logo
/ EN / DE / PL / RU /

Contacts

Privacy Policy

1. General Provisions
This Privacy Policy (hereinafter referred to as the “Policy”) outlines the principles and practices of MONIC BEAUTY (hereinafter referred to as the “Operator”) regarding the processing and protection of personal data, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1.1. The Operator is committed to safeguarding the rights and freedoms of individuals when processing their personal data, including protecting their right to privacy.
1.2. This Policy applies to all personal data that the Operator collects or receives from visitors to the website https://monicbeauty.com.

2. Key Definitions
2.1. Automated processing of personal data: Processing personal data using automated means such as computer systems.
2.2. Personal data: Any information relating to an identified or identifiable natural person (“data subject”).
2.3. Processing: Any operation or set of operations performed on personal data, including collection, storage, use, transfer, anonymisation, and deletion.
2.4. Data Controller: The individual or legal entity that determines the purposes and means of processing personal data (in this case, the Operator).
2.5. Data Subject: Any individual whose personal data is being processed.
2.6. Website: The Operator’s website located at https://monicbeauty.com.
2.7. Transfer: Making personal data accessible to a third party, whether within or outside the UK.

3. Lawful Basis for Processing
The Operator processes personal data based on one or more of the following lawful grounds under the UK GDPR:
3.1. The data subject has provided clear consent for processing for a specific purpose.
3.2. Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
3.3. Processing is necessary for compliance with a legal obligation.
3.4. Processing is necessary to protect the vital interests of the data subject or another person.
3.5. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
3.6. Processing is necessary for legitimate interests pursued by the Operator or a third party, except where overridden by the rights and freedoms of the data subject.

4. Rights of Data Subjects
Data subjects have the following rights under the UK GDPR:
4.1. Right to be informed: The right to know how their data is being collected, used, and shared.
4.2. Right of access: The right to request access to the personal data held by the Operator.
4.3. Right to rectification: The right to request corrections to inaccurate or incomplete data.
4.4. Right to erasure (right to be forgotten): The right to request the deletion of their personal data in certain circumstances.
4.5. Right to restrict processing: The right to limit how their data is processed in specific cases.
4.6. Right to data portability: The right to receive their personal data in a structured, commonly used format and transfer it to another controller.
4.7. Right to object: The right to object to processing based on legitimate interests, direct marketing, or processing for research/statistical purposes.
4.8. Rights related to automated decision-making and profiling: The right to not be subject to decisions made solely by automated means.

5. Data Security
5.1. The Operator implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data where necessary.
  • Regular security assessments and updates.
  • Measures to protect against unauthorized access, disclosure, alteration, or destruction of personal data.

6. Data Sharing and Transfers
6.1. Personal data may be shared with third parties only when:

  • Required for fulfilling a contract with the data subject.
  • Necessary for compliance with legal obligations.
  • The data subject has provided explicit consent.
    6.2. Transfers outside the UK are only made when:
  • The destination country ensures an adequate level of data protection.
  • Appropriate safeguards, such as Standard Contractual Clauses, are in place.
  • The data subject has explicitly consented, or another lawful basis applies.

7. Data Retention
The Operator retains personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Upon the expiration of the retention period, personal data will be securely deleted or anonymised.

8. Data Breaches
In the event of a data breach that poses a risk to the rights and freedoms of data subjects, the Operator will notify the Information Commissioner’s Office (ICO) within 72 hours and, if necessary, inform the affected data subjects without undue delay.

9. Contact Information
For any questions regarding this Policy or to exercise your rights, please contact:
Email: info@monicbeauty.com
Address: [Insert postal address here]

10. Changes to the Policy
This Policy is reviewed regularly to ensure compliance with the law. The most recent version is available at https://monicbeauty.com/privacy-policy/.