This privacy notice was created on 22 July 2019.
It explains what personal information we collect, how it is used and shared. It applies to users of this website, our customers and clients.
Who is the controller and how do I contact them?
Soulka Limited is the controller of the personal information we process unless otherwise stated. We are a private limited company registered in England and Wales at Companies House, our company number is 10357059.
For data protection we are regulated by the UK’s Information Commissioner’s Office. Our ICO registration number is ZA535559.
You can contact us regarding your rights and this privacy notice in a number of ways.
By email: firstname.lastname@example.org
By post: Beacon House, 113 Kingsway, London, England, WC2B 6PP
How do we get personal information?
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- You signed up to receive news from us
- You signed up to an event or to receive event invitations from us
- You placed an order or made a purchase
- You contacted us to enquire about our services or products
- You represent or work for someone on their behalf
- You follow us on our social media accounts (such as Instagram) and make a comment, private message us or ask us to contact you.
- You use our personal shopping service
We may also receive information about you indirectly, in the following scenarios:
- Someone who works on your behalf provides information about you
- A relation or friend makes a purchase or gift for you
- A friend, relation or personal contact invites you to an event
- Someone recommends you to us or includes you in communications with us
- The rejection of a payment – but we will not be told why
- You have an existing relationship with one of our personal shoppers
We collect some information about you automatically in the following ways:
- We use services to keep our website secure, they may notify us of your IP address if they identify suspicious activity
For what purposes do we use your information?
We use the personal information we collect to provide our services, to improve and optimise what we do, to protect you and Soulka Limited.
We may use this information to:
- send you news, if you have opted to receive it
- contact you to notify you about the status of an order
- provide you with information that you request from us
- provide our personal shopping service
- invite you to events
- inform you of any changes to our products, services or website
- amend or improve our services
- do business with you, including invoice or make payments
- maintain legally required records, such as for accounting and tax
- prevent fraud
What is the legal basis for using this information?
The lawful bases we rely upon for processing your data are:
Contract – if you ask us to do something before entering into a contract, and for providing products and services under contract – such as orders and purchases.
Consent – if you would like to receive newsletters from us, and to manage all cookies that are not strictly necessary
Legitimate interests – where you are a customer we may use this lawful basis, where you’d reasonably expect us to get in touch beyond the direct contract – such as to inform you of new products that might be of interest to you. Where we use this basis we will document and test the purpose, necessity and balance of rights for using it.
Can I get a copy of the information you’ve collected about me?
Of course! Email: email@example.com
For security and to protect you, please be aware we will ask you to verify who you are before we can complete this request.
Can I amend information you’ve collected about me?
Of course! Please contact firstname.lastname@example.org with the details you’d like corrected or updated.
How do I unsubscribe or withdraw consent?
If you have opted in to receive an email newsletter we provide a link to unsubscribe in every email.
Do you use any automated decision making?
We do not.
Can you delete my information?
Please contact email@example.com.
There are some records which contain personal information that we are required to keep for other regulatory reasons, such as for finance and tax and purposes. Such records will not be deleted until seven years after the end of the contract with you.
How long do you keep data for?
We do not store your data longer than necessary. We regularly review our records to remove or anonymise data if it should no longer be retained. The criteria we use for this is:
- do we still carry out the activities for the purposes the data was provided?
- is this information still up to date?
- are we required to keep this data for other regulatory purposes?
- are there contractual requirements?
Some records we are required to retain by law for certain lengths of time. These include for tax and employment purposes.
How is my information stored, transferred and kept secure?
To manage our business we use a number of third party services who process your data on our behalf. This is for tasks such as to operate our email, host this website, manage documents, process orders and communicate with clients.
These services cannot share your data with anyone. The website hosting we use is within the EU. Where a company is not based in the UK or European Economic Area (EEA), or where data may be transferred outside the EEA, we have put in place agreements to ensure that your data is processed as per European law.
Online third-party services we use
To manage our business we use a number of online third party services who process your data on our behalf, as listed below. Where a company is not based in the European Economic Area (EEA) we have detailed the additional agreements to ensure that your data is processed as per European law.
|Service||Purpose||Location||Privacy Shield registration|
|Klaviyo||Mailing list management||US||https://www.privacyshield.gov/participant?id=a2zt00000008RNFAA2&status=Active|
|Google G-Suite||Email, document management||US||https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active|
We use appropriate technical and organisation measures to protect the personal data you provide to us, and to protect your privacy. This includes ensuring that only those Soulka staff with the need to see your data can do so. Wherever we can, we protect data in our systems with strong encryption, both when the data is at rest and when it is being transferred. We only allow access to our systems via strong authentication protocols, such as TLS and ssh, and administrative access is limited to key individuals. Where possible, we use two-factor authentication for all access.
We follow security bulletins closely, such as those from US-CERT, and we act on relevant security advisories to minimise the risk to our systems and the data they contain.
We choose system suppliers who implement appropriate technical and organisational measures that are at least as good as our own.
How might my personal information be shared?
We use third parties to process your information on our behalf (see above) but these services cannot share your data with anyone.
We may retain and disclose your personal information if legally required to do so. For example, if required by law or by a Court order or if we believe that action is necessary to prevent fraud or cyber-crime or to protect Soulka Limited or the rights, property or personal safety of any person.
All such requests are assessed and we will challenge the basis of the request if it is not made by an officer with proper authority, the request lacks a proper statutory basis or appears too broad or vague as to its scope or purpose.
Important note on children’s information
Whilst visitors of all ages may navigate this site we do not intentionally collect information about people under 13 years old. You must be 13 years old or over to sign up or submit any personal information through our website (for example, to receive a newsletter). If you believe a person under 13 years old has provided us with their personal information, or have any concerns regarding this aspect of our policy, please get in touch.
Changes to this policy
When we make material changes to this policy, we will inform registered users and our customers before changes take effect. The date at the top of this page will also be updated to reflect from when the changes are effective and we will archive the outgoing policy.