CONTENT
SECTION 1: INTRODUCTION
For your information, this website (“Website”) is operated
and wholly-owned by Eco Shine Labs, registered in England with the company
number 12441696.
Eco Shine Labs ("Eco Shine Labs," "we,"
or "us"), respects your privacy and is committed to protecting it
through our compliance with this Privacy Notice
This Privacy Notice (together with our Terms &
Conditions) sets out the basis on which any personal data you provide to us,
will be processed.
For the purposes of the EU General Data Protection
Regulation (2016), Eco Shine Labs are the registered data controller with the
Information Commissioner’s Office (ICO); our registration number is Z7981900.
SECTION 2: INFORMATION WE COLLECT ABOUT YOU
Personal Data
As permitted by applicable law, we may collect, use, store
and transfer different kinds of Personal Data about you when you use our
services. We have grouped these into the following categories of Personal Data:
Identity Data such as first name, last name, Social Media
profile, username
Contact Data such as billing addresses, email addresses and
telephone numbers
Transaction Data such as details about payments to you and
details regarding offers you have signed up to or services that you have
subscribed to in relation to this Website
Technical Data such as your Device IDs, your login data,
access dates and times, browser type and version, device information, cookie
data, time zone setting and location, browser plug-in types and versions,
operating system and platform, and other technology on the devices you use to
access the Website
Profile Data such as your username, additional personal data
added to your account (e.g. your home address), preferences, orders made by
you,
Usage Data such as information about how you use our
Website, products and services
Marketing and Communications Data such as your preferences
in receiving marketing from us and our third-parties
We do not require any
special categories of personal data about you (e.g. religion, race, ethnic
origin, politics, genetics, health, sexual orientation). Please do not provide
this type of personal data to us.
Non-Personal Data
We also collect, use and share Aggregated Data such as
statistical or demographic data which does not directly or indirectly reveal
your identity. We use aggregate data for analysing our website usage, for
example, to calculate the percentage of users accessing a specific feature on
our website.
SECTION 3: HOW YOUR DATA IS COLLECTED
Directly
You may give us your identity, contact, financial, profile
data, and marketing and communications data by filling in a form or
corresponding with us by post, phone, e-mail or otherwise. This includes
Personal data you provide when you:
Create an account on our Website
Update your profile
Choose your marketing preferences for both email and push
notifications
Raise a ticket on the HelpDesk
Give us feedback
Speak with customer service
Request information be sent to you
Indirectly
We may collect your transaction data, technical data and
usage data when you interact with our Website. We collect this Personal and
Non-Personal Data by using cookies, server logs and other similar technologies.
We may receive this data from various third-parties such as analytics providers
or advertising networks.
We may also receive Technical Data and Usage Data about you
if you visit other websites employing our cookies or Tracking Technologies
(defined below). For more information regarding our use of Tracking Technologies,
please refer to Section 10: Cookies and Similar Technologies below.
SECTION 4: HOW WE USE YOUR DATA
We will only use your Personal Data where permitted by law.
The law on data protection sets out several different reasons for which a
company may collect and process your personal data, including:
Consent: In specific situations, we collect and process your
data with your consent. For example, when we rely on your consent to send you
direct marketing by email or via push notifications on your device. We collect
your consent when applicable laws require it (including but not limited to the
Privacy and Electronic Communications (EC Directive) Regulations 2003 & The
EU General Data Protection Regulation). Where we rely on your consent to use
your personal data, you have the right to withdraw your consent an anytime. You
can do this by contacting us at [email protected]. If you withdraw your
consent, we may not be able to provide certain products or services to you. We
will advise you if this is the case at the time you withdraw your consent.
Performance of a Contract: In certain circumstances, we need
your personal data for the performance of a contract to which you are a party.
Legal Obligation: If the law requires us to, we may need to
collect and process your data. For example, we can pass on details of people
involved in fraud or other criminal activity.
Legitimate Interest: This is when we have an interest in
conducting and managing our business, to enable us to give you the best
experience when using the Website, products, and services. We make sure we
consider and balance any potential impact on you (both positive and negative)
and your rights before we process your personal data for our legitimate
interests. We do not use your personal data for activities where our interests
are overridden by the impact on you (unless we have your consent or are
otherwise required or permitted to by law).
SECTION 5: DISCLOSURE OF YOUR DATA
We require all parties who process your data to respect the
security of your personal data and to treat it in accordance with the law. We
do not allow our third-party service providers to use your Personal Data for
their own purpose and only permit them to process your personal data for
specified purposes and in accordance with our instructions.
Internal Parties
Employees of Bang Bang Program will process your data when you
need to speak to the customer service team or our Data Protection Officer.
Access to your Personal Data will be controlled and only granted where
necessary to provide our services to you and/or allow us to perform any
necessary or legitimate functions.
External Parties
Service providers who process your Personal Data on our
behalf to support our business and help provide our services to you.
Fraud prevention and identity verification services where we
believe that disclosure is necessary or appropriate to protect the rights,
property, or safety of Eco Shine Labs, our customers or others.
Professional advisers such as lawyers, bankers, auditors and
insurers who provide consultancy, banking, legal, insurance, financial,
auditing, and accounting services to us so we can operate our business.
Third parties where you have expressly consented to the
disclosure of your Personal Data, for example, for direct marketing purposes.
Law enforcement agencies, courts, supervisory authorities,
regulatory bodies and related third-parties, to the extent that we are
permitted or required to do so by law, or in order to comply with our legal and
regulatory obligations, or in the interests of national security, or to respond
to verified requests relating to a criminal investigation or alleged or
suspected illegal activity.
From time-to-time, we may run contests, special offers, or
other events or activities with a third-party sponsor. If you provide
information to the third-party, you give them permission to use it for the
purpose of that promotion. We cannot control the use of your Personal Data
after you have submitted it to the third-party. If you do not want your
information to be processed by the third-party, you can choose not to
participate in the promotion.
Where in the world your data is transferred
Eco Shine Labs is headquartered in the UK. The information
that you provide or that we collect as a result of your interaction with the
Website and/or the user of the Services will only be transferred to parties
located within the EU that have been recognised by the European Commission as
providing an adequate level of data protection. In rare circumstances, when
transfers need to take place to countries outside of this consideration, we
have put in place measures, including ensuring the recipient is bound by EU
Standard Contractual Clauses, to protect your Personal Data.
SECTION 6: HOW LONG YOUR DATA IS KEPT
We will only retain your personal data for as long as
necessary to fulfil the purposes we collected it for, including for the
purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal
data, we consider the amount, nature and sensitivity of the personal data, the
potential risk of harm from unauthorised use or disclosure of your personal
data, the purposes for which we process your personal data and whether we can
achieve those purposes through other means.
In some circumstances, we may anonymise your Personal Data
so that it can no longer be associated with you, in which case we may use such
information without further notice to you. Once you no longer have a
relationship with us, we will retain and securely destroy your Personal Data
subject to the foregoing and in accordance with applicable laws and
regulations. If you request to receive no further contact from us, we will keep
some basic information about you on our suppression list in order to avoid sending
you unwanted materials in the future.
SECTION 7: YOUR DATA SUBJECT RIGHTS
YOUR RIGHTS
WHAT YOU CAN REQUEST
Right to Information
The right to know what Personal Data we hold about you and
how we use it.
Right to Access
The right to be provided with a copy of your Personal Data
(subject to certain restrictions).
We will confirm what data is being processed, provide you
with a copy of your data in addition to confirming your data rights. If you
wish to access your data, please submit a Subject Access Request (“SAR”) to our
Data Protection Officer using reasonable means. If you make the request by
email, the Data Protection Officer will provide your information in a commonly
used electronic format unless you instruct them otherwise. Your request will
remain confidential.
When making your request, please include:
Your full name and email address;
The Website that you signed up to; and,
Details of the specific information you require and any
relevant dates.
If we are unable or unwilling to agree to the request, we
must inform you without undue delay and at the very latest within one month of
receipt of your access request, why we have refused the request and that you
have the right to complain to the supervisory authority.
Right to Rectification
The right to require us to correct any incomplete or
inaccurate Personal Data we hold about you, though we may need to verify the
accuracy of the new data you provide to us. If you have a user account with us,
you also have the option of correcting your information directly in your
account. We encourage you to rectify inaccurate data to ensure our records are
up to date.
Right to Erasure
This enables you to ask us to delete or remove Personal Data
where there is no good reason for us to continue to process it. Note, however,
that we may not always be able to comply with your request for erasure and in
such circumstances, will notify our reasons to you.
Right to Restrict Processing
The right to require us to restrict processing of your
Personal Data, i.e., you can request that we suspend the processing of your
Personal Data in the following scenarios: (a) if you want us to establish the
data’s accuracy; (b) where our use of the data is unlawful but you do not want
us to erase it; (c) where you need us to hold the data even if we no longer
require it as you need it to establish, exercise or defend legal claims; or (d)
you have objected to our use of your data but we need to verify whether we have
overriding legitimate grounds to use it.
Right to Request Data Portability
In certain circumstances, you have the right to request the
transfer of your Personal Data to you or to a third party in a commonly used
machine-readable format. Note, however, that this right only applies to
automated information which you initially provided consent for us to use or
where we used the information to perform a contract with you.
Right to Object to Processing
You have the right to object to the processing of your
Personal Data in the following circumstances: (i) at any time to your Personal
Data being processed for direct marketing (including profiling); or (ii) in
certain other situations, to our continued processing of your Personal Data,
e.g., our processing of your Personal Data when such processing is based on our
legitimate interests. In some cases, we may demonstrate that we have compelling
legitimate grounds to process your information which override your rights and
freedoms.
Right to Withdraw Consent at Any Time
You have the right to withdraw your consent at any time
where we are relying on consent to process your Personal Data. However, this
will not affect the lawfulness of any processing carried out before you
withdraw your consent. If you withdraw your consent, we may not be able to
provide certain products or services to you. We will advise you if this is the
case at the time you withdraw your consent.
Right not to be subject to a decision based solely on
automated decision-making
The right not to be subject to a decision based solely on
automated processing (including profiling) that produces legal effects
concerning you or similarly significantly affects you. However, your right does
not apply if: (i) you gave us your explicit consent to use your personal data
to make our decision; (ii) we are allowed by law to make our decision; or (iii)
our automated decision was necessary to enable us to enter into a contract with
you.
How to make a request
If you would like to exercise any of the data subject access
rights in the table above (each, an “Access Request”) please send an email to bang
bang program. We will respond to your
request without undue delay and no later than one month.
You will not usually be required to pay a fee to exercise
your rights unless your request is manifestly unfounded or excessive.
We may need to confirm your identity before fulfilling your
request and ensure your right to access your Personal Data (or exercise other
rights). This is a security measure to ensure that Personal Data is not
disclosed to any person who has no right to receive it.
If you are not satisfied with our response or believe we are
processing your personal data not in accordance with the law you can make a
complaint to the UK Supervisory Authority, the Information Commissioner’s
Office (ICO). You can contact the ICO through their website:
https://ico.org.uk/concerns/ or by telephone: 0303 123 1113.
SECTION 8: UNSUBSCRIBE OR DELETE YOUR ACCOUNT
If you have an account with us you can unsubscribe from
marketing emails by clicking the ‘unsubscribe’ link at the bottom of our
emails, or you can contact us via our Helpdesk. Please allow up to 48 hours for
changes to take effect. When you unsubscribe we will store your name and email
address on a separate database to ensure we do not contact you again.
If you wish to
exercise your right to erasure ("be forgotten"), please contact our
Data Protection Officer at [email protected]
SECTION 9: SECURITY AND STORAGE OF YOUR PERSONAL DATA
We use appropriate technical and organisational measures to
protect Personal Data we process about you.
However, no transmission of information via the Internet or
wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your
Personal Data, you acknowledge that there are security and privacy limitations
of the Internet which are beyond our control and accordingly, the security,
integrity and privacy of data exchanged between you and us through the Website
cannot be guaranteed.
We have put in place procedures to deal with any suspected
Personal Data breach and will notify you and any applicable regulator of a
breach where we are legally required to do so.
The safety and security of your Personal Data also depend on
you. Where we have given you (or where you have chosen) a password for access
to certain parts of our Website, you are responsible for keeping this password
confidential. We ask you not to share
your login or account credentials with anyone and keep your account information
secure. We urge you to be careful about giving out information in public areas
of the Website like message boards, where information will be available to
other users of the Website. If you believe
that your access credentials or Personal Data have been compromised, please
contact us immediately.
SECTION 10: COOKIES AND SIMILAR TECHNOLOGIES
We use cookies on our sites, The Pip Box (our site, or our
sites), to provide you with the best experience when you browse our website and
to improve our site and its contents. By continuing to browse the site, you are
agreeing to our use of cookies.
A cookie is a small file of letters and numbers that we
store on your browser or the hard drive of your computer if you agree. Other
storage technologies you may come across include web beacons and pixels. A web
beacon is an often-transparent graphic image that is placed on our website or
in an email that is used to monitor the behaviour of users visiting our sites
or receiving our emails. Web beacons are usually used in conjunction with
cookies to check that you can see our content. A pixel refers to the code that
is placed on our website that triggers a cookie. A pixel is essentially an
image but instead of calling an image to be displayed, it calls an application
on a media buying platform that will cause a cookie to be downloaded to your
browser if your browser settings allow.
To find out how to opt-out of the collection and use of your
information via storage technologies, see our section below on Blocking or
Declining Cookies.
For further information about behavioural advertising,
cookies and other storage technologies, and the steps you can take to protect
your privacy online visit http://optout.aboutads.info/?c=2#!/ or
http://www.youronlinechoices.eu/
We use the following cookies:
Strictly Necessary & Functional Cookies
These Cookies are necessary for the website to function and
cannot be switched off in our systems. They are usually only set in response to
actions made by you which amount to a request for services, such as setting
your privacy preferences, logging in or filling in forms. Functional Cookies
enable the website to provide enhanced functionality and personalisation. They
may be set by us or by third party providers whose services we have added to
our pages. You can set your browser to block these Cookies, but some parts of
the site will not then work.
Performance & Analytical Cookies
These Cookies allow us to count visits and traffic sources
so we can measure and improve the performance of our site. They help us to know
which pages are the most and least popular and see how visitors move around the
site. If you do not allow these Cookies we will not know when you have visited
our site and will not be able to monitor its performance. We use Analytical
cookies in our emails to improve our service to you which can detect, Email
Client Version, Date and time of opening, Dwell time, IP address and
Geo-location.
Targeting Cookies
These Cookies may be set through our site by our advertising
partners. They may be used by those companies to build a profile of your
interests and show you relevant adverts on other sites. They do not store
direct personal information but are based on uniquely identifying your browser
and internet device. If you do not allow these Cookies, you will experience
less targeted advertising.
Cookies and Do Not Track Disclosure (“DNT”)
Currently, various browsers (including internet explorer,
Firefox and Safari) offer a DNT option that relies on a technology known as a
DNT header, that sends a signal to a website visited by the browser user about
the user’s DNT preference. You can usually access your browser’s DNT option in
your browser preferences.
A “Do Not Track” standard is not available today therefore
our website does not currently respond to DNT signals from browsers.
SECTION 11: UPDATES TO THIS NOTICE
In the event of updates to our service that materially
expand the sharing or use of your personal information in ways not already
disclosed to you, we will notify you by email and update this privacy notice
accordingly. We will gain your consent for processing activities where
necessary.
SECTION 12: CONTACT INFORMATION
Data Subject
Information / Access Requests
+44 7592586764
100 Palmerston Road
E17 6PZ London
UK
Business Transfers
We may choose to buy or sell assets and may share or
transfer customer information in connection with the evaluation of these
transactions. Also, if we, or our
assets, are acquired, or if we go out of business, enter bankruptcy, or go
through some other change of control, personal data could be one of the assets
transferred to or acquired by a third party or one of our group companies.
Last Updated 27.02.2021