1, INTRODUCTION
It is very important for us to comply with the current data protection regulations and laws, so below we will discuss in detail the data protection steps of www.magicskin.uk and Magic Skin Beauty (Katalin Pongracz Self-employed) and its processes related to data collection.
The data is processed by Magic Skin Beauty (Katalin Pongracz) and this company is responsible for the processing of personal data.
Contact details:
Full legal name: Katalin Pongracz Self employed
Email address: info@magicskin.uk
Postal address: 4 Wexham Place, Framewood Road, Wexham Slough, SL2 4QX, UK
2, WHAT PERSONAL DATA DO WE PROCESS AND FOR WHAT PURPOSE?
Personal data is that which clearly enables the precise identification of an individual.
On www.magicskin.uk we process the following personal data, specifying the legal basis:
COMMUNICATION DATA
This includes any messages you send to us via the website, by email, social media message or any other form of communication.
We process and retain this data in order to fulfil orders and to provide a basis for decision-making in the event of any legal claims.
Our legal basis for this processing is the user’s justified interest in our activities, which is manifested in the messages addressed to us.
CUSTOMER DATA
This includes all data related to the purchase of products and services, such as the customer’s name, delivery and billing address, email address, telephone number, details of the product purchased.
We process this data in order to successfully fulfil orders and to have legally adequate records of purchases.
The legal basis for storing data is the fulfilment of the contract concluded with the order between the buyer and Magic Skin Beauty.
USER DATA
This includes data generated during the use of the website, which enables the technical operation of the site, to maintain the security of the site, to store backups of user activity, and to always have access to the most relevant content possible.
The legal basis for processing data is the user’s clear interest in our activities, which is necessary to ensure and for the technical operation of the site.
TECHNICAL DATA
This includes data generated during the use of the site, such as IP address, login information, browser data, time of visit to individual pages, page views and navigation paths, number and time of page visits, time zones, and data about the device you use to view the site.
The source of the data is our analytics software.
We process this data to analyse users’ habits on the site, to keep our site secure, and to understand the usefulness of our marketing decisions.
The legal basis for processing the data is the user’s clear interest in our activities, which allows us to process this data in accordance with security requirements and use it to increase business in order to operate more effectively.
MARKETING DATA
This includes the visitor’s preferences for what marketing content they would like to receive from us. We process this data to enable participation in prize draws and to send advertising related to our products/services in which the user has expressed interest.
The legal basis for processing the data is the user’s clear interest in our activities, which allows us to process this data in accordance with security requirements and use it to increase business in order to operate more effectively.
We may occasionally use the collected data for purposes such as providing targeted, relevant advertisements on the Facebook™ platform and various dynamic advertising platforms, and measuring the effectiveness of the advertisements.
The legal basis for processing the data is the user’s clear interest in our activities, which allows us to process this data in accordance with security requirements and use it to increase business in order to operate more effectively.
In the course of our activities, we do not collect sensitive data such as ethnicity, religious beliefs, sexual life and orientation, political opinions and trade union membership, or health background, and genetic or biometric information.
3, HOW DO WE COLLECT DATA?
We may collect personal data in a way that the user provides to us directly (for example, by placing an order or sending a message).
In addition, certain data is collected automatically when using the site, for example, with so-called “cookies” and similar technologies. These only come into operation after the user has given their consent.
For more information, please see our Cookie Statement.
We receive certain data from external partners, such as analytics providers such as Google (non-EU partner), advertising networks such as Facebook™ (non-EU partner), and payment partners such as PayPal (non-EU partner) and Stripe.
4, OUR PRACTICAL STEPS RELATED TO DATA PROTECTION
Protecting user data and complying with applicable regulations is extremely important to Magic Skin Beauty. Therefore, after conducting a data protection impact assessment on the site, we have prepared a list of the data collected, their necessity and legal basis, and their legal compliance.
In order to protect the data entered in the forms and generated on the site, we use SSL certification on the entire website (Let’s Encrypt Authority X3 certification).
In order to protect the site against attacks, we use premium security software (iThemes Security Pro) to protect the stored data against so-called „brute force” and virus attacks.
In the site’s databases, purchase and user data are stored in encrypted form (pseudonymized), so they cannot be read by third parties.
In this data protection statement, we provide users with forms to request information about the processing of their personal data, and to modify or delete their personal data.
Sometimes, in the interests of our business activities, it is necessary to provide data to our service partners (e.g. hosting service providers, courier companies, newsletter sending software).
In such cases, we always choose to comply with the requirements of the GDPR regulation, and in the case of a US-based partner, to participate in the EU-US Privacy Shield data protection initiative, and we sign a data management agreement with them, ensuring responsible data management.
5, MARKETING COMMUNICATIONS
Marketing communications are essential to the business. The legal basis for this processing is the interest shown in our services or the express consent of the users.
In accordance with the Privacy and Electronic Communications Regulations (PECR) of the European Union, we send marketing messages to our users if they have purchased from us or have expressly consented to receive marketing messages.
We always provide a clearly visible way to suspend consent and unsubscribe from messages. You will find a link to unsubscribe at the bottom of each email, or you can request removal from the database by emailing info@magicskin.uk.
We may also send messages if you have unsubscribed from marketing communications, but only in relation to the fulfilment of orders.
6, NOTE ON PERSONAL DATA
From time to time, it is necessary to share certain personal data with certain partners in order to maintain the normal course of business:
-IT service providers, and service providers who perform troubleshooting and maintenance on computer systems
-Expert partners such as lawyers, accountants, bankers, insurers
-Government agencies that request reports on our activities
-Payment service providers who securely manage bank card data
-Courier services that fulfil incoming orders to the specified delivery address
International data transfers
From time to time, it is necessary to share user data with service partners outside the European Economic Area (EEA) in order to maintain the normal course of business.
Countries outside the EEA often do not provide the same level of data protection, and European law prohibits the export of data unless the appropriate conditions are met.
Whenever personal data is transferred outside the EEA, we take the following steps in addition to the steps discussed in point 4 to ensure the secure handling of data:
-We only transfer data to countries that the European Commission considers adequate in terms of data security.
-We only use US-based services that are part of the EU-US Privacy Shield.
If the above is not met, we ask for the express consent of users to transfer data. Consent can be withdrawn at any time.
Links to external sites
This site occasionally contains links to external sites, or code snippets are embedded in the site that ensure the operation of external services.
Clicking on these links or using embedded solutions may allow third-party partners to collect data about users.
While we do our best to properly vet our partners, we have no control over their privacy policies and are not responsible for their data practices.
7. PERIOD OF DATA PROCESSING
We only store user data for as long as we are required to do so by our legal/accounting/data reporting obligations or for the operation of the service.
When deciding on the storage period, we take into account the amount, nature and sensitivity of the data and the potential impact of its leakage in the event of a data breach.
For tax reasons, we are required to retain customer billing and purchase data for at least 8 years to meet legal obligations.
Under certain circumstances, we may use the data in an anonymized form for statistical purposes, in which case we will store the data for an unlimited period without notification.
8, VISITOR RIGHTS
The General Data Protection Regulation (GDPR) grants the following rights to users of the site:
a, Access to personal data
Users of the site have the right to request a copy of the personal data stored by Magic Skin Beauty. The request will generally be fulfilled free of charge, within 14 days of the request.
In the event of repeated, abusive, unfounded data requests, Magic Skin Beauty may charge a reasonable fee to provide the data, and additional time may be required to provide the data.
Furthermore, Magic Skin Beauty requests proof of identity before releasing the data, in order to prevent abusive use. To request personal data, please use the contact form below:
Request for data / Data deletion / Data restriction
b, Modification of personal data
If personal data has been modified or has been incorrectly provided, users have the right to request modification of the data. To modify personal data, please contact us at info@magicskin.uk.
c, Request for deletion of personal data
Users have the right to request the deletion of all their personal data. We will fulfill the request free of charge within 14 days of the request. After the deletion of personal data, the user account will not be accessible, so any purchased materials will also become inaccessible, as the personal data associated with the user account is essential to access the service.
Magic Skin Beauty requires proof of identity before deleting personal data to prevent misuse. To delete your personal data, please use the contact form above.
d, Request to restrict the processing of your personal data
Users have the right to request to restrict the provision of their data to third parties (service providers). When submitting the request, you can also name the service providers you wish to restrict.
It is important to note that cooperation with certain service providers is essential for the operation of the site (e.g. payment service providers), so in the event of their restriction, the site’s services will become unavailable to the user.
Magic Skin Beauty requests proof of identity before restricting the transfer of personal data, in order to prevent abusive use. To restrict the transfer of personal data, please use the contact form above:
In Hungary, the official body dealing with data protection is the National Authority for Data Protection and Freedom of Information (NAIH). Users can find out more about their rights regarding data protection on the NAIH website.
National Data Protection and Freedom of Information Authority,
Website: http://www.naih.hu
UK Data Protection
You can see more about these rights at the website of the Information Commissioner`s Office (ICO), the UK supervisory authority for data protection issues: www.ico.org.uk.
9, ANONYMOUS DATA AND “COOKIES”
The www.magicskin.uk website uses so-called “cookies” and similar technologies, such as tracking codes, re-marketing tags, pixels, which are activated after the user’s consent.
These technologies help us to better understand the behaviour and interests of our users, thus helping us to operate at a higher level and more efficiently.
Our goal is to make the use of Magic Skin Beauty as user-friendly and personal as possible. If the user wishes to prohibit the recording of non-personal data by these technologies, this can be done in the following ways:
-by disabling their loading using the cookie warnings displayed on the website
-by disabling “cookies” in the browser
You can find more information about other cookies and tracking codes on XY in our Cookie Statement.