GDPR Compliance

Ellis Style Consultancy Ltd, trading as lively-mint, is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our approach to data protection and your rights as a data subject.

Our Role as Data Controller

For the personal data we collect and process in relation to our styling services and website, we act as the data controller. This means we determine the purposes and means of processing your personal data and are responsible for ensuring that processing is carried out lawfully.

Data Controller: Ellis Style Consultancy Ltd
Address: 47 Clerkenwell Road, London EC1M 5RS
Contact: [email protected]

Data Protection Principles

We adhere to the following principles when processing personal data:

• Lawfulness, fairness, and transparency: We process data lawfully and are open about how we use it
• Purpose limitation: We collect data for specified, explicit, and legitimate purposes
• Data minimisation: We collect only the data necessary for our stated purposes
• Accuracy: We take reasonable steps to ensure data is accurate and up to date
• Storage limitation: We retain data only for as long as necessary
• Integrity and confidentiality: We implement appropriate security measures to protect data
• Accountability: We can demonstrate compliance with these principles

Your Rights Under GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to receive clear information about how we collect and use your personal data. Our Privacy Policy provides this information in detail.

Right of Access

You can request a copy of the personal data we hold about you. This is commonly known as a subject access request. We will respond to such requests within one month, providing the information free of charge in most circumstances.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected. We will rectify the data within one month of your request, or explain why we are unable to do so.

Right to Erasure

Also known as the right to be forgotten, you can request deletion of your personal data in certain circumstances, including:

• When the data is no longer necessary for its original purpose
• When you withdraw consent and there is no other legal basis for processing
• When you object to processing and there are no overriding legitimate grounds
• When data has been unlawfully processed

We may be unable to fulfil erasure requests where we have legal obligations to retain certain records.

Right to Restrict Processing

You can request that we limit how we use your data in certain situations, such as when you contest its accuracy or have objected to processing.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not currently use automated decision-making in our services.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before processing your request. We aim to respond to all legitimate requests within one month. If your request is complex or you have made numerous requests, we may extend this by up to two months, in which case we will inform you.

Lawful Bases for Processing

We process personal data under the following lawful bases:

• Performance of a contract: When processing is necessary to fulfil our styling services
• Legitimate interests: For business operations such as improving our services and maintaining security, where these do not override your fundamental rights
• Consent: Where you have given explicit consent, particularly for marketing communications and optional cookies
• Legal obligation: When we must process data to comply with the law

Special Category Data

In the course of providing styling services, we may process limited special category data, such as photographs that could reveal racial or ethnic origin. This processing is carried out with your explicit consent and solely for the purpose of providing personalised styling advice.

Data Transfers

Your personal data is primarily processed and stored within the United Kingdom. Where data is transferred to countries outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the Information Commissioner's Office.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

Complaints

If you have concerns about how we handle your personal data, we encourage you to contact us first so we can address your concerns. You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Information

We may update this GDPR compliance information periodically to reflect changes in our practices or legal requirements. Please check back regularly for updates.