PRIVACY POLICY

Master Distributor Trading as CLOUD NINE 11 December 2024

1. Background

Master Distributor Ltd trading as Cloud Nine (we’, us’ and ‘our’) understands that
your privacy is important to you and that you care about how your information
is used and shared online. We respect and value the privacy of all our customers and everyone who visits our Site and will only collect and use information in a manner consistent with your rights and our obligations under the UK General Data Protection Regulation (UK GDPR) or EU General Data Protection Regulation (EU GDPR).

This Policy explains what personal information we process about you when you:

  • purchase our products;
  • use our site (create accounts, fill in questionnaires etc.)
  • communicate with us by email, telephone or on social media; and
  • subscribe to our direct marketing communications

Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of our Privacy Policy is deemed to occur upon your first use of our Site. If you do not accept and agree with this Privacy Policy, you must stop using our Site immediately.

2. INFORMATION ABOUT US

2.1 Our Site is owned and operated by Cloud Nine. Cloud Nine is the trading name of Master Distributor Limited registered in England under company number 07079855. The registered address is A2 Hornbeam Square West, Harrogate, HG2 8PA.

2.2 Our appointed data protection officer is Adam Brogden from GDPR Local. You can contact him at: dpo.support@gdprlocal.com; Tel: + 441 772 217 800; 1st Floor Front Suite 27-29 North Street, Brighton England BN1 1EB.

2.3 Under Article 27 of the GDPR, we have appointed an EU Representative to
act as our data protection agent. Our nominated EU Representative is: Instant
EU GDPR Representative Ltd; Adam Brogden; contact@gdprlocal.com; Tel:+ 353 15 549
700; INSTANT EU GDPR REPRESENTATIVE LTD 69 Esker Woods Drive, Lucan Co. Dublin,
Ireland.

2.4 We are registered with the Information Commissioner’s Office under registration number ZA217818.

3. WHAT DOES THIS POLICYCOVER?

This Privacy Policy applies only to your dealings with us as a customer, potential customer, prize draw and competition entrants or to your use of our Site. This Policy applies where we are acting as a Data Controller, where we determine the purposes and means of the processing of that personal data as described in the table below - Section 4. This policy also covers the process for registration of products which is available on our website and linked to the SalesForce site. We may provide links to other websites, whether they are shared by us or by other users. We have no control over how your data is collected, stored or used by other websites or third parties and
we advise you to check the privacy policies of any such websites before providing any data to them.

4. WHAT DATA DO WE COLLECT AND WHY?

Some data will be collected automatically by Our Site (for further details, please see section 13 on Our use of Cookies), other data will only be collected if you voluntarily submit it, for example, when signing up for an Account. Depending upon our interactions with you and your use of Our Site, we may collect and process some or all of the following data for the following purposes:

Purpose/Activity Personal data collected Lawful basis relied on under the UK GDPR and EU GDPR
Visiting our Site
  • how you have reached our digital platform, the internet protocol (IP) address you have used, and the MAC address of your device
  • your operating system, browser type, versions and plug-ins
  • your journey through our digital platform, including which links you click on and any searches you made, how long you stayed on a page, and other page interaction information
  • photos you share with us, tag us in and allow us to use.
  • videos you have watched and the duration
  • offers you have redeemed
  • what content you like or share
  • which adverts you saw and responded to
  • which pop up or push messages you might have seen and responded to

Consent – You will be able to enable and disable cookies (except necessary cookies) when you visit our Site.

Legitimate interests – Information about your device is collected to help us understand how you use our Site, whilst helping us to improve our Site for future visits.
Registering an account
  • Name
  • Business/company name
  • Contact information such as email addresses and telephone numbers
  • Date of birth/age verification
 Consent
Purchasing Products If you have already registered an account, we will use the information you provided during the registration process to deliver and communicate with you about your purchase and registration of purchased products. In addition to this, we will need to collect the below:
  • Demographic information such as post code, preferences and interests
Financial information such as credit / debit card numbers. 		Performance of a contract with you, or to take steps before entering into a contract with you.
Prize draws and competitions

From time to time, we may run prize draws and competitions. When you take part in these prize draws and competitions, we will ask you for some basic personal information to enable us to administer the prize draw or competition. This will usually consist of your name and email address which we will need in order to contact you if you win. We may disclose some details of prize draw or competition winners as required under applicable law.

As stated in the Direct Marketing section below, we will not use this information to send you direct marketing communications unless you opt-in.

 Consent.
Completing the Temperature Calculator
  • Name
  • Date of birth/age verification
  • Current styling temperature
  • Hair type
  • Hair thickness
  • Hair length
  • Hair colour
  • Hair concerns
  • Email address

5. Direct Marketing

We may use your personal data to send you promotional materials and marketing communications that we believe may be of interest to you. By providing your information (such as when creating an account or signing up for our newsletter), you can choose to receive these communications. You’ll have the flexibility to manage your preferences or unsubscribe at any time by following the link in our emails or reaching out to us directly.

If you do opt-in and you later change your mind, we provide an unsubscribe link at the bottom of every marketing communication. You can also withdraw consent to marketing communications by contacting: info@cloudninehair.com.

6. HOW AND WHERE DO WE STORE YOUR DATA?

We only keep your data for as long as we need to in order to use it as described above and/or for as long as we have your permission to keep it. In any event, we will conduct an annual review to ascertain whether we need to keep your data. Data retention is defined as the retention of data for a specific period of time and for backup purposes. We shall not keep any personal data longer than necessary but acknowledge that this will be dependent on the different types of documents and data that we have responsibility for. As such, our general data retention period shall be for a period of 6 years. Your data will only be stored within the UK and the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland and Liechtenstein).

Data security is of great importance to us, and to protect your data we have put in place suitable policies and procedures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. All information provided through the Site is stored on servers located in the EEA. It will be processed by staff operating in the UK who work for Master Distributor. Such staff may be engaged in the provision of support services. By submitting your personal information, you agree to this transfer, storing or processing. Master Distributor will take all steps reasonably necessary to ensure that your data is treated securely in accordance with this Privacy Policy.

Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to us data via the internet.

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

7. DO WE SHARE YOUR DATA?

We may share your data with other companies in our group. This includes our holding company and its subsidiaries and would principally be shared for sales and product reporting purposes.

We may contract with third parties to supply products and services to us, or to you on our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law. We currently contract with the following categories of third parties:

ii. Payment Gateway providers
iii. Software houses for ERP, WMS, CRM and Carrier facilitation and associated
third party support providers
iv. Web Development Agencies
v. Web Hosting and Ecommerce Services
vi. Carrier & Freight Providers
vii. Bank, Credit Card and Financial Institutions

We may share information about your interactions with our site with third-party advertisers to help them deliver relevant ads to you. These advertisers may use the data they collect in accordance with their own privacy policies.

We use the following advertising services on our website:

The data collected by these advertising platforms may be used to:

  • Serve personalised ads based on your interests
  • Measure the effectiveness of advertising campaigns
  • Track user engagement across different websites or apps
  • Deliver retargeted advertising based on your previous interactions with our website.

You can opt out of personalised advertising by visiting the following links:


We may compile statistics about the use of our Site including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners and advertisers. Data will only be shared and used within the bounds of the law.

In certain circumstances we may be legally required to share certain data held by us, which may include your personal information, for example, where we are involved in legal proceedings, where we are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of us.

8. HOW CAN YOU CONTROL YOUR DATA?

When you submit information to us, you may be given options to restrict our use of your data. We aim to give you strong controls on our use of your data (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and at the point of providing your details or by managing your account).

You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you from receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.

9. YOUR RIGHTS

Under the GDPR, or the Data Protection Act 2018 in the UK you have certain rights in relation to your personal information, which you can exercise free of charge:

  • Right of access to a copy of your personal data
  • Right to rectification of errors
  • Right to erase (in certain circumstances)
  • Right to object (in certain circumstances)
  • Right to data portability (in certain circumstances)
  • Right to restrict processing (in certain circumstances)
  • Right to withdraw consent

You can find out more details about your
rights here: A guide to individual rights | ICO

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

For questions or complaints concerning the processing of your personal data, you can email us at: contact@gdprlocal.com

10. AUTOMATED DECISION-MAKING AND PROFILING

10.1 It is not our policy to carry out automated decision-making and profiling; however in the event that we were to use personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on you, you have the right to challenge such decisions under data protection law, requesting human intervention, expressing your own point of view, and obtaining an explanation of the decision from us.

A. The right described in section 10.1 does not apply in the following circumstances
ii. The decision is necessary for the entry into, or performance of, a contract between you and us;
iii. The decision is authorised by law; or
iv. You have given your explicit consent.


B. Where we use your personal data for profiling purposes, the following shall apply:
ii. Clear information explaining the profiling will be provided, including its significance and the likely consequences;
iii. Appropriate mathematical or statistical procedures will be used;
iv. Technical and organisational measures necessary to minimise the risk of errors and to enable such errors to be easily corrected shall be implemented; and
v. All personal data processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling.

11. Minors Data?

We do not collect information from individuals under the age of 16 without parental or guardian consent. If we become aware that we have collected personal data from a child under the age of 16, without parental or guardian consent, we will take all the appropriate measures to safeguard the data and will delete the personal information
promptly. If you believe we have collected personal data from a minor, please
contact us at contact@gdprlocal.com or info@cloudninehair.com.

12. SENSITIVE DATA

Sensitive data may be collected through our Temperature Calculator questionnaire, which includes a section intended to gather information related to your health. We will be using this information to provide support and advice to our clients regarding hair styling temperature. The data will be collected only with explicit consent from the users, that will be freely given and entirely voluntary, without being a condition for accessing our services. This consent will be obtained before the filling in of the health related information in the questionnaire.

We may also be using this data for further segmented emails targeting healthcare advice and product recommendations, again only with explicit consent from the users and targeting only the users that have consented to be contacted for marketing purposes.

As a user, you can choose to provide sensitive information by giving your explicit consent or opt not to share this data and continue with the questionnaire using only the other information.

If users do provide sensitive information, we will take all appropriate precautions to protect that data and adhere to the data retention periods outlined in our Data Retention Policy. Sensitive data will not be retained longer than necessary for the purpose for which it was collected and will be deleted accordingly.

13. CHANGES TO OUR PRIVACY POLICY

We may change this Privacy Policy as we may deem necessary from time to time, or as may be required by law. Any changes will be immediately posted on our Site, and you will be deemed to have accepted the terms of the Privacy Policy on your first use of our Site following the alterations. We recommend that you check this page regularly to keep up-to-date.

14. HOW TO CONTACT US

If you have any questions about this Policy or if you wish to make a complaint about how we process your personal information, please contact: contact@gdprlocal.com.

You may also lodge a complaint with the Information Commissioner’s Office (ICO), if you think your data protection rights have been breached in any way by us and you have already made a complaint to us in the first instance and you remain unsatisfied with the complaint outcome. You may contact the ICO at:

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.

Alternatively, visit the ICO website here: Information Commissioner's Office (ICO) or email: icocasework@ico.org.uk