GDPR Policy

Vend Luxe Ltd the operator of Bobby’s Beauty, is a retailer of beauty products within the Bobby’s Retail store in Bournemouth. Our company registration is 12112068.  Our registered office is 15 Sackville Street, Mayfair, London, United Kingdom, W1S 3DN. 

The Privacy Statement applies to personal data collected and processed by Vend Luxe Ltd. 

When we refer to “we”, “us” or “our” in this Statement we mean Vend Luxe Ltd. 

Vend Luxe, as a data controller, is committed to protecting your privacy and we have created this privacy policy (“Privacy Policy”) to let you know what to expect when you use our Vend Luxe and/or Bobby’s website(s) (the “Websites”), interact with us or use our services.  

The personal data we routinely collect includes: 

- Full name; 

- Email address; 

- Postal address; 

- Contact details; 

- Date of birth; 

- Marital status; 

- Gender. 

We do not collect any special categories of personal data, as defined under the GDPR. Our products and services are not aimed at children. 

We collect personal data in the following ways: 

- When you complete the purchase of a beauty product; 

- When you sign up to attend an in store event; 

- When you supply information to us in connection with any other event or promotion; 

- When you sign up for our beauty loyalty program. 

Depending on how you interact with our store and website and the permission you have given us, we process your personal data for the following purposes: 

Contractual Necessity: 

As required to establish and fulfil a contract with you, for example: when you make a purchase from us (this includes taking payments in store); communicating with you and providing customer services. 

Legitimate Interests:

(You can obtain further information on the legitimate interests balancing exercises which we have carried out by contacting us using the contact details provided below.) 

Because it is in our legitimate interests in operating our business. In particular: 

- managing, operating and improving customer service and email (including enabling you to manage your marketing preferences); 

- maintaining records of prospective, current and past clients and our suppliers; 

- facilitating your attendance at one of our events; 

- managing, operating and improving our service whilst you are visiting our store (including ensuring that we provide a personal service such as helping to identify beauty products of interest); 

- monitoring our store via CCTV cameras to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law; 

- communicating with you about any queries or complaints; 

- creating user / customer insights based on demographic segments to drive targeted email direct marketing and also carrying out market research and surveys; 

- delivering tailored advertising to promote our store (including via Facebook look-a-like and custom audiences); 

- we will use data in connection with legal claims which concern our company, group or partners, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation). 

​

Legal Compliance: 

To ensure compliance with applicable laws and legal processes including, but not limited to, use in connection with legal claims, compliance, regulatory, tax, investigative purposes (including disclosure of such information in connection with legal process or litigation and to law enforcement agencies).

​

Consent: 

Subject to the following, we will send you direct marketing by email about Vend Luxe products and services that we think you might be interested in. This will only be sent where you have given us your consent in person at the shops or via email newsletter sign up or (where permissible) you have been given an opportunity to opt out. If you change your mind about receiving our emails you will be able to opt out of electronic direct marketing by clicking the unsubscribe link contained in the email itself. 

With your permission we will share your data with the wider Bobby’s retail store to promote other store sites in the bobby’s building.  

We will share your personal data with third parties in the following circumstances: 

- With our suppliers and service providers working for us or as a part of our group of companies and affiliates, such as accounts staff and service providers, payment providers, email and IT staff and service providers, communications providers; 

- With our professional and legal advisers (such as accountants, auditors, lawyers, compliance advisors and professionals); 

- With third parties engaged in fraud protection and detection; 

- With government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our own legitimate interests in compliance with applicable laws; and 

- In the event that we sell any business assets, purchasers or prospective purchasers of all or part of our assets or our business, and their professional advisers, in connection with the purchase. 

Otherwise where we have your consent or are otherwise legally permitted to do so.  

Like other websites, information and data on our Websites may be automatically collected through cookies and similar technologies. Cookies are small files placed on Websites users’ hard drive to distinguish you from other users of the Websites. This helps us to provide you with a high quality experience when you browse the Websites and also allows us to improve the Websites. We use cookies to analyse the flow of information; customise the services and content; measure promotional effectiveness; and promote trust and safety. You can review our detailed cookie Notice here.  

Our servers are kept in the United Kingdom, however Vend Luxe Ltd uses service providers around the world. 

Consequently, your personal data may be processed in countries outside the United Kingdom and outside Europe (i.e. all 27 EU Member States plus Iceland, Liechtenstein and Norway) including in countries where the local laws do not provide the same level of data protection as those in the United Kingdom and the countries of Europe.  

Where this is the case, and where the transfer is to a country or territory that is not subject to an adequacy decision by the EU Commission, personal data is adequately protected by EU Commission-approved standard contractual clauses (which have been implemented pursuant to Article 42 (2) of the GDPR). If you have any questions about the standard contractual clauses, or would like to obtain a copy of them, please email us via the contact details given below. 

Where we process personal data for marketing purposes or where you have given your consent, we process the data until you ask us to stop and then for a short period after this (to allow us to implement your requests), or for up to 24 months at which point we will contact you to check you still want to hear from us.  

We also keep a record of your email address if you have unsubscribed, or you have asked us not to send you direct marketing, so that you do not receive marketing emails in future. 

Where we process personal data for any other purpose, including when you make a complaint, provide feedback or buy a voucher, we retain it for 24 months or for so long as is appropriate in the context. After that your data may be anonymised (personal data is deleted). The anonymised data may be used to provide management information and historical analysis. 

We will also maintain records for invoicing, tax and warranty purposes. 

We may keep a record of correspondence relating to queries and complaints for as long as necessary to protect us from legal claim.  

Where we no longer have a need to keep your information, we will delete it.  

Vend Lux Ltd takes the protection of your personal data very seriously and we take appropriate steps to ensure your personal data is stored in a secure environment to prevent any unauthorised access.  

In the course of visits to our Website, we employ widely-used SSL process in conjunction with the respectively highest level of encryption supported by your browser 

In all other respects, we take appropriate technical and organisational security measures in order to protect your data against manipulation, loss, destruction and unauthorised access by third parties. Our security measures are kept consistently up-to-date based on the latest state of the technology art.  

We may use external data service providers to process personal data on our behalf. When we do so we have appropriate agreements in place to protect the data. Any data transfers between external service providers and us are conducted by secure means.  

Where such service providers are located outside the UK, we endeavour to make sure, when required, that additional safeguard mechanisms (such as Standard Contractual Clauses) are in place. 

Please remember that if you use a link to go from our Websites to another website, or you request a service from a third party, this Privacy Statement will no longer apply once you have left the Websites. Your browsing and interaction on any other website is subject to that website’s own rules and policies. 

You are entitled to ask us: 

- for a copy of your personal data;  

- to correct your personal data (if it is inaccurate, incomplete or not up-to-date);  

- to 'port' your personal data (i.e. to transfer in a structured, commonly used and machine-readable format, to you or another data controller); 

- to erase your personal data; or 

- restrict its processing (i.e. processing will temporarily stop (save to the extent that personal data will continue to be stored)). 

You also have rights to object to some processing that is based on our legitimate interests, and to processing for direct marketing purposes. Further, where we have asked for your consent to process your data, you are entitled to withdraw this consent as more fully described above.  

These rights are limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your personal data. In some instances, this may mean that we are able to retain data even if you withdraw your consent.  

Where we require your personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us.  

To exercise these rights you should contact us as below, for the attention of our Data Protection Officer: 

Email: privacy@bobbys-beauty.com 
Address: 15 Sackville Street, Mayfair, London, United Kingdom, W1S 3DN 

If you are concerned about the manner in which we have collected and used your personal data, please contact us as above and we’ll do our best to help. If you’re still unhappy with the way in which we have handled your personal data you have the right to contact the Information Commissioner’s Office (ICO); more details can be found at www.ico.org.uk.

We review and update this Privacy Statement regularly to take account of changes to our processing and regulatory changes. We encourage you to review it from time to time. If we make any significant changes to this Privacy Statement, we will endeavour to communicate this to you where reasonable. 

If you have any questions regarding how your data is collected and processed or would like to exercise any of your rights, please use the following contact details: 

Email: privacy@bobbys-beauty.com 
Address: 15 Sackville Street, Mayfair, London, United Kingdom, W1S 3DN