Privacy Policy
At The Body Shop Cyprus (OBON SAI COSMETICS LTD), we recognize that the protection of your personal information is a very important principle in building trust and maintaining a good relationship with you. We take the protection of your personal information very seriously.
This Privacy Notice explains what personal information we collect about you, how and why we use it, who we disclose it to, and how we protect your privacy.
Please take the time to read and understand this Notice.
Table of Contents
- This Privacy Notice
- Who is responsible for your Personal Information?
- When do we collect Personal Information from you?
- How do we use your Personal Information?
- Sharing of your Personal Information
- How to withdraw your consent
- Accuracy of your Personal Information
- Your rights
- CCTV
- Effective date and changes to this Privacy Notice
- How do we keep your Personal Information secure?
- Matters specific to the Internet
- Children
- How to contact us
1.This Privacy Notice
1.1 In this Privacy Notice, "we", "our", "us", "ours" means The Body Shop Cyprus / Obon Sai Cosmetics Ltd. and "you", "your", "yours" means you the individual.
1.2 This Privacy Notice explains what personal information we collect about you, how and why we use it, who we disclose it to, and how we protect your privacy. It also set outs your rights in relation to your personal information.
1.3 This Privacy Notice supplements any relevant online Terms and Conditions of Sale, Terms of Use or other notices about the use of your personal information.
2.Who is responsible for your Personal Information?
2.1 We are The Body Shop Cyprus (Obon Sai Cosmetics Ltd), a company registered at 8 Monemvasias Street Limassol 4152 Cyprus. For the purposes of applicable data protection laws, we are the "data controller". "Data controller" is a legal term used to describe the person or entity that controls the way your personal information is processed. We have Data Protection Coordinator in our headquarters in Cyprus. If you have a query about the use of your personal information you may contact the Data Protection Coordinator by using the contact information at the end of this Privacy Notice.
2.2 By providing us with your personal information, you agree to the collection and use or otherwise processing (including disclosure) of your personal information in the manner and for the purposes described in this Privacy Notice.
3.When do we collect Personal Information from you?
3.1 We receive personal information from you through a variety of means and channels, including through our stores, our customer loyalty schemes, through the internet (such as via our information or selling web sites or via our mailing list or on social media) .
3.2 We also receive communications from you via post, email, phone, or text messaging on your mobile phone. Such communications may involve giving to you, as well as receiving information from you.
3.3 Here are some examples of how you may provide personal information to us:
(a) sending us e-mails and text messages
(b) interacting with us on social media platforms (for example, when liking or commenting on our posts)
(c) adding services to your basket on our website.
(d) talking to us in our stores or over the telephone
(e) registering accounts on our website (for example, when giving us your contact details and your preferences or interests).
3.4 We limit the amount and type of personal information that we collect to that which is necessary for the purposes for which we are collecting it.
3.5 Although the precise details of the personal information collected will vary according to the specific purpose for which we are collecting the information, we may typically collect the following personal information from or in relation to you:
(a) name
(b) address
(c) phone number(s)
(d) date of birth
(e) e-mail address
(f) credit card number
(g) gender
(h) language preference
(i) merchandise category preferences
4.How do we use your Personal Information?
4.1 We collect your personal information for the following purposes:
Why might we use your personal information? |
How do we use your personal information for this purpose? |
What is the legal basis for us to process your personal information in this way? |
to process your payments and protect you against fraudulent transactions |
We may need to process your personal information to keep your payment information safe and protect you against fraudulent transactions. |
Processing your personal information to keep your payments secure is necessary for the performance of our contract with you |
to protect The Body Shop against fraudulent transactions, and for our profit protection purposes |
We may need to process your personal information to protect The Body Shop against fraudulent transactions, and for our profit protection purposes. |
It is in our legitimate interests to process personal information to protect The Body Shop against fraudulent transactions, and for our profit protection purposes. |
to ensure that content from our website is presented in the most effective manner for you and for your computer |
We may at times use your personal information (such as your IP address) to measure the use of our website by you and assess the effectiveness of our website and improve the content of our website. |
As appropriate, we will ask for your consent to the use of cookies before processing. |
to provide you with goods and services |
We may need to use your personal information to perform our obligations under a contract with you (e.g. where you have purchased a product from us). |
Using your personal information in this way is necessary for us to perform our statutory and / or contractual obligations to you. |
to direct market to you, with your permission |
We will need to use your contact information (e.g. your e-mail address, postal address, or telephone number) to provide you with information you have requested or which we feel may interest you. |
It is in our legitimate interests to process personal information to develop, enhance, market and provide products and services to you. |
to enable you to participate in promotions and competitions |
We will need to use your contact information (e.g. your e-mail address, your telephone number, or postal address) to make sure you receive all the benefits that you are entitled to. |
Using your personal information in this way is necessary for us to perform our statutory and /or contractual obligations to you. |
to enable you to participate in our values related campaigns, petitions and activities |
We will need to use your contact information (e.g. your e-mail address, your telephone number, or postal address) to record your participation in campaigns, petitions and activities. |
It is in our legitimate interests to process personal information to record your participation in campaigns, petitions and activities. |
to enable you to participate in customer research or focus groups |
We will need to use your personal information (e.g. your age, your gender, your geographic location) to help us conduct focused market research based on trends and common factors so that we can develop, enhance, market and provide products and services to meet your needs |
It is in our legitimate interests to process personal information to develop, enhance, market and provide products and services to you. |
to process exchanges or product returns |
We will need to use your personal information to perform our obligations under a contract with you (e.g. where you have purchased a product from us and wish to receive an exchange or return). |
Using your personal information in this way is necessary for us to perform our statutory and / or contractual obligations to you. |
to gather feedback from you |
We may collect your personal information when we gather feedback from you about our products, websites, mobile apps and other activities. |
It is in our legitimate interests to process personal information to develop and enhance our products and services. |
to respond to requests or complaints |
We will need to use your personal information to respond to requests or complaints that you submit to us. |
Using your personal information in this way is necessary for us to perform our statutory and / or contractual obligations to you. |
to enable you to participate in our customer loyalty schemes and manage your membership |
We will need to use your contact information (e.g. your e-mail address, your telephone number, or postal address, date of birth) to make sure you receive all the benefits that you are entitled to as a member of our customer loyalty scheme (such as sending you a voucher on your birthday). |
It is in our legitimate interests to process personal information to develop, enhance, market and provide products and services to you. |
to develop products and services |
We will use your personal information in the event that there are adverse reactions or innovations to our products. |
It is in our legitimate interests to process personal information to develop our products and services. |
4.2 Generally, we store your personal information for as long as necessary in order to maintain the customer relationship and to provide services to you. There are other reasons why your personal information may be retained for a longer period such as legal or regulatory reasons. However, if you opt in to receive marketing communications from us we will retain your personal information as long as necessary (for the purposes of direct marketing to you) unless you withdraw your consent to or unsubscribe from marketing materials. If you would like to withdraw your consent or unsubscribe to marketing communications please contact us in the manner indicated in the relevant communication.
4.3 We may disclose your personal information if we are required to do so by law or requirement of a competent authority. In addition, we may disclose your information in order to comply with regulatory obligations such as if you have an adverse reaction to our products.
5.Sharing of your Personal Information
5.1 We may share your personal information with other companies within our Group (i.e. subsidiaries, affiliates). It may also be shared with a third party who acquires us, a member of our Group, or substantially all of our assets.
5.2 We may use other carefully selected companies, agents, or contractors to perform services on our behalf or to assist us with the provision of services to you. We may also share your personal information with not-for-profit entities or our campaign partners for charitable purposes or petitions. Your personal information can also be used / processed and forwarded to other companies external to Obon Sai Cosmetics Ltd in order to better serve you. For example, when you are ordering a product from the internet or by phone order directly at out stores, we may need to forward this information to the courier company in order to deliver the products to you or to the credit card payment handling companies such as jcc or brain tree or Magento systems etc.
5.3 If you are an existing customer, we may share your personal information with carefully selected companies which perform marketing activities on our behalf for direct marketing purposes, as we have a legitimate interest in doing so.
5.4 If you do not want us to use your personal information for direct marketing purposes, or if you do not want us to pass your details on to third parties for direct marketing purposes, please let us know by contacting as in the manner as appears at the end of this privacy policy.
5.5 Each time we send you marketing communications, we will give you the option to unsubscribe by contacting us as set out in the relevant communication.
5.6 We may share your personal information with our subsidiaries, affiliates or to third parties established outside Cyprus and the European Economic Area, for the purposes of providing services to you or supporting our business operations. If we do transfer your personal information to these organizations, we will provide appropriate measures and controls to protect your personal information such as data transfer agreements based on the standard clauses published by the European Commission in accordance with applicable law.
5.7 We will only use your personal information for a purpose that has been specified, as appropriate, prior to its use or where the processing of your personal information is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract or processing is necessary for other legal purposes.
6.How to withdraw your consent
6.1 At any time, you can withdraw your consent to the collection, use or disclosure, or otherwise processing of your personal information by (i) contacting us using the details set out at the end of this page, or (ii) writing to us in the prescribed manner (whether by email or post, or by text messaging etc.), as specified in our communications to you, or in relevant forms that you might have signed (e.g. for our customer loyalty scheme. If you have any concerns in relation to the unsubscribe functionality that we make available to you, please contact us using the details set out at the end of this page.
6.2 If you opted in to receiving marketing communications from us when you became a member of our loyalty scheme and choose to end your membership to such scheme, we will not take this to imply an automatic request to unsubscribe or withdraw your consent, and we will assume that we have your continued consent to direct market to you, unless you specifically unsubscribe or withdraw your consent from that loyalty scheme.
7.Accuracy of your Personal Information
7.1 We keep personal information as accurate, complete and up-to-date as necessary, taking into account its use and the interests of our customers.
7.2 You are responsible for informing us about changes to your personal information and for ensuring that such information is accurate and current.
8.Your rights
8.1 You have the right to:
(a) access your personal information
(b) request rectification of your personal information
(c) request portability of your personal information
(d) request restriction of processing of your personal information
(e) object to the processing of your personal information
(f) request erasure of your personal information and
(g) if you have provided your consent to the processing of your personal information, you have the right to withdrawn your consent at any time.
8.2 If you believe that your rights have been breached or that your personal information has been compromised, you have the right to request that we remedy the situation. If you would like to exercise your rights, please contact us using the contact information below.
8.3 We commit to investigating all complaints and will take appropriate necessary measures to resolve matters of concern, including, if necessary, amending our policies and practices.
8.4 If you do not receive a satisfactory answer from us, you have the right to make a complaint to the competent supervisory authority.
9.CCTV
9.1 Please note that where CCTV is in operation in our stores you may be captured on CCTV and your image stored. All CCTV footage is captured purely for your security and for the prevention and detection of crime. If you would like to know more about this, please contact us using the details provided below.
10.Effective date and changes to this Privacy Notice
10.1 This Privacy Notice was last updated on 20 May 2018.
10.2 We reserve the right to change this Privacy Notice at any time. If we decide to change this Privacy Notice, we will notify you of these changes by posting any changes on any relevant Internet pages.
10.3 If at any point we decide that we wish to use your personal information for any purpose other than, or in addition to the purpose(s) listed in this Privacy Notice or that stated at the time your personal information was collected (or a purpose compatible with the original purpose), we will notify you. To the extent that your consent is legally required we will only proceed with such use if we receive your consent with respect to such additional purposes.
11.How do we keep your Personal Information secure?
11.1 We protect personal information against loss or theft, unauthorized access, disclosure, copying, use or modification with security safeguards appropriate to the sensitivity of the personal information, regardless of the format in which it is held
11.2 We use various administrative, technical and physical methods to safeguard your personal information. They include:
(a) physical measures: locked filing cabinets, restriction of access to offices, and company alarm systems.
(b) technical tools: passwords and encryption, using generally industry best practices.
(c) organizational controls: confidentiality agreements, limiting access on a need-to-know basis, staff training and security clearances.
11.3 Online security is also a priority. We incorporate security measures such as encryption and authentication tools to protect your personal information from unauthorized use. Firewalls are utilized to protect our servers and network from unauthorized users accessing and tampering with files and other information that we store.
11.4 We use Secure Sockets Layer (SSL) technology to protect your credit card information online.
11.5 Payments made via our website and via Braintree are processed in a secure environment using software provided by third party providers.
12.Matters specific to the Internet
12.1 Links to Other Websites
(a) The Web Site or any of our various other web sites may contain links to other third party owned and operated web sites or internet resources. When you click on one of those links you are contacting another web site or internet resource. We have no responsibility or liability for or control over those other web sites or internet resources or their collection or processing of your personal information.
(b) We encourage you to read the privacy policies of those other sites to learn how they collect and use information about you.
12.2 Cookies and Web Beacons
(a) Our web sites make use of cookies as well as web beacons.
(b) Cookies are small text files generated when you visit our web sites or use our online services that reside on your computer and can uniquely identify your browser.
(c) We use three types of Cookies:
(i) a Session Cookie is used whilst you are viewing the web site and expire after you leave the web site.
(ii) a Registration Cookie is a small file that is generated when you register (log on) onto the web site and remains on the computer you registered from and is used to recognize you when you register (log on) again to the web site using the same computer. We use cookies on our web site to allow you to set your individual preferences and to help us provide a better user experience.
(iii) third-party cookies of suppliers who set their own cookies on our website with our permission to enhance customer experience and functionality and to deliver the services that they are providing. For more information about this type of cookie and the possibilities to opt-out or change your cookies settings, refer to their individual privacy policies here.
(d) Cookies help us to study traffic patterns on our web site, store user preferences and track user trends on our web site, so that we can understand which parts of our web site are popular and make browsing an even more rewarding experience for our users. We may also use cookies when you register on-line for services or information.
(e) You may choose to decline cookies if your browser permits but doing so may affect your use of our web site, for example your ability to access certain features of the site or to engage in transactions and tailored advertising.
(f) If you opt out of interest-based advertising cookies, you may still see advertising online but it will no longer be tailored to your interests.
(g) Tracking tags/Beacons: Each web page in our web sites contains tracking beacons/tracking pixels that allow us to follow your progress through the various pages within the web site. This information is then aggregated (de-personalized) before being analyzed.
13.Children
13.1 Unless otherwise indicated, our website is not directed toward children. The products that we offer for sale on our website are intended for purchase by adults only. We do not intentionally collect any personal information from children. If it comes to our attention that a child is on the other hand we will delete its information immediately. Children vising our site should be accompanied by an adult offering a parental confirmation that the kid is ok to use the site. If you are an under legal ag minor yourself reading this, you are kindly asked not to send us any personal information.
14.How to contact us
14.1 If there are any questions or concerns regarding this Privacy Notice or the data collection practices outlined herein, please contact us as follows:
(a) By Email: bonsaigroup.gdpr@cytanet.com.cy
(b) By Mail: Monemvasias 8 4152 Limassol Cyprus
14.2 You are reminded not to send via unencrypted means (such as email) sensitive information such as passwords, credit card information etc.