Last Updated: 22 May, 2018
1. INTRODUCTION
1.1. Purpose of Policy
Welcome to the website of cabi Experience, Limited, a company incorporated in England and Wales under number 10091265 whose registered office is at Highlands House, Basingstoke Road, Spencers Wood, Reading RG7 1NT, United Kingdom, (“cabi”, “we”, “us,” or “our”). Cabi is committed to respecting the privacy rights of its Stylists, customers, visitors, and other users of its website (the “Website”). We created this Privacy Policy (this “Policy”) to give you confidence as you visit and use the Website, conduct business with us, and otherwise interact with us, and to demonstrate our commitment to fair information practices and the protection of privacy in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (when enacted), and any other national implementing laws, regulations, and secondary legislation, as amended or updated from time to time, in the U.K. (Data Protection Legislation).
For the purpose of the Data Protection Legislation, we are the “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy policy.
This Privacy Policy also applies to any information which you may provide directly to us otherwise than through the Website (including cabionline.uk) unless a different Privacy Policy is notified to you as applicable to that information.
1.2. Notice Concerning Children
We are a general audience site, and do not direct any of our content specifically at minors. We understand and are committed to respecting the sensitive nature of children’s privacy online. If we learn or have reason to suspect that a Website user is a minor, we will promptly delete any personal information in that user’s account. We do not wish to collect any personal information from persons 16 or under. If you are under 16, please do not use our services and do not supply any information to us.
2. INFORMATION COLLECTION PRACTICES
What Information Do We Collect?
We may collect two different types of information: personally identifiable information, also known as personal data (“personal data”) and non-personally identifiable information.
We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:
• Identity Data, which includes your first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, place of birth, country of citizenship, first language, and gender. It may also include any images on photographs or videos that you may submit.
• Contact Data, which includes billing address, delivery address, email address, and telephone numbers.
• Financial Data, which includes bank account and payment card details.
• Transaction Data, which includes details about payments to and from you and other details of products and services you have purchased from us.
• Technical Data, which includes Internet Protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our websites and other online services.
• Profile Data, which includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
• Usage Data, which includes information about how you use our Website, and our products and services.
• Marketing and Communications Data, which includes your preferences in receiving marketing from us and your communication preferences.
We use different methods to collect personal data from you and about you including:
• Direct interactions, by filling in forms or by communicating with us by email, telephone, mail, or otherwise.
• Automated technologies or interactions, by interacting with our website, and our other online platforms, services, and facilities.
• Third parties or publicly available sources, including from providers of technical, payment, and delivery services.
If you are a cabi Stylist, we may also collect your commission and bonus information. Personal data may also be collected from, among other places, information you provide directly to us, information regarding products or services that cabi currently provides or has previously provided to you, or information cabi receives from its affiliated entities, other cabi Stylists, or third parties relating to the establishment of our relationship or the provision of services to you. This information can be received in any manner, including via in-person discussions, telephone conversations, and electronic or other written communications.
If you are a cabi customer or a Hostess, your personal data may be provided to us by the cabi Stylist who took your order or who organized or attended a cabi event that you hosted or attended.
Unless we specifically request or invite it, we ask that you not send or otherwise disclose to us any information that is considered a “special category” of personal data under Data Protection Legislation (such as information related to your health). If we specifically request such information, we will seek your prior explicit consent to do so. You are under no obligation to provide any such information and do so on a strictly voluntary basis to help cabi resolve any questions or complaints you have about our products. Cabi will not use such information for any other purpose and will only retain it as long as necessary to resolve your question or complaint.
Non-personally identifiable information is aggregate information. This may include demographic information, user behaviour data from web interaction metrics tools, and any other information that does not reveal your identity. Non-personally identifiable information may be connected to other information we collect from you.
Our servers automatically recognise visitors’ domain names and IP addresses (the number assigned to computers on the Internet). No personal information about you is revealed in this process. The Website may also gather anonymous “traffic data” that does not personally identify you, but that may be helpful for marketing purposes or for improving the services we offer.
2.3. Cookies Policy
(a) Cookies. From time to time, we may use the standard “cookies” feature of major browser applications that allows us to store a small piece of data on your computer about your visit to our Website. For more information on cookies, please see www.whatarecookies.com. We may use cookies to deliver content specific to your interests, to save your password so you don’t have to re-enter it each time you visit our site, or for other purposes. We do not set any personally identifiable information in cookies, nor do we employ any data capture mechanisms on our Website other than cookies. Cookies also help us learn which areas of our site are useful and which areas need improvement. You can choose whether to accept cookies by changing the settings on your browser. However, if you choose to disable this function, your experience on our Website may be diminished and some features may not work as they were intended.
The types of cookies used on our site are as follows:
Strictly Necessary: These cookies are essential to enable you to receive a service on a website. For example, cookies to operate online shopping baskets or to comply with the law (e.g. such as to keep your information safe).
Analytics / Performance : These cookies are used only to help us to improve our website over time, by giving us insights into how the various sections of the site are used and how users interact with the site, for example, which pages visitors go to most often and whether they get error messages from web pages. The information collected is anonymous and statistical.
Authentication / Functionality: These cookies are used to identify unique visitors to the website. If you log in to the site, these are the cookies that allow us to remember who you are and what your preferences are so that we can provide you with access to pages personal to you, for example, your account pages. These cookies help keep your visit to the site secure. These cookies can also enable enhanced, more personal features and to provide services you have asked for. Whilst information collected by “functionality” cookies may or may not be anonymised, the “functionality” cookies on our website only collect anonymous information.
Targeting: These cookies collect information about your browsing habits to make advertising relevant to you and your interests. These cookies collect the most information about users.
Session: These are cookies that are designed to ensure that your visits to the site are as smooth as possible. Their main uses are: (i) allowing us to identify your device as you use the website, so that you are not treated as a new visitor each time you go to another part of the site; (ii) ensuring that the servers that we use to power the website each serve an equal number of users, to help make everyone’s browsing as swift and responsible as possible; and (iii) noting your browser’s capabilities.
We have listed in the table below the specific cookies that we use and the purposes for which we use them. You will see that we have also identified whether they are session cookies or persistent cookies. ‘Session cookie’ is a commonly used description for a cookie which stores information about user page activities to allow users to be recognized within a website so any page changes or item or data selection is remembered from page to page; whilst ‘persistent cookie’ is a commonly used description for a cookie which helps websites remember your information and settings when you visit them in the future.
| Cookie Name | Type | Purpose | Persistent/Session |
|---|---|---|---|
| JSESSIONID | Strictly Necessary, Authentication / Functionality | Used for unique anonymous identification for the CLIO API (application programming interface) | Session |
| PHPSESSID | Strictly Necessary, Authentication / Functionality | Used for unique anonymous identification for site interactions on the cabionline.com website | Session |
| OFBiz.Visitor | Strictly Necessary, Authentication / Functionality | Used for anonymized user tracking | Session |
| cabi.domain | Targeting | Used to keep track of the website URL for the user’s locality | Persistent |
| cabi.locale | Targeting | Used to keep track of the user’s locality | Persistent |
| cabi.contextual-email-promote | Targeting + Session | Used for maintaining a list of previously viewed marketing promotions | Persistent |
| subdomain | Session | Used to keep track of the most recently visited Stylist website | Persistent |
| __ga | Analytics / Performance | Used for unique identification for Google Analytics | Persistent |
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting, you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.
(b) Web Beacons. Certain pages on our Websites may contain “web beacons” (also known as Internet tags, pixel tags, or clear GIFs). These web beacons allow third parties to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page, and the information in cookies set by the third party.
(c) IP Addresses. An IP address is a unique identifier that certain electronic devices use to identify and communicate with each other on the Internet. When you visit our websites, we may view the IP address of the device you use to connect to the Internet. We use this information to determine the general physical location of the device and understand from what geographic regions our website visitors come. We also may use this information to enhance our websites.
3. USE OF INFORMATION
3.1. What Do We Do with Collected Information?
The provision of personal data by you is necessary in order for us to fulfil our legal obligations, and our contractual obligations with you, and for the purposes identified below where in our legitimate interests and such interests are not overridden by your privacy rights.
We may use your personal data for the following purposes: (i) to establish or maintain our relationship with you; (ii) to contact you and respond to your requests and inquiries; (iii) to provide you with products and services you have requested; (iv) to keep you informed of products and services we think may be of interest to you; (v) to personalise your experience with us; (vi) to assist you while you use our Website; (vii) for business administration, including statistical analysis; (viii) for fraud prevention and detection; and (ix) to comply with applicable laws, regulations, and codes of practice.
We may use your personal data to verify your identity or to follow up with transactions initiated on the Website. We may also use your contact information to inform you of any changes to the Website, to send you additional information about cabi, or to offer you other products, programs, or services that we believe may be of interest to you.
Please note that we may process your personal data on more than one lawful ground depending on the specific purpose for which we are using your personal data. You are under no obligation to provide any such information. However, if you should choose to withhold requested information, where we need to collect that personal data by law, or under the terms of a contract we have with you, then we may not be able to perform the contract we have or are trying to enter into with you and/or provide products or services to you; but we will notify you if this is the case at the time.
3. SHARING OF INFORMATION
3.1. Sharing of Personal Data
We may have to share your personal data with the parties set out below for the purposes described in this Privacy Policy:
- Our affiliated entities, cabi Stylists, government entities, and regulatory bodies, those with whom you have requested us to share information, third parties, in order for them to provide us with services (including, for example, companies that provide us with technical support and assistance with respect to the Website, the provision of our products and services, financial institutions who process payment for orders placed by you, our suppliers, and other third parties who facilitate delivery of the products and services you have ordered).
- If you choose to post information on the Website in a public forum, your name, location, and comment (all as entered by you) will be displayed to all users of the Website to facilitate interaction among users. General users’ email addresses are never revealed to other users; provided, however, Stylists have the option of revealing their email address and phone number on the Website.
- If you purchase cabi products or set up a customer account with us, we may share your name, location, contact details, and purchase history with cabi Stylists to help them establish and maintain a relationship with you. If you are a cabi Stylist, your name, location, contact details, and performance may be shared with other cabi Stylists. Additionally, personal data about you may be shared with customers.
Cabi requires third parties who perform services for us to agree to treat personal data about you confidentially and securely and only for the purpose of performing services on our behalf and in accordance with our instructions.
We may disclose and use your personal data if we believe that we are required or permitted to do so: (a) to our professional advisors, including lawyers, accountants, tax advisors, and auditors; (b) to debt collection agencies and other parties that assist with debt-recovery functions; (c) by law; (d) in response to legal process (for example, in response to a court order or a subpoena); (e) in response to a law enforcement agency’s request; (f) to enforce our other terms, conditions, or policies; (g) to protect our operations; (h) to protect the rights, privacy, safety, or property of cabi, you, or others; and/or (i) to permit us to pursue available remedies or limit the damages we may sustain. For example, we may, to the fullest extent the law allows, disclose personal data about you to law enforcement agencies to assist them in identifying individuals who have been or may be engaged in unlawful activities.
We may share your personal information with other third parties, for example, in the context of a possible sale, restructuring or financing of, or investment in our company or any of our businesses. In this event, we will take appropriate measures to ensure that the security of your personal data continues to be ensured with this Privacy Policy and applicable data protection legislation. We may also transfer your personal data to a third party that acquires all or part of our assets or shares, or that succeeds us in carrying on all or part of our business, whether by merger, acquisition, reorganization, or otherwise. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
3.2. Sharing of Non-Personally Identifiable Information
We use anonymous information to analyse our Website traffic, but we do not examine this information for individually identifying information. In addition, we may use anonymous IP addresses to help diagnose problems with our server, to administer our site, or to display the content according to your preferences. Traffic and transaction information may also be shared with business partners and advertisers on an aggregate and anonymous basis.
3.3. International Transfer of Personal Data
We will transfer your personal data to cabi, LLC in the United States of America for storage on its secure servers located in the USA and for use for the purposes described in this Privacy Policy.
The USA is a country that may not provide a similar or adequate level of protection to that provided by the EEA under its own data protection laws and so to provide adequate protection for personal data received by cabi, LLC in the United States from us we (as data exporter) have entered into an agreement under the model contract clauses (“Model Contract Clauses”) provided by the European Commission with cabi, LLC (as data importer) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer of personal data by the data exporter to the data importer.
Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:
• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Where your personal data is transferred to a third party outside of the EEA, we may use a specific contract approved by the European Commission which give personal data the same protection as it has in the EEA; and/or.
• Where your personal data is transferred to a third party based in the USA, we may either use the above contract approved by the European Commission or we may transfer data to that third party if it is part of the EU-U.S. Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the USA.
If there is any conflict between the terms of this Privacy Policy and the Model Contract Clauses, the Model Contract Clauses shall govern.
3.4. Marketing
Access to Information / Opting-Out. If you have opted to receive email from us, you may unsubscribe at any time by using the opt-out option at the bottom of each email or by contacting your cabi Stylist.
4. SECURITY
If any of the information that you have provided to us changes, for example, if you change your email address or other contact details, please let us know the correct details by sending an email to us or writing to us using the contact details below.
We maintain appropriate reasonable physical, administrative, and technical safeguards and security measures to protect personal data from loss, misuse, or unauthorized access, disclosure, alteration, or destruction. Our personnel and the personnel of our affiliates are provided with access to personal data only if they have a need to know the information in connection with a legitimate business purpose, such as (a) the provision of services to you or (b) to help identify other services that we offer that may be of interest or use to you.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Our Website has security measures in place to prevent the loss, misuse, and alteration of the information that we obtain from you, but we accept no liability to you or to any third party arising out of any such loss, misuse, or alteration.
5. SITE AREAS BEYOND OUR CONTROL
5.1. Public Forums
The Website includes interactive forums for the exchange of information, ideas, and opinions. Please remember that any information that is disclosed in these areas becomes public information and you should exercise caution when deciding to disclose personal information.
5.2. Third Party Websites
The Website may contain links to other websites. If you choose to visit other websites, we are not responsible for the privacy practices or content of those other websites, and it is your responsibility to review the privacy policies at those websites to confirm that you understand and agree with their policies.
5.2. cabi Stylists
If you are a customer, you may provide certain information to a cabi Stylist through whom you order products or meet at a party. Cabi Stylists are independent contractors and are not our employees. They are required under their contracts with us to adhere to applicable privacy laws, however, we do not have the same control over the information you provide to Independent cabi Stylists as the information you provide directly to us or through the Website.
6. RETENTION PERIODS
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, you can ask us to delete your data: see ‘Data Subject Rights’ below for further information.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
7. DATA SUBJECT RIGHTS
If you are based in the European Union, then you have certain data subject rights, which may be subject to limitations and/or restrictions. These rights include the right to: (i) request access to and rectification or erasure of your personal data; (ii) obtain restriction of processing or to object to processing of your personal data; and (iii) ask for a copy of your personal data to be provided to you, or a third party, in a digital format. If you wish to exercise one of these rights, please send us your request to the contact details set out below. You also have the right to lodge a complaint about the processing of your personal data with a national data protection authority.
You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
8. CONTACT INFORMATION AND POLICY UPDATES
8.1. Contacting Us
If you have any questions about this Policy, our practices related to your personal data, or if you would like us to remove your information from our database, please contact us at the following email address: privacy@cabiexperience.com or by post at Highlands House Basingstoke Road, Spencers Wood, Reading RG7 1NT, United Kingdom
6.2. Updates and Changes
We reserve the right, at any time, to add to, change, update, or modify this Policy, simply by posting such change, update, or modification on the Website and without any other notice to you. Any such change, update, or modification will be effective immediately upon posting on the Website. It is your responsibility to review this Policy from time to time to ensure that you continue to agree with all of its terms.