Privacy policy


This policy was last updated:  29 March 2021




CANDY GIRL ENTERPRISES LTD trading under the name and style of STYLZ MAG (collectively, “STYLZ MAG”, “we”, “our” and “us”.) has created this privacy statement (“Statement”) in order to demonstrate its firm commitment to the privacy of the details that you provide to us when using ( collectively “the website”) , as the data controller for the purposes of the GDPR (General Data Protection Regulations EU 2016/679) and the UK data Protection Act of 2018.

At STYLZ MAG, we are committed to maintaining the trust and confidence of all visitors to our website. In particular, we want you to know that the website is not in the business of selling, renting or trading email lists with other companies and businesses for marketing purposes.

We won’t sell or give away your name, mail address, phone number, email address or any other information to anyone

Therefore, to provide you with our services we need (and sometimes are obliged by the law) to collect your personal data. This Privacy Policy (the “Policy”) informs Users (a “User”, or “You”) of our policies regarding the processing of Personal Information we receive from Users of  

In this Privacy Policy, we’ve provided detailed information on when and why we collect personal information, how we use it, the limited conditions under which we may disclose it to others, and how we keep it secure.

We take your privacy seriously and take measures to provide all visitors and users of the website with a safe and secure environment.

The Personal Information on the, is collected, controlled and processed by:


Candy Girl Enterprises Ltd, First Floor,

 85 Great Portland Street, London W1W 7LT

| United Kingdom.



This Policy explains our processing of your personal data and your rights according to UK DATA PROTECTION ACT 2018 and the EU GDPR. STYLZ MAG reserves the right to modify this Statement at any time without notice by posting the changes on this webpage.


“Personal Data” means any information which relates to a living, identifiable person. It can include names, addresses, telephone numbers, email addresses etc but it is wider than that and includes any other information relating to that person or a combination of information which, if put together, means that the person can be identified.

“Special Category data” means personal date about a person’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation.

“Processing” covers all activities relating to the use of personal date by an organization, from its collection through to its storage and disposal and everything in between.

 “Data subject” means the person whose personal data is being processed.

“Consent” any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

“Controller”  the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“Data handling” any set of operations or operations performed in an automated or not automated manner on personal data or files, thus collection, capture, systematization, distribution, storage, transformation or alteration, query, introspection, use, communication, forwarding, distribution or by any other means of making data available, coordination or interconnection, restriction, deletion or destruction;

“Data controller” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

“Addressee” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not;

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

“Profiling”  any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements and;

“Privacy data breach”  means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.


The Data Controller recognizes the contents of this Data Management Guide as binding on itself, and states, that all data management related to his/her own activity is consistent and complies with the legal provisions as stated in the normative GDPR laws and with the applicable domestic sectoral laws, so especially as provided in the UK Data Protection Act, 2018.

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles. They must make sure the information is:

There is stronger legal protection for more sensitive information, such as:

There are separate safeguards for personal data relating to criminal convictions and offences.

The Data Controller defines his / her data management in such a way that it is with the principles set out in the GDPR/DPA – legality, fairness and transparency, purpose limitation, data saving and accuracy, limited storage, integrity and confidentiality, as well as accountability – complies fully.

Accordingly, the Data Controller handles the collected, stored (managed) personal data solely for the clear and legitimate purposes defined and described below in subsequent paragraphs and only for the time stated. Thus, the subjects can read in detail about

each of the data management activities in the mentioned points.

The legal basis for data management of the Data Controller is typically the consent of the data subject, the fullfillment of the contract concluded with the data subject, its preparation and the fulfillment of the legal obligation.

The consent-based data management will only take place if the data subject has given a clear, concrete, informed and unambiguous consent to the processing of personal data concerning the natural person by a clear affirmative action, such as a written declaration, including doing it in an electronic way. The consent of the data subject can be specified by ticking the checkbox on the Website when signing up. Giving consent also means that the data subject has read and understood this Privacy Policy and contributes to the Data Controller’s data management based on the information provided herein. The data subject is entitled to withdraw his consent at any time. Withdrawal of consent does not affect the legality of the consent-based data management prior to revocation.

The legal basis for data management will be the fullfillment of the contract if the data subject orders the service from the Company, for example through the Website, i.e. a contractual relationship between the concerned (user) and the Company.

We’re talking about statutory data management when a law obliges Data Controller to include some data as well as the duration of data storage.

Data Controller ensures data security and proper management. The Data Controller ensures that the data is stored in a form that allows identification of data subjects only for the time necessary to achieve the purposes for which personal data are processed. He/she also takes the technical and organizational steps to ensure that the data processed is adequately protected. Within this framework, he/she will take reasonable measures to prevent unauthorized access, alteration of use, transmission, disclosure, deletion or destruction, as well as unavailability of accidental destruction and damage resulting from changes in the technique used.

Therefore the Data Controller’s staff shall ensure that unauthorized persons do not access personal data and that the storage and placement of personal data is designed in such a way that it is not accessible, accessible, alterable, destroyed, or destroyed by an unauthorized person.

The Company undertakes that the personal data of the data subjects will only be forwarded to the addressee (third party or data processor) who also handles the personal data provided or transmitted to them in accordance with these principles. The Company does not sell the data of the affected persons.

The users of the Website are also responsible for the security of their data. For protecting Your username and password, please be careful about the security of these data and not give it to third parties.


Personal information is any information relating to an identified or identifiable individual.  It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal information about you when we engage with you. This will include:

Identity Data – title, first name, last name, job title, company name or similar identifier. If you interact with us through social media, this may include your social media user name;

Contact Data – billing address, delivery address, email address and telephone numbers;

Transaction Data – details about services you have purchased from us.

How do we collect personal data?

We use different methods to collect data from and about you, through:

Emails / Contact Us

When you contact us through the website we will collect your name, email address as well as your message, so that we can respond to your communications and provide details of our services and deal with general company enquiries.

We retain copies of emails sent to us and any personal information will be held in accordance with this Privacy Policy on the basis of being legitimate to our business interests. 

Subscriptions to our Listing Plans

We will retain the information you provide to us if you subscribe to our services. This includes details of your name and email. Data is processed on the lawful basis of a contractual agreement.

Other direct interactions

You may give us your data by filling in forms or by corresponding with us via email or through social media. This includes personal data you provide when you: sign up to use our services; make enquiries or request information be sent to you; place a listing; ask for information to be sent to you; engage with us on social media; enter a promotion or survey; contact us direct; leave comments on our blog; or reviews on our services.


We will only use your photos with your explicit consent. If you upload photos to the platform or give us permission to access photos or your camera, we will only use images that you specifically choose to share with us. You may use the platform to select the photo or photos you choose to share, but we will never import the photos you review except those you explicitly share. At any time, you can manage your Photos from your dashboard.

Social media

We use social media to engage with users and link to our Facebook, youtube linked in etc Instagram and Twitter pages. We do not keep any specific data that identifies you as an individual user but hold details of our followers on these platforms. You should refer to the Privacy Policies of these channels to understand how they treat your data in relation to linking to our site.






If you send us a direct message via social media, the details may be retained by us only as relevant to any ongoing contract or to further our legitimate business interests or as required for legal purposes. The third-party provider may also retain details in accordance with their Privacy Policy.

Visits to our website

When you visit our website we do not attempt to identify you as an individual user and we will not collect personal information about you unless you specifically provide this to us.

Special categories of data

We do not generally collect any special categories of personal data about you; this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data We do not collect any information about criminal convictions and offences.


We do not market this website at those under 18 years old. Consistent with the GDPR we will never knowingly request personally identifiable information from anyone under the age of 16 years old.


From time to time, we may need to obtain information from third parties about you. This will only apply where it is necessary to provide our services and as permitted by law.  

We may receive personal data relating to: your identity and contact data from data partners; and data from any third parties who are permitted by law or have your permission to share your personal data with us, such as via social media or review sites. 


UK data protection law requires us to have a “legal basis” for processing personal data. The legal basis we rely on are: 

We may use the information we collect from you as outlined in this table:

What we use your information forThe legal basis for doing so
To provide, manage and personalise our services to you Where necessary to carry out our agreement or to take steps to enter into an agreement with you  Where the law requires this  It is in our legitimate interests to make sure that our customer accounts are well-managed, so that our customers are provided with a high standard of service, and to protect our business interests and the interests of our customers. 
To administer and improve the websiteIt is in our legitimate interests to develop and improve our products and services, so that we can continue to provide products and services that our customers want to use, and to make sure we continue to be competitive. 
To personalise the content and user experience of the websiteIt is in our legitimate interests to develop and improve our systems and provide our customers with a high standard of service
To allow us to respond to communicationsWhere necessary to carry out our agreement or to take steps to enter into an agreement with you 
To send email notifications which have been specifically requestedIt is in our legitimate interests to give you information about our products and services that you may be interested in 
To send marketing communications, where expressly agreed;In the case of electronic marketing we have your permission to do so
To provide third parties with statistical information about our usersIt is in our legitimate interests to better understand how our customers use our products and what changes we could make to improve them 
To deal with enquiries and complaints made by or about you relating to the websiteIt is in our legitimate interests to make sure that our customer accounts are well-managed, so that our customers are provided with a high standard of service
To recover debt and exercise other rights we have under any agreement with you, as well as to protect ourselves against harm to our rights and interests in property   Where necessary to carry out our agreement or to take steps to enter into an agreement with you  Where the law requires this  It is in our legitimate interests to make sure that our business is run prudently, and we can recover the debts owed to us, as well as making sure our assets are protected. 

Users contacting this website and/or its owners do so at their own discretion and provide any such personal data requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.

Our legitimate interests

When we use our legitimate interests as the legal basis for processing your personal information, we will consider and balance any potential impact on you and your rights before we process your personal data. We will only then proceed where we believe our interests are not overridden by the impact on you. Our legitimate interests include the management of our business operations.



We don’t share, sell, or distribute your data to third parties, except as contractually agreed with you or as provided in this Privacy Policy. We may disclose your personal information if we are required to do so by law, in connection with any legal proceedings, and in order to establish, exercise or defend our legal rights, or if otherwise legally permitted.

Data Processors

We may use Data Processors who act on our instruction in relation to the management of your data and they must adhere to all data protection laws and regulations. We will ensure that any Data Processors used only operate on our written instructions and comply with their obligations under the GDPR. You will be informed of any other Data Controllers who have access to your data and who may determine processing activities separately to us, or as a Joint Data Controller.  


We may carry out direct marketing by email. You have the option not to give consent and to withdraw consent at any time from marketing communications. You may withdraw your consent for us to contact you by email to We may continue to contact you if there is another lawful basis to do so.

Non-personally identifiable information may be provided to other third parties for marketing, advertising or other uses.

External links

Users of the website are advised to adopt a policy of caution before clicking on any external web links. Clicking an external link will take the user away from our website. Once you leave our website or are redirected to a third-party website, plug-in or application, you are no longer governed by this Privacy Policy or our website’s terms and conditions. We cannot guarantee or verify the contents of any externally linked website and users click on external links at their own risk. STYLZ MAG and its owners cannot be held liable for any damages, or the consequences of visiting any external links.


Any information that you supply to us may be stored and processed by our website host, Siteground Hosting. Your data may be transferred in accordance with the policies of Siteground Hosting and in accordance with relevant data protection legislation. You can refer to the Siteground Hosting Privacy Policy at


Cookies are small files that we or others send to and store on or with your computer so that your computer, browser, mobile app or other application can be recognized as unique the next time you access, visit, use or otherwise take advantage of the Services or other media. Cookies may also reflect demographic data pertaining to you or other data linked to information you submit. One use or consequence of cookies is to enable you to receive customized ads, alerts, content, services or information. You are always free to decline any cookies we use by adjusting the settings of your browser, as your browser may permit; however, some products, services or features might not be available or operate properly if cookies are not enabled. Some of our advertisers and third-party service providers may also utilize their own cookies.

In addition, we, our service providers and others sometimes use data-gathering mechanisms on the Services, including without limitation “web beacons”, “clear GIFs”, “pixels” and/or “tags”. These perform statistical and administrative functions, such as measuring site and page traffic, verifying advertising paths, better understanding user interests and activity, gathering related information (such as information relating to a particular browser, device or IP address) and positioning images, and typically do so without detracting from your online experience. Such mechanisms are not necessarily designed to collect Personal Information. In addition, if you have provided your email address, we might use a non-human unreadable form (or “hash”) of your email address to deliver, or facilitate delivery of, relevant advertisements and information to you on or by way of the Services or on or by way of other websites or media, including, for example, popular social media sites and features.

Rights of Data Subjects 

STYLZ MAG recognises a data subjects rights and will uphold these in accordance with data protection laws. You are entitled to see the information held about you and you may ask us about any of the following:

Subject access requests

Data subjects (i.e. individuals) have the right to access personal data that is held by submitting a subject access request (SAR) to STYLZ MAG. We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information. A subject access request can be made by emailing

Right to rectification

Data subjects have the right to request that we amend or change personal data that is inaccurate or incorrect.

Right to erasure

Data subjects have the right to ask us to delete personal information from our systems without giving any reason and at any time. We will act on any such request without delay.

Right to restrict processing

Data subjects have the right to rectification or erasure of personal data in the following circumstances:

Right to data portability

Data subjects have the right to obtain and request the transfer of their data to different service providers.

Right to object

Data subjects have the right to object to the processing of data at any time based on their particular situation. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data under lawful grounds.

Right not to be subject to decisions based on automated processing

We do not use any automated processing that results in any automated decision based on a data subject’s personal information.

Using your rights

If you wish to invoke any of these rights, you should contact the person responsible for data protection by email to 

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.


We will report any unlawful breach of data as required by the GDPR within 72 hours of the breach occurring, if it is considered that there is an actual, or possibility, that data within our control including the control of our data processors, has been compromised. If the breach is classified as ‘high risk’ we will notify all data subjects concerned using an appropriate means of communication. We will report any relevant breaches to the ICO, see below.


We reserve the right to change this Privacy Policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. You will be deemed to have accepted any changes to the terms of the Privacy Policy on your next visit of the website following the amendment.


If you want to raise a concern about the use of your data, you can contact us by email to Alternatively, you can formally raise a concern or complaint to the Information Commissioner’s Office (ICO) directly on 0303 123 1113, or see the options for reporting issues on  

Important Information

Questions and queries

If you have any concerns about how we handle your data, please get in touch by email to

Copyright © 2021 StylzMag.Com c/o Candy Girl Enterprises Ltd