Effective Date: 12/01/2025
BODY & MIND SKIN CARE CENTRE LIMITED (“we,” “us,” or “our”) is committed to ensuring that individuals (“data subjects”) can exercise their rights under the General Data Protection Regulation (GDPR). This policy outlines the rights of data subjects and the procedures for submitting and processing requests.
1. Scope
1.1 This policy applies to all personal data processed by BODY & MIND SKIN CARE CENTRE LIMITED in relation to its operations, including data collected through the website (https://www.bodyandminduk.com).
1.2 This policy is designed to meet GDPR requirements and ensure that data subjects are informed about their rights and how to exercise them.
2. Data Subject Rights
Under GDPR, individuals have the following rights regarding their personal data:
2.1 Right of Access
- You have the right to request confirmation of whether we process your personal data and access a copy of the data we hold about you.
2.2 Right to Rectification
- You can request that we correct or update inaccurate or incomplete personal data.
2.3 Right to Erasure (“Right to be Forgotten”)
- You can request the deletion of your personal data where:
- The data is no longer necessary for the purposes for which it was collected.
- You withdraw consent (where consent is the basis for processing).
- You object to the processing, and there are no overriding legitimate grounds.
- The data has been unlawfully processed.
2.4 Right to Restriction of Processing
- You can request that we restrict processing of your data if:
- You contest the accuracy of the data.
- The processing is unlawful, but you oppose erasure.
- We no longer need the data, but you require it for legal claims.
- You object to processing, pending verification of legitimate grounds.
2.5 Right to Data Portability
- You can request a copy of your personal data in a structured, commonly used, and machine-readable format, and have the right to transmit it to another controller where feasible.
2.6 Right to Object
- You can object to the processing of your personal data based on:
- Legitimate interests.
- Direct marketing purposes.
2.7 Right to Withdraw Consent
- Where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
2.8 Right to Lodge a Complaint
- You have the right to file a complaint with the Information Commissioner’s Office (ICO) if you believe your rights have been violated. Visit https://ico.org.uk/ for details.
3. How to Submit a Request
3.1 To exercise any of your rights, please visit our Contact Policies Page for contact details.
3.2 Include the following information in your request:
- Your full name.
- Details of your relationship with us (e.g., customer, website user).
- The specific right you wish to exercise.
- Any additional information needed to locate your data (e.g., email address, transaction details).
3.3 Proof of identity may be required to prevent unauthorized access to personal data. Acceptable forms of ID include:
- A government-issued ID (e.g., passport, driving license).
- Utility bill (issued within the last 3 months).
4. Response Timeframe
4.1 We aim to respond to all valid requests within one month. If your request is complex or involves multiple requests, we may extend the response period by an additional two months. In such cases, we will notify you within the initial one-month period.
4.2 If we are unable to fulfill your request, we will provide a detailed explanation, including the legal basis for the refusal.
5. Fees
5.1 In most cases, requests will be processed free of charge.
5.2 We may charge a reasonable fee for:
- Requests that are manifestly unfounded, excessive, or repetitive.
- Additional copies of data provided.
6. Accountability and Records
6.1 We maintain records of all data subject requests, including:
- The nature of the request.
- The date it was received and processed.
- The outcome of the request.
6.2 These records are retained for compliance and audit purposes.
7. Policy Updates
7.1 This policy will be reviewed and updated periodically to reflect changes in legal requirements or business practices.
7.2 The “Effective Date” at the top of this policy will indicate the most recent updates.