At Easilocks your privacy is very important to us. It is one of our fundamental responsibilities as a business to ensure that we protect the information entrusted to us by you. This Data Protection Notice looks to answer your important questions about the processing of personal information by our organisations. Please take some time to read this Data Protection Notice carefully. In this Data Protection Notice, we use the terms “Easilocks” or “we” to refer collectively to businesses and its subsidiaries.
1.1. Employing over 30 staff across Ireland and the UK, our head office is situated at Orion Business Campus, Dublin 15. We provide a range of products and services to personal customers including (fibre and human hair extensions, hair accessories, home care products such as shampoos and conditioners, electrical goods such as hair straighteners and hair dryers). Our products and services are distributed globally by telephone via the dedicated Retail Sales Team as well as through our website and online and mobile business platforms. Our businesses are private limited companies registered in the Companies Registration Office under Company Number 522946. Our registered office is at Orion Business Campus, Dublin 15. More information on the activities of the Group is available at www.easilocks.com
1.2. How you can contact our Group if you have any questions about your privacy rights or if you would like to change your privacy preferences, you can contact us in the following ways:
By dropping in to or calling our offices
By contacting one of our Customer Service Representatives by phone or by email.
If you have specific queries about this Data Protection Notice or our approach to privacy, you can also contact us direct and we who will ensure that your query is treated in a confidential manner. If you do not agree with the response you receive from us, you are entitled to lodge a complaint with the Office of the Data Protection Commissioner: You can visit the website of the Office of the Data Protection Commissioner at www.dataprotection.ie for more details. Office of the Data Protection Commissioner Canal House, Station Road, Portarlington, Co. Laois, R32 AP23 Phone: + 353 57 868 4800 / + 353 761 104 800 LoCall: 1890 25 22 31 Fax: + 353 57 868 4757 Email: email@example.com
2. How can you control the personal information you have given to us?
When your personal information is handled in connection with our product or service, you are entitled to rely on a number of rights. These rights allow you to exercise meaningful control over the way in which your personal information is processed. You may execute any of these rights free of charge (in certain exceptional circumstances a reasonable fee may be charged, or we may refuse to act on the request) and we may ask you to verify your identity prior to proceeding with your instruction by way of requesting additional information/documentation from you. Once we are satisfied that we have effectively verified your identity, we will respond to the majority of requests without undue delay and within a one-month period i.e. 30 calendar days of receipt of the request. We will action your request to have your personal information corrected within 10 calendar days. These periods may be extended in exceptional circumstances and we will inform you where the extended period applies to you along with an explanation of the reasons for the extension. Further information in relation to how you may execute these rights is outlined in the Data Protection section of our notice or alternatively by contacting us using the channels outlined in this document. For example, you are entitled to:
2.1. Access your personal information: You can look to access the personal information we hold about you by contacting us with a data access request using the channels outlined. We will endeavour to provide you with as complete a list of personal information as possible. However, it can happen that some personal information from back-up files, logs and stored records may not be included in that list as this information is not processed by us on an ongoing basis and it is not therefore immediately available. For that reason, this personal information may not be communicated to you. However, this personal information remains subject to standard data maintenance procedures and will only be processed and retained in accordance with those procedures.
2.2. Correct/restrict/delete your personal information: If you believe that certain personal information we hold about you is inaccurate or out of date, you can look for the information to be corrected at any time using the channels outlined after we have verified the information. If you dispute the accuracy of information held, you can request that we restrict processing this information while your complaint is being examined. If you suspect that we are processing certain information without a legitimate reason or that we are no longer entitled to use your personal information, you can also ask for that personal information to be deleted. We are not under any obligation to rectify or delete your personal information where to do so would prevent us from meeting our contractual obligations to you or where our Group is required or permitted to process your personal information for legal purposes or otherwise in accordance with our legal obligations. We ask that you keep us informed of any relevant change in your personal circumstances to enable us to keep the information on our systems up to date and accurate.
2.3. Withdraw your consent: Whenever you have provided us with your consent to process your personal information, for example, so that we can contact you about one of our products or services, you have the right to withdraw that consent at any time through one of the channels identified. If you withdraw consent to processing (and if there is no other justification for continuing to process your information), you are also entitled to request that your personal information is deleted. Withdrawing consent does not affect the lawfulness of any processing undertaken by us based on your consent before its withdrawal.
2.4. Object to your personal information being used for certain purposes: If you disagree with the way in which we process certain information based on its legitimate interest, you can object to this through one of the channels identified. In such cases we will provide you with details regarding the rationale for processing your personal information and we will stop processing the personal information under dispute if we cannot legitimately justify the reasons for processing within the agreed time frame. Some of our operations are fully automated, with no human intervention and may include taking decisions based solely on automated processing. If you disagree with the outcome of a fully automated decision-making process, you can speak to a staff member to express your point of view and contest the decision using one of the contact channels.
2.5. Request your personal information to be transferred in electronic form: You can (in certain cases) request that your personal information is transferred to you or to another service provider so that you can store and reuse your personal information for your own purposes across different services. We will not be in any way accountable or liable for any damage, loss or distress sustained, incurred or suffered by you and/or the designated service provider because of improper use of the personal information upon and after receipt from us.
2.6. How to exercise your rights: You can exercise the rights outlined above free of charge by contacting us using any of the channels mentioned in this document.
3. Why do we collect and use your personal information?
We gather and process your personal information for a variety of reasons and rely on a number of different legal bases to use that information, for example, we use your personal information to process your applications, to help administer your products and services, to ensure we provide you with the best service possible, to prevent unauthorised access to your accounts and to meet our legal and regulatory obligations.
3.1. To comply with legal obligations: We are required to process your personal information to comply with certain legal obligations, for example:
3.1.1. To report and respond to queries raised by regulatory authorities, law enforcement and other government agencies such as the Central Bank of Ireland, the European Central Bank and relevant policing authorities 3.1.2. To respond to requests from Irish Revenue in accordance with relevant tax legislation including queries relating to Foreign Account Tax Compliance Act (FATCA), stamp duty and Common Reporting Standard (CRS) and under Notices of Attachment issued by Irish Revenue;
3.1.3. To pass details of the originator or the payee to the receiving or transferring financial institution;
3.1.4. To gather information about our customers’ knowledge and experience, financial capacity, investment objectives and attitude to risk/return in relation to the products offered prior to giving investment advice to those customers;
3.1.5. To meet regulatory information security & incident reporting requirements such as under the Directive on Security of Network and Information Systems (NIS Directive);
3.1.6. To cooperate and provide information requested in the context of legal
3.1.5. and/or regulatory investigations or proceedings; and
3.1.7. To investigate allegations of fraud and prevent fraud by third parties or customers.
3.2. To enter into and perform a contract for a product or service
3.2.1. Before we provide you with products or services, we have to gather some personal information to process your application and to assess the terms upon which we can enter into the contract with you. This includes, for instance, gathering and processing personal information for a credit application.
3.2.2. To manage your accounts, policies and any other banking products or services, we have to process your personal information. Examples of processing include the administration of accounts, payments, deposits, credit decisions. As part of this process, we may be required to pass some personal information to an intermediary or counter party (e.g. if you perform a payment transaction, we pass information on the progress of the transaction to the payee concerned). In addition, we have insurance protection, which means we may be required to provide your personal information to our insurance partners in connection with the provision and administration of insurance related services. This type of information will only be obtained and processed where necessary to process your application, administer your account, investigate claims or to comply with a legal obligation. In line with your marketing preferences, our Insurance Broker may also contact you regarding any insurance related claims.
3.3. To enable us to function as a business
3.3.1. In certain circumstances, we process your personal information on the basis of the legitimate interests of our business. In doing so, we ensure that the impact of the processing on your privacy is minimised and that there is a fair balance between the legitimate interests of our business and your privacy rights. If you disagree with your information being processed in this manner, you are entitled to exercise your right to object. Examples of situations in which your personal information is processed based on our legitimate interests, include: To enable us to manage, on a holistic basis, our relationship with you by maintaining a single view of your accounts and any products or services that we provide to you and any interaction with us. This enables us to create a profile for you and to assess your needs better; To carry out statistical analysis, market research and to develop predictive and analytical models for different purposes including risk analysis, process improvements, marketing and fraud analysis. By combining information available to us from different sources such as transaction information and publicly available data (for example, the Central Statistics Office, the Property Price Register) to develop analytical models we can obtain data-driven insights which help to make strategic choices about the functioning of the Group, our relationship with you as our customer and the products and services which we believe will be of interest to you; To establish, exercise and safeguard our rights, including where necessary to take enforcement action (e.g. debt collection) and to respond to claims made against us; To undertake system testing to guarantee software code quality, in particular to: To test software code changes; To validate the stability of software changes and accept the software code changes and to run technical tests, like performance, resilience, operational proving testing; To create efficiencies in our processes and for our customers, to measure our performance and to deliver other organisational benefits; To ensure appropriate information security and fraud prevention protections are in place and to safeguard customer accounts and to provide aggregated reports to departments inside our Group or to other third parties such as the Central Bank of Ireland. These reports contain grouped information, such as the average number of accounts held by people in a particular area. No individual information is shared as part of these reports. Aside from these aggregated reports, we also use more detailed reports internally which contain personal information dealing with customer applications for products and services in order to help us effectively manage our workflow of applications and customer requests.
3.4. Where you have provided consent
3.4.1. Marketing Consent: We use your personal information to make you aware of products and services which may be of interest to you. You can find out more about how we would like to provide you with customised offers and personalised customer service. To be able to do this, we will ask you for your consent. You can at any time withdraw that consent through the contact channels set out.
3.4.2. Sensitive Information Consent: We sometimes collect and process information on your health and other sensitive information which you share with us while applying for a product or service or when requesting a change to an existing product and service. The staff member you are dealing with will ask for your consent to process this type of personal information and will follow strict procedures when processing this information.
4. What kind of personal information do we collect and how it is used?
The information we hold about you can vary depending on the products and services you use. This includes personal information which you give to us when you are looking for a quote for a product or service, personal information we collect automatically, for instance, your IP address and the date and time you accessed our services when you visit our websites or apps; and personal information we receive from other sources.
Here is a more detailed look at the information we hold about you and how it is used by us:
Types of information and examples of how the information is used by us:
Identity information; Name, sex, date of birth, nationality, address, PPSN, NI number, driving licence, passport, a self portrait picture (or ‘selfie’) uploaded to our social media platforms. We use this type of information to identify you and to help us combat fraud and other illegal activity. Contact Information; Telephone number, e-mail address; Technical information such as an IP address, unique identifier for your device. Your contact information is needed to manage and administer your accounts, products or services; to send you service, support and administrative messages, reminders, technical notices, updates, security alerts and information requested by you; and to notify you about either important changes or developments to the features and operation of those products and services. We also use this information to respond to your inquiries and complaints. Types of information and examples of how the information is used by us: Information to help us service your needs;
Your client profile can include
Your account numbers
Details of the products you hold
Key relationships, civil status and household composition
Your overall financial situation
Your preferences and interests
Your education, professional experience
Your lifestyle, interests and activities (memberships, etc.)
Web chats and the results of surveys you have completed. Based on a review of the information contained in your client profile, we can, for example, effectively analyse which product or service might work best for you or which products you may need and offer these products to you. If you provide information about other people (i.e. joint account holders or dependents), please ensure that those persons have agreed to us using this information or that you are otherwise allowed to give us this information. The activity and balance on your accounts, including your transactions and expenditure. These details can be used for a variety of purposes including to prevent or detect money laundering, to identify particular needs or usage patterns based on your transaction details, which when used in conjunction with your marketing preferences, can assist us to provide you with a better, personalised service. Information gathered from simulations, applications, competition entries etc. When you look for a quote, enter a competition or fill out an application with us, the personal information which you provide is processed and assessed by us to fulfill that purpose. That information will also be stored and may be used to prepopulate any form or documentation if you are interrupted during the process and/or wish to start again at a later point. We may also contact you where your application is incomplete or interrupted to support you to complete that application or to answer any queries you may have. Interactions with our staff at our Group Office, by phone, email or through our digital channels, Whenever a staff member meets with you or contacts you this interaction is logged to retain a note of the interaction so that staff can deal with your queries and satisfy your requests. We may record phone conversations with you to train staff, improve security, resolve complaints and to improve our services generally. You will always be informed when calls with our staff members are being recorded. Significant life events like moving business, birthdays etc.: We may use these life events to determine which services or products are most relevant to you.
Information on your physical or mental health:
With your consent, we sometimes collect and process information on your health which you share with us while applying for a product or service or when requesting a change to an existing product and service. Your comments and suggestions, past complaints. We collect this information to analyse, assess and improve our services to customers, and also for training and quality control purposes. For example, we may monitor or record any communications between you and us including telephone calls. Information made available by another party or in a public domain. Publicly available information including information on your social media profile where it is publicly accessible. Information about you which is obtained from other parties, for example, joint account holders or people appointed to act on your behalf. Information obtained through agreements with third parties, for example, credit reference agencies such as the Irish Credit Bureau (ICB), fraud prevention agencies or commercial entities such as An Post or Royal Mail. These companies are responsible for gathering and maintaining that information lawfully. We sometimes use this type of information to verify that the information we hold on our databases is correct. We also use this information to help us understand our relationship with you and to help us to offer you products and services we believe will be of interest to you.
Information about your location:
Location details from your mobile or other devices, including specific geographic locations through the use of GPS, Bluetooth, or WiFi signals, when you install or access our products or services and when location-based products or features are enabled. We may also use your location information to develop anonymised analytical models to improve our products and services. The analysis is never personal and you will never be identifiable.
Images from security cameras in and around the office premises:
We may use CCTV to monitor and collect images. We have a strict retention period for security cameras images but in certain limited circumstances, the recordings may be kept for longer, for instance, to provide evidence to the Police for investigations for criminal proceedings. TYPES OF INFORMATION EXAMPLES OF HOW THE INFORMATION IS USED BY US.
5. How do we use personal information for direct marketing?
We would like to make you aware of products and services which may be of interest to you. We can do this by using some of the personal information we hold about you to better understand your needs.
5.1. For example: Ads in apps can be tailored to your interests or based on information you have shared with us; Based on your behaviour and/or the type of transactions, we might offer you an alternative product that better suits your needs and based on your demographic or other personal information we may offer you products or services which are widely used by others in the same demographic group.
5.2. You can review and make changes to your marketing preferences at any time through the options outlined in this document.
6. What about Security and Confidentiality?
We use a variety of security technologies and procedures to help protect your personal information from unauthorised access, use or disclosure. We also take steps to ensure that only persons with appropriate authorisation can access your personal information.
6.1. Who can access your personal information within our Group?
6.1.1. Only staff members who are suitably authorised can access your personal information if that information is relevant to the performance of their duties, whether it be in connection with the delivery of products or services or in accordance with legal or regulatory obligations. This may include, for example, staff members working in our credit department, marketing department or our customer services representatives who you have dealings with.
6.2. Security measures to safeguard your personal information: We use internal technical and organisational measures to protect your personal information from unauthorised access, to maintain data accuracy and to help ensure the appropriate use of your personal information. These security measures include encryption of your personal information, firewalls, intrusion detection systems, 24/7 physical protection of facilities where your personal information is stored, background checks for personnel that access physical facilities, and strong security procedures across all service operations. We use strong encryption algorithms for the transmission and storage of your Information.
6.3. Other restrictions on use of your personal information: We do not collect personal information on children aged under 16, unless a parent or legal guardian has given his/her consent for this. We will not sell or hire your personal information to third parties for their own use.
7. Who do we share your personal information with?
Our Group sometimes shares your personal information with trusted third parties who perform important functions for us based on our instructions and applying appropriate confidentiality and security measures. For example, we use third party service providers to send out marketing material on a product or service you may be interested in. We also use third parties to help us detect, prevent, or otherwise address fraud, security or technical issues. We go into more detail below about the reasons we share personal information with third parties.
7.1. We have set out below some examples of where our Group shares your personal information: We undertake credit checks and report to credit reference agencies such as the Central Credit Register and the Irish Credit Bureau. Through these agencies we can check your credit history and debts. We also provide them with details regarding the products and services you have with us and we update them about your repayment record; We use printing and distribution agencies to communicate with you about our products and services; We undertake market research in conjunction with agencies; We engage the services of solicitors, accountants, auditors, valuers and other consultants to act on our behalf and work with advisors you have instructed to represent you, or any other person you have informed us is authorised to give instructions or to use the account or products or services on your behalf (such as under a power of attorney); We work with certain relationship partners and agents, such as our approved panel of brokers, under a strict code of confidentiality. We are required to cooperate by law or otherwise through a legal process with Irish and EU regulatory and enforcement bodies such as the Central Bank, the courts, fraud prevention agencies or other bodies. We are also required to report personal and account information to for tax purposes; We work with companies that support us to identify and analyse your user behaviour in our app and on our website, for example, Google Analytics; We use specialist third parties to provide real-time customer engagement solutions
8. How long will we retain your personal information?
How long certain personal information is stored depends on the nature of the information we hold and the purposes for which they are processed. We determine appropriate retention periods having regard to any statutory obligations imposed on us by law. For example, we are required to retain some customer information for 6 years after the end of the customer relationship in accordance the Consumer Protection Code. If the purpose for which the information was obtained has ceased and the personal information is no longer required, the personal information will be deleted or anonymised which means that your personal information is stripped of all possible identifying characteristics. We have put in place procedures to ensure that files are regularly purged and that personal information is not retained any longer than is necessary.
10. Updates to our Data Protection Notice:
We keep this notice under regular review and from time to time will look to amend it to reflect changes to the way in which we are processing personal information. The most recent version will always be available at request. We will inform you of material changes to the content of the Data Protection Notice through a notification posted on our website or other communication channels. You will also find more information about Irish and European data protection legislation on the Office of the Data Protection Commissioner’s website at https://dataprotection.ie/docs/Home/4.htm
SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system. Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 - CONSENT
How do you get my consent? When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only. If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent? If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org or mailing us at: Easilocks Shop 3 The Drive, Jubilee House, Great Warley, Brentwood Essex GB CM13 3FR
SECTION 3 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
Payment: If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
Links: When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Google analytics: Our store uses Google Analytics to help us learn about who visits our site and what pages are being looked at.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 - COOKIES
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id: unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit: no data held, persistent for 30 minutes from the last visit, used by our website provider’s internal stats tracker to record the number of visits.
_shopify_uniq: no data held, expires midnight (relative to the visitor) of the next day, counts the number of visits to a store by a single customer,
_cart: unique token, persistent for 2 weeks, stores information about the contents of your cart.
_secure_session_id: unique token, sessional
storefront_digest: unique token, indefinite if the shop has a password, this is used to determine if the current visitor has access.
PREF: persistent for a very short period, set by Google and tracks who visits the store and from where.
SECTION 8 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependants to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at email@example.com or by mail at Easilocks Shop [Re: Privacy Compliance Officer] [3 The Drive, Jubilee House, Great Warley, Brentwood Essex GB CM13 3FR
In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.