not share such information.
What are your rights
You are entitled to request the following from Next, these are called your Data Subject Rights and there is more information on these on the Information Commissioner’s website www.ico.org.uk
- Right of access –to request access to your personal information and information about how we process it
- Right to rectification –to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- Right to erasure (also known as the Right to be Forgotten) – to have your personal information erased. Contact our customer services info@milkshakehaircare.co.uk
- Right to restriction of processing – to restrict processing of your personal information
- Right to data portability – to electronically move, copy or transfer your personal information in a standard form
- Right to object – to object to processing of your personal information
- Rights with regards to automated individual decision making, including profiling –rights relating to automated decision making, including profiling
If you have any general questions about your rights or want to exercise your rights please contact info@milkshakehaircare.co.uk
You have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live or where your legal rights have been infringed. The contact details for the Information Commissioner’s Office (ICO), the data protection regulator in the UK, are available on the ICO website www.ico.org.uk where your personal information has or is being used in a way that you believe does not comply with data, however, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.
CONTACT
If you have any questions or concerns about how we treat and use your personal data, or would like to exercise any of your rights above, please contact us at info@red-hotproducts.com