Privacy Policy

Version October 2025

Introduction / who we are & purpose
1.1. This Privacy Policy explains how we (Oshun Skin) collect, use, store, share, and protect your personal data when you visit our site, make purchases, contact us, join our mailing list, etc.

Data we collect
2. We may collect the following personal data:

  • Name, email address, postal address, phone number

  • Payment data (e.g. card/tokenised details, but we do not store full card details ourselves)

  • Order history, product preferences

  • IP address, browser type, device identifiers, cookies & analytics data

  • Communications records (e.g. customer support emails)

  • Marketing preferences

How / why we use your data (purposes & legal bases)
3.1. To process & fulfil your orders (contract)
3.2. To communicate with you (order updates, customer service) (contract / legitimate interest)
3.3. To send you marketing (only with your consent)
3.4. To improve our website, analyse usage (analytics)
3.5. Fraud detection, security, compliance
3.6. To comply with legal obligations

Cookies & tracking / third parties
4.1. We use cookies to understand site usage, marketing, and improve UX.
4.2. We will obtain consent (e.g. via cookie banner) for non-essential cookies.
4.3. Third parties may process data on our behalf (e.g. payment processors, analytics providers) under appropriate data processing agreements.

Data sharing & disclosures
5. We may share your data with:

  • Payment processors (e.g. PayPal)

  • Delivery and logistics providers

  • Legal, regulatory, or enforcement authorities when required

  • Affiliated entities or contractors (under confidentiality)

Data retention
6. We retain data as long as necessary for the purposes above (e.g. for orders, returns, legal obligations). After that, we securely delete or anonymise data.

Your rights
7. You have the following rights (subject to legal limits):

  • Access your personal data

  • Rectify (correct) inaccurate data

  • Erase (delete) your data (right to be forgotten)

  • Restrict processing

  • Object to processing (e.g. marketing)

  • Data portability (where applicable)

  • Withdraw consent at any time (for processing based on consent)

  • Lodge a complaint with the UK Information Commissioner’s Office (ICO)

Security
8. We use appropriate technical and organisational measures (encryption, access controls, secure servers) to protect your data from unauthorised access, loss, alteration or disclosure.

International transfers
9. If any data is transferred outside the UK/EEA, we will ensure appropriate safeguards (e.g. standard contractual clauses).

Children / minors
10. Our services are not directed at children; we do not knowingly collect data from minors under 13 (or applicable age).

Updates / changes to policy
11. We may update this Privacy Policy from time to time (e.g. to reflect changes in law or business operations). We will notify you of major changes (e.g. via email or prominent site notice).

Contact / queries
12. If you have questions, want to exercise your rights, or raise concerns, contact us at [oshunskn@gmail.com].

Legal references / basis
13. This policy is designed to align with UK GDPR / Data Protection Act 2018, relevant cookie/PECR rules, and e-commerce obligations.