Who we are
We are Codex Beauty. This Privacy Notice covers all Codex Beauty entities, regardless of country of incorporation.
We are the data controller responsible for protecting the personal information we hold about you. We will keep it safe and secure and we will not misuse it. We appreciate that your personal information belongs to you even if it has been shared with others. This privacy notice explains what we do with your personal information, so you understand how we use it. It also tells you what your legal rights are in relation to it and how you can exercise them so that you are always in control of your personal information.
Information we have about you
We have personal information about you which you have given us and personal information about you which we collect from your device.
Personal information you give us
- contact information such as name, address, email address, mobile number
- financial information such as your credit or debit card details
Personal information we collect from your device
- your IP address
- the type of browser you use eg. Chrome
- the type of device you use eg. Samsung
- the type of operating system you use eg. Android
- the time-zone setting
- information about how you use our website such as user preferences, which pages you visited, how often you visit those pages, how long you stay on those pages
- geolocation information
Why we need your personal information
We need certain types of personal information from you so that you can buy our goods. Without it we cannot have a transactional relationship with you.
Personal information we need
- name, address (and sometimes phone number) as without these we cannot deliver the goods you have ordered to you
- payment card details and billing address as without those you will not be able to buy our goods
How we use your personal information
We use personal information only to the extent that is necessary to operate our business. The law allows us to use personal information as long as we tell you what we are using it for (see each bullet point below) and we have a valid legal basis for doing so. We must tell you which legal basis (in bold below) we rely on to use your personal information.
To fulfil our contractual obligations to you
- to maintain your account with us
When it is in our legitimate interests (ie. we have a business or commercial reason which we do not prioritise above your rights)
- to defend our servers against malicious attacks. We have a legitimate interest in protecting our network and information security
- to detect or prevent fraud. We have a legitimate interest in prohibiting our services from being used fraudulently
- to collect unpaid debts. We have a legitimate interest in recovering money owed to us
- to tell you about products and services we think may interest you. We have a legitimate interest in promoting our business and increasing sales
Where we have your consent
- to provide you with marketing information about our products and services
- to analyse how you use our products and services
- to provide you with targeted advertising
You have the right to withdraw your consent at any time by updating your settings in your privacy dashboard. If you withdraw your consent, this will not affect the lawfulness of any processing carried out by us using your consent before such withdrawal.
When we are under a legal duty
- to allow us to comply with our legal, accounting, regulatory and tax obligations
- to establish, defend or exercise our legal rights
Who we share your personal information with
We will only share your personal information with other organisations after careful consideration and only when we have a legitimate reason.
We may share your personal information with:
- any organisation you have given us consent to share it with
- law enforcement agencies, regulatory authorities or government bodies where we are under a legal or regulatory obligation to do so
- our service providers, suppliers, partners and subcontractors where this is necessary to provide our services to you. These include:
- payment processors
- web-hosting service providers
- email marketing vendors
- credit reference agencies
- debt recovery specialists
- fulfilment centers and delivery couriers
- any prospective buyer of all or part of our business or assets (and associated advisors and agents) provided they use it only as set out in this privacy notice
Transfers of personal information outside the European Economic Area
All EEA countries (the EU, Norway, Iceland and Liechtenstein) provide an adequate level of data protection allowing free transfer of personal information from the UK to any of those countries. We only transfer your personal information to countries outside of the EEA when it is necessary (for example where it is stored on servers based in a non-EEA country) and only if your personal information will benefit from the same protection as in the UK or EEA.
We protect your personal information which we transfer out of the EEA to the United States for storage on cloud servers by ensuring that the organisation to which personal information is transferred:
- is in a country which the European Commission deems to provide an ‘adequate’ level of data protection
- is in the United States and is certified under the Privacy Shield
How long we keep your personal information
We only keep your personal information for as long as we need it to carry out the different activities set out above (How we use your personal information). These periods are different depending on the nature of the activity. We also keep your personal information for as long as is necessary to comply with our legal obligations and to defend or exercise any legal claims.
As soon as there is no longer any need for us to hold your personal information, we will delete it or, in some cases, anonymise it so you can no longer be identified from it.
You can exercise your rights at any time by emailing us at email@example.com. We will verify your identity before we deal with your request so your personal information is protected against unauthorised access.
To opt-out of marketing communications
You have the right to tell us not to use your personal information for marketing purposes. You may exercise this right at any time by clicking the unsubscribe link on marketing emails we send you.
To obtain a copy of the personal information we hold about you
To ask us to correct any inaccurate information we hold about you
To ask us to delete any personal information we hold about you
You have this right in certain circumstances only. For example, it does not apply if we need to use your personal information to comply with our legal obligations or to establish, exercise or defend a legal claim.
To ask us to restrict our use of your personal information
You have this right in certain circumstances, for example where you have objected to our use of your personal information and we are considering whether our legitimate interests override yours. This is often a temporary measure and we are still allowed to store your information while we are restricted from using it.
To ask us to transfer your personal information to you or another organisation
This right is also known as the right to data portability. It is your right to have your personal information ported to you or a nominated third party in a structured, commonly used and machine readable format.
This right applies only to information which we have collected from you and which we process using automated means. You have this right only where we are using your personal information with your consent or to fulfil our contractual obligations to you (see How we use your personal information).
To object to our use of your personal information
You have this right only in relation to our use of your personal information on the ground of legitimate interests (see How we use your personal information).
Changes to our privacy notice
Any changes we make to this policy will be posted on this page. Where the changes are significant, we will let you know by email or in another appropriate manner such as when you next interact with our website.
We really do welcome any questions, comments or requests you may have regarding this privacy notice. You can email us at firstname.lastname@example.org or write to us at 1900 Camden Avenue, Suite 101, San Jose, CA 95124, California, United States. Please also use those contact details if you have any complaints about the way we have used your personal information.
If we do not deal with your complaint satisfactorily, you have the right to complain to the Information Commissioner’s Office.