Sign up to our newsletter for 20% off, and we'll plant a tree! You're welcome.
Sign me up!
We’re giving away a Hand & Body Duo to one lucky student each month! Sign up to our newsletter to enter!
Sign me up!
What information do we collect about you?
Personal data, or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
The personal data which we collect of you will very much depend on the reason why we need your personal data and who you are (i.e. any visitor to our website; a Job Applicant; a Guest Customer; a Registered Customer; a Former Guest/Registered Customer; and Business Partner and/or Supplier) as is set out below.
Basic Contact Details.
These include the following personal data: name, email and/or phone number.
Basic Job Applicant Information.
These many include the following personal data if you send us your CV and/or motivation letter in application for an advertised position or as a spontaneous application:
Job Applicant Due Diligence Information.
If we decide to move forward with your job application, we may collect additional personal data to establish and verify your identity, qualifications and fitness for the position. In such a case, we will send you a specific privacy notice. If you sign a contract with us and become an employee, contractor or worker, we will request additional personal data and provide you with an additional privacy notice.
In order to fulfil your order and perform our contract with you, we will need you to provide details pertaining to payment and delivery. This may include the following:
These include details about payments to and from you and details regarding the products and services which you have purchased from us. If you decide to register as a user on our website, your payment information may be stored under your customer account.
Registered Customer Details.
If you decide to register as a user on our website, we may process the following personal data:
This includes any information that you voluntarily provide to us regarding your experience in using our products, attending our events, browsing our website and otherwise.
Allergy and Intolerance Information.
This includes information related to your allergies and intolerances which you provide to us through our customer service in order to continually develop and improve our products. As a special category of data, we will only process this information with your explicit consent.
Supplier and/or Partner Due Diligence Information.
This may include limited personal data on registered addresses, financial details, family details, lifestyle and social circumstances, and/or political affiliations of the owners, leaders or employees of our suppliers and/or partenrs which might be collected to establish that they are running a sound and reliable business, and in order to prevent any reputational and other risk for our company in dealing with such suppliers/partners which might be involved in bribery and corruption.
Special Category Data.
(E.g. allergy information) will be processed only under certain conditions: if you have given us your explicit consent; and/or the processing is necessary in the context of employment law; and/or where you have manifestly made it public and we collect it as part of our work for you. If you do not allow us to process your special category data, and such processing was based solely on your consent, this may mean that we are unable to enter and/or continue our contractual relationship with you. You must inform us in writing if you remove consent for us to process such personal data.
A special note about children.
Our website is not intended for children and we do not knowingly collect data relating to children.
Refusal to provide personal data by you.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract (e.g. to send you one of our products) we have or are about to enter into with you. If we already have a contract in place, we may have to cancel a service or product you have with us.
When and how do we collect your personal data?
Your personal data is collected using different methods as follows:
Through your direct interactions with us.
You may give us your personal data in person, by filling in forms or by corresponding with us by post, phone, email or using any other channels of communication such as social media (e.g. Instagram, LinkedIn, Facebook).
This includes personal data you provide when you:
Automatically through your visit to our website.
As you interact with our website on your computer or other device, we may automatically collect technical data about your equipment and browsing actions.
Information collected from third parties or publicly available sources.
We may receive personal data about you from various third parties and public sources, as set out below.
How and why we use your personal data | Purpose & Legal Grounds
We will only use your personal data when the law allows us to, namely on legal grounds (sometimes also referred to as lawful grounds or legal basis). Most commonly, we will use your personal data for the purposes set out in further detail below:
Based on the legal ground which is the performance of the contract or to take steps at your request prior to entering into a contract, we shall use your personal data for the following purposes:
Based on the legal ground which is to comply with a legal obligation, we shall use your personal data for the following purposes:
Based on the legal ground which is the legitimate interest, where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override our legitimate interests, we shall use your personal data for the following purposes:
Based on the legal ground which is your consent, we shall use your personal data for the following purposes:
When processing of your personal data is based on your consent only, you have the right to withdraw consent at any time by contacting us at firstname.lastname@example.org.
Please contact us if you need details about the specific legal ground we are relying on to process your personal data, or the specific purpose for which that data is used.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you.
You may receive marketing communications from us if you have requested information from us or purchased services or products from us, or if you provided us with your details when you registered for a promotion and, in each case, you have not opted out of receiving that marketing.
Third Party Services.
We will never sell, rent or provide your personal data to third parties for marketing purposes.
Updating Marketing Preferences.
You can ask us to stop sending you marketing messages at any time by updating your marketing preference following the opt-out links on any marketing message sent to you or by contacting us at any time.
Change of Purpose.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We do not envisage that any decisions will be taken about you using solely automated means. However, we will notify you in writing if this position changes and will inform you of your rights as required by the applicable law.
Disclosure of your personal data to third parties.
In line with our professional and ethical obligations, we will not disclose your personal data unless we are permitted, required or authorised under applicable law, or where we need to do so in order to conduct our business (for example where we outsource services or other people process data for us) or when disclosure of your information is in your interest.
Only in the above-mentioned cases of disclosure, will we share with and/or allow access to information to the following categories of third-parties as relevant:
We require all third parties with whom we share your personal data to respect your personal data and to treat it in accordance with the privacy and security obligations consistent with this policy and the applicable law. Where we share your personal data for the purpose of conducting our business, we take all reasonable steps to ensure that such third party enjoys a sound business reputation and provides at least the same level of privacy protection that we offer to our customers. We do not permit our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes identified by us and in accordance with our instructions.
Fiils Beauty Ltd is based in the United kingdom (UK). However, we may have to share your personal data with third parties located outside of the UK, or process your data ourselves, directly or through our affiliates, outside of the UK. Any transfers made will be in compliance with all aspects of the UK Data Protection Act (DPA) and the General Data Protection Regulation (GDPR).
When we do transfer your personal data out of the UK, we will ensure that your personal data is transferred in accordance with the legal requirements, and in particular the GDPR. This means that, where your personal data is sent outside the UK, we shall be:
As permitted under the GDPR, please note however that it might be the case where neither of the above applies, but the international transfer to a particular country of personal data can benefit from a legal derogation/exception such as in one of the following situations:
The international transfer:
Please contact us at email@example.com if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
Unfortunately, no data transfer over the Internet or any other network can be guaranteed as entirely secure, but we take appropriate steps to try to protect your personal data. We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a need to know. They will only process your personal data on our instructions and they are subject to a strict duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and competent regulators of a breach where we are legally required to do so.
How long do we keep your personal data for (referred to as ‘data retention’)?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for as set out in this policy, or for as long as we reasonably consider necessary to establish, exercise or defend our legal rights. In any event, we shall retain your personal data in accordance with the applicable statutory and regulatory requirements.
The specific statutory and regulatory criteria used to determine these retention periods include but are not limited to:
Other commercially justifiable criteria may include, among others, our need to comply with the requirements of our professional indemnity insurer, our need to keep your personal data as long as necessary to resolve any query, complaint or dispute, our need to keep your personal data for as long as you might legally bring claims against us, and our need to enable us to provide you with our products and services. If you are an unsuccessful job applicant, we will keep your personal data for 6 months unless you ask us in writing to delete it sooner than that.
Please contact us if you want further information on the specific retention mechanism used in relation to a specific type of your personal data.
Warning regarding third-party links.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of the website which you visit.
Your Rights and Duties.
Your duties to inform us of changes.
It is important that the personal data that we hold is accurate and current. If you have a business relationship with us and you have provided us with personal data, or you have provided us with personal data on behalf of someone else, you are required to inform us as soon as possible if that personal data changes.
You have the following rights in relation to the data we collect about you:
If you wish to exercise any of the rights set out above, please contact us at firstname.lastname@example.org
No fee usually required.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will respond to all legitimate requests without undue delays and within one month of receipt of your request.
Furthermore, you also have the right to make a complaint at any time. If you would like to make a complaint, please contact us at email@example.com. You also have a right to file a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
How to contact us.
If you wish further information about your rights, you can email us at firstname.lastname@example.org or write to us at:
Fiils Beauty Ltd.
20-22 Wenlock Road