We are XO LASH Professional Limited (company number: 655586) (“XO Lash Professional”, “we”, “our” and “us”) and we are the company that collects your personal data and controls how it will be used (the “data controller”).
We are committed to respecting your privacy and protecting the personal data you share with us and that we collect about you. This policy tells you about how we use the personal data we collect about you when you use our website. It also provides more information about your privacy rights and how the law protects you.
We have set out below the personal data we may collect from you during your use of our website and how this is used by XO Lash Professional.
We may also collect, use and share data relating to you which is not “personal data”, such as demographic data or details of your typical use of our website. You can’t be identified from this information. We will use this information, for example, to improve our website and, tailor our marketing strategy and help us stock products we think you will like.
We will never use your personal data unlawfully. We have set out below our lawful basis for the various ways we use your personal data.
Where you have made a purchase from our website we want to make sure that you are kept up to date with all the latest products, events and offers available on our website so will send you messages by email and/or SMS unless you tell us that you do not want to continue receiving these messages by “opting out” or contacting us at [email protected]
Where we are relying on consent to sending you marketing communications, you can withdraw your consent at any time by following the opt-out link in any messages we send to you. Please note that if you opt-out of receiving messages relating to any loyalty scheme, you may miss out on exclusive offers and events.
Children under the age of 15 should not use our website and/or make any purchases on our website and we may require you to verify your age when you register for an account with us.
We do not sell your personal data to any third parties. We may share your personal data with our carefully selected third party service providers who help us provide our services to you, including:
Our logistics/warehouse service provider.
Our couriers and similar delivery companies.
Our payment providers.
Our professional partners, including our marketing agencies and website hosts.
Our IT and technical service providers.
In certain circumstances we may also need to share your personal data with our legal advisers, bankers, auditors and insurers and our regulators, including HM Revenue & Customs and with any third parties to who we choose to sell or transfer any part of our business or assets.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to use your personal data for specified purposes and in accordance with our instructions.
We do not transfer your personal data outside of the European Economic Area (EEA) unless you make a purchase from or are based in a country outside of the European Economic Area.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such information. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Our website may include links to third-party websites, plug-ins and apps. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
We will retain your name, email address, address, phone number, date of birth, gender, details of previous purchases, searches and items saved in your wish list, which we collect when you hold an account with us for such time as you continue to hold an account with us.
We will retain your name, email address, delivery address and billing address which you provide to us when you make a purchase on our website and all our correspondence with you for seven years following your last purchase or contact.
We will treat your payment information in line with the PCI DSS standards which are recognised worldwide.
Where you register to receive our latest news, products and offers, we will keep your contact details (generally your email address and/or phone number) for such time as you wish to continue to receive such updates from us. We monitor how you engage with our emails and other electronic messages, and if you don’t open an email or message for 12 months you’ll automatically fall into a 30 day inactive program. If you’re still not active on email or messaging following this period, we’ll retire your contact details and stop contacting you with marketing. Alternatively you can “opt out” to stop receiving marketing emails within 24 hours.
We may need to retain your personal data for other purposes, e.g. operating your account or dealing with any enquiry you have made.
Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the following:
The right to request access to personal data we are holding about you.
The right to request that the personal data we are holding about you be updated/corrected.
The right to request erasure of the personal data we hold about you.
The right to object to our processing of your personal data on the basis of our legitimate interests.
The right to object to processing for direct marketing.
The right to request that we restrict our processing of your personal data.
The right to request that your personal data be transferred to you or another provider.
The right to withdraw your consent to our processing (where we are relying on your consent).
If you wish to exercise any of the rights set out above, please contact us at [email protected]
You also have the right to make a complaint to your data protection regulator, but please contact us first before escalating your complaint.
If you have any questions about this policy or the personal data we collect about you, please contact us at [email protected]
Alternatively you can write to us at
XO LASH Professional Limited
We may change this policy from time to time to reflect how we are processing your personal data so you should review this policy regularly. If we make any significant changes to the policy we will contact you to let you know.