C.A.Papaellinas Group operates in the field of pharmaceuticals, cosmetics and consumer products. Retail store chains include Beauty Line, Holland & Barrett, Yves Rocher and Beauty Outlet. We are committed to safeguarding your privacy and handling your data in an open and transparent manner. Looking after the personal data you share with us is hugely important to us. We would like to reassure you that your privacy is first priority for us, and that your data is safe and secure. We therefore want to be clear how we use it, in order to offer you a better and more personalized shopping experience.
WHAT THIS POLICY COVERS
- sets out the types of personal data that we collect
- explains how and why we collect and use your personal data
- explains when and why we share personal data within the C.A. Papaellinas Group and 3rd parties; and
- is clear about the rights and choices you have when it comes to your personal data
We offer a wide range of products and services. This Policy applies to you if you use our services:
- shopping with us over the phone, or online or through mobile applications or being a member of our Benefits loyalty scheme (“Benefits”)
This Policy also applies if you contact us or we contact you about our products and Services.
WHAT TYPES OF PERSONAL DATA DO WE COLLECT?
When you register to our Loyalty Scheme (Benefits) we ask for your personal data (such as first name, last name, city, email address and birthday) for competitions, promotions, surveys or questionnaires about our services or newsletter sign ups. As such, your feedback and contribution to customer surveys and questionnaires is collected.
Anytime you contact us about our services either by phone, email or post or when you speak with us through social media, we may also collect personal data you provide about yourself. Sometimes we may collect details of the emails and other digital communication we send to you that you open, including any links in them that you click on.
If you sign up to our websites or mobile applications, we will request your account login details, such as username and the password that you have chosen. We may also need to collect and process personal information about you including your address and contact details such as your telephone number.
If you place an order with us, we will also ask for a delivery address and your payment details. We may ask you for this information through our websites or mobile applications, or via one of our telephone operators, or we may collect this information through your email or other communication with us.
We may also ask you for other optional information such as what sort of device you use such as a mobile telephone or tablet, how you heard about our website and what sort of subjects interest you. If you choose to give us this information, we will use it to help us to provide you with the best possible service that is personalized to your needs and preferences. Although we do not make it compulsory to give us every item of information we ask for, the more information you volunteer (and the more accurate it is), the better we can tailor our services for you.
When you use your Benefits Loyalty Card to shop with us, or Gift Vouchers or Coupons, we will collect transaction information, including the in-store and online purchases where you earn myBenefits Loyalty points.
We may also use personal data from other sources, such as specialist companies that supply information. This personal data help us to manage your myBenefits Loyalty Scheme account (including the allocation of Benefits points), review and improve the accuracy of data we hold; and improve and measure the effectiveness of our marketing communication including online advertising.
We may automatically collect non-personal information about you such as the type of internet browsers you use or the site from which you were linked to our Websites. This information cannot identify you and it is only used to assist us in providing an effective service on our Websites.
HOW AND WHY WE USE PERSONAL DATA
We use personal data to make our products and services available to you. In this way, we manage the accounts you hold with us, including your Benefits Loyalty Scheme account.
Personal data assist us in processing your orders. We need to process your personal data so that we can manage your customer account, provide you with the goods and services you want to buy and help you with your order queries.
Processing of personal data also help us to develop and improve our product range, services, stores, information technology systems, know-how and the way we communicate with you. This allows us to serve you better as a customer.
It is important for us to monitor how our services are used in order to detect and prevent fraud, other crimes and the misuse of services. This reassures us that you can safely use our Services.
We use personal data to assist us in personalizing your shopping experience with us. We are doing this by using your online browsing experience as well as your in-store and online purchases (including myBenefits transactions) and this helps us in better understanding you as a customer and provide you with personalized offers and services.
Online advertising may be displayed across our websites. This will help us in measuring the effectiveness of our marketing communications and to be able to provide you with more relevant marketing communications (including by email, post or online advertising), relating to our products and services.
We are doing this because we want to ensure that we provide you with marketing communication, including online advertising, that are relevant to your interests. To achieve this we also measure your responses to marketing communications relating to products and services we offer, which also means we can offer products and services that better meet your need as a customer.
We may contact you about our products and services, either by phone, email or post or by responding to social media posts that you have directed at us. We are doing this because we want to serve you better as a customer so we use personal data to provide clarification or assistance in response to your communications.
We may also contact you in order to manage promotions and competitions you take part in or to invite you to take part in and manage customer surveys, questionnaires and other market research activities carried out by C.A.Papaellinas Group or by other organizations on our behalf. We are doing this in order to improve our Services.
However, if we contact you about this, you do not have to take part in the activities. If you tell us that you do not want us to contact you for marker research, we will respect this choice. This will not affect your ability to use our Services or Benefits.
We may process your personal data, provided that you have given us your specific consent for processing (other than for the reasons set out hereinabove) then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.
WHEN AND WHY WE SHARE PERSONAL DATA WITHIN THE C.A. PAPAELLINAS GROUP AND WITH OTHER ORGANIZATIONS
We would like to let you know that we work with carefully selected Service Providers that carry out certain functions on our behalf. These include, for example, companies that help us with technology services, storing and combining data, processing payments and delivery orders. We would like to assure you that we only share personal data that enable our Service Providers to provide their services.
Some of the Service Providers we work with operate online media channels, and they place relevant online advertising for our products and services on those online media channels on our behalf. For example, you may see an advert for our products and services as you use particular social media sites.
We may share personal data with other organizations if the law or a public authority says we must share personal data, if we need to share personal data in order to establish exercise or defend our legal rights.
Other than the disclosures referred to in this policy, we will not disclose any personal information without your consent unless we are legally entitled or obliged to do so (for example, if required to do so by Court Order or for the purposes of prevention of fraud or other crime).
HOW WE PROTECT YOUR PERSONAL DATA
At C.A.Papaellinas Group we are committed in respecting, protecting and maintaining your privacy and thus, we have a lot of measures in place.
For example we use computer safeguards such as firewalls and data encryption. We also enforce physical access controls to our buildings and files to keep this data safe. We only authorize access to employees who need it to carry out their job responsibilities.
As part of our policies, we enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data. We may occasionally ask for proof of identity before we share your personal data with you.
If you select the option to allow us to store your card details, then we will do so using the JCC Token System. If you select a Repeat Purchase Product, then we will automatically store your card details via the JCC Token System. The Token System is a safe way of keeping card details without actually storing them. JCC store and convert a customer’s sensitive payment information into a secure token or “alias”. This token is then used by our websites or mobile applications to process future transactions as and when required, without asking for your card details each time. When confirming an order, we will reveal only the last four digits of your credit card number.
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers. We would like to reassure you that we will put in place appropriate protection measures to make sure that your personal data remains adequately protected and is treated in line with this Policy.
COOKIES AND OTHER SIMILAR TECHNOLOGIES
It is very important for us to of protect children’s privacy. We may collect personal data in relation to children only provided that we have first obtained their parents’ or legal guardian’s consent or unless otherwise permitted under law. We do not provide any Benefit Loyalty Scheme services to children but we may allow children, with their parents’ or legal guardian’s consent, to use our Websites, Mobile Applications and Social Media sites. For the purposes of this privacy statement, “children” are individuals who are under the age of eighteen (18).
HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR
We will keep your personal data for as long as you would like to and you are a customer to our shops. Once our business relationship with you has ended, we may keep your data for up to ten (10) years in accordance with the directive of the Data Protection Commissioner (http://www.dataprotection.gov.cy).
We may keep your data for longer than 10 years if we cannot delete it for legal, regulatory or technical reasons.
Under the General Data Protection Regulation (EU) 2018/679 which is applicable from 25 May 2018 you have various rights with regards to the personal data we hold about you.
Receive access to your personal data. This enables you to e.g. receive a copy of the personal data we hold about you and to check that we are lawfully processing it. In order to receive such a copy you can contact us at email@example.com alternatively see the Contact Us page on this Site.
Request correction (rectification) of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
Request erasure of your personal information.
This enables you to ask us to erase your personal data (this is known as the ‘right to be forgotten’) where there is no good reason for us continuing to process it. Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
You also have the right to object where we are processing your personal data, for marketing purposes. If you object to processing for marketing purposes, then we shall stop the processing of your personal data for such purposes. This enables you to ask us to restrict the processing of your personal data, i.e. use it only for certain things, if:
- it is not accurate,
- it has been used unlawfully but you do not wish for us to delete it
- it is not relevant any more, but you want us to keep it for use in possible legal claims
You have already asked us to stop using your personal data but you are waiting us to confirm if we have legitimate grounds to use your data.
Request to receive a copy of the personal data concerning you in a format that is structured and commonly used and transmit such data to other organizations. You also have the right to have your personal data transmitted directly by ourselves to other organizations you will name (known as the right to data portability).
Withdraw your consent regarding the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you. You have the right to withdraw your consent given to us, opt-out, unsubscribe or change preferences via a link in the footer of all non-transactional email messages. These options are made available when you sign-up for our email lists and in email messages delivered from us.
If, at any time, you believe that you have received an unsolicited commercial email from C.A.Papaellinas Group on behalf of somebody else, you may report it to us at firstname.lastname@example.org or alternatively see the Contact Us page on this Site.
It is very important to us that we provide you with the highest level of service. In order to help us do this, from time to time we may contact you using one of the contact methods you have provided, with details of our newsletters, surveys, products and services which we think may be of interest to you. If at any time you do not wish to receive these details, then click on the ‘Unsubscribe’ link at the bottom of an email. Please note that active customers will continue to receive order and account communications from us.
We aim to keep our information about you as accurate as possible. If you would like to review or change the details you have supplied us with, or you would like to remove your published Submission from the Site you may do so at any time by using the Contact Us page on this Site.
RIGHT TO LODGE A COMPLAINT
If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to complain by contacting us at email@example.com or alternatively see the Contact Us page on this Site.
We may modify or amend this privacy statement from time to time. We will notify you appropriately when we make changes to this privacy statement and we will amend the revision date at the top of this page. We do however encourage you to review this statement periodically so as to be always informed about how we are processing and protecting your personal information.
To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact us by sending an email to firstname.lastname@example.org or alternatively see the Contact Us page on this Site.
You can also contact our Data Protection Officer at email@example.com.
Your concerns are very important to us and endeavor to address all of your requests promptly.
The General Data Protection Regulation (EU) 2016/679 shall apply from 25 May 2018. Until then, the Processing of Personal Data (Protection of Individuals) Laws 2001 till 2012 remain in force.