Privacy Policy

1. This Privacy Policy (Policy) explains how lila’lli Ltd and its subsidiaries and all their brands, including but not limited to 1611 LABS, and our website, collect, handle and protect the privacy of your personal information.

We take your privacy seriously and understand the importance of protecting your personal information.  This Policy outlines the types of personal information that we usually collect, the purposes for which we collect it, to whom we disclose it, how we hold and keep it secure and your rights in relation to your personal information, including how to complain and how we deal with complaints.  This Policy should be read together with our website terms of use.

In providing our services to you we may collect and process personal information as outlined below. lila’lli Ltd will be a data controller for the purposes of the GDPR and this policy includes information that must be provided to you when we collect your personal information.

In this Policy, personal information means any information about an identified individual or an individual who is reasonably identifiable or as otherwise defined by applicable data protection law.  It does not include information that is de-identified (anonymous data).

  1. Your acknowledgement and consent

By visiting our website, or providing us with your personal information (either directly or allowing another person to do so on your behalf), you acknowledge and agree that the personal information we collect about you will be collected and handled in accordance with this Policy. If you do not agree with any part of this Policy, you must not provide your personal information to us.

If you do not provide us with your personal information, or if you withdraw any consent we are required by applicable law to have in order to process the personal information you have given us, this may affect our ability to provide services to you or negatively impact the services we can provide to you.

  1. Consent and children

Our products and services are available to persons under 18 years of age.

If you are located in the EU and aged under 16 or if you are located in United Kingdom and aged under 18 (underage), you must obtain your parent or guardian’s permission before you provide any personal information to us.  By providing us with your personal information you confirm that you are not underage or that you have the consent of your parent or a person holding parental responsibility.

If you are an adult holding parental responsibility and provide us with personal information about a child of yours who is underage, you will be considered to have given:

  • (on behalf of any dependants who are underage) their consent to the collection of that information about them from you; and
  • your consent to the use and disclosure of your personal information (and that of your dependants) for the primary and secondary purposes described in this Policy.

We urge parents to regularly monitor and supervise their children’s online activities.

  1. Personal information that we collect

The personal information we collect about you depends on the dealings you have with us, and may include your:

  • name and contact details such as your address, mobile and land telephone number, e-mail address;
  • date of birth;
  • physical details such as your age and gender;
  • health information about your skin such as skin type, allergies, concerns in relation to your skin for example dryness or oiliness, details about your skincare routine;
  • image, such as a photo or video of you made during your use of our services;
  • opinion, feedback or questions in relation to our services and products;
  • opinion in relation to any of our business activities via surveys and/or competitions and trade promotions;
  • any other information relevant to your use of our website or our services or products to help us better provide the services and improve and develop our products;
  • CV and other application information if you apply for a job with us; and
  • if you enquire about stocking our products, then the details that you provide us about your business for the purposes of that enquiry.
  1. Sensitive information we may collect

We only collect sensitive information where it is reasonably necessary for our functions or activities (for example, providing you with a service in our salon, or providing you with a tailored product recommendation) and either you have explicitly consented, or we are required or authorised by law to do so.  This may include health information, information about whether you are pregnant or breastfeeding, details about medication you take which you provide in a Consultation Card, or information for the purposes of a job application such as information about national origin or immigration status, or optional demographic information such as race.

  1. Dealing with us anonymously or using a pseudonym

Where possible and lawful, you may interact with us anonymously or using a pseudonym. For example, if you contact us with a general question we will not record your name unless we need it to adequately handle your question.

However, for many of our functions and activities we usually need your name, contact information and other details to enable us to provide our services or products to you.

  1. Ways we collect your personal information

We may collect personal information from or about you in different ways, including:

  • via our website or our social media pages;
  • when you request or order a product or service;
  • if you complete any survey or entry form for any competition and/or promotion;
  • if you apply to be a stockist and you are an individual;
  • if you post or email us your information;
  • if you apply for any job vacancy with us;
  • if you call or text us;
  • if you provide us with your information in any other format such as verbally by phone or during your use of our services;
  • if you agree to have your photo or video taken during your use of our services; or
  • if you make a complaint to us.
  • Usually we will collect personal information directly from you, however sometimes we utilise the services of our suppliers (including software providers) to collect information on our behalf.
  1. Purposes for which we collect personal information

We collect your personal information for the following purposes:

  • confirming your identity;
  • contacting you about a service or product you have enquired about or ordered;
  • to provide products and services to you, including processing payment and arranging delivery;
  • sending appointment reminders to you;
  • providing salon services to you;
  • manage and administer a product or service;
  • to notify you about special offers and products or services available from us or our participating partners (for example our ‘stockist of the month’, Facebook insights, or Instagram);
  • business planning, product development and research development;
  • fulfilling any mandatory reporting obligations required by applicable law, including communicating with or notifying you if a notifiable data breach has occurred in relation to your personal information;
  • to assess your application for a role with us and to take references;
  • any related secondary purpose which we believe you would reasonably expect when we collected your personal information or as a result of our ongoing relationship with you;
  • any purpose for which you have consented;
  • any purpose for which we are required or authorised by applicable law; and
  • to respond to and manage inquiries, complaints, feedback and claims, defend our legal interests and investigate and protect against fraud, theft and other illegal activities.
  1. Disclosures of personal information

In the course of providing our products and services to you we may disclose your personal information:

  • to our related bodies corporate, suppliers, consultants, contractors or agents so that they can provide you with products or services on our behalf or help us to provide you with the requested products or services including contacting you in relation to the products or services, or contacting you about products, services or offers you may be interested in;
  • if we merge with or are acquired by another entity, to that entity as a part of the merger or acquisition.
  1. Direct marketing and your consent/opting out

We may use your personal information to identify a product or service that you may be interested in or to contact you about an event or promotion being held at a retailer near you. We, or one of our suppliers, may with your consent where required by applicable law, use the contact details you have provided to contact you from time to time whether by phone, email or SMS to tell you about new products or services and special offers that we believe may be of interest to you.

You can withdraw your consent to receiving direct marketing communications from us at any time by unsubscribing from the mailing list by clicking ‘unsubscribe’ at the bottom of any email from us, by contacting us on the details at the end of the policy or by using any other unsubscribe facility provided in the electronic communication you receive.

  1. Security and storage of personal information

We take all reasonable and appropriate steps (including organisational and technological measures) to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. Where we store your personal information depends on what interaction you have had with us. These include:

  • electronic databases, including those for processing customer enquiries or feedback;
  • email databases for marketing communications; and
  • paper based forms.

Please keep in mind that no information transmitted over the internet can be guaranteed to be 100% secure. We will take all reasonable steps to protect your information or personal details, however we cannot ensure or warrant the security of any information or personal details you transmit to us or receive from our online software. These activities are conducted at your own risk.

We only keep your personal information for as long as it is required for the purpose for which it was collected or as otherwise required by applicable laws.  If we no longer need to hold your personal information for any reason, we will take reasonable steps to de-identify or destroy that information.  These steps may vary depending on the nature of the information, the way it was collected and how it was stored.

  1. Data breaches

The Privacy Act requires us to notify affected individuals and the Privacy Commissioner about ‘eligible data breaches’. An eligible data breach occurs when the following criteria are met:

  • there is unauthorised access to or disclosure of personal information we hold (or information is lost in circumstances where unauthorised access or disclosure is likely to occur);
  • the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates; and
  • we are unable to prevent the likely risk of serious harm with remedial action.

If it is not clear whether a suspected data breach meets these criteria, we will investigate and assess the breach to determine whether the breach is an ‘eligible data breach’ that requires us to notify the affected individuals.  This is to ensure you are notified if your personal information is involved in a data breach that is likely to result in serious harm.  Even if the criteria are not met, we may decide it appropriate to notify you anyway as part of our commitment to taking privacy seriously.

  1. Access to and correction of your information

We will endeavour to ensure that the personal information collected from you is up to date, accurate and complete.

You may request access to or correction of your personal information we hold about you at any time by contacting our Privacy Officer on the details set out at the end of this Policy.  We will need to verify your identity. Subject to any applicable exceptions or requirements, we will provide you with access to the personal information you request within a reasonable time and usually within 28 days. If we decide to refuse your request we will tell you why in writing and how to complain.

  1. Contact us

If you have a question or comment regarding this Policy or wish to make a complaint or exercise your privacy rights, please contact our Privacy Officer on the following details:

Privacy Officer
lila’lli LTD
London SE9 6DJ

We will need to verify you, and we will respond to you within a reasonable period of time to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint.

  1. Credit Card information

We use third parties to process any sales paid for via credit card.

Where we use Stripe Payment Gateway Services (Payment Gateway) to process a payment via credit card, we do not directly hold any payment information other than a billing address and a contact email on the website servers.  In accordance with the Payment Gateway policies, we may be able to view credit card details, however, we will only use such information for the purposes of credit card verification, transaction approval or to provide a refund.  Any information collected by the Payment Gateway may be used in accordance with the Payment Gateway privacy or other policies and is beyond our control. 

  1. Changes to our Privacy Policy

We may revise this Policy from time to time as we add new features or as laws change that may affect our website. When we make changes to our privacy policy, they are reflected on this page. Any revised Privacy Policy will apply both to information we already have about you at the time of the change, and any personal information created or received after the change takes effect. We encourage you to periodically reread this Privacy Policy, to see if there have been any changes to our policies that may affect you.  You can check the history of this policy by contacting us.