Privacy Policy

HairGrowthProducts.uk as the Data Controller – How to Contact Us

HairGrowthProducts.uk is the data controller responsible for handling the personal data that we have collected from you.

If you have any questions, concerns, or complaints about our Privacy Policy, our data collection and processing practices, or if you wish to exercise any of your rights, or if you want to report any security violations to us, please contact us.

Purpose and Use of Your Personal Data and the Legal Basis for Processing

We use your personal data in the following ways:

1. Website Usage Data Collection

When you visit our website, we collect information regarding your use of our website, including your browser type, search terms used, IP address (including network location), and device details. We also collect information on products and services you interact with and add to your basket. This information is collected through cookies. Learn more about our use of cookies in our cookie policy.

We use third-party analytics services to analyze website usage. The data generated by cookies or other technologies is transmitted to the analytics services, which compile reports and may share data where required by law. You can see the third parties we use in our cookie policy.

Purpose:

  • To analyze trends and optimize our services.
  • To provide personalized product recommendations.
  • To market our products, including via Facebook and Google.
  • To improve website security.

Legal Basis:

Processing is based on GDPR Article 6(1)(f), with data processed only with your consent.

2. Order Processing and Communication

When you place an order or communicate with us via our website, we collect details such as your name, address, email, phone number, payment information, order history, shipment details, and IP address.

Purpose:

  • To create a customer account and fulfill your order.
  • To manage returns and complaints.
  • To prevent fraud.
  • To comply with legal requirements such as the Danish Accounting Law.

Legal Basis:

Processing is based on GDPR Article 6(1)(b) (contractual necessity), Article 6(1)(c) (legal obligations), and Article 6(1)(f) (fraud prevention).

3. Newsletter Subscription

If you subscribe to our newsletter, we collect your name, email, IP address, and phone number (if provided). We also track when you signed up, unsubscribed, and how you engage with our emails.

Purpose:

  • To send newsletters and marketing content.
  • To analyze engagement and optimize our marketing.
  • To document consent.

Legal Basis:

Processing is based on GDPR Article 6(1)(f).

4. Customer Feedback and Support

If you contact us with feedback or inquiries, we collect your name, email, and any details you include in your communication.

Purpose:

  • To respond to inquiries and complaints.

Legal Basis:

Processing is based on GDPR Article 6(1)(f).

5. User-Generated Content

If you post a review or other content on our website, it will be stored and displayed publicly along with your first name and last initial.

Purpose:

  • To document content authorship.

Legal Basis:

Processing is based on GDPR Article 6(1)(f).

6. Facebook Page Insights

We use Facebook’s “Page Insights” tool to analyze interactions on our Facebook page. Facebook acts as a joint data controller in this process. More information is available here: Facebook Terms.

Categories of Personal Data We Process

We process only the personal data outlined in Section 2 of this Privacy Policy. We do not receive personal data from third parties.

Legitimate Interests for Data Processing

Certain data processing activities are based on our legitimate interests (GDPR Article 6(1)(f)), including marketing, website optimization, security improvements, and fraud prevention. These interests are balanced against your rights and freedoms.

Data Transfers Outside the EU/EEA

We transfer personal data to third-party service providers outside the EU/EEA, including Google LLC, ActiveCampaign LLC, Pinterest Inc, and Facebook Inc. These transfers comply with GDPR regulations via the EU-U.S. Privacy Shield.

Data Retention

  • Order information is stored for 2 years (or longer if legally required).
  • Newsletter subscription data is deleted upon consent withdrawal.
  • Customer accounts are deleted upon request.
  • Website posts are stored for 3 years.
  • Customer support communications are deleted after 1 year.
  • Cookie-based data retention is outlined in our cookie policy.

Right to Withdraw Consent

You may withdraw consent for data processing at any time by contacting us. Withdrawal does not affect the lawfulness of prior processing.

Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Access: Request access to personal data we hold about you.
  • Correction: Request corrections to inaccurate data.
  • Deletion: Request deletion of data under certain conditions.
  • Restriction: Request processing limitations under certain conditions.
  • Objection: Object to processing, including direct marketing.
  • Data Portability: Request transfer of your data to another provider.

Complaints

If you have concerns about our data processing, you have the right to lodge a complaint with a data protection authority.