This Privacy Statement (our Statement) sets out the basis on which any personal data within the meaning of the General Data Protection Regulation (GDPR) (EU) 2016/679 is collected and used by us.
We are SoSueMe Limited trading as SoSu by Suzanne Jackson or SoSubySJ (registered number 542769, registered address 21 Seacrest, Skerries, Co Dublin) and references to ‘we’, ‘us’ and ‘our’ shall be construed accordingly.
We sell, promote and market beauty products and cosmetics.
Personal data is information which relates to an identifiable natural person.
Sosume Limited is the controller of your data and is responsible for our website. We are not required to have a Data Protection Officer but have taken the step to appoint a Data Champion. This data champion can be contacted at firstname.lastname@example.org.
The data that we obtain includes but is not limited to the following - name, IP address, telephone number, email address and social media ‘handles’. For clarity we do not collect or process and sensitive personal data.
We process personal data relating to the following categories of data subject: our employees, our customers who are natural persons, our social media followers and third party employees and contractors who we do business with or who provide services to us.
We use it in order to:
Yes, provided we can identify a legitimate basis for doing so. To use your information lawfully, we rely on one or more of the following basis:
Generally we do not rely on consent as a legal basis for processing your data other than in relation to sending you direct marketing communications. We have ensured that you ‘Opt In’ to receive or continue to receive these services. You have the right to withdraw consent at any time by contacting us.
No. Sensitive personal data includes certain categories of personal information, such as that about race, ethnicity, religion or health.
When you give us personal information, we take steps to make sure that it’s treated securely. We use strict procedures and technical security measures to safeguard your information in our offices and across all of our computer systems, networks, website and social media platforms. Our security measures include the following:
Non-sensitive details (your email address etc.) are sent normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
Yes, we share personal data with:
(a) third parties who provide services to us in the course of our business subject that we disclose only the personal information that is necessary for the purpose of the performance of their services and we have contracts in place that guarantee the security of your data and the integrity of our service providers’ systems. These parties include,:
We do not transfer your data outside of the European Economic Area (EU members and Iceland, Liechtenstein and Norway) (EEA).
The following countries have been approved by the EU Commission as providing an adequate level of data protection for the purpose of the international transfer of data: Switzerland, Guernsey, Argentina, Isle of Man, Faroe Islands, Jersey, Andorra, Israel, New Zealand and Uruguay have been approved in full. Canada has been approved for certain types of personal data. The Commission has also approved the transfer of advance airline passenger data to the US, Canada and Australia. For clarity we do not transfer data to these countries either.
We require your express consent if we wish to contact you for direct marketing purposes (by email or social media). You are entitled to withdraw your consent at any time at any time. To withdraw your consent you simply contact email@example.com.
You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. Please note that we're not responsible for the content of external websites.
We will hold your data while you are a customer and for the minimum period thereafter that we are required pursuant to our legal and regulatory obligations. We will keep your data for no longer than is necessary and then securely delete your data or anonymise it so that it cannot be linked to you.
You have the right to:
(a) request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please contact us using the contact details mentioned below. We will respond to your request within one month;
(b) ensure that your personal information held by us is accurate and up to date. If you would like us to correct or remove information you think is inaccurate please contact us using the contact details mentioned below;
(c) object to the processing of your personal data on grounds relating your particular situation if we claim that the processing is carried out on the basis that it is necessary for the purposes of our legitimate interests or those of your employer or a third party.
We can only deny your request if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claims;
(d) receive the personal data which you have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:
(e) require that we no longer contact you for marketing purposes (by means of an ‘unsubscribe’ link or ‘Stop’ text message);
(f) be forgotten. Should you wish for us to completely delete all information that we hold about you please contact us using the contact details mentioned below;
(g) lodge a complaint (concerning the manner and means of our processing of your personal data) with the Office of the Data Protection Commissioner (www.dataprotection.ie).
Finally, please note that we may revise or update our Policy at any time subject that we will at all times comply with our obligations under the General Data Protection Regulation (GDPR) (EU) 2016/679.
This Privacy Statement was updated 24 May 2018.