Last updated: August 2021
We are Cosmetify Limited, Company No 11000096 registered in England with our registered office at Portland, 25 High Street, Crawley, West Sussex, United Kingdom, RH10 1BG. In this privacy notice, we’ll refer to ourselves as ‘Cosmetify’, ‘we’, ‘us’ or ‘our’.
This privacy notice refers to your use of our website, mobile application, email, SMS and social media accounts (the ‘Platforms’) and the personal data that we may collect from you as you do so. When you use our Platforms, you agree to the terms in this privacy notice.
We act as a data controller over the personal data that we collect from you as you use the platforms.
What personal data do we collect
We collect the following personal data directly from you:
A. Personal data you provide voluntarily
If you call us or make contact by e-mail or sign up to our newsletter we will keep a record of enquiries received and any contact details you provide (e.g. name, e-mail address and telephone number).
B. Personal data that we collect automatically
When you visit our Platforms, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws. Specifically, the information we collect automatically may include information like your IP address, device type, cookie ID, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked. Please see our cookies policy for further information.
Why we collect personal data?
As you move through our Platforms we collect your personal data for the purpose of enhancing your experience, so we can better understand our audience and consumers in general. This includes the information you give us, the information we acquire from third parties and (provided we have your consent to collect cookies) which is generated by you – including your use of this platform, location, device and how you arrived at our Platforms in the first place.
We, and advertising companies (such as AdRoll) which work on our behalf, may serve you adverts on other websites (provided you have consented to us collecting cookies) about things which you’ve shown an interest in on our own platforms, or relating to campaigns you have interacted with. This is called retargeting.
We know that our users would like to easily find the content on our platforms that they’re most interested in, so we may tailor parts of our Platforms and our communications to things which you’ve shown a previous interest in (provided you have consented to us collecting cookies).
We know that many of you like to communicate with your social networks while on our website – so we have the plugins and tools available to allow this. This means social network companies may collect information on you from this site. Some of this information may be collected by using cookies or similar tracking technology. For more information on cookies and how we use them, please see our cookies policy.
What are the legal bases for processing your personal data?
The legal bases for processing your personal data are that:
You have provided your consent for us to use your personal data in this way (e.g. where you have requested to receive our newsletter).
You have provided your consent for us to let you know about products which we feel may be of interest to you.
We have a legitimate interest to use your personal data to secure and manage our website (e.g. such as working out which pages on the site are most popular or whether particular events have caused an increase in traffic).
How long we keep your data
If you are subscribed to our newsletters, out of stock, price drop or any other type of alert we will keep your email address for this purpose until you ask to be unsubscribed. We will always give you the option to opt out of receiving marketing emails from us and if you do that we will not send you marketing emails again.
The information collected by our cookies is kept for up to 12 months.
Opting out of personalized advertising
You can click the AdChoices logo (the blue triangle) in the corner of an ad to learn more about interest-based advertising, who served the ad, and manage your ad options. You can also opt out of seeing personalized ads using such tools from the EDAA or NAI. Please note you will still see ads even if you opt out, but they will not be personalized.
If you click through to other websites or platforms, our privacy notice does not apply and we make no representations regarding the policies or business practices of any such websites or platforms. These platforms have their own privacy policies. Please check these policies before you submit any personal data to these platforms.
Third-party service providers
We may share your personal data with suppliers who perform services on our behalf and have agreed in writing to protect and not further disclose your information (such as those providing us with hosting services, analytics, affiliate networks, targeted advertising and email automation). Where third-party service providers have access to personal data they will only collect information as needed to perform their respective functions.
International transfer of your personal data
Almost all of our data is held in the European Economic Area (EEA), but we do sometimes transfer or process data outside the EEA as we use third party suppliers who are based in the US (e.g. Dotdigital). Where we transfer your personal data outside of the EEA, we take reasonable steps to ensure that your data will be protected and that any transfer is in line with EU data protection laws.
We are committed to protecting the information we receive from you. We follow reasonable technical and management practices to help protect the confidentiality, security and integrity of data stored on our system. While no computer system is completely secure, we believe the measures we have implemented reduce the likelihood of security problems to a level appropriate to the type of data involved.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These are:
Access: You are entitled to obtain information about your personal data that we store, in accordance with applicable law.
Rectification: You may request that we rectify any of your personal data that is inaccurate or incomplete and ensure the information which is being processed is right.
Erasure: You may request the removal of your personal data at any point.
Objection: You have the right to object at any time to your personal data being processed for direct marketing purposes.
Restriction: You may ask us to cease processing your personal data, although we can still hold it in limited circumstances, such as on a suppression list, so that we know not to call you again.
Transfer: You have the right to ask us to transfer to you or a third party, a copy of your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent: You have the right to withdraw your consent at any time, without affecting the lawfulness of our processing based on such consent before it was withdrawn.
If you wish to exercise any of the rights set out above, please contact us.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may disclose your personal data to any prospective buyer of our business or assets.
For more information, please contact us.
You have the right to lodge a complaint about our processing with a supervisory authority. In the UK the supervisory authority is the ICO.
We may make changes to this Privacy Notice from time to time, to reflect how we are processing your data. If we make significant changes, we will make that clear on the website or by some other means of contact such as email, so that you are able to review the changes before you continue to use any of our Platforms.