Sellma Beauty

SELLMA BEAUTY SH.P.K

At Sellma Beauty SH.P.K, we are committed to protecting your personal data and respecting your privacy. It is your personal data and we respect that. This Privacy Policy tells you about how and why we collect and use the personal data which you provide to us or which we collect about you when you interact with us, for example, when you use our website or visit our stores.

In this notice, when we refer to “Sellma Beauty”, “us”, “we” or “our”, we mean Sellma Beauty SH.P.K and, where applicable, any entities owned or controlled by Sellma Beauty SH.P.K and which provide you with the www.sellma.shop website.

We want you to be fully informed about how we use your personal data, how we keep it secure and your rights in relation to that personal data. We trust this Privacy Policy will answer any questions you have about how we handle your personal data. It is likely that we will need to update this Privacy Policy from time to time by updating this page. We will notify you of any significant changes, but would encourage you to come back and review it from time to time.

Ensuring the lawful use of your personal data

We will only use your personal data where we have a lawful basis to use it. In particular, we will use your personal data in the following circumstances:

• We will use your personal data where it is necessary for us to perform our contract with you (for example, to fulfil your order).

• We may also use your personal data to pursue our legitimate interests (or those of a third party) in a way which might reasonably be expected as part of running our business and which does not materially impact your interests, rights or freedoms. For example, we might use your purchase history to send you personalised offers or use your shopping history to identify trends and ensure we can keep up with demand and develop the right new products for our customers.

• We may sometimes need to use personal data to comply with our legal obligations (for example to pass on details related to fraud).

What personal data do we collect from you and how do we use it?

The personal data we collect about you and how we will use it, depends on how you interact with us, for example, if you place an order on our Website, contact us with a query by email or via social media or make a purchase. We only collect and use ‘special category data’ where you have provided us with your consent for us to do so. We will collect your contact details, such as your email address, mobile phone number, telephone number and billing/delivery address. To fulfil your order, for example, by delivering your products to you or to contact you about your order where necessary. We may also share this information with third party delivery and courier services such as shipping companies we work with, to enable us to fulfil your order.

We may also use your data to send you sms/DM messages and/or email newsletters to keep you up to date about our products and services which we think will interest you and our latest offers, and where you opt to participate in our loyalty and VIP programmes if and when we organize them.

To communicate with you in relation to your order, or if you raise an enquiry or complaint with us.

To contact you to inform you when a product you want to order is back in stock.

For data analysis, testing, research and statistical statistics to help us to improve our products and services.

To identify behavioural flows from emails we send to you, so that we are able to monitor and analyse the effectiveness of those emails.

Additional information you choose to provide us, including your birthday, physical characteristics including hair colour, eye colour, make-up tone and skin tone and beauty preferences. We may collect this information in different ways, including via virtual or in-person consultations you have with us.

Photographs, videos and video stills of you, where you choose to provide them to us and for which you give consent. For use on the www.sellma.shop Website, social media channels (such as Facebook, Instagram,TikTok etc) and other channels owned by Sellma Beauty SH.P.K and promotional materials for marketing purposes and for product recommendations.

You don’t have to give us any of the personal data set out above but, if you don’t provide us with certain information, we may not be able to provide you with the goods and services you have requested from us. The forms you fill in on our Websites, if such forms are available, will make it clear what information we need in order to provide the product or service you are requesting and what information you can choose to provide if you wish.

To help us form a better, overall understanding of you as a customer, we combine your personal data gathered across Sellma Beauty, for example, your shopping history.

Automated decision making and profiling

When we send or display personalised communications or content, we may use a technique known as “profiling”. This means any form of automated processing of personal data to evaluate certain aspects about an individual, in particular to analyse or predict aspects concerning their personal preferences, interests, economic situation, reliability, behaviour, location, or movements. This means that we may collect personal data about you in the different scenarios described in the table above, and use that data to analyse, evaluate, or predict your personal preferences, interests, behaviour and/or location. In some cases we might also use personal data, including digitally created profiles, to make decisions by automated means.

For example, we may use automated processing to create a list of customers that are eligible for a loyalty programme, based on their purchases and amounts they have spent, or to identify the types of advertising or marketing you might be interested in. We ensure that we have a legal basis to process your personal data when we carry out profiling activities and/or automated decision-making, as set out in the table above.

You may in some circumstances have the right to request that we don’t use your personal data in this way. Please see “Your Rights” section of this privacy policy below.

Sharing your personal data with trusted third parties

We share your personal data with trusted third parties to allow us to provide our services to you. When we do share your personal data with these third parties we only provide the information they need to perform the service. We have written contracts in place with them to ensure they only use your personal data for the purpose we specify to them and that your privacy is secure and respected. These trusted third parties include the following:

Description examples

Companies that help us fulfil your orders and, where required, get your purchases to you, such as delivery couriers and payment providers.

Professional service providers such as website hosting providers, system providers, website and social media analytics providers, advertisers and appointment booking providers, who help us run our business.

Direct marketing companies who help us manage our electronic communications with you and social media or web platforms to show you products that might interest you while you’re browsing the internet.

Credit reference agencies, law enforcement and fraud prevention agencies, so that we can help tackle fraud.

We may also share your personal data in connection with a business transition (such as a merger, acquisition by another company, or a sale of all of or portion of our assets). In these circumstances, we may need to share your personal data with a prospective buyer and external professional advisors such as accountants, insurers, lawyers or financial institutions.

We may be required to share your personal data with the police, administrative authorities (such as national tax authorities) or other enforcement, regulatory or Government bodies, where we are legally obliged to do so.

We will only share your personal data with third parties for them to use for their own direct marketing purposes when you have given your express opt-in consent for us to do so.

Seeing advertisement for our website online

We may collaborate with third parties to provide us with analytics services and serve Sellma ads and banners when you are browsing on apps and other websites. We do this by way of various ad exchanges and digital marketing networks. We and our advertising partners use various advertising technologies, for instance, ad tag, cookies, pixels, identifiers and web beacons. This information may be used by Sellma Beauty SH.P.K, among other things, analyse and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Websites and other websites, and better understand your online activity.

The ads and banners you see are based on information that we hold about you, or on your prior use of our Websites, for example, products you have browsed previously, content you have read on our Websites, or on Sellma banners or ads that you have engaged with in the past.

We may also work with and use services offered by other third parties to serve ads to you as part of a customised campaign on third-party sites and platforms (such as Facebook, Instagram, Google Ads etc). As part of these ad campaigns, we or the third parties may convert information about you, such as your email address and phone number, into a unique value that can be matched with a user account on these platforms to allow us to learn about your interests and to serve you advertising that is customised to your interests. For more information about this advertising, or to opt out of seeing these types of customised ads, please visit these third-party sites and platforms, which may offer you choices about this type of customised advertising.

For more information about interest-based ads, or to opt out of having your web browsing activity used for behavioural advertising purposes, please visit our Cookies Policy and use our cookie management tool to manage your preferences.

How long will we keep your personal data?

We will only keep your personal data for as long as we need to for the reason we collected it, as set out in this Privacy Policy. For example, for as long as needed to allow us to fulfil your order or to provide any customer services support you have requested.

We may also keep hold of some of your personal data if we are required to do so for legal purposes, for example, to meet our legal or regulatory requirements or to prevent fraud and abuse, or for tax and accounting purposes. For example, we will keep your order data for five years after you place an order with us to allow us to comply with our legal obligations.

When we are no longer required to keep your personal data, your data will either be deleted or completely anonymised. For example, by aggregation with other data so that it can be used in a non-identifiable way for business planning and analysis purposes.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us using the details at the end of this Privacy Policy.

Security

We are committed to ensuring that your personal data is secure and we have put in place suitable physical, electronic, contractual and managerial procedures, including our Information Security Management System and Secure Sockets Layer (SSL) encryption, to protect your personal data. Our employees who have access to and process your personal data are obliged to respect the confidentiality and security of your personal data.

Third party links

Our Website may contain links to other websites of interest that are not run by us but by third parties. However, we do not have any control over these third party websites and they will be governed by their own privacy policies and terms and conditions, not this Privacy Policy. You should review the privacy notices and terms and conditions of any other websites that you use.

Your rights

You have the following rights in relation to the personal data we hold about you: • The right to insist that companies who hold your personal data are fair and transparent about how and the manner in which they process and use your personal data. This is why we provide you with this Privacy Policy.

• The right to access the personal data we hold about you (commonly known as a “data subject access request”) including obtain a copy of it. There are some exemptions, which means you may not always receive all the information we process, for example if the records contain personal data of other individuals.

• The correction of the personal data that we hold about you if it is incomplete or inaccurate (although if you hold an account with us, you may be able to do this in certain cases yourself by visiting the Account Information page on the Charlotte Tilbury website).

• The deletion or removal of personal data we hold about you where there is no good reason for us continuing to process it. If you have successfully exercised your right to object to us processing your personal data or if we have processed your personal data unlawfully or we are required to stop processing your personal data as a matter of local law, then you can ask us to delete your personal data.

• For our processing of your personal data to be restricted if: (i) you want to make sure the personal data is accurate; (ii) where our use of the personal data is unlawful but you don’t want us to erase it; (iii) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.

• You can ask us to transfer your personal data to a third party but this right only applies to automated information you initially allowed us to process.

• The right to withdraw consent. If we process your personal data on the basis of your consent, then you can withdraw your consent and we must cease processing it in future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

We may need to ask you for specific information to help us confirm your identity before dealing with your request. This is a security measure to ensure your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Right to Object

Where we are processing your personal data on the basis of our legitimate interests, you can ask us to stop processing it and we must do so unless we believe we have an overriding legitimate reason to continue processing your personal data.

If you are dissatisfied with how we have handled your personal data, you have the right to make a complaint to your data protection regulator.

Children

Customers need to be over the age of 18 to create an account with us or to sign up for our newsletter or to contact us or to liaise with us. We will not knowingly collect personal data about under 18s and if you are under 18, please do not provide us with your personal data. We would ask parents to please ensure that their children that are under 18 do not provide us with any personal data without their permission. If you believe that a child who is under 18 has provided personal data to us, please Contact Us and we will seek to delete that data from our systems.

Lookalike audiences

For advertising purposes, we occasionally use information about our customers to generate a “lookalike audience” or similar audience of prospective customers through the Facebook, Google, Snapchat, Pinterest or TikTok advertising platforms. This allows us to target advertisements on their networks to potential customers who appear to have shared interests or similar demographics to our existing customers, based on the platforms’ own data. We typically do this by uploading a list of email addresses. These third parties’ policy is to irreversibly hash (encrypt) such lists prior to uploading, match the hashed data against their own customers, generate the lookalike audience, then delete the uploaded list and use it for no other purpose. We do not have access to the identity of anybody in the lookalike audience, unless they choose to click on the ads. Based on this, we believe that generating lookalike audiences poses little or no threat to the privacy of our customers. If you wish to opt out of “similar audiences” in Google, you can do so through your Ads Settings. Many of the companies that display interest-based advertising are members of the Network Advertising Initiative (“NAI”) and/or Digital Advertising Alliance (“DAA”). To learn more about interest-based advertising and how you may be able to opt-out of interest-based advertising, tracking, and/or sharing of tracking data by their members, visit their online resources at www.networkadvertising.org/choices and www.aboutads.info/choices, respectively. Other resources (not affiliated with NAI or DAA) include http://preferences-mgr.truste.com/, or for EU residents, www.youronlinechoices.eu.

Contacting us

If you have any queries, comments or requests regarding this Privacy Policy, you have a complaint or you would like to exercise any of your rights set out above, you can contact us by email at orders@sellma.shop

ACCOUNT

ABOUT

LEGAL