Privacy policy

This Privacy Notice sets out details about the personal data that we 16HarleyCo limited (“GetHarley”, “us”, “our” or “we”) may collect and process about you. It covers website users. This Privacy Notice is non-contractual, regularly reviewed and may be amended by us from time to time.

1. The type of data we hold, purpose of processing, legal basis, data sharing and retention periods

Please note that if we intend to further process your personal data for a purpose other than that for which it was collected, we shall provide you with information on this other purpose and all other information as set out in this notice.

We may transfer the personal information we collect about you outside the EU in order to perform our contract with you. Where this occurs we will ensure that your personal information receives an adequate level of protection and we will put in place appropriate measures to ensure that your personal information is treated in a way that is consistent with EU and UK laws on data protection. If you require further information about these protective measures, you can request it by contacting us at hello@getharley.com.

In terms of retention periods, we will not keep your data for longer than is necessary. When deciding how long to hold your data we have regard to legal requirements (including any contractually agreed periods) and statutory limitation periods (under which it is prudent for us to retain records for longer periods).

2. Consent

Where we rely on consent to process your personal data, you have a right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

You can withdraw your consent to our processing at any time by contacting hello@getharley.com. Please specify the type of processing that you are withdrawing your consent to in your email.

3. Your rights

You have a number of rights in relation to the personal information that we process about you. You:

  • Have the right to be informed about your data (as set out in this Privacy Notice);
  • Can request access to your personal data;
  • Can request that your personal data be rectified if it is inaccurate or incomplete;
  • Can request that the processing of your personal data be restricted or erased in certain circumstances, for example, where the data is no longer necessary to meet its purpose;
  • Can object to processing in certain circumstances, for example where this is based on legitimate interests or involves direct marketing;
  • Can request to receive personal data that you have provided in a structured, commonly used and machine-readable format and can have this transmitted without hindrance where the data is processed on the basis of consent or performance of a contract;
  • Can lodge a complaint with the Information Commissioner’s Office.

If you wish to exercise any of these rights please contact hello@getharley.com.

4. Automated Decision Making (“ADM”)

ADM occurs when decisions are made about you by a computer or some other information analysing machine. Examples of this includes website profiling.

We do not use ADM.

5. Contact details for data controller and enquiries

16HarleyCo limited is the data controller and can be contacted at hello@getharley.com. If you have any enquiries re data protection or wish to exercise any of your rights please do contact our dedicated team at hello@getharley.com.

6. The type of data we hold

When you access our website, we may collect the following personal data as part of the provision of our services:

  • Login data (i.e. email / username and password) which you input into our website;
  • Data input into online forms. For example, if you are signing up to an account on our website you will be asked for your email address, telephone number and date of birth;
  • Details of the products you were recommended and purchased;
  • Your skin related conditions and goals.

For information you are asked to provide (as part of signing up to a service), you are obliged to provide this to enable us to perform the contract with you and to ensure our IT systems remain secure and effective. A failure to provide this may mean we are unable to provide you with the services you require.

When you access our website, cookies will be created.

Cookies are pieces of data created when you visit a site, and contain a unique, anonymous number. They are stored in the cookie directory of your hard drive, and do not expire at the end of your session.

Cookies do not contain any personal information about you and cannot be used to identify an individual user. If you choose not to accept the cookie, this will not affect your access to the majority of facilities available on our websites.

Although your browser may be set up to allow the creation of cookies, you can specify that you be prompted before a site puts a cookie on your hard disk, so that you can decide whether to allow or disallow the cookie. Alternatively, you can set your computer not to accept any cookie.

Log files are also created when persons visit our website. They allow us to record visitors` use of the websites and include your IP address. We put together log file information from all our visitors, which we use to make improvements to the content and layout of the websites and to the information in it, based on the way that visitors move around it.

Your IP address is recorded automatically when you access our website to assist us in monitoring and improving content and for security reasons. You are, therefore, obligated to provide this when accessing the website.

7. The purposes of processing

  • To register you as a new client and provide services to you as requested;
  • To be able to contact you in relation to the service and effectively manage our relationship with you;
  • To enable us to ensure efficiency and security of our systems (e.g. prevention of unauthorised access) and make improvements where necessary, including for user experience of the website;
  • To make business decisions about the provision of services and our website.

8. Legal basis for processing

We process this data as it is necessary for our legitimate interests, namely to keep records of user experiences, provide the information you have requested, improve our services, ensure our services remain accurate and up to date, study how our website is used and popular content, for marketing strategies/communications and to maintain and grow our business.

We also process data as required by law, including, to comply with legal obligations such as security obligations in data protection legislation (such as prevention of unauthorised access).

We do not rely solely on consent to process your data, however, where you have signed up for services we may also process your data on the basis of your consent.

9. Sharing your data

Your data will be shared internally with our IT and Marketing departments.

Our website contains links to third party websites. Clicking on those links may allow third parties to collect your personal data. We do not have control over such websites and would encourage you to read the privacy notices for websites you visit.