Privacy Policy
1. Introduction
At Trichotillomania UK, accessible via trichotillomaniauk.com, we are committed to safeguarding your privacy and protecting your personal data in accordance with the highest standards of data protection and privacy rights. We recognize the trust you place in us when providing your information and ensure compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), where applicable.
2. Scope of Policy and Data Controller Role
This Privacy Policy describes how we collect, use, store, disclose, and protect your personal data when you interact with trichotillomaniauk.com through our website, mobile interfaces, communications, and services. Trichotillomania UK is the data controller responsible for your personal information for the purposes described in this policy. All questions, concerns, or requests relating to your data can be directed to [email protected].
3. Categories of Data Processed
We may collect and process the following categories of personal data depending on your interaction with our website or services:
a. Usage Data
Includes information such as your IP address, browser type, device identifiers, geographic location, pages viewed, access times, referring URLs, and browsing session data.
b. Account Data
Includes information provided when creating an account or initiating contact, such as your full name, postal address, email address, and telephone number.
c. Profile Data
Includes information related to your preferences, online behavior within our platform, purchase history, product interests, and demographics (where voluntarily provided).
d. Communication Data
Includes records of communications between you and us, including contact form submissions, customer support interactions, and any feedback provided.
e. Technical Data
Includes details on the devices and software you use to access our services, such as device type, operating system, application versions, screen resolution, language settings, and system configurations.
f. Transaction Data
Includes data relating to purchases or payments, such as payment method, billing and shipping addresses, transaction identifiers and statuses (note: payment processing is handled by secure third-party providers and we do not retain card details).
g. Preference Data
Includes your choices related to receiving marketing communications, newsletter sign-ups, and interest in specific resources or products.
4. Legal Bases for Processing
The legal bases on which we rely to process your personal data include:
– Consent: When you provide clear consent for a specific purpose, e.g., subscribing to our newsletter.
– Contractual Necessity: Processing required to fulfill contractual obligations or to take steps at your request prior to entering into a contract.
– Legitimate Interests: Processing necessary for our legitimate interests, provided those interests are not overridden by your rights (e.g., security, analytics, and ensuring service continuity).
– Legal Obligation: When processing is necessary to comply with applicable legal requirements.
5. Your Rights
Under relevant data protection laws, you may have the following rights:
– Right of Access: Obtain confirmation and a copy of the personal data we hold about you.
– Right to Rectification: Correct inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal information where lawful to do so.
– Right to Restriction: Request restriction of processing in certain situations.
– Right to Data Portability: Receive your data in a structured, machine-readable format and have it transmitted to another controller.
– Right to Object: Object to processing based on legitimate interests or direct marketing.
– Right to Withdraw Consent: Withdraw consent at any time where processing is based on your consent.
To exercise any of these rights, please contact us at [email protected]. We may require verification of your identity before fulfilling your request.
6. Security Measures
We implement robust security measures to ensure the confidentiality, availability, and integrity of personal data, including:
– Data encryption in transit and at rest
– Role-based access controls and authentication
– Secure backup and disaster recovery procedures
– Regular audits and updates to our systems and network
– Staff training and awareness on data privacy responsibilities
7. International Transfers
Where your data is transferred outside the United Kingdom or European Economic Area (EEA), we ensure a lawful basis for such transfers under GDPR, including standard contractual clauses approved by the European Commission or adequacy decisions in respect of destination countries.
For users in California, personal information will only be transferred in ways consistent with CCPA obligations and reasonable safeguards.
8. Data Retention
We retain personal data for no longer than is necessary for the purposes processing is conducted. Below is a general guide:
– Usage Data: Up to 26 months for analytics purposes
– Account Data: Retained for the duration of the account and up to 3 years following closure
– Communication Data: Typically retained for up to 2 years
– Technical Data: Retained for 26 months for diagnostic and performance analysis
– Transaction Data: Retained for 7 years for financial and statutory reporting
– Preference Data: Retained until consent is withdrawn or preferences are updated
We may retain certain information longer where required to comply with legal obligations or defend against potential claims.
9. Cookie Policy
We use cookies and similar tracking technologies to enhance the user experience and help us understand how users interact with trichotillomaniauk.com. We categorize cookies as follows:
– Essential Cookies: Necessary for site functionality, such as secure login and account management.
– Functional Cookies: Enable improved personalization and user settings.
– Analytical Cookies: Help us track user behavior and improve site performance (e.g., via Google Analytics).
– Performance Cookies: Monitor service availability, responsiveness, and user experience metrics.
10. Cookie Management and Compliance
Upon first visit, users are presented with a cookie consent banner allowing selection of preferences in accordance with GDPR and CCPA requirements. You may manage or withdraw consent at any time through the cookie settings interface on our site or via browser settings. Instructions on managing cookies can also be found on public browser documentation pages.
California residents may opt-out of the “sale” of personal information under the CCPA via clearly visible links provided on the website.
11. Special Protections for Children Under 13
Trichotillomania UK does not knowingly collect personal data from children under the age of 13. If we become aware that a child under 13 has provided us with personal information without parental consent, we will promptly delete such data. Parents or legal guardians wishing to exercise rights on behalf of their children may contact [email protected].
12. Policy Updates & User Notifications
Trichotillomania UK reserves the right to update this Privacy Policy as needed in response to legal, technical, or operational changes. Where changes are material, we will endeavor to inform you via posted notices on trichotillomaniauk.com or direct communication if warranted by the nature of the update. You should review this policy periodically to stay informed about our data protection practices.
13. Contact
For questions about this Privacy Policy, concerns about your personal data, or to exercise your data protection rights, please contact us at:
Email: [email protected]
We are committed to full compliance with GDPR, CCPA, and related privacy frameworks. Your trust is important to us, and we are here to support your privacy rights at every step.