At Inês Cosmetics, your privacy matters to us. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website or make a purchase. By using our website, you agree to the practices described in this policy. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Who We Are
Inês Cosmetics is the data controller responsible for your personal data. We are a UK-based luxury DIY cluster lash extension brand. If you have any questions about this policy or how we handle your data, please contact us via our website or official social media channels.
What Data We Collect
When you place an order or interact with our website, we may collect the following personal data:
a. Information You Provide:
• Full name
• Billing and delivery address
• Email address
• Phone number (if provided at checkout)
• Payment information (processed securely via third-party payment providers — we do not store card
details)
• Any messages or correspondence sent to us
b. Information Collected Automatically
• IP address and browser type
• Pages visited and time spent on site
• Referring website or search terms
• Device type and operating system
This data is collected via cookies and similar tracking technologies. See Section 8 for our Cookie Policy.
How We Use Your Data
We use your personal data only for legitimate business purposes, including:
• Processing and fulfilling your orders
• Sending order confirmations and shipping updates
• Responding to your enquiries or complaints
• Preventing fraud and ensuring transaction security
• Improving our website and customer experience
• Complying with legal obligations
Legal Basis for Processing
Under UK GDPR, we process your data on the following legal grounds:
• Contract performance — to process and fulfil your order.
• Legitimate interests — to improve our services, prevent fraud, and manage our business.
• Legal obligation — where we are required to retain data by law (e.g. financial records).
• Consent — for marketing communications, where you have opted in.
Sharing Your Data
We do not sell, rent, or trade your personal data. We may share your data with trusted third parties only where necessary:
• Payment processors — to securely handle your transactions.
• Delivery and courier services — to fulfil and ship your order.
• Website hosting and analytics providers — to operate and improve our website.
• Legal authorities — where required by law or to protect our legal rights.
All third-party providers are required to handle your data securely and in accordance with UK GDPR.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy or as required by law. Specifically:
• Order and transaction records are retained for up to 7 years for legal and tax compliance.
• Customer service correspondence is retained for up to 2 years.
• Analytics data is anonymised and retained in aggregate form.
Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
• Right to access — request a copy of the data we hold about you.
• Right to rectification — ask us to correct inaccurate or incomplete data.
• Right to erasure — request deletion of your data (subject to legal obligations).
• Right to restrict processing — ask us to limit how we use your data.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any
time.
To exercise any of these rights, please contact us via our website. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
Cookies
Our website uses cookies to enhance your browsing experience and collect analytics data. Cookies are small text files stored on your device.
Types of cookies we use:
• Essential cookies — required for the website to function (e.g. shopping cart, checkout).
• Analytics cookies — help us understand how visitors use our site (e.g. Google Analytics).
• Preference cookies — remember your settings and preferences.
You can manage or disable cookies through your browser settings at any time. Note that disabling essential cookies may affect your ability to use the website.
Data Security
We take the security of your data seriously. We use appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Payment data is processed by secure, PCI-DSS compliant providers and is never stored on our systems.
Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.
Children’s Privacy
Our website and products are not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us immediately.
Changes to This Policy
We may update this Privacy Policy from time to time. The most current version will always be published on our website. We encourage you to review it periodically. Continued use of our website after changes constitutes acceptance of the updated policy.