Privacy Policy

Last Updated: 1.1.25

Welcome to shiMMer MM UK. We value your privacy and are committed to protecting your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and other applicable privacy laws. This Privacy Policy explains how we collect, use, share, and protect your personal data when you visit our website or use our services.
1. Data Controller
shiMMer MM UK is the data controller responsible for your personal data. If you have any questions about this policy, you can contact us at:
shiMMer MM UK
Email: [email protected]

2. What Data We Collect
We may collect and process the following categories of personal data:

• Identity Data: Name, title, date of birth.
• Contact Data: Email address, phone number, postal address.
• Financial Data: Payment details for transactions (processed securely).
• Technical Data: IP address, browser type, operating system, and website usage details.
• Marketing Preferences: Your choices regarding promotional communications.

We do not collect special category data (e.g., health information, political opinions) unless required and with explicit consent.
3. Legal Basis for Processing Personal Data
Under the UK GDPR, we process your personal data based on the following lawful grounds:

• Contractual Necessity: When processing is required to fulfill a contract with you (e.g., providing services or processing payments).
• Legitimate Interests: When processing is necessary for our legitimate business interests, provided your rights do not override these interests.
• Legal Obligation: When processing is necessary to comply with a legal or regulatory requirement.
• Consent: When you have provided clear and explicit consent for us to process your data (e.g., for marketing communications).

4. How We Use Your Data
We use your personal data for the following purposes:

• To provide and manage our services.
• To process payments and fulfill transactions.
• To communicate with you regarding inquiries, promotions, or service updates.
• To improve our website and services based on user feedback and analytics.
• To comply with legal and regulatory requirements.

5. Data Sharing & Third-Party Processors
We do not sell or rent your personal data. However, we may share your data with:

• Service Providers: Third parties that assist in processing payments, IT support, analytics, or marketing services.
• Regulatory Authorities: When legally required, such as law enforcement agencies or government bodies.
• Business Transfers: If our business merges, is acquired, or undergoes restructuring, your data may be transferred to the new entity.

All third-party providers are contractually obligated to protect your data in compliance with UK GDPR.
6. International Data Transfers
If we transfer your personal data outside the UK or the European Economic Area (EEA), we ensure that adequate protections are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the UK government.
• Transfers to countries with adequate data protection laws.
• Other appropriate safeguards as required by UK GDPR.

7. Data Retention
We only keep your personal data for as long as necessary for the purposes outlined in this policy. The retention periods are:

• Customer account information: Retained for as long as you are an active customer.
• Transaction records: Retained for 6 years to comply with financial regulations.
• Marketing data: Retained until you opt-out or withdraw consent.

After these periods, your data is securely deleted or anonymized.
8. Your GDPR Rights
Under UK GDPR, you have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request corrections to inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data where applicable.
• Right to Restriction of Processing: Request to limit how we process your data.
• Right to Data Portability: Receive a copy of your data in a structured, machine-readable format.
• Right to Object: Object to processing for direct marketing or based on legitimate interests.
• Right to Withdraw Consent: If processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us at [insert contact email]. We will respond within one month as required by GDPR.
9. Cookies & Tracking Technologies
We use cookies and similar technologies to enhance user experience and track website analytics. You can manage your cookie preferences through your browser settings. For more details, see our [Cookie Policy]([Insert Link]).
10. Automated Decision-Making & Profiling
We do not use automated decision-making or profiling that significantly affects individuals.
11. Third-Party Links
Our website may contain links to third-party sites. We are not responsible for their privacy practices, and we recommend reviewing their privacy policies before sharing personal data.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised effective date. If the changes are significant, we may notify you via email.
13. Complaints & Contact Information
If you have any concerns about how we handle your data, you can contact us at:
shiMMer MM UK
Email: [email protected]

If you are not satisfied with our response, you have the right to file a complaint with the UK’s Information Commissioner’s Office (ICO):
Website: https://ico.org.uk
Phone: 0303 123 1113
 

---

​Data Protection Policy
shiMMer MM UK

Last Updated: 1.1.25

1. Purpose
shiMMer MM UK ("the Company") is committed to protecting the privacy, security, and rights of individuals whose personal data we collect and process. This policy outlines our approach to data protection and ensures compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable laws.
2. Scope
This policy applies to:

• All employees, contractors, and third-party service providers of shiMMer MM UK.
• All personal data collected, stored, processed, or shared by the Company.
• All digital and physical records containing personal data.

3. Principles of Data Protection
shiMMer MM UK follows these key data protection principles as required by the UK GDPR:

1. Lawfulness, Fairness & Transparency – We process personal data fairly, lawfully, and transparently.
2. Purpose Limitation – We collect personal data for specific, legitimate purposes and do not process it further in a way that is incompatible with those purposes.
3. Data Minimisation – We only collect and process data necessary for the intended purpose.
4. Accuracy – We ensure personal data is accurate, up-to-date, and corrected when necessary.
5. Storage Limitation – We do not retain personal data longer than required.
6. Integrity & Confidentiality – We implement appropriate security measures to prevent unauthorized access, loss, or damage.
7. Accountability – We take responsibility for compliance with data protection laws and maintain documentation of our data processing activities.

4. Roles & Responsibilities
4.1 Data Controller
shiMMer MM UK is the Data Controller and is responsible for determining the purposes and means of processing personal data.
4.2 Data Protection Officer (DPO) (If Applicable)
If required, the Company may appoint a Data Protection Officer (DPO) to oversee compliance. The DPO (or designated compliance officer) will:

• Ensure compliance with data protection laws.
• Provide guidance to employees handling personal data.
• Act as the point of contact for data subjects and regulators.

4.3 Employees & Contractors
All employees and contractors who process personal data must:

• Follow this policy and related procedures.
• Handle personal data securely and confidentially.
• Report any data breaches or security incidents immediately.

5. Data Collection & Processing
5.1 What Data We Collect
We may collect and process:

• Customer Data: Name, contact details, payment information, and communication records.
• Employee Data: Personal details, payroll information, and contractual records.
• Supplier & Partner Data: Business contacts and contractual details.

5.2 Legal Basis for Processing
We process personal data under the following lawful bases as defined by UK GDPR:

• Consent – When individuals have given explicit permission.
• Contractual Obligation – When processing is necessary for a contract.
• Legal Obligation – When required by law.
• Legitimate Interests – When processing is necessary for our business interests (e.g., fraud prevention) unless overridden by individuals' rights.

5.3 Special Category Data
We only process special category data (e.g., health information) when necessary and with explicit consent or under legal grounds (e.g., employment law).
6. Data Security & Storage
6.1 Security Measures
We implement appropriate security measures to protect personal data, including:

• Technical Measures: Encryption, access controls, firewalls, and secure servers.
• Organisational Measures: Staff training, confidentiality agreements, and access restrictions.
• Physical Security: Secure storage of physical documents, restricted office access.

6.2 Data Retention
We retain personal data only for as long as necessary to fulfill legal, contractual, or business requirements. Retention periods include:

• Customer records: Retained for [Insert Duration] after last interaction.
• Employee records: Retained for [Insert Duration] after employment ends.
• Financial transactions: Retained for six years (legal requirement).

Once retention periods expire, we securely delete or anonymize data.
7. Data Sharing & Transfers
7.1 Third-Party Sharing
We may share personal data with:

• Service providers (e.g., payment processors, IT support).
• Regulatory authorities when required by law.
• Business partners under contract and with appropriate safeguards.

All third parties must comply with UK GDPR and sign data processing agreements (DPAs) if handling our data.
7.2 International Transfers
If we transfer personal data outside the UK/EEA, we ensure compliance through:

• Adequacy decisions (where the country provides equivalent data protection).
• Standard Contractual Clauses (SCCs) approved by the UK government.
• Other legal safeguards as necessary.

8. Data Subject Rights
Under UK GDPR, individuals have the following rights:

1. Right to Access – Request a copy of personal data we hold.
2. Right to Rectification – Request correction of inaccurate data.
3. Right to Erasure ("Right to be Forgotten") – Request deletion of personal data where appropriate.
4. Right to Restriction – Request limitations on how we process data.
5. Right to Data Portability – Request data transfer to another provider.
6. Right to Object – Object to data processing based on legitimate interests or for marketing.
7. Right to Withdraw Consent – Withdraw consent for data processing at any time.

To exercise these rights, individuals can contact us at [Insert Contact Email]. We will respond within one month as required by GDPR.
9. Data Breach Management
If a data breach occurs, we will:

1. Assess the Impact – Identify the severity of the breach.
2. Contain the Incident – Take steps to minimize risks.
3. Notify Affected Parties – If required, inform affected individuals.
4. Report to ICO – If the breach poses a significant risk, report it to the Information Commissioner's Office (ICO) within 72 hours.
5. Review & Prevent Future Breaches – Update security measures as needed.

10. Staff Training & Awareness

• All employees handling personal data receive data protection training.
• Employees must follow internal policies on data handling and security.
• Non-compliance with this policy may result in disciplinary action.

11. Policy Updates & Review
We regularly review and update this policy to ensure compliance with evolving data protection laws. The latest version is always available on our website.
12. Contact & Complaints
For questions or concerns about this policy, contact:
shiMMer MM UK

Email: [email protected]

If you are not satisfied with our response, you can lodge a complaint with the Information Commissioner's Office (ICO):
Website: https://ico.org.uk
Phone: 0303 123 1113