Last updated 24 Feb 2021
Smudged Lipstick (“we”) are committed to protecting and respecting your privacy and keeping your personal information secure.
This policy describes how we use the personal information that we collect from you in connection with your receipt of our products and services (the “Services”) and when you interact with our websites and apps (together, the “Websites”).
Important: This policy applies to you if you contract with us to receive the Services or otherwise interact with us regarding your use, or potential use, of the Services. It also applies if you interact with us, including by using our Websites or interacting with us via social media.
The policy does not apply to you if you are a ticket buyer or an event attendee who has sourced a ticket from an event organiser which uses the Smudged Lipstick Platform. In such circumstances, we process ticket buyers’ and event attendees’ personal information solely on the event organiser’s behalf (as their “processor”) and the event organiser has the legal responsibility to tell ticket buyers and event attendees how their personal information will be collected and used. Our privacy practices in respect of such personal information are governed by the contract we have in place with the event organiser.
Please take a moment to review this policy in detail (together with our Website Terms and Conditions of Service). As you will see, it explains our privacy practices and covers the following areas:
Information we may collect about you
How and on which basis we use your personal information;
Disclosure of your personal information;
How we hold and protect your personal information;
How to contact us.
For the purpose of applicable data protection legislation, the data controller is Worldwide Audience PR LTD trading as Smudged Lipstick of Rosewood House, London SW8 1TB, UK .
Information we may collect about you
We may collect and process the following personal data about you:
Information that you provide to us. We collect information from you when you fill in forms on smudgedlipstick.co.uk or smudgedlipstickevents.com (including when you register to use our Services), when you respond to any surveys that we send to you to complete, post materials on the Websites, request further information about the Services and when you report a problem with our Websites. This information may include:
your email address and phone number;
details of any opinions or complaints you raise regarding the Service (including those posted on public forums and social media) and details of any correspondence that you have with us, including via our online customer support function;
your responses to any surveys or questionnaires that we may send to you;
details of transactions you carry out through our Websites and of the fulfilment of your orders. All payments are made through our payment processors. All card details are provided direct to the payment processor and we only receive transaction details and certain limited card details (name, address, card type, last four digits of card number and expiry date) from the payment processor to manage your payments and to identify your transactions; and
your preferences in receiving marketing communications from us.
We may also collect, use and share anonymised data and aggregated data such as statistical or demographic data for any purpose. Anonymised and aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate statistics to understand usage of our Websites.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How and on which basis we use your personal information.
We will only use your personal information for specific purposes and when we have a lawful basis to do so. Most commonly, we will use your personal data in the following circumstances:
To perform a contract with you or to take steps at your request prior to entering a contract with you.
We use your personal information to enter into and perform our contracts, including:
- to provide you with information or services that you request from us;
- to provide you with access to the Services, including to register you as a user of the Services and to enable to you to set up an account and to sell tickets via the Services;
- to determine your eligibility for our Services;
- to provide the functionality of the Services that you have requested via our Websites;
- to send you service notifications;
- to allow you (or the corporate client you represent) to participate in interactive features of our Services, when you choose to do so;
- to notify you about changes to our Service; and
- to manage our relationship with you.
- When you have given us your consent to use your personal information
We use your personal information when you have given your consent for us to process your personal information:
- to allow us to set cookies and other similar technologies which provide information about your online behaviour and browsing patterns which we use for the purposes of targeted marketing and advertising;
- to allow us to set cookies and other similar technologies which provide information about your online behaviour and browsing patterns which we use for the purposes of analysing use and movement around our Websites so that we may improve our Services and our Websites; and
- to send you marketing communications by email and text if your consent is required. If we are sending you information about our services and products that are similar to those that you have already purchased, we will rely on soft opt-in consent which we can take as given because you have signed up for our similar services already.
- To comply with our legal obligations
We use your personal information to comply with various legal and regulatory obligations, including:
- to comply with mandatory law enforcement or regulatory requests for the disclosure of your personal information, including in circumstances of suspected fraudulent activity
- To fulfil our legitimate interests and your interests and fundamental rights do not override those interests
We use your personal information in order to deploy and develop our services, to improve our risk management and to defend our legal rights, including:
- to ensure that content from our Website is presented in the most effective manner;
- to administer our site and for internal operations, including troubleshooting, data analysis, research and statistical purposes;
as part of our efforts to keep our Website safe and secure and to monitor actual or suspected fraudulent activity;
- to train our staff;
- to carry out retargeting advertising;
- to measure the effectiveness of our Services so that we can improve our Services;
analysing your habits and movement between pages when you visit the Websites so that we may improve our Services and our Websites;
- to send you information about the Services that you are receiving and any changes to such Services and new features that you need to be aware of;
- to provide you with information about new features of the Services that you are receiving and about our services and products that are similar to those that you have already purchased or enquired about; and
- to build profiles of potential purchasers of our products and services and to identify potential purchasers of our products and services.
Marketing, targeted advertising and opting out
You will only receive our marketing communications if we can lawfully send them to you, that is:
- when you have specifically consented to receive them;
- if you have already purchased our products and services, we may send you information about our similar products or services under soft opt-in consent; and
in your business capacity if you have requested information from us, if you provided us with your details or if we have identified you as someone who may be interested in our products/services.
You can opt-out of our direct marketing at any time by:
- unsubscribing from our marketing messages by following the opt-out links on any marketing email sent to you or by emailing [email protected] ; and/or
Payments and Profiling
Our payment processors (see Payments via our websites) use technology to help them make decisions about financial transactions and your card payments which may prevent you from accessing our Services or continuing to use our Services. In this role, our Payment Processors act as controllers and may monitor insights and patterns of payment transactions and other online signals to reduce the risk of fraud, money laundering and other harmful activity. This activity is carried out in accordance with their privacy policies available:
Paypal Privacy Statement
Our Websites use retargeted advertising. As a result of this retargeting, you may see ads for our services on other sites such as Facebook. Our retargeting providers will read a cookie that is already in your browser, or they will place an anonymous cookie or ‘pixel’ in your browser when you visit our Websites. You can always change your cookie consent manually.
You have choices as to which cookies you agree to.
Disclosure of your personal information
Payments via our websites
All payments through our Websites are made using the payment services provided by Stripe and Paypal (Payment Processors). To use these payment services you must have your own account with the Payment Processor and have connected your account with our Services. To provide your card and billing details, you will be directed to a Payment Processor’s service.
In processing card payments, the Payment Processor acts as a data processor to us but in other respects, both we and the Payment Processors act as data controllers and we will share personal information with the Payment Processors and the Payment Processors will share personal information with us in order to provide the Services. For further information on how the Payment Processors handle your personal data see:
Paypal Privacy Statement
Others with whom we may share your personal information
We share limited personal data with our affiliates only to the extent required to provide our Services and for internal administration purposes.
We may disclose your personal information to selected third parties, including:
third party service providers who we use to help manage our business. Please email [email protected] if you would like details of our service providers;
insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims;
if Smudgedlipstick Events or substantially all of its assets are acquired by a third party, to the relevant third party (and its advisers) who may use the data in connection with the acquisition;
taxation authorities, regulators, law enforcement agencies or other authorities if required by such authorities or by due process of law.
How we hold and protect your personal information
How we keep your personal information secure
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
All information you provide to us is stored on our secure servers. Any payment transactions will be carried out by our Payment Processors over encrypted connections using SSL technology. Unfortunately, the transmission of information via the internet is not completely secure and any transmission is at your own risk.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Our retention of your personal information
We will retain your personal data for as long as necessary to provide you with our services and for so long as you do not wish to unsubscribe from our marketing communications or from receiving targeted advertising. We will also retain your personal data as necessary to fulfil our contractual obligations and to comply with our legal obligations, resolve disputes, and enforce our agreements.
International transfers of your personal information
Your personal information will be processed by us in the UK and the European Economic Area (“EEA”). We take steps to minimise transfers of your personal information outside of the UK and EEA, however, there may be some circumstances where we or our service providers do transfer your personal information to a destination outside the UK or EEA.
We will only transfer your data outside of the UK and the EEA in compliance with data protection laws and provided appropriate safeguards to protect personal information being transferred are in place, such as an adequacy decision, approved model contractual clauses or binding corporate rules.
Please contact us using the details set out in the “Contact us” page if you would like details of the specific safeguards applied to the export of your personal information.
You have certain legal rights with respect to your personal information depending on your location and applicable laws. You may exercise your rights at any time by contacting us at [email protected]
Your rights if you are resident in the UK or the EEA
Right of access: You have the right to access any personal data we hold about you: we will provide a copy of your personal data that we hold together with details of the purposes of the processing, the types of personal data we hold and the people to whom your personal data has been disclosed.
Right to rectification: You have the right to have inaccurate or incomplete personal data corrected or to restrict the processing of personal data whilst the accuracy is checked.
Right to erasure: You have the right to ask to have personal data we hold about you erased. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with law.
Right to data portability: In certain circumstances, you have the right to have data we hold about you transferred to yourself or another data controller. Note, this right only applies to information that is processed by automated means which you initially provided consent for us to use or where we used the information to perform a contract with you.
Right to object: You have the right to: ask us not to process your personal data for direct marketing purposes; object, on grounds relating to your particular situation, to the processing of your personal data (including profiling) where we are relying on a legitimate interest.
Right to withdraw consent: You have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
Right to complain: You have the right to lodge a complaint with the UK Information Commissioners Office or other data protection supervisory authority applicable to you if you are unhappy with the way we are handling your personal data.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Links to other websites
Our sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.