Effective Date: September 2021
We value all visitors, supporters and customers, and are committed to protecting your privacy and to meeting the highest standards in managing your personal data.
This privacy notice explains how and why we collect and manage personal data, what your data protection rights are and how you can exercise them.
One of our responsibilities is to ensure that the personal data we hold about you is accurate and current. Please keep us informed at [email protected] if your personal data changes during your relationship with us.
We are the ‘Data Controller’ in respect of your personal information. This Privacy statement sets out the basis on which any of your personal information which we collect from you or third parties, or that you provide to us will be processed for use by us.
WHO WE ARE
Skulltress PRO is a brand specialising in creative makeup education.
In this Privacy notice and Policy when we explain how we collect your personal data, 'Skulltress', Skulltress PRO’ and 'we' (or 'us' or 'our') refer to Skulltress Ltd.
HOW & WHEN WE COLLECT PERSONAL DATA
We collect and process a range of personal data from you.
We collect only the data that is necessary to provide you with the Services we offer and which you may have requested, in order to keep you informed and deliver the Service.
You may choose to limit the information you provide to us, but please bear in mind this may limit the service or level of personalisation we can offer to you on our website.
We collect data in several ways these are outlined below and include:
Directly from you;
- Indirect - From Third Parties;
Automatically (Via our Website)
Information we collect directly from you
We collect certain information directly from you. This data collection may be via our website, due to your activities such as:
- Via online website forms;
- Data provision for newsletter requests;
- Purchase from our online shop;
- Purchase of tickets to an event;
- Purchase of membership(s);
- Provision of data when undertaking a membership survey;
- Provision of data whilst entering a competition;
- Provision of data when you make an enquiry by e-mail or via our website or by telephone
Examples of the types of personal data we may collect from you are:
- Contact details ( name, telephone number, email);
- Demographic information (such as age / gender and or other information that may identify you as an individual);
- Information relating to other members of your group and/or participants at any event;
- Your account set up and password and authentication for your membership
- Financial and credit card information;
- Your communication and marketing preferences and interests;
- Your purchase history previous activities with Skulltress, events attended, membership and other purchases;
- Your feedback, views, opinions, questions and comments as part of our community and market research;
- Details current memberships, gift memberships;
- Correspondence history;
- Details of your visits to our website and the resources or pages you access;
- Data entered on our website including non-submitted (or abandoned) data;
- If you contact us with a complaint or query we may keep a record of your contact details and the time taken to resolve the issue. We may also record your levels of satisfaction with our services
If you purchase a Membership for yourself, or one as a gift, there are more specific details about the data we collect and the way in which we use it in our Membership Terms of business which can be found here.
Information we collect indirectly about you from third parties
Some information we hold about you may be provided to us via third-party sources. For example:
- You may post reviews or other content relating to Skulltress or similar organisations via third-party social media platforms and channels, such as: Twitter; Facebook; or Instagram.
- We sometimes run events or competitions with other companies and organisations, and they may pass some personal information about participants or entrants to us as part of the event collaboration.
- Sometimes we may use third parties to assist us in how we increase support and identify new supporters.
- Sometimes we may collate personal data that you have provided to us via multiple direct interactions you have had with us, along with information from third parties.
- We collect the online analytics data referred to below, this is to allow us to use this to improve the services and information we provide to you.
Information collected by us automatically about you
Cookies collect data automatically:
As you interact with our website, we may automatically collect analytics data about your browsing actions and patterns, this is to provide you with the best experience and help you to make use of better functionality when shopping with us online.
The cookies we use fall into the following categories:
- Session cookies: These allow our site to link your actions during a particular browser session. These expire each time you close your browser and do not remain on your device afterwards.
- Persistent cookies: These are stored on your device in between browser sessions. They allow your preferences or actions across the site to be remembered. These will remain on your device until they expire, or you delete them from your cache.
- Strictly necessary cookies: These cookies are essential for you to be able to navigate the site and use its features. Without these cookies, the services you have asked for or are accessing on our site could not be provided.
- Performance cookies: These cookies collect information about how you use our site, e.g. which pages you go to most often.
- Functionality cookies: These cookies allow the site to remember the choices you make (such as your username, language, last action and search preferences) and provide enhanced, more personal features to service your requests.
How to Disable Cookies
If you want to disable cookies you can activate the setting on your browser that allows you to refuse the setting of all or some cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser (or alternatively visit http://www.aboutcookies.org).
Data likely to be collected by Cookies includes:
- Information about your device , operating system and IP address
- Your login information
- Browser type and version
- Information about your visit including URL, click stream (your journey through our site) length of visits to certain pages and interaction information
PERSONAL DATA WE DO NOT COLLECT
Children's personal data
We do not intentionally or knowingly provide services to children or collect children's personal data (anyone under 13 years old) without ensuring we have explicit consent from the parent or guardian. If you believe a person under 13 years old has provided us with their personal data, or have any concerns regarding this aspect of our notice, please contact [email protected].
WHY WE USE YOUR PERSONAL DATA & LEGAL BASIS
Data processing law requires us to ensure we have a valid service-related reason for using and processing your personal data.
We process your personal data because it is necessary for one of the following lawful reasons:
- Our legitimate business interests: Where it is necessary for us to understand our customers, promote our services and operate effectively as an online service provider, as long as in each case that this is done in a legitimate way which does not unduly affect your privacy and other rights. For example, we will rely on this legal basis when we conduct certain market analysis to understand our customers in sufficient detail so we can create new services and improve the profile of our brand to lead in online makeup education and promoting knowledge and understanding of the Beauty industry.
We will ask you if we can keep your details if you have attended our events for the purposes of communicating about ongoing and future events; new activities and opportunities at and with Skulltress, and; to track service use in the Skulltress PRO education platform ensuring we are offering relevant and engaging content focused on your key interests.
- Performance of a contract with you (or in order to take steps prior to entering into a contract with you): For example, where you have purchased a product, membership or service from us and we need to use your contact details and payment information in order to process your order
- Compliance with law: Where we are subject to a legal obligation and need to use your personal information in order to comply with that obligation
- Consent: For example, where you have provided your consent to receive certain marketing from us. You can withdraw your consent at any time, including by clicking on the “unsubscribe” link at the bottom of any marketing email we send you. In relation to any marketing or promotional messages from us, you have the right to opt out at any time.
We may ask you to consent to our collection and use of your personal data for a specific purpose. You can change your mind and withdraw your consent at any time by emailing us at email@example.com.
HOW WE USE YOUR PERSONAL DATA
We recognise your personal information belongs to you. We may process your personal information for specific purposes when you choose to give it to us, such as:
- Services Provision and delivery of our Services, goods or information in response to your requests
- Feedback Gathering feedback to manage your account and our Services
- Content Planning Development and management of the Skulltress content libraries
- Events Planning Management of activities related to events
- Request Response Fulfilment and response to requests from you
- Community Creation Management of the security and safety of the Skulltress PRO Community
- Service Improvement Analysis of, tailoring, development and improvement of our offer
- Marketing Communication with you: newsletters; marketing; promotional messages; surveys; providing information relating to offers; events; opportunities; new services, or new activities – with your permission
- Competition Management of competitions; dealing with competition entries and results
- Membership Operation management and promotion of our membership scheme
- Operations Operation, management and promotion of Skulltress PRO
- Legal and Regulation Compliance Internal operational and management purposes including legal financial record keeping, management
- Appropriate Presentation ensuring content from our websites is presented to you in the most effective manner for you and for your computer
- Risk Management & Avoidance of Fraud assessing credit risk, fraud or brand damage risk
- Audit Purposes and audit purposes
- Outreach events Some of our online events may be recorded and published on Skulltress online channels including YouTube. You will be notified before the event and again as you join if it is going to be recorded. By joining a recorded event you are giving your consent to be recorded. Skulltress has procedures in place to minimise the risk to your privacy and to ensure recordings are managed appropriately in line with data protection legislation. You can also protect your own privacy by muting your microphone, turning your camera off and using an appropriate pseudonymous screen name to join the session.
- To ensure Safety and Security of our website and services
Your choice & rights in providing personal data
You have the right to refuse to give us your data, however if we need to collect personal data under the terms of a contract we have with you for a genuine service purpose, and you choose not to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to deliver an item to you, or to sell you a ticket to an event). In this case, we may be unable to process a transaction and/or may have to cancel something you have requested from us. Please see section on opting out for more information.
Where appropriate, your personal data may be accessed by and shared with all parts of the Skulltress business. We will never sell your data.
Other reasons for sharing your data are:
Competition Partners From time to time, we run competitions or events with other organisations. When we do this, any relevant further details relating to the personal data you submit may be included in the competition analysis.
Third Parties A number of third-party service providers are engaged by Skulltress to assist in the provision of our services, our operations and the running and maintenance of our systems. For example, when you make a payment to us this is likely to be processed via secure third-party payment process providers, and some of our systems are maintained and supported by external specialist providers.
When we use third-party service providers, we disclose only the personal data that is necessary to deliver the service. We have data processing agreements and contracts in place requiring all third party providers to us, to keep your data secure and not to use it for any purposes other than those we outline to them. If you would like more information on the relevant service providers that we use, please contact us at [email protected].
We may also disclose your personal information to other third parties in the following cases:
- compliance to comply with our legal obligations;
- to Protect the rights, property or safety of us or our users, or others, and in order to enforce or apply our terms and conditions (this includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction); or
- in the event of a merger or takeover or change of company ownership we may have to disclose your personal information to the new owner so that they can continue to provide services to you;
- or if we are required to do so by law (for example by a court order), or in connection with the prevention of fraud or other crime.
Sometimes we may ask for your permission to share your details with others. For example, if you attend a training course, we may ask if delegates are happy for us to share their contact details with other delegates.
We may release your information to third parties beyond those listed above.
DATA SECURITY AND RETENTION
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third-parties who have a business need to know and who have undertaken to keep it safe under data control agreements with us.
Third parties will only process your personal data on our instructions (which, in the case of our employees and contractors, are set out in our policies and legal agreements). These are all subject to a duty of confidentiality and privacy law.
We regularly review and update our procedures to deal with any suspected personal data breaches. In the event of any suspected personal data breach we will notify the individuals affected and the applicable data protection regulators, where legally required to do so immediately.
We suggest you frequently change your passwords. We will never ask for bank details on email. Please tell us if you receive an email which looks as though it is from us, asking for this information. If you know or suspect that anyone other than you knows your password or any other authentication information, you must promptly notify us using the contact details below.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted during your use of our website.
International data transfers
Personal data may be transferred outside of the UK to other third-party service providers incidentally in the course of our activities. We will take steps to ensure that adequate protection is provided for information transferred overseas as required under data protection legislation.
We aim to keep personal data only for as long as is necessary to fulfil the purposes for which the data was collected.
By law we have to keep certain basic information about our customers and supporters and their transactions with us for specified periods of time. If you would like further information on this please email [email protected].
OPTING OUT OF MARKETING
You can ask us to stop sending you newsletters and marketing messages at any time by:
- following the opt out (unsubscribe) link on any marketing message sent to you;
- contacting us at any time at [email protected].
We will implement your request as promptly as possible, but it can take up to 28 days to remove you from our mailing list, so you may still receive marketing communications during this time.
Where you opt out of receiving these newsletters and/or marketing messages, we will keep a record of this so that we don't contact you again.
We may also need to retain and use your personal data for other purposes (such as making bookings and other financial transactions you have undertaken with us).
YOUR DATA PROTECTION RIGHTS
You have a number of legal rights in relation to your personal data. You have the right to:
Request access to your personal data (commonly known as a 'data subject access request'). This enables you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which, if applicable, will be shared with you at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party), and there is something about your particular situation that makes you want to object to processing on this ground, as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
(a) if you want us to establish the data's accuracy;
(b) where our use of the data is unlawful but you do not want us to erase it;
(c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
(d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information that you initially provided consent for us to use, or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time of your request.
These don't apply in all circumstances, as there are also legal exemptions which may apply, depending on why we have collected the data, and the legal basis on which we are holding the data. We will be happy to explain if you have questions about this.
You can contact us at [email protected] if you wish to:
- make a formal request for information we hold about you;
- make changes to the data we hold about you;
- opt out of being contacted for marketing purposes (you can also opt out of our marketing messages by using the unsubscribe link that appears on each of them);
- request us to erase the data we hold about you;
- ask questions or raise concerns about this privacy notice.
Data Protection requests and enquiries
Please email [email protected] with any data protection requests or enquiries, including requests to exercise your data protection rights (such as access, erasure or objection to processing).
Data Protection Officer
Skulltress has appointed a Data Protection Officer ([email protected]). The DPO is available to advise and assist members of the public, and members of Skulltress staff, in the exercise of their rights, for example by escalating an existing data protection request. The DPO of Skulltress is co-founder Thomas Azzopardi Carbonese.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK Data Protection Authority (www.ico.org.uk). We would appreciate the chance to deal with your concerns before you approach the ICO so please contact [email protected] in the first instance and we will come back to you.
This privacy notice was last updated on September 8th 2021.
We may change or update this notice from time to time so please check this page occasionally to ensure that you’re happy with any changes.
Previous versions of our privacy notice may be requested via [email protected].