2.1 Information You Provide to Us

We collect personal information that you voluntarily provide when you:

When You Make a Purchase:

– Full name

– Email address

– Billing address

– Shipping address

– Phone number (optional)

– Payment information (processed securely by our payment providers)

We only collect data necessary to display the full, final price of your order upfront. We do not use your data to apply drip pricing or hidden fees at the final stage of checkout.

When You Create an Account:

– Username

– Email address

– Password (encrypted)

When You Contact Us:

– Name

– Email address

– Message content

– Any information you choose to provide

When You Subscribe to Our Newsletter:

– Email address

– Name (optional)

– Marketing preferences

When You Leave a Review or Comment:

– Name

– Email address

– Comment content

2.2 Information Collected Automatically

Technical usage data (e.g., anonymised IP addresses, device types) is collected to ensure site security and performance.

We use your personal information for the following purposes:

3.1 To Fulfil Our Contract with You

– Process and fulfil your orders

– Arrange delivery through our partners

– Send order confirmations and shipping notifications

– Provide customer support

– Handle returns and refunds

– Manage your account

3.2 With Your Consent

– Send marketing emails and newsletters (you can unsubscribe anytime)

– Use analytics cookies to improve your Website experience

– Personalise your shopping experience

– Send you information about products we think you might like

3.3 For Legitimate Interests

– Improve our Website and user experience

– Detect and prevent fraud and enhance network security

– Respond to legal requests or prevent harm

3.4 To Comply with Legal Obligations

– Comply with tax and accounting requirements

– Fulfil regulatory reporting obligations

– Maintain records as required by law

We do not sell, rent, or trade your personal information. We share your data only with:

– Trusted third-party manufacturing and logistics partners to fulfil the contract

– Payment processors

– Shipping carriers

– Email service providers

– Analytics providers (Google Analytics)

– Hosting providers

All partners are contractually bound to protect your data.

We are based in the United Kingdom. Some of our service providers are located outside the UK/EU/EEA. We ensure adequate protection through:

– EU-US Data Privacy Framework

– Standard Contractual Clauses (SCCs)

– Adequacy Decisions and other approved safeguards

Your data is protected regardless of where it is processed.

We retain your personal information only as long as necessary for the purposes outlined in this policy:

Order information – 6 years – Tax and accounting legal requirements

Account information – Until account deletion – Provide ongoing service

Marketing emails – Until you unsubscribe – Comply with unsubscribe requests

Analytics data – 14 months – Google Analytics default retention

Customer support emails – 3 years – Resolve disputes and improve service

Payment transaction records – 6 years – Financial regulations

As a data subject in the UK or EU/EEA, you have the following rights:

7.1 Right to Access: Request a copy of the personal data we hold about you.

7.2 Right to Rectification: Request correction of inaccurate or incomplete data.

7.3 Right to Erasure: Request deletion of your personal data in certain circumstances:

– Data no longer necessary for the purposes collected

– You withdraw consent

– You object to processing

– Data processed unlawfully

7.4 Right to Restriction: Request limitation of how we use your data in certain situations.

7.5 Right to Data Portability: Receive your data in a structured, machine-readable format to transfer to another service.

7.6 Right to Object:

– Object to processing based on legitimate interests

– Object to direct marketing at any time (we will stop immediately)

7.7 Right to Withdraw Consent: Withdraw consent at any time where we rely on consent (e.g., marketing emails, analytics cookies).

7.8 Right Not to be Subject to Automated Decision-Making: We do not use automated decision-making or profiling that significantly affects you.

How to Exercise Your Rights:

Email us at: info@beautyofmind.net

Subject line: “GDPR Rights Request – [Your Name]”

We will respond within 30 days, which period begins only after identity verification is complete.

We use industry-standard security measures, including SSL encryption, secure payment processing, and access controls. While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Our Website is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us. We will delete such information promptly.

We use cookies and similar technologies as described in our Cookie Policy. Please review the Cookie Policy link for detailed information.

11.1 Consent-Based Marketing

We only send marketing communications (newsletters, product updates, and special offers) to individuals who have provided explicit, affirmative consent.

No Pre-Ticked Boxes: We never use pre-ticked boxes at checkout. You must manually check the box to join our list.

Granular Choice: Where possible, we allow you to choose specific topics (e.g., New Releases vs. Mental Health Content).

11.2 The “Soft Opt-In” (UK Only)

Under the UK Data Act 2025, if you have previously purchased from us, we may send you emails about similar products. We will always provide a clear “Opt-Out” at the point of collection and in every subsequent email.

This does not apply to customers located in the EU/EEA.

11.3 Frequency and Relevance

We respect your inbox. We aim for relevance, not frequency. If you do not open our emails for 6 consecutive months, we will automatically reduce the frequency of our communications or ask if you still wish to remain on our list (the “re-engagement” rule).

11.4 Immediate Unsubscribe

Every marketing email contains a clear, one-click “Unsubscribe” link.

Processing Time: We process all unsubscribe requests immediately and no later than 24 hours.

Service Emails: You will still receive “Transactional” emails (order confirmations, shipping updates, and legal notices) as these are necessary to fulfil our contract with you.

Our Website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. Please review the privacy policies of any third-party sites you visit.

We may update this Privacy Policy from time to time to reflect:

– Changes in our practices

– Legal or regulatory requirements

– New features or services

When We Update:

– We will update the “Last Updated” date at the top

– For significant changes, we will notify you via email or a prominent notice on the Website

– Continued use of the Website after changes constitutes acceptance

We encourage you to review this policy periodically.

In the event of a data breach that poses a high risk to your rights and freedoms, we will:

– Notify the relevant supervisory authority within 72 hours of becoming aware

– Notify affected individuals without undue delay

– Provide information about the breach, potential consequences, and measures taken

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: info@beautyofmind.net

Subject line: “Privacy Policy Inquiry” 

If you have a concern about our data practices, please contact us first. We will formally acknowledge your complaint within 30 days and investigate the matter without undue delay. If you remain unsatisfied, you have the right to lodge a formal complaint with the ICO or your local EU authority.

United Kingdom: 

Information Commissioner’s Office (ICO) 

Website: https://ico.org.uk 

Email: casework@ico.org.uk 

Phone: 0303 123 1113 

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

EU (for EU customers): Contact your local national data protection authority (https://edpb.europa.eu/about-edpb/board/members_en)

End of Privacy Policy

Last updated: February 2026