Privacy policy

HomePrivacy policy
1. INTRODUCTION

Rez’s Homemade Aromatherapy takes the collection and safekeeping of its customers, enquiries, and website visitors information very seriously. This privacy notice provides you with details of how we collect and process your personal data through your purchasing, enquiries, and use of this website.

  1. ABOUT US

Rez’s Homemade Aromatherapy (website url address: https://rezhomemadearomatherapy.co.uk/) (also referred to as ‘RHA’, ‘us’, ‘we’ or ‘our’) is a brand name for Webtisan Ltd company registered in England and Whales, company No: 06103081 and our registered address is 26 Ashingdon Close, London E4 6XH.

  1. THE PURPOSE OF THIS NOTICE

This Notice is designed to help you understand what kind of information we collect in connection with purchasing and using our products. We advise to both customers and guest customers and how we will process and use their information. In the course of using our website we will collect and process information about you commonly known as personal data.

This Notice describes how we collect, use, share, retain and safeguard personal data. It sets out your individual rights; we explain these later in the Notice but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.

  1. REGISTRATION DATA

If you register on our website, we store your chosen username and your email address and any additional personal information added to your user profile. You can see, edit, or delete your personal information at any time (except changing your username). Website administrators can also see and edit this information.

  1. PURCHASE DATA

To receive product support, you have to have one or more RHA products purchase on our website. These orders will be stored together with supporting information and your user data. This is required for us to provide you with delivery, product support and other customer services.

  1. COMMENTS

When you leave comments on the website we collect the data shown in the comments form, and also the IP address and browser user agent string to help spam detection.

  1. GOOGLE ANALYTICS

We use Google Analytics on our site for anonymous reporting of site usage. So, no personalized data is stored. If you would like to opt-out of Google Analytics monitoring your behavior on our website please use this link: Google Analytics Opt-out.

  1. WHAT IS PERSONAL DATA?

Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details.

Personal data may contain information which is known as special categories of personal data. This may be information relating to and not limited to, an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to sexual orientation. Personal data may also contain data relating to criminal convictions and offences.

For the purposes of safeguarding and processing criminal conviction and offence data responsibly, this data is treated in the same manner as special categories of personal data, where there are legal obligations to comply with specific data processing requirements.

  1. PERSONAL DATA WE COLLECT

In order for us to process your enquires and transactions for you and/or provide you the services we have offered, we will collect and process personal data about you. We will also collect your personal data where you request information about our services and products. We may also need to collect personal data relating to others in order to provide and administer these services. In most circumstances, you will provide us with this information. Where you disclose the personal data of others, you must ensure you are entitled to do so.

You may provide us with personal data when completing online contact forms, when you contact us via the telephone, when writing to us directly or where we provide you with paper-based forms for completion or we complete a form in conjunction with you.

We will share your personal data with our sales team, customer service team, administrator and directors in order to provide you best service we can. We also share personal data with authorised third parties, including our accountants and insurers and as required by law.

We will collect your personal data when you visit our website Contact Page and communicate with us, when we will collect your unique online electronic identifier; known as an IP address and any other personal data that you provide to us. We do not collect electronic personal data when you first visit our website. For more information please see our Cookie Policy. We may make a written record of your communications with us when contacting our administrator using our telephone contact point, but we do not record telephone calls electronically.

Where we collect data directly from you, we are considered to be the controller of that data i.e. we are the data controller. Where we use third parties to process your data, these parties are known as processors of your personal data.

– A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.

– A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.

In the process of providing online shopping services and transactions we will process the following categories of data:

Personal data such as an individual’s name, address, date of birth, gender, business and private contact details.

We do not intend to process special categories of personal data such as that related to health or data relating to criminal convictions and offences for example relating to Company law but if it is provided or we discover it as a result of performing due diligence we will process it according to the provisions laid down in the General Data Protection Regulation 2016. If you object to the collection, sharing and use of your personal data we may be unable to provide you our services and products.

For the purposes of meeting the General Data Protection Regulation 2016 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place. Further information can be obtained from The Administrator, through our Contact Page.

  1. WHY DO WE NEED YOUR PERSONAL DATA?

For customers we will use your personal data to provide you our services in accordance with our contractual obligations described in our terms and conditions and codes of practice and to administer RHA in accordance with our Articles and Memorandum of Association, to provide information on goods we are selling, information on how to use our products and to respond to requests for help and advice we receive from you and to process complaints.

For guest-users we will use your personal data to provide you with information provide information on goods we are selling, information on how to use our products and  in response to requests for help and advice received from you. In addition, we will use both paying users and non-paying user’s personal data for the purposes of statistical analysis and to develop and provide improved solutions.

In becoming an RHA customer, you are purchasing our products and services and you should understand that you are forming a contract with us. If, as a guest-user you contact us or request details of the services or products we provide, we consider ourselves as having a legitimate business interest to provide you with further information about our products and services. However, we will never supply your personal data to any third party for marketing purposes. You may request to be withdrawn from all such marketing activities at any time.

In some situations, we may request your consent to collect additional data from you. Where we require consent, your rights and what you are consenting to will be clearly communicated to you. Where you provide consent, you can withdraw this at any time by contacting the RHA customer service or Administrator.

  1. DATA RETENTION

For customers and all kinds of customers including guest users we will retain your personal data at the end of any contractual agreement, i.e. when you have stopped using our services for a period of 15 years. This data will be retained for both your protection and the protection of RHA it’s administrator, management team and its directors should a late discovered incident give rise to a claim under the terms of our Directors and Officer’s Indemnity insurance when we will be able to provide full disclosure to both yourself and our insurers concerning correspondence and contractual arrangements in place at the time of the incident. Where you make a complaint, we will retain the data for 15 years from the date of the complaint or closing your account with us whichever is the later.

For guest-users we will retain your personal data for a period of 15 years from the date of last contact. This data will be retained for both your protection and the protection of RHA it’s administrator, management team and its directors should a late discovered incident give rise to a claim under the terms of our Directors and Officer’s Indemnity insurance when we will be able to provide full disclosure to both yourself and our insurers concerning correspondence and contractual arrangements if any in place at the time of the incident. Where you make a complaint, we will retain the data for 15 years from the date of the complaint or date of last contact whichever is the later.

Where you or law enforcement agencies inform us about any active investigation or potential criminal prosecution, we will comply with legal requirements when retaining this data. The retaining of data is necessary where required for contractual, legal or regulatory purposes or for our legitimate business interests for statistical analysis and product development and marketing purposes.

Sometimes we may need to retain your data for longer, for example if we are representing you or defending ourselves in a legal dispute or as required by law or where evidence exists that a future claim may occur. For further information contact the RHA customer service or Administrator.

Please contact the RHA customer service or Administrator if you object to the use of, or you have any questions relating to the use of, your data, the retention of your personal data or the way we intend to collect data.

  1. YOUR RIGHTS

GDPR provides individuals with legal rights governing the use of their personal data, including the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data. These rights are known as Individual Rights under the GDPR. The following list details these rights:-

  • The right to be informed about the personal data being processed;
  • The right of access to your personal data;
  • The right to object to the processing of your personal data;
  • The right to restrict the processing of your personal data;
  • The right to rectification of your personal data;
  • The right to erasure of your personal data;
  • The right to data portability (to receive an electronic copy of your personal data);
  • Rights relating to automated decision making including profiling.

Individuals can exercise their Individual Rights at any time. As required by law we will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee. In exercising your Individual Rights, you should understand that in some situations we may not be able to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes.

You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters. If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please email the RHA customer service or Administrator, or write to our registered office address 26 Ashingdon Close, London E4 6XH.

  1. PROTECTING YOUR DATA

We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data within the management of RHA and authorised third parties.

  1. COMPLAINTS

If you are dissatisfied with any aspect of the way in which we process your personal data please contact our Administrator on info@rezhomemadearomatherapy.co.uk . You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat https://ico.org.uk/global/contact-us/live-chat or by calling their helpline on 0303 123 1113.

 

  1. HOW TO CONTACT US

If you have any questions regarding this Notice, the use of your data and your Individual Rights please contact our Administrator on info@rezhomemadearomatherapy.co.uk or write to the Administrator RHA at 26 Ashingdon Close, London E4 6XH.

Rez’s Homemade Aromatherapy is not required to be registered with the UK Information Commissioner, and is therefore not registered with the UK Information Commissioner.

ADITIONAL CLAUSES

EMBEDDED CONTENT
Pages on this site may include embedded content, like YouTube videos, for example. Embedded content from other websites behaves in the exact same way as if you visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged-in to that website. Below you can find a list of the services we use:
FACEBOOK
The Facebook page plugin is used to display our Facebook timeline on our site. Facebook has its own cookie and privacy policies over which we have no control. There is no installation of cookies from Facebook and your IP is not sent to a Facebook server until you consent to it. See their privacy policy here: Facebook Privacy Policy .
TWITTER
We use the Twitter API to display our tweets timeline on our site. Twitter has its own cookie and privacy policies over which we have no control. Your IP is not sent to a Twitter server until you consent to it. See their privacy policy here: Twitter Privacy Policy .
YOUTUBE
We use YouTube videos embedded on our site. YouTube has its own cookie and privacy policies over which we have no control. There is no installation of cookies from YouTube and your IP is not sent to a YouTube server until you consent to it. See their privacy policy here: YouTube Privacy Policy.
INSTAGRAM
We use Instagram links and posts embedded on our site. Instagram has its own cookie and privacy policies over which we have no control. There is no installation of cookies from Instagram and your IP is not sent to a Instagram server until you consent to it. See their privacy policy here: Instagram Privacy Policy.

COOKIES
This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymized tracking data to third party applications like Google Analytics. Cookies generally exist to make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the help section of your browser.
NECESSARY COOKIES (ALL SITE VISITORS)

  • cfduid: Is used for our CDN CloudFlare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. See more information on privacy here: CloudFlare Privacy Policy.
  • PHPSESSID: To identify your unique session on the website.

NECESSARY COOKIES (ADDITIONAL FOR LOGGED IN CUSTOMERS)

  • wp-auth: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
  • wordpress_logged_in_{hash}: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
  • wordpress_test_cookie Used by WordPress to ensure cookies are working correctly.
  • wp-settings-[UID]: WordPress sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
  • wp-settings-[UID]:WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.

SECURITY MEASURES
We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personal identifiable information is not captured/hijacked by third parties without authorization.
In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected users and will attempt to reset passwords if needed.

AMENDMENTS
We may amend this Privacy Policy from time to time. When we amend this Privacy Policy, we will update this page accordingly and require you to accept the amendments in order to be permitted to continue using our services.

Version 1, August 2022