At www.thebodyshop.lk we take the protection for your Personal Information (such as name; address; phone number; date of birth; e-mail address; credit card number; gender; language preference; and merchandise category preferences) very seriously.
We collect Personal Information that you provide to us voluntarily and process it for the following purposes ("Purposes"):
- To complete transactions with you and manage your membership of our customer loyalty scheme where applicable;
- To directly market to you, with your permission;
- To understand and analyze our sales, and your needs and preferences;
- To develop, enhance market and provide products and services to meet your needs;
- To enable you to participate in promotions and contests;
- To enable you to participate in customer research or focus groups;
- To process exchanges or product returns;
- To improve our shops; and,
- To respond to requests or complaints.
We may hold or process such Personal Information securely anywhere in the world, for as long as is necessary for the Purposes.
Subject to your consent we may communicate with you through a variety of channels, including through our stores, our customer loyalty schemes, through the internet, and through a variety of means such as post, email, phone, fax, or text message, subject to your preference.
1. Our Approach to Privacy
1.5. The Body Shop Sri Lanka which is the master Franchisee for The Body Shop Brand in Sri Lanka is incorporated in Sri Lanka and registered under the Companies Act, 1994.
1.6. We take every measure to provide a comparable level of protection for Personal Information should the information be processed by a Vendor.
2. About Information Collection
2.2. We provide you with information that explains why the Personal Information is needed and how the Personal Information will be processed.
3. Personal Information
We at www.thebodyshop.lk limit the amount and type of information that we collect to that which is necessary for the identified purposes and do not collect your Personal Information unless you (directly or indirectly) provide it to us voluntarily.
3.2. Although the precise details of the Personal Information collected will vary according to the specific purpose, we may typically collect the following Personal Information from or in relation to you:
3.2.3. Phone number(s);
3.2.4. Date of birth;
3.2.5. E-mail address;
3.2.6. Credit card number;
3.2.8. Language preference; and merchandise category preferences
3.2.9. Identity card number
4. Non-Personally Identifiable Information
4.1. Where we collect information through our web sites, as is the case with many other web sites, we automatically collect certain non-personal information regarding web site use that does not identify you. Examples include the Internet Protocol (IP) address of your computer, the IP address of your Internet Service Provider, the date and time you access the web site, the internet address of the web site from which you linked directly to our web site, the operating system you are using, the sections of the web site you visit, the web site pages read and images viewed, and the content you download from our web site.
4.2. We may use non-personal information to compile tracking information reports regarding site user demographics, site traffic patterns, and site purchases. None of the tracking information in the reports can or will be connected to the identities or other Personal Information of individual users.
4.3. In this way, your visit to our web site will be logged; however, you will remain anonymous to us unless you specifically choose to share information with us. We use this information about the way in which our customers use our website to better understand which features are most popular and best meet the needs of our visitors.
5. When Is Personal Information Collected and How Is It Used?
5.1. We at www.thebodyshop.lk/ collect Personal Information for the following purposes ("Purposes"):
5.1.1. To complete transactions with you and to administer sales and to manage your membership with our customer loyalty scheme (if you become a member);
5.1.2. To direct market to you, with your permission;
5.1.3. To understand and analyze our sales, and your needs and preferences;
5.1.4. To develop, enhance market and provide products and services to meet your needs;
5.1.5. To enable you to participate in promotions and contests;
5.1.6. To enable you to participate in customer research or focus groups;
5.1.7. To process exchanges or product returns;
5.1.8. To improve our Shops; and,
5.1.9. To respond to requests or complaints
5.1.10. To enable you to participate in our customer loyalty schemes and to manage your membership thereof.
5.2. We only keep Personal Information for as long as is necessary to satisfy the specified purposes, for which it was collected. We retain Personal Information in accordance with our own guidelines, procedures and principles and in line with the Sri Lanka law
5.3. We may disclose your Personal Information if we are required to do so by law or requirement of a competent authority.
5.4. In addition to the above, we may from time to time work on specific initiatives with carefully selected third party companies/organizations (outside of The Body Shop Sri Lanka) to share opportunities with you. If we do this, we will inform you at the time of such initiatives that, if you decide to submit any Personal Information, it will be shared with those selected companies/organization and will only do so with your prior consent.
5.6. If you do consent (opt in) to receive these communications you may unsubscribe at any point in the future by contacting us as provided below.
5.7. We will only use your Personal Information for a purpose that has been specified prior to its use or where the Processing of your Personal Information is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract or Processing is necessary for other legal purposes.
6. Customer Consent (Opt In - Unsubscribe)
6.1. Opt In: We at www.thebodyshop.lk will not use your Personal Information for a purpose that has not previously been specified, unless we have previously obtained your consent or unless such purpose is required by law.
6.2. Consent to provide Personal Information is not a condition for our selling a product to you, unless the information requested is required to fulfill an explicitly specified and legitimate purpose.
6.3. In particular we will seek your explicit prior consent (opt in) before sending to you marketing communications.
6.4. Unsubscribe: At any time, you can withdraw your consent to our collection, use or disclosure (generally Processing) of your Personal Information by (I) contacting us, or (ii) writing to us in the prescribed manner (whether by email or call), as specified in our communications to you, or in relevant forms that you might have signed (e.g. for our customer loyalty scheme). If you have any concerns whatsoever, with regard to the unsubscribe functionality that we make available to you, pursuant to this section, please contact us at the address or medium shown in section 11 below.
6.5. If you have previously opted into receiving commercial communications from us, while also becoming a member of our loyalty scheme, should your membership to such scheme comes to an end for whatever reason, we will not take this to imply an automatic request to unsubscribe, and we will assume that we have your continued consent, unless you specifically unsubscribe.
7. Accuracy of Information
7.1. We at www.thebodyshop.lk keep Personal Information as accurate, complete and up-to-date as necessary, taking into account its use and the interests of our customers.
7.2. You are responsible for informing us about changes to your Personal Information and for ensuring that such information is accurate and current.
8. Accessing and Updating Personal Information
8.1. Customers have a qualified right to access, rectify, delete, or object (to the processing of) your Personal Information stored by us and to receive an account of its use and disclosure. We recommend that all customer requests for access to Personal Information held by The Body Shop be made in writing, although we will not impose a formal requirement in this regard. However, we may require you to provide us with additional information reasonably necessary for us to satisfy your request.
8.2. We amend the Personal Information contained in our database or elsewhere as required when an individual successfully demonstrates the inaccuracy or incompleteness of the Personal Information. An amendment may involve the correction, deletion or addition of information and notification to third party to whom the data have been disclosed. However, we may be unable to amend past purchase information or return transaction information.
. If at any point we decide that we wish to use Personal Information for any purpose other than, or in addition to the Purpose(s) listed in this policy or from that stated at the time this information was collected, we will notify you by way of an email, unless we do not have your email address, in which case we will use any other means of communication available to us depending on the contact details that you have provided to us. We will only proceed with such use, if we receive your consent with respect to such additional purposes’ (not previously communicated, or not previously included in this policy).
10. How do we keep Your Information Secure?
10.1. We at The Body Shop protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification with security safeguards appropriate to the sensitivity of the Personal Information, regardless of the format in which it is held.
10.2. We use various methods to safeguard Personal Information. They include:
10.2.1. Physical measures: locked filing cabinets, restriction of access to offices, and company alarm systems.
10.2.2. Technical tools: passwords and encryption, using generally industry best practices.
10.2.3. Organizational controls: confidentiality agreements, limiting access on a need-to-know basis, staff training and security clearances.
10.3. Online security is also a priority. The Body Shop incorporates security measures such as encryption and authentication tools to protect your Personal Information from unauthorized use. Firewalls are utilized to protect our servers and network from unauthorized users accessing and tampering with files and other information that we store.
CREDIT CHECK AND FRAUD PREVENTION
We use standard and authorized payment services and our Credit Check and Fraud Prevention policies are aligned to these companies. All disputes would be handled by Sri Lanka courts.
OTHER USES OF YOUR PERSONAL INFORMATION
We may also send you other information about us, the Site, our other websites, our products, sales promotions, our emailers, SMS updates, anything relating to other companies in our group or our business partners. If you would prefer not to receive any of this additional information as detailed in this paragraph (or any part of it) please click the “unsubscribe” link in any email that we send to you or follow the un-subscription process as detailed in the SMS. Kindly note that unsubscribing from one medium does not automatically lead to un-subscription from the other. Within 7 business days (days which are neither (i) a Friday or Saturday, nor (ii) a public holiday anywhere in Sri Lanka) of receipt of your instruction we will cease to send you information as requested. If your instruction is unclear we will contact you for clarification.
For any competition we use the data to notify winners and advertise our offers. You can find more details where applicable in our participation terms for the respective competition.
THIRD PARTIES AND LINKS
We have in place appropriate technical and security measures to prevent unauthorized or unlawful access to or accidental loss of or destruction or damage to your information. When we collect data through the Site, we collect your personal details on a secure server. We use firewalls on our servers. When we collect payment card details electronically, we use encryption by using Secure Socket Layer (SSL) coding. Whilst we are unable to guarantee 100% security, this makes it hard for a hacker to decrypt your details. You are strongly recommended not to send full credit or debit card details in unencrypted electronic communications with us. We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you. You are responsible for protecting against unauthorized access to your password and to your computer.
11. CONTACTING US
We reserve the right to change or update this policy at any time by placing a prominent notice on our site. Such changes shall be effective immediately upon posting to this site.