DIREM BEAUTY – YOUR RIGHTS POLICY

Introduction
The General Data Protection Regulation (GDPR) and the UK Data Protection Act provide you with a number of important rights in relation to the personal data that Direm Beauty (“Direm”), as a Data Controller, processes about you. This policy explains how those rights can be exercised, the timescales we will follow and any limited situations in which we may be exempt from full compliance.

Aims and objectives of this policy
This policy sets out our approach to giving effect to your data subject rights and describes situations in which those rights should be implemented and where limited exemptions may apply.

Overview
Each of your rights is explained in more detail below.

Timescales
We will acknowledge any request you make. We will aim to provide the information or take the action you request as soon as is reasonably practicable and, in any event, within one month of receipt of a valid request. Where a request is complex or there are multiple requests, we may extend this period; if we do so we will tell you and explain why more time is required.

Identification
If there is any reasonable doubt about the identity of the person making a request, we will take reasonable steps to confirm identity before responding. Acceptable proof may include a passport or a photographic driving licence. For online requests, we may ask for additional evidence to ensure the request originated from you. Where identity cannot be confirmed, we will not disclose personal data.

Subject access requests (right of access)
You have the right to ask whether Direm processes your personal data and, where we do, to obtain:

  • a copy of the personal data we hold about you; and
  • information about the purposes of processing, the categories of data, recipients or categories of recipients, retention periods (or criteria used to determine them), your rights, the source of the data (if not collected directly from you), any automated decision-making and safeguards for any international transfers.

We do not normally charge for subject access requests. We may charge a reasonable fee or refuse to comply if a request is manifestly unfounded, excessive or repetitive. Where we charge, any fee will reflect administrative costs. Where you ask for information by email, we will normally supply it by secure email unless you request another format.

Rectification (right to correct)
If personal data we hold about you is inaccurate or incomplete you have the right to request correction or completion. We will correct the data without undue delay and take reasonable steps to ensure corrections are propagated to other systems and third parties where appropriate. We will tell you when a rectification has been made unless doing so is impossible or would involve disproportionate effort.

Erasure (right to be forgotten)
You may request deletion of your personal data in certain circumstances (for example where data is no longer necessary for the purposes collected, you withdraw consent, you object and there are no overriding legitimate grounds, or where processing is unlawful). When erasure is appropriate, we will delete relevant personal data and take reasonable steps to remove it from systems and third parties we have shared it with, subject to technical feasibility and cost.

We are not required to delete personal data where processing is necessary for:

  • compliance with a legal obligation;
  • exercising the right of freedom of expression and information;
  • public health reasons;
  • archiving in the public interest, scientific or historical research, or statistical purposes where deletion would render the purpose impossible or seriously impair it; or
  • the establishment, exercise or defence of legal claims.

Restriction of processing
You may ask us to restrict processing where one of the following applies:

  • you contest the accuracy of the personal data (for a period to enable verification);
  • processing is unlawful and you request restriction rather than erasure;
  • we no longer need the data for our purposes but you need it to establish, exercise or defend legal claims; or
  • you have objected to processing and verification of overriding grounds is pending.

Where processing is restricted, we will only process the data with your consent, for legal claims, for the protection of another person’s rights, or for reasons of public interest.

Data portability
Where processing is based on consent or contract and is carried out by automated means, you may request a copy of your personal data in a structured, commonly used and machine-readable format and, where technically feasible, request direct transfer to another controller. We will provide only the personal data you provided and the data generated about you through our services.

Objection to processing
You have the right to object to processing based on our legitimate interests or public interest grounds, on grounds relating to your particular situation. Where we can demonstrate compelling legitimate grounds that override your interests, we may continue processing. This does not apply to direct marketing: you have an absolute right to object to direct marketing and we will stop processing for that purpose on receipt of an objection.

Automated decision making
Direm does not carry out automated decision making that produces legal effects concerning you or similarly significantly affects you.

Exemptions and limitations to your rights
Some rights are subject to exemptions under the Data Protection Act 2018 and other applicable law. Examples include where disclosure would prejudice:

  • prevention or detection of crime, taxation activity or the apprehension or prosecution of offenders;
  • immigration control;
  • legal professional privilege or where complying would reveal evidential material which might be used in the commission of an offence;
  • certain regulatory or parliamentary activities; or
  • where processing is necessary for journalism, academic, artistic or literary purposes and is in the public interest.

Where we rely on an exemption to refuse a request in whole or in part we will explain (unless prohibited) the reasons for refusal and inform you of your right to complain to the Information Commissioner’s Office (ICO) and to seek a judicial remedy.

How to make a request
To exercise any of the rights described in this policy, please contact Direm using one of the following:

  • Phone: +44 7729286813
  • Website/contact form: https://dirembeauty.co.uk
  • Post: Direm Beauty, 42 Russell Road, N13 4RP, United Kingdom

Please provide enough information for us to locate the data you want (for example, full name, contact details, account reference and the nature of your request). We may contact you to ask for additional information to verify your identity or to clarify your request.

Complaints
If you are unhappy with our handling of your request or believe we have not complied with data protection law, you may complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk. You may also have the right to seek a judicial remedy.

Review of this policy
We may update this Your Rights Policy from time to time. Please check this page periodically.

Last updated: 25 November 2025