Tainted Lips Limited, trading as Dyefor (“we”, “us” or “our”) is committed to protecting your privacy and meeting its data protection obligations under the General Data Protection Regulation (“GDPR”).
This Policy only applies to our use of ‘personal data’ about ‘data subjects’ (as defined by data protection law) which includes personal data relating to our customers and prospective customers who are consumers (“you” or “your”).
We will be the data controller of your personal data which you provide, or which is collected by us via our website or when you communicate with us by telephone, email or post. This means that we are responsible for deciding how we hold and use personal information about you and that we are required to notify you of the information contained in this Policy. It is important that you read this Policy so that you are aware of how and why we are using such information and how we will treat it.
You can contact us using the details provided at the end of this Policy in the “Contacting Us” section.
The Type of Information we collect from you & what we do with it
We will collect various types of personal information from you when use our website and when you communicate with us in person, via telephone, post and email. Further details of the personal data we collect and how we use it are set out below.
In this section, we have indicated with asterisks whether we need to process your personal data:
* = to enter into and/or perform our contract with you to provide the products or services you request from us;
** = to pursue legitimate interests of our own or of third parties, provided your interests and fundamental rights do not override those interests;
*** = to enable us to comply with our legal obligations; and/or
****= with your consent:
- First Name, Last Name, Email Address, Company Name (optional), Delivery Address, Delivery Country, Postal Code.
Phone Number, Any customised information, such as initials or name, in order to personalise your product.
You have the option at this stage in the checkout to opt into email marketing. Should you opt into email marketing, we will periodically use the email address entered above to contact you regarding new products and special offers.
Billing First Name, Billing Last Name, Billing Address, Billing City & Post Code, Country.
Card Number, Cardholder Name, Card Start Month & Year (if applicable to card type)Expiration Month & Year, CVV, First Name, Last Name, Address, City & Post Code, Country process your order, take payment, arrange delivery, keep records of payments and carry out analysis for financial purposes
*/**;allow you to participate in interactive features of our service, when you choose to do so
*/**;allow you to access offers and promotions or enter competitions via our website provided by third parties
**;provide you with information about our products, offers, events or promotions we feel may interest you where permitted by law
**/**** notify you about changes to the services provided through our website
** ensure that content from our website is presented in the most effective manner for you and your device
** personalise our website to you and provide you with targeted offers
** and deal with any queries, complaints or claims made by you**/***.
We will use the above information in order to:
to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes to comply with our legal obligations
**/*** to improve our website to ensure that content is presented in the most effective manner for you and for your computer / device
** and as part of our efforts to keep our website safe and secure to comply with our legal obligations**/***.
We will not carry out any solely automated decision-making using your personal data.
Change of Purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will usually notify you and we will explain the legal basis which allows us to do so.
Disclosure of your information
We will share your data with the following categories of companies in order to provide our services to you, as set out in this statement:
Companies that we need to use, in order to get your purchases to you, such as delivery and logistics companies, and payment service providers. Professional service providers, that help us with important functions such as IT services, accounting services, marketing, advertising, and hosting our website, and those that help us run our business. Government bodies including tax authorities, law enforcement and fraud prevention agencies, to help fight fraud. Companies approved by you, such as social media sites (if you choose to link your accounts to us), and Apple Pay and Google Pay where you choose to use their accelerated payment service.
We will also disclose your personal information to third parties:
in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets; if Tainted Lips Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; and/or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions ) and other agreements; or to protect the rights, property, or safety of Tainted Lips Limited our customers or others.
Some of our service providers detailed above may be based outside of the European Economic Area or may transfer or allow access to personal data outside of the European Economic Area. Countries located outside the EEA are not governed by European Union (EU) data protection laws. However your personal information will be protected by the safeguards required by EU data protection laws.
Details of the non-EEA countries which your personal data may be processed in and the safeguards in place (including how to obtain a copy of them) may be obtained by contacting us using the details below in the Contact Us section.
Storage of your personal data
We will only keep your personal data for as long as we need to in order to fulfil the relevant purpose(s) it was collected for, as set out above in this Policy, and for as long as we are required to keep it for legal purposes. If you are a customer, we will keep your personal data for seven years from the date on which you close your account with us for legal and tax purposes.
We use Shopify to power our website. Once we have received your information, it will be stored securely on Shopifys servers. Shopify use strict procedures and security features to try to prevent unauthorised access, such as password protection, 2-step authentication access controls, firewalls, encryption and anti-virus protection. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Data protection laws provide you with the following rights to:
request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected; request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below); request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it; transmit personal data you submitted to us back to you or to another organisation in certain circumstances; and complain to the supervisory authority, which in the United Kingdom is the Information Commissioner’s Office.
You also have the right to object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
If we rely on your consent to process your personal data, (for example if we need your consent to send you direct marketing), you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using any of the details set out below in the “Contacting Us” section. Once we have received notification that you have withdrawn your consent, we will stop processing your information for the purpose(s) you originally agreed to, unless we have legal basis for doing so.
Changes to our policy
Any changes we make to our Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Policy.
If you have any queries, comments or requests regarding this Policy or you would like to exercise any of your rights set out above, you can contact us in the following ways:
by email to firstname.lastname@example.org
by the Contact Us page on our website
by post at Tainted Lips Ltd, Dyefor, Charlton Street, Grimsby, Lincolnshire, DN31 1SQ, UK.
We host our store on Shopify Inc, they provide us with the online e-commerce platform that allows us to sell our products and services to you. All your data is stored through Shopify's data storage, databases and the general Shopify application, all data is stored behind a firewall on a secure server.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.