At RuRu Hair your privacy is very important to us. It is one of our fundamental responsibilities as a business to ensure that we protect the information entrusted to us by you. This Data Protection Notice looks to answer your important questions about the processing of personal information by our organisations. Please take some time to read this Data Protection Notice carefully. We provide a range of products and services to personal customers including (Human hair extensions and wigs. Our products and services are distributed globally by telephone via the dedicated Retail Sales Team as well as through our website and online and mobile business platforms. Our businesses are private limited companies registered in the Companies Registration Office under Company Number (12024878). 1.2. How you can contact our Group if you have any questions about your privacy rights or if you would like to change your privacy preferences, you can contact us in the following ways: • By phone or by email. • If you have specific queries about this Data Protection Notice or our approach to privacy, you can also contact us direct and we who will ensure that your query is treated in a confidential manner. How can you control the personal information you have given to us? When your personal information is handled in connection with our product or service, you are entitled to rely on a number of rights. These rights allow you to exercise meaningful control over the way in which your personal information is processed. You may execute any of these rights free of charge (in certain exceptional circumstances a reasonable fee may be charged, or we may refuse to act on the request) and we may ask you to verify your identity prior to proceeding with your instruction by way of requesting additional information/documentation from you. Once we are satisfied that we have effectively verified your identity, we will respond to the majority of requests without undue delay and within a one-month period i.e. 30 calendar days of receipt of the request. We will action your request to have your personal information corrected within 10 calendar days. These periods may be extended in exceptional circumstances and we will inform you where the extended period applies to you along with an explanation of the reasons for the extension. Further information in relation to how you may execute these rights is outlined in the Data Protection section of our notice or alternatively by contacting us using the channels outlined in this document. For example, you are entitled to: 2.1. Access your personal information: You can look to access the personal information we hold about you by contacting us with a data access request using the channels outlined. We will endeavour to provide you with as complete a list of personal information as possible. However, it can happen that some personal information from back-up files, logs and stored records may not be included in that list as this information is not
processed by us on an ongoing basis and it is not therefore immediately available. For that reason, this personal information may not be communicated to you. However, this personal information remains subject to standard data maintenance procedures and will only be processed and retained in accordance with those procedures. 2.2. Correct/restrict/delete your personal information: If you believe that certain personal information we hold about you is inaccurate or out of date, you can look for the information to be corrected at any time using the channels outlined after we have verified the information. If you dispute the accuracy of information held, you can request that we restrict processing this information while your complaint is being examined. If you suspect that we are processing certain information without a legitimate reason or that we are no longer entitled to use your personal information, you can also ask for that personal information to be deleted. We are not under any obligation to rectify or delete your personal information where to do so would prevent us from meeting our contractual obligations to you or where our Group is required or permitted to process your personal information for legal purposes or otherwise in accordance with our legal obligations. We ask that you keep us informed of any relevant change in your personal circumstances to enable us to keep the information on our systems up to date and accurate. 2.3. Withdraw your consent: Whenever you have provided us with your consent to process your personal information, for example, so that we can contact you about one of our products or services, you have the right to withdraw that consent at any time through one of the channels identified. If you withdraw consent to processing (and if there is no other justification for continuing to process your information), you are also entitled to request that your personal information is deleted. Withdrawing consent does not affect the lawfulness of any processing undertaken by us based on your consent before its withdrawal. 2.4. Object to your personal information being used for certain purposes: If you disagree with the way in which we process certain information based on its legitimate interest, you can object to this through one of the channels identified. In such cases we will provide you with details regarding the rationale for processing your personal information and we will stop processing the personal information under dispute if we cannot legitimately justify the reasons for processing within the agreed time frame. Some of our operations are fully automated, with no human intervention and may include taking decisions based solely on automated processing. If you disagree with the outcome of a fully automated decision-making process, you can speak to a staff member to express your point of view and contest the decision using one of the contact channels. 2.5. Request your personal information to be transferred in electronic form: You can (in certain cases) request that your personal information is transferred to you or to another service provider so that you can store and reuse your personal information for your own purposes across different services. We will not be in any way accountable or liable for any damage, loss or distress sustained, incurred or suffered by you and/or the designated service provider because of improper use of the personal information upon and after receipt from us. 2.6. How to exercise your rights: You can exercise the rights outlined above free of charge by contacting us using any of the channels mentioned in this document. 3. Why do we collect and use your personal information? We gather and process your personal information for a variety of reasons and rely on a number of different legal bases to use that information, for example, we use your personal information to process your applications, to help administer your products and services, to ensure we provide you with the best service possible, to prevent unauthorised access to your accounts and to meet our legal and regulatory obligations. 3.1. To comply with legal obligations: We are required to process your personal information to comply with certain legal obligations, for example: 3.1.1. To report and respond to queries raised by regulatory authorities, law enforcement and other government agencies such as the Central Bank of Ireland, the European Central Bank and relevant policing authorities 3.1.2. To respond to requests from Irish Revenue in accordance with relevant tax legislation including queries relating to Foreign Account Tax Compliance Act (FATCA), stamp duty and Common Reporting Standard (CRS) and under Notices of Attachment issued by Irish Revenue; 3.1.3. To pass details of the originator or the payee to the receiving or transferring financial institution; 3.1.4. To gather information about our customers’ knowledge and experience, financial capacity, investment objectives and attitude to risk/return in relation to the products offered prior to giving investment advice to those customers; 3.1.5. To meet regulatory information security & incident reporting requirements such as under the Directive on Security of Network and Information Systems (NIS Directive); 3.1.6. To cooperate and provide information requested in the context of legal 3.1.5. and/or regulatory
investigations or proceedings; and 3.1.7. To investigate allegations of fraud and prevent fraud by third parties or customers. 3.2. To enter into and perform a contract for a product or service 3.2.1. Before we provide you with products or services, we have to gather some personal information to process your application and to assess the terms upon which we can enter into the contract with you. This includes, for instance, gathering and processing personal information for a credit application. 3.2.2. To manage your accounts, policies and any other banking products or services, we have to process your personal information. Examples of processing include the administration of accounts, payments, deposits, credit decisions. As part of this process, we may be required to pass some personal information to an intermediary or counter party (e.g. if you perform a payment transaction, we pass information on the progress of the transaction to the payee concerned). In addition, we have insurance protection, which means we may be required to provide your personal information to our insurance partners in connection with the provision and administration of insurance related services. This type of information will only be obtained and processed where necessary to process your application, administer your account, investigate claims or to comply with a legal obligation. In line with your marketing preferences, our Insurance Broker may also contact you regarding any insurance related claims. 3.3. To enable us to function as a business 3.3.1. In certain circumstances, we process your personal information based on the legitimate interests of our business. In doing so, we ensure that the impact of the processing on your privacy is minimised and that there is a fair balance between the legitimate interests of our business and your privacy rights. If you disagree with your information being processed in this manner, you are entitled to exercise your right to object.
SECTION 1 – WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system. Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 – CONSENT
How do you get my consent? When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only. If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
SECTION 3 – DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 – THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the way your personal information will be handled by these providers.
Remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
Links: When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Google analytics: Our store uses Google Analytics to help us learn about who visits our site and what pages are being looked at.
SECTION 5 – SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 6 – AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependants to use this site.