Last updated: 20 May 2020
Mamma Bali Ltd (“us”, “our”, “we”, “Mamma”) is the controller of your personal data collected through the Website. Mamma is committed to protecting and respecting your privacy.
The Website or the Mamma Service are not intended for children and we do not knowingly collect personal data relating to children.
2. What information can we collect?
The personal data we collect from you may include:
- Identity Data: which includes your full name, date of birth.
- Contact Data: which includes your billing address, delivery address, e-mail address and telephone number. When you message a Practitioner through the website they will receive your message and email address.
- Financial Data: which includes bank account and payment card details.
- Transaction Data which includes details about payments to and from you and other details or services you have purchased from us.
- Technical Data: which includes your IP address, operating system, browser type, browser version, time zone setting and location.
- Profile Data: which includes your username and password and purchases or orders made by you. Also your website browsing history, demographic information such as age, gender, education level, any information that you have made publicly available on our noticeboards and social media networks. We will also capture your interests, preferences, feedback and survey responses. If you’re a practitioner, we will capture information about your work, photographs, biography, treatments offered and languages spoken by Practitioners, average rating obtained from our evaluation using algorithms of ratings review, feedback survey results and any other information you willingly provide.
- Assessment data: information on qualifications and certification of Practitioners, contact logs data, performance and ratings data.
- Usage Data: which includes information about how you use the Website, search and/or buy our products and services, the number of bookings made and any schedule information.
- Marketing and Communications Data: which includes your preferences in receiving marketing from us and our third parties.
- Location Data: which includes your current location disclosed by GPS technology.
- Operational data: - including interaction with the Services and transcripts from calls, messages from "live chats" with all users of the site including Users and Practitioners.
- Transaction data: - includes details of the Products and Services you have purchased from the website or app. Usage data-information about how you use the Services. This includes how you interact with the Services, for example, how long you engage with Mamma at a time, how often a booking is made and which parts of the Services you interact with and the features you use.
- Work related data: - We work with businesses to deliver our Services to their employees. If you are employed by one of those businesses, to use the Services you will need to sign up with us. We will collect information from you directly when you do this p and we will also be able to associate this with information provided by your employer, such as your job title.
Service Notes: - we may collect information about our Service delivery for example, instructions on how to access a building, address details and email address details. You provide this information voluntarily. We pass this information on to the Practitioner and/or Client so that they can understand any specific access / similar requirements.
3. How is your personal information collected?
Information you give to us
When you use the Website or the Mamma Services to complete a form, contact us by email or by post, report a problem, or offer your information to us in any way, we may collect, store and use the personal data that you disclose to us.
It is important that the personal data we hold about you is accurate and current. If you want to update the information you have previously given to us, please contact us.
Automated technologies or interactions
Each time you use our Website, we will automatically collect your personal data including Technical Data and Usage Data. We collect this data using technologies such as cookies or other similar tracking technologies.
We use this data for several different reasons. Firstly, we use it to ensure that the Website works properly and that you are able to receive the full benefit of it. Second, we use the data to monitor online traffic and audience participation across the Website. We undertake both of these activities because we have a legitimate interest in doing so.
We also use GPS technology to determine your current location. Some of our location-enable services require for the feature to work. If you wish to use the particular feature, you will be asked to consent to your personal data being used for this purpose. You can withdraw your consent at any time by disabling location data in your settings.
Third parties or publicly available sources
We may also receive personal data about you from various third parties, and public sources, such as: analytics providers, advertising networks and search information providers.
4. How and why do we use/share your personal data?
Lawful basis for processing your information
We will only use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances:
- Where you have asked us to do so, or consented to us doing so;
- Where we need to do so in order to perform a contract, we have entered into with you;
- Where it is necessary for our legitimate interests (or those of a third party) and your fundamental rights do not override those interests; and
- Where we need to comply with a legal or regulatory obligation.
Here are some examples about how we may use the information we collect about you and the lawful basis we rely on to do so.
Examples of the types of personal data we may collect
Lawful basis for processing
To register you as a new user of our Website or the Mamma Service.
Identity Data and Contact Data
Performance of contract with you.
To deliver the Website or Mamma Services to you and manage our relationship with you.
Identity Day, Contact Data, Financial Data, Transactional Data, Technical Data, Profile Data, Usage Data and Location Data
Your consent (location data and any health data contained in surveys provided to you)
Performance of contract with you.
To process your purchases including managing payments and collecting money owed to us.
Identity Data, Contact Data, Financial Data and Transaction Data.
Performance of a contract with you
Necessary for our legitimate interest (to recover debts due to us).
To administer and protect our business and this Website (including troubleshooting, data analysis and system testing.)
Identity Data, Contact Data and Technical Data.
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise).
Necessary to comply with a legal obligation.
To use data analytics to improve our Website and customer relationships.
Technical Data and Usage Data.
Necessary for our legitimate interests (to keep our website updated and relevant and to develop our business).
To deliver relevant content and advertisements to you.
Identity Data, Contact Data, Technical Data, Profile Data, Usage Data and Marketing and Communications Data.
Necessary for our legitimate interests (to develop our products/services and grow our business)
We may use your personal data to contact you about our latest news, our products or our services (we call this marketing).
You will receive marketing communications from us if you have:
- subscribed to receive marketing communications from us; or
- purchased our products or services, and you have not opted out of receiving marketing from us when providing us with your e-mail address or contact number.
To unsubscribe from marketing emails at any time, please click on the unsubscribe link at the bottom of any marketing email, or you can contact us.
We will get your express opt-in consent before we share your personal data to any third party for its own marketing purposes.
Sharing your personal data
Depending on how and why you provide us with your personal data we may share it in the following ways:
- we may share your personal data with any member of our company group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
- with selected third parties who we sub-contract to provide various services and/or aspects of the Website’s functionality, such as where third-party plugins provide functionality such as message boards or image hosting services (see “Service Providers” below); and
- with analytics and search engine providers that assist us in the improvement and optimisation of this Website as described above.
We may also disclose your personal data to third parties in the following events:
- if we were to sell or buy any business or assets, in which case we might disclose your personal data to the prospective seller or buyer of such business or assets as part of that sale;
- if Mamma or substantially all of its assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or if we are asked to provide your details to a lawful authority in order to aid in the investigation of crime or disorder; and/or
Our service providers provide us with a variety of administrative, statistical, and technical services. We will only provide service providers with the minimum amount of personal data they need to fulfil the services we request, and we stipulate that they protect this data and do not use it for any other purpose. We take these relationships seriously and oblige all of our data processors to sign contracts with us that clearly set out their commitment to respecting individual rights, and their commitments to assisting us to help you exercise your rights as a data subject. The following is a list of the type of trusted service providers we use:
- Booking Platform Providers
- Website Developers
- Analytics Providers
- Payment Processors
- Online Marketing Providers
- Client Relationship Management System Providers
When you make a booking via the Website or the Mamma Services, our practitioners may process your personal data on our behalf as one our Service Providers. However, if you seek our practitioners’ services without our involvement then you understand that they will be processing your personal data as an independent data controller and we shall have no control, nor have any responsibility or liability in respect of their use of your personal data.
Links to third party sites
We may review, scan, or analyse your communications on the website between the User and the Service provider and/or Practitioner for fraud prevention, risk assessment, regulatory compliance, investigation, product development, research, analytics, and customer support purposes. These activities are carried out based on legitimate interest in ensuring compliance with applicable laws and our Terms, preventing fraud, promoting safety, and improving and ensuring the adequate performance of our services.
5. For how long do we keep your personal data?
We will hold your personal information on our systems only for as long as required to provide you with the services you have requested, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
In some circumstances you can ask us to delete your data: see ‘Your Rights’ below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Mamma takes the protection of your information very seriously. Where we have given you a password that enables you to access certain parts of our Website or the Mamma Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
7. International Data Transfers
Whenever we do transfer your personal data outside of the United Kingdom and European Economic Area (together “UKEEA”), we ensure that a similar degree of protection is afforded to it by ensuring that in most cases at least one of the following safeguards is implemented:
- we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- we will only transfer data to the US, where the business we are transferring your personal data to is part of the Privacy Shield (which requires them to provide similar protection to personal data shared between Europe and the US); and
- where you we use certain service providers, we will use specific contracts approved by the European Commission which gives personal data the same protection it has in Europe.
By submitting your personal data, you understand the terms on which we may transfer your personal data outside of the UKEEA. If you would like more information about transfers outside of the UKEEA, please contact us.
8. Your Rights
Right of Access
You may, at any time, request access to the personal data we hold about you (you may have heard of this right being described as a "subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Your Right to Rectification
You may request that we correct personal data that we hold about you which you believe is incorrect or inaccurate, though we may need to verify the accuracy of the new data you provide to us.
Your Right to Erasure
You may ask us to erase personal data if you do not believe that we need to continue retaining it (you may have heard of this right described as the “right to be forgotten”). If for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to erase we will tell you what that reason is at the time we respond to your request.
Your Right to Object to Processing
You may object to processing of your personal data where we rely on legitimate interest for processing that personal data. You also have the right to object where we are processing your personal data for direct marketing purposes. We will comply with your request unless we have a compelling overriding legitimate interest for processing or we need to continue processing your personal data to establish, exercise or defend a legal claim.
Your Right to Restrict Processing
This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- if you want us to establish the data's accuracy;
- where our use of the data is unlawful, but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
Your Right to Portability
We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Your Right to object to automated decision making and profiling
You have the right to be informed about the existence of any automated decision making and profiling of your personal data, and where appropriate, be provided with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing that affects you.
Your right to withdraw consent at any time
You may withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Exercising your rights
When you write to us making a request to exercise your rights, we are entitled to ask you to prove that you are who you say you are. We may ask you to provide copies of relevant ID documents to help us to verify your identity.
9. Contact Details
You may also lodge a complaint with our lead supervisory authority, the Information Commissioner, or your local supervisory authority about any aspect of our handling or processing of your personal data. We would, however, appreciate the chance to address your concerns before you approach any supervisory authority, so please contact us in the first instance.
10. Information you may collect as a User or Practitioner
If you are a Practitioner, you are responsible for ensuring that you comply with applicable data protection law in respect of any personal information that you collect about Users in the course of your provision of the Services. Mamma does not accept any responsibility for this processing of personal data.
If you are a User, you are responsible for any misuse of personal information that you may collect in the course of your receipt of the Services. Mamma does not accept any responsibility for this processing of personal data.
11. Child safety
Protecting the safety of children when they use the internet is very important to us. Our website and Services are not directed towards nor intended for children and we do not knowingly collect personal information from children. If you believe that your child may have provided us with personal information without your consent, you may inform us at firstname.lastname@example.org.