1.1. We are Colleen Quinn Consultancy Limited, a company registered (as Lucy Annabella Ltd) in Northern Ireland under company number NI607435 and we have our registered office at 175 Ballygawley Road, Dungannon, Co Tyrone, BT70 1RX (we, us, our).

1.2. We provide a range of a specialist aromatherapy and cosmetic chemistry services designed for brands, aromatherapists and plant workers via our website (currently available at Colleen Quinn Consultancy.com).  We also offer a range of bespoke range of consultancy services as required by the client including but not limited too scientific advisory role, non-executive director role, raw material formulation, formulation development, product development review, audit and reform, sustainability audit and betterment plan and brand growth consultancy.

1.3. If you have any questions about who we are, what we do, or the provisions set out herein (Privacy Notice), please feel free to contact us at the address above or by email to [email protected].

2.1. In order to provide our Services, we may need to process Personal Data from time to time (that is information from which an individual can be identified). To the extent that we hold this data as a Controller (which means we make decisions about what data to collect and how it should be used), we are required to provide anyone who can be identified from that data (Data Subjects) with a notice explaining how we use Personal Data about them. That is what this document is for – to tell you about how we process Personal Data about our Visitors.

2.2. We might need to change this privacy notice from time to time. If we do, we will let you know. So please do keep an eye on our notice before sending us any Personal Data or uploading it on to our Services or Site.

2.3. All of the defined terms in this notice are explained in paragraph 12 below. If you have any questions about this notice, feel free to send us an email to [email protected].

3.1. The nature of our Services means that we may obtain and use Personal Data (that is information relating to an individual who can be identified) which we collect about or from our customers, prospective customers or visitors to our Site. This can be divided into 2 categories of individuals:

3.1.1 Prospective Customers: people who we think might be interested in using our Services.

3.1.2. Visitors to our Site: people who visit or browse our Site and/or who register interest in our Services from time to time.

We may collect or obtain Visitor Data in the following ways:

(I) Data which a Visitor provides us with if they contact us with a query. This would include details of their communication.

(II) Data a Visitor provides us with in respect of their marketing preferences. This is likely to include contact details and marketing preferences.

(III) Usage data which is automatically collected by us about how someone interacts with our Site. This may include IP address, browser type and version, time zone setting and location, browser plugin types and versions, operating system and platform and other technology on the devices used to access our Site. This data may be collected through the cookies we use or other technology. If you would like to know more about our cookies policy, please click here.

(IV) Data which a Visitor provides us with if they communicate with us through third party social medial platforms (e.g. Twitter, Facebook, Instagram). We may retain details of your post or comments as well as your social media account profile details.

(V) We may also collect, use and share aggregated data such as statistical or demographic data which we collect from interactions with Visitors of our Services. Aggregated data may be derived from Personal Data but since it cannot be used to identify an individual, it is not Personal Data.

5.1. We process data about Visitors for the following purposes:

(I) To manage our relationship with our Visitors. This may include notifying Visitors of updates to our services, terms or updates to this privacy notice. This is necessary to protect our legitimate interests of running our business.

(II) For administration and dispute resolution purposes. This may include processing Personal Data to meet our internal administration requirements and for matters such as dispute resolution. This is necessary to protect our legitimate interests of running our business.

(III) For marketing purposes. From time to time we might contact our Visitors by telephone or email about updates to our services, new features or functions or new products we are bringing out. Our marketing may be tailored on the basis of what we think your interests are (from looking at past transactions and interactions). We will always include the right to opt out in any such correspondence. Generally we will rely on the fact that this is necessary to protect our legitimate interests of running our business, however where required by law we will obtain your consent.

(IV) We may use usage data to monitor account usage and manage disputes. Such use is necessary for us to achieve our legitimate interest of protecting the integrity of our site. If a Visitor does not use our Services in accordance with our terms of use, we may cease allowing them to access our Services and we may pass on the Visitor’s details if such activities are or are likely to be in breach of someone else’s rights of privacy, intellectual property rights or any other lawful rights.

Data Processors

6.1. We may disclose any Personal Data that we hold to our employees as well as other third parties who we engage to help us provide our Services (e.g. Mailchimp and our Courses are hosted on an online business platform provided by Kajabi, LLC). Any such parties contracted by us will be acting as our Processors and will be subject to strict contractual requirements only to use Personal Data in accordance with our privacy notice. If you would like more information about third party processors used by us, please contact us at: [email protected].
We will not rent or sell your Personal Data to other organisations for use by them in any way, including in their direct marketing activities.

Other Disclosures

6.2. We may also disclose Personal Data if:

6.2.1. we are under a duty to do so in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements or to protect the operation of our Site, or the rights, property, or safety of us, our Visitors, or others;

6.2.2. to any buyer if we sell, transfer or merge parts of our business or our assets. If a change happens to our business, then the new owners will only be entitled to use Personal Data in accordance with the provisions set out in this privacy notice.

7.1. It is our policy to ensure that all Personal Data held by us is handled correctly and appropriately according to the nature of the information, the risk associated with mishandling the data, including the damage that could be caused to an individual as a result of loss, corruption and/or accidental disclosure of any such data, and in accordance with any applicable legal requirements.

7.2 There are some steps you can take to help make sure that your data is protected. For example:

(a) make sure that you use devices running supported operating systems that are regularly patched and incorporate some form of malware protection. Only connect your device to networks that you trust;

(b) make sure that you keep any passwords associated with your Visitor Account secure and do not share them with anyone else; and

(c) make sure you understand who can access the data you contribute to a public forum before you add any information which might be shared. For more information on this, please have a look at paragraph 6.2 above.

8.1. The personal information collected from you may be transferred to, and stored at, a destination outside the EEA. It may also be processed by individuals operating outside the EEA who work for us or who work on our behalf. This includes staff engaged in, among other things, the processing of your payment details and the provision of support services.

8.2. By submitting your personal data, you consent to this transfer, storing and processing at a location outside the EEA. Where data is transferred outside the EEA, we have gone through a full due diligence process to help ensure the data is afforded the same levels of security. We will only use Processors who ensure that they have adequate safeguards in place to protect Personal Data relating to you.

8.3. Unfortunately, the transmission of information via the internet is never 100% secure and we cannot guarantee the security of your data transmitted to our Site. This means any such transmission is at your own risk.

8.4. If you are based outside the EEA and would like further information about where we hold your data, please contact us by email: to [email protected].

9.1. We will not retain your Personal Data for any longer than necessary in relation to the purposes for which it was originally collected, or for which it was further processed.

9.2. Our retention policies for Personal Data are as follows:

(a) we may store data related to financial transactions for up to 7 years to ensure that we have sufficient records from an accounting and tax perspective;

(b) we may archive data relating to negotiations, contracts agreed, payments made, disputes raised for up to 6 years to protect ourselves in the event of a dispute arising between you and us;

(c) we may retain data which is held for marketing purposes for up to 5 years from the date you opt in – this is subject to your right to opt out at any time;

(d) we may store aggregate data without limitation (on the basis that no individual can be identified from the data); and

(e) we may retain usage data for a period of up to 6 years after expiry of the relevant Visitor contract in case of any disputes arising.

10.1. Visitors have the following rights in respect of any Visitor Data we hold about them:

(a) Right to be informed: the right to be informed about what Personal Data we collect and store and how it’s used.

(b) Right of access: the right to request a copy of the Personal Data we hold, as well as confirmation of:

(I) the purposes of the processing;

(II) the categories of personal data concerned;

(III) the recipients to whom the personal data has/will be disclosed;

(IV) for how long it will be stored

(V) if data wasn’t collected directly from you, information about the source.

(c) Right of rectification: the right to require us to correct any Personal Data we hold which is inaccurate or incomplete.

(d) Right to be forgotten: in certain circumstances, the right to have the Personal Data we hold erased from our records.

(e) Right to restriction of processing: the right to request us to restrict the processing we carry out. You might want to do this, for instance, if you think the data we hold is inaccurate and you would like to restrict processing the data has been reviewed and updated if necessary.

(f) Right of portability: the right to have the Personal Data we hold transferred to another organisation, to the extent it was provided in a structured, commonly used and machine-readable format.

(g) Right to object to direct marketing: the right to object where processing is carried out for direct marketing purposes (including profiling in connection with that purpose).

(h) Right to object to automated processing: the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects (or other similar significant effects) on you.

If you want to avail of any of these rights, you should contact us immediately at [email protected].

11.1. If you have any questions or concerns about how we are using Personal Data about you, please contact our data protection officer immediately at our address (see paragraph 1.1 above) or by email to [email protected]. If we are processing Personal Data about you on behalf of our Visitor, we will need to pass your complaint to our Visitor – we will only do so with your consent.

11.2. If you wish to make a complaint about how we have handled Personal Data about you, you may lodge a complaint with the Information Commissioner’s Office by following this link: https://ico.org.uk/concerns/.

12.1. Throughout this notice you’ll see a lot of defined terms (which you can recognise because the first letter is capitalised). Where possible, we’ve tried to define them as we go, but we thought it might be useful to have a glossary as well. Anywhere in this notice you see the following terms, they’ll have the following meanings:

Controller is a legal term set out in the General Data Protection Regulation (GDPR), it means the party responsible for deciding what Personal Data to collect and how to use it;

Data Subject means the individual who can be identified from the Personal Data;

EEA means the European Union, Iceland, Liechtenstein and Norway;

Personal Data means data which can be used to identify a living individual. This could be a name and address or it could be a number of details which when taken together make it possible to work out who the information is about. It also includes any information about the identifiable individual;

Processor is another legal term set out in the GDPR, it means the party who has agreed to process Personal Data on behalf of the Controller and in accordance with their instructions;

Visitor means a visitor of our Services;

Visitor Account means the account set up by a Visitor so they can use our Services; and