Privacy Policy

Last Updated: 1 January 2024

Icoskin Ltd ("we", "us", "our") is committed to protecting your privacy and handling your personal information with care and transparency. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website or purchase our products.

1. Information We Collect

Personal Information You Provide:

• Name and contact details (email address, phone number, postal address)
• Payment information (processed securely by our PCI-compliant payment provider)
• Order history and purchase information
• Communication preferences and newsletter subscriptions
• Customer service correspondence
• Product reviews and feedback you submit

Information We Collect Automatically:

• IP address and approximate location data
• Device information (type, operating system, browser)
• Pages visited, time spent on site, and browsing behaviour
• Referral source (how you found our website)
• Cookie data and similar tracking technologies

2. How We Use Your Information

We use your personal information to:

• Process orders: Fulfil purchases, process payments, and arrange delivery
• Communicate: Send order confirmations, shipping updates, and respond to enquiries
• Customer service: Provide support, handle returns, and process warranty claims
• Marketing: Send promotional emails and offers (only with your consent)
• Improve our services: Analyse website usage to enhance user experience
• Legal compliance: Meet tax, accounting, and regulatory requirements
• Fraud prevention: Protect against fraudulent transactions and abuse

3. Legal Basis for Processing (UK GDPR)

Under UK GDPR, we process your personal data based on:

• Contract Performance: Processing necessary to fulfil our contract with you when you make a purchase (order processing, delivery, customer support)
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services, fraud prevention, and security (where these interests don't override your rights)
• Consent: For marketing communications—you can withdraw consent at any time
• Legal Obligation: Processing required to comply with tax, accounting, and other legal requirements

4. Data Sharing

We may share your information with:

• Payment Processors: Snipcart and Stripe process your payment securely
• Shipping Carriers: Royal Mail and DPD to deliver your orders
• Email Service Providers: To send transactional and marketing communications
• Analytics Providers: Google Analytics to understand website usage (anonymised)
• Legal Authorities: When required by law, court order, or to protect our rights
• Business Transfers: In the event of a merger, acquisition, or sale of assets

5. Data Retention

We retain your personal information only as long as necessary:

• Order records: 7 years (for tax and accounting purposes)
• Customer accounts: Until you request deletion or the account becomes inactive for 3+ years
• Marketing preferences: Until you unsubscribe or withdraw consent
• Website analytics: 26 months (standard Google Analytics retention)
• Customer support communications: 3 years from last contact

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten") where applicable
• Right to Restriction: Limit how we process your data in certain circumstances
• Right to Data Portability: Receive your data in a portable, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Opt out of marketing communications at any time

To exercise these rights, please contact us at contact@icoskin.com. We will respond to your request within 30 days.

7. Data Security

We implement robust technical and organisational measures to protect your personal information:

• SSL/TLS Encryption: All data transmitted to and from our website is encrypted
• PCI DSS Compliance: Payment processing meets the highest security standards
• Access Controls: Personal data access restricted to authorised personnel only
• Regular Security Audits: Ongoing assessment of our security measures
• Employee Training: Staff trained on data protection best practices
• Secure Storage: Data stored on secure servers with appropriate safeguards

8. Cookies & Tracking Technologies

We use cookies and similar technologies to improve your experience:

• Essential Cookies: Required for website functionality (shopping cart, checkout)
• Analytics Cookies: Help us understand how visitors use our site (Google Analytics)
• Marketing Cookies: Enable personalised advertising and measure campaign effectiveness
• Preference Cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect website functionality.

9. International Transfers

Some of our service providers are based outside the UK (e.g., cloud hosting, analytics). Where data is transferred internationally, we ensure appropriate safeguards are in place:

• Transfers to countries with adequate data protection (as recognised by UK authorities)
• Standard Contractual Clauses approved by the UK Information Commissioner's Office
• Additional technical and organisational measures where necessary

10. Children's Privacy

Our website and products are not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.

11. Marketing Communications

With your consent, we may send you:

• Product news and updates
• Special offers and promotions
• Skincare tips and educational content
• Information about new products or services

Unsubscribe: You can opt out at any time by clicking the "unsubscribe" link in any marketing email or by contacting us. We will process your request within 10 business days.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We'll notify you of significant changes by:

• Posting a notice on our website
• Sending an email notification (for substantial changes)
• Updating the "Last Updated" date at the top of this policy

13. Contact Us & Complaints