PRIVACY POLICY AND COOKIE POLICY

Master Distributor Trading as CLOUD NINE 1 June 2020

1. Background

Master Distributor Ltd trading as Cloud Nine (‘we’, ‘us’ and ‘our’) understand that your privacy is important to you and that you care about how your information is used and shared online. We respect and value the privacy of all our customers and everyone who visits our Site and will only collect and use information in a manner consistent with your rights and our obligations under the UK General Data Protection Regulation (UK GDPR) or EU General Data Protection Regulation (EU GDPR).

This Notice explains what personal information we process about you when you:
• purchase our products;
• use our Site
• communicate with us by email, telephone or on social media; and
• subscribe to our direct marketing communications.

Please read this Privacy Notice carefully and ensure that you understand it. Your acceptance of our Privacy Notice is deemed to occur upon your first use of our Site. If you do not accept and agree with this Privacy Notice, you must stop using our Site immediately.

2. INFORMATION ABOUT US

2.1 Our Site is owned and operated by Cloud Nine. Cloud Nine is the trading name of Master Distributor Limited registered in England under company number 07079855. The registered address is A2 Hornbeam Square West, Harrogate, HG2 8PA.

2.2 Our data protection officer is Adam Brogden from GDPR Local. You can contact him at contact@gdprlocal.com

2.3 We are registered with the Information Commissioner’s Office under registration number ZA217818.

3. WHAT DATA DO WE COLLECT AND WHY?

SITE
You can access and browse our Site without the need for you to actively provide us with your personal data. However, you will need to register an account in order to purchase products.

This Privacy Notice applies only to your dealings with us as a customer, potential customer, prize draw and competition entrants or to your use of our Site. It does not extend to any websites that are linked to or from our Site (whether we provide those links or whether they are shared by other users). We have no control over how your data is collected, stored or used by other websites or third parties and we advise you to check the privacy policies of any such websites before providing any data to them

Purpose/Activity Personal data collected Lawful basis relied on under the UK GDPR and EU GDPR
Visiting our Site
  • how you have reached our digital platform, the internet protocol (IP) address you have used, and the MAC address of your device
  • your operating system, browser type, versions and plug-ins
  • your journey through our digital platform, including which links you click on and any searches you made, how long you stayed on a page, and other page interaction information
  • photos you share with us, tag us in and allow us to use.
  • videos you have watched and the duration
  • offers you have redeemed
  • what content you like or share
  • which adverts you saw and responded to
  • which pop up or push messages you might have seen and responded to

Consent – You will be able to enable and disable cookies (except necessary cookies) when you visit our Site.

Legitimate interests – Information about your device is collected to help us understand how you use our Site, whilst helping us to improve our Site for future visits.

Registering an account
  • Name
  • Business/company name
  • Contact information such as email addresses and telephone numbers
Consent
Purchasing Products If you have already registered an account, then we will use the information you provided during the registration process to deliver and communicate with you about your purchase. In addition to this, we will need to collect the below:
  • Demographic information such as post code, preferences and interests
Financial information such as credit / debit card numbers.
Performance of a contract with you, or to take steps before entering into a contract with you.
Prize draws and competitions

From time to time we may run prize draws and competitions. When you take part in these prize draws and competitions, we will ask you for some basic personal information to enable us to administer the prize draw or competition. This will usually consist of your name and email address which we will need in order to contact you if you win. We may disclose some details of prize draw or competition winners as required under applicable law.

As stated in the Direct Marketing section below, we will not use this information to send you direct marketing communications unless you opt-in.

Consent.

4. Direct Marketing

When you register your account on our Site, or purchase a product from us through our Site, we ask you to set your contact preferences for marketing and market research communications from us. We have a legitimate interest in using your personal data for marketing purposes. This means we may not always ask you for your consent before sending you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.

We may collect and process the following information when you create an account on our Site or enter prize draws and competitions: name, email address, contact numbers, address, date of birth and location.

If you do opt-in and you later change your mind, we provide an unsubscribe link at the bottom of every marketing communication. You can also withdraw consent to marketing communications by contacting: info@cloudninehair.com

5. HOW AND WHERE DO WE STORE YOUR DATA?

We only keep your data for as long as we need to in order to use it as described above and/or for as long as we have your permission to keep it. In any event, we will conduct an annual review to ascertain whether we need to keep your data. Data retention is defined as the retention of data for a specific period of time and for back up purposes. We shall not keep any personal data longer than necessary but acknowledge that this will be dependent on the different types of documents and data that we have responsibility for. As such, our general data retention period shall be for a period of 6 years. Your data will only be stored within the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland and
Liechtenstein).

6. DO WE SHARE YOUR DATA?

We may share your data with other companies in our group. This includes our holding company and its subsidiaries, and would principally be shared for sales and product reporting purposes.

We may contract with third parties to supply products and services to us, or to you on our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law. We currently contract with the following categories of third parties:-
ii. Payment Gateway providers
iii. Software houses for ERP, WMS, CRM and Carrier facilitation and associated third party support providers
iv. Web Development Agencies
v. Web Hosting and Ecommerce Services
vi. Carrier & Freight Providers
vii. Bank, Credit Card and Financial Institutions

We may compile statistics about the use of our Site including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners and advertisers. Data will only be shared and used within the bounds of the law.

In certain circumstances we may be legally required to share certain data held by us, which may include your personal information, for example, where we are involved in legal proceedings, where we are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of us.

7. HOW CAN YOU CONTROL YOUR DATA?

When you submit information to us, you may be given options to restrict our use of your data. We aim to give you strong controls on our use of your data (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and at the point of providing your details or by managing your account).

You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.

8. YOUR RIGHTS

8.1 You have certain rights in relation to your personal information, which you can exercise free of charge:
• Right of access to a copy of your personal data
• Right to rectification of errors
• Right to erasure (in certain circumstances)
• Right to object (in certain circumstances)
• Right to data portability (in certain circumstances)
• Right to restrict processing (in certain circumstances)
• Right to withdraw consent
You can find out more details about your rights here: A guide to individual rights | ICO

9. AUTOMATED DECISION-MAKING AND PROFILING

9.1 It is not our policy to carry out automated decision-making and profiling; however in the event that we were to use personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on you, you have the right to challenge such decisions under data protection law, requesting human intervention, expressing your own point of view, and obtaining an explanation of the decision from us.

A. The right described in section 9.1 does not apply in the following circumstances
ii. The decision is necessary for the entry into, or performance of, a contract between the you and us;
iii. The decision is authorised by law; or
iv. You have given your explicit consent.
B. Where we use your personal data for profiling purposes, the following shall apply:
ii. Clear information explaining the profiling will be provided, including its significance and the likely consequences;
iii. Appropriate mathematical or statistical procedures will be used;
iv. Technical and organisational measures necessary to minimise the risk of errors and to enable such errors to be easily corrected shall be implemented; and
v. All personal data processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling.

9. How Can You Control Your Data?

a. When you submit information to Us, you may be given options to restrict Our use of your data. We aim to give you strong controls on Our use of your data (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails and at the point of providing your details AND/OR by managing your Account).
b. You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.

10. CHANGES TO OUR PRIVACY NOTICE

We may change this Privacy Notice as we may deem necessary from time to time, or as may be required by law. Any changes will be immediately posted on our Site and you will be deemed to have accepted the terms of the Privacy Notice on your first use of our Site following the alterations. We recommend that you check this page regularly to keep up-to-date.

11. WHAT COOKIES DO WE USE AND WHAT FOR?

Please read this cookie policy carefully as it contains important information on who we are and how we use cookies on our Site. This policy should be read with our Privacy Notice.

Cookies
A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or other electronic device) when you use our Site. We use cookies on our Site.

For further information on cookies generally, including how to control and manage them, you can have a look at the Information Commissioner’s Office guidance here: Cookies | ICO.

Consent to use cookies and changing settings
We will ask for your consent to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested.

You can withdraw any consent to the use of cookies or manage any other cookie preferences by contacting: contact@gdprlocal.com

Our use of cookies
We use the following type of cookies:

Strictly necessary cookies: These are cookies that are required for the operation of our Site. They include, for example, cookies that enable you to log into secure areas of our Site.

Analytical/performance cookies: They allow us to recognise and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us to improve the way our Site works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies: These are used to recognise you when you return to our Site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies: These cookies record your visit to our Site, the pages you have visited and the links you have followed. We may also share this information with third parties for this purpose.

You can choose to delete Cookies at any time however you may lose any information that enables you to access our Site more quickly and efficiently including, but not limited to, login and personalisation settings.

It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.

You can find out more information about the individual cookies we use and the purpose for which we use them in the table below:

Cookie Description Duration Type
keep_alive No description 1 hour Other
secure_customer_sig Shopify sets this cookie to be used in connection with customer login. 1 year Necessary
localization Flickr sets this cookie to to track usage of photo galleries embedded from Flickr. 1 year Functional
cart_currency Shopify sets this cookie to remember the user’s country of origin and populate the correct transaction currency. 14 days Necessary
_cmp_a No description 1 day Other
_shopify_y This cookie is associated with Shopify's analytics suite. 1 year Analytics
_shopify_s This cookie is associated with Shopify's analytics suite. 1 hour Analytics
_orig_referrer Shopify sets this cookie to be used in connection with shopping cart. 14 days Necessary
_landing_page Shopify installs this cookie to track landing pages. 14 days Analytics
recordID This cookie is set by the provider DotMailer, an Email marketing platform. This cookie is used for tracking the users to the website from the emails sent via DotMailer. 1 year Other
dmSessionID Dotmailer sets this cookie to evaluate, track and monitor the effectiveness of email marketing efforts. 20 minutes Analytics
_gcl_au Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services. 3 months Analytics
_shopify_sa_t Shopify sets this cookie for marketing & referrals. 1 hour Analytics
_shopify_sa_p Shopify sets this cookie for marketing & referrals. 1 hour Analytics
_ttp TikTok set this cookie to track and improve the performance of advertising campaigns, as well as to personalise the user experience. 1 year 24 days Advertisement
shopify_pay_redirect Shopify sets this cookie to enable secure online payment and checkout. 1 hour Necessary
_hjSessionUser_* Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site. 1 year Analytics
_hjFirstSeen Hotjar sets this cookie to identify a new user’s first session. It stores the true/false value, indicating whether it was the first time Hotjar saw this user. 1 hour Analytics
_hjIncludedInSessionSample_2373457 No description 1 hour Other
_hjSession_* Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site. 1 hour Analytics
_hjAbsoluteSessionInProgress Hotjar sets this cookie to detect a user's first pageview session, which is a True/False flag set by the cookie. 1 hour Functional
_ga Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. 1 year 1 month 4 days Analytics
_gid Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously. 1 day Analytics
_gat Google Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites. 1 minute Performance
_ga_* Google Analytics sets this cookie to store and count page views. 1 year 1 month 4 days Analytics
test_cookie doubleclick.net sets this cookie to determine if the user's browser supports cookies. 15 minutes Advertisement
sec-banner No description available. 1 year Other
__podscribe_cloudnine_referrer No description session Other
_fbp Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website. 3 months Analytics
__podscribe_cloudnine_landing_url No description session Other
_tt_enable_cookie Tiktok set this cookie to collect data about behaviour and activities on the website and to measure the effectiveness of the advertising. 1 year 24 days Advertisement
_ttp TikTok set this cookie to track and improve the performance of advertising campaigns, as well as to personalise the user experience. 1 year 24 days Advertisement
_pin_unauth Pinterest set this cookie to group actions for users who cannot be identified. 1 year Advertisement
__podscribe_did No description session Other
ar_debug pinterest.com - No description 1 year Other
_podscribe_cloudnine_landing_url podscribe.com - No description 1 year Other
_podscribe_cloudnine_referrer podscribe.com - No description 1 year Other
_podscribe_did podscribe.com - No description 1 year Other
__cf_bm r1-t.trackedlink.net - This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. 1 hour Necessary
swym-session-id Azure sets this cookie to remember any wishlist products chosen by the user. 1 hour Functional
swym-pid Azure sets this cookie to remember any wishlist products chosen by the user. 1 year Functional
_shg_session_id Shogun sets this cookie to tracks individual sessions on the website and app, allowing them to compile statistical data from multiple visits. This data can also be used to create leads for marketing purposes. 1 hour Advertisement
_shg_user_id Shogun sets this cookie to collect data on visitor behaviour from multiple websites in order to present more relevant advertisements. This also allows the website to limit the number of times that the visitor is shown the same advertisement. 1 year 1 month 4 days Advertisement
__kla_id Klaviyo sets this cookie to collect information on the visitor’s behavior. This information is used for internal analytics and to optimise the website. It also registers if the visitor has subscribed to a news letter. 1 year 1 month 4 days Analytics
BVBRANDID This cookie is a performance cookie used for internal Bazaarvoice web analytics, to be correlated to the same user for interactions within a particular client domain. 1 year Performance
BVBRANDSID This cookie is set by Bazaarvoice. This is a session cookie used for internal Bazaarvoice web analytics to be correlated to the same user browsing session for interactions within a particular client domain. 1 hour Performance
swym-o_s Azure sets this cookie to remember any wishlist products chosen by the user. 1 hour Functional
swym-swymRegid Azure sets this cookie to facilitate product images, filter functions and shopping cart functionalities. 1 year Functional
swym-email Azure sets this cookie to facilitate product images, filter functions and shopping cart functionalities. 1 year Necessary
__attentive_id Attn.tv sets this cookie to promote SMS opt-in and produce personalised SMS messaging. 1 year 1 month 4 days Functional
_attn_ Attn.tv sets this cookie to promote SMS opt-in and produce personalised SMS messaging. 1 year 1 month 4 days Functional
__attentive_cco Attn.tv sets this cookie to promote SMS opt-in and produce personalised SMS messaging. 1 year 1 month 4 days Functional
swym-cu_ct Azure sets this cookie in context with the shopping cart functionality to remember any wish-list products and visitor credentials when checking out. 1 year Functional
swym-cu_ct Azure sets this cookie in context with the shopping cart functionality to remember any wish-list products and visitor credentials when checking out. 1 year Functional
swym-instrumentMap Azure sets this cookie to remember any wishlist products chosen by the user. 1 year Functional
__attentive_pv Attn.tv sets this cookie to promote SMS opt-in and produce personalised SMS messaging. 1 hour Functional
__attentive_ss_referrer Attn.tv sets this cookie to promote SMS opt-in and produce personalised SMS messaging. 1 hour Functional
__attentive_dv Attn.tv sets this cookie to promote SMS opt-in and produce personalised SMS messaging. 1 day Functional
key No description available. never Other
is_eu No description available. Other
_attn_ Attn.tv sets this cookie to promote SMS opt-in and produce personalised SMS messaging. Functional
_pay_session shop.app - Shopify sets this cookie to enable secure checkout and payment function on the website. Session Necessary
__cflb r1-t.trackedlink.net - This cookie is used by Cloudflare for load balancing. 1 day Other
INGRESSCOOKIE app.electricsms.com - This cookie is used for load balancing and session stickiness. This technical session identifier is required for some website features. Session Performance
X-Salesforce-CHAT d.la1-c2-lo3.salesforceliveagent.com - This cookie is set by LiveAgent to allow Live Chat assistance for existing customers. Session Functional

12. HOW TO CONTACT US

If you have any questions about this Notice or if you wish to make a complaint about how we process your personal information, please contact:
contact@gdprlocal.com

You may also lodge a complaint with the Information Commissioner’s Office (ICO), if you think your data protection rights have been breached in any way by us and you have already made a complaint to us in the first instance and you remain unsatisfied with the complaint outcome. You may contact the ICO at:

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.

Alternatively, visit the ICO website here: Information Commissioner's Office (ICO) or email: icocasework@ico.org.uk