Privacy Policy

1. Introduction

LuluTox Ltd ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and protect your information when you visit our website or place an order with us.

We are registered in England and Wales and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

The data controller responsible for your personal data is:
LuluTox Ltd
47 Wellness Lane, London, EC2A 4NE
Email: [email protected]

3. What Data We Collect

We may collect the following personal data:

• Identity data: first name, last name
• Contact data: email address, phone number, delivery address, postcode
• Order data: products ordered, order value, order date
• Technical data: IP address, browser type, device information, pages visited
• Cookie data: as described in our Cookie Policy

4. How We Use Your Data

We process your personal data for the following purposes:

• To process and fulfil your orders (contractual necessity)
• To communicate with you about your order or enquiry (contractual necessity)
• To improve our website and services (legitimate interest)
• To comply with legal obligations (legal obligation)
• To send marketing communications, where you have given consent (consent)

5. Legal Basis for Processing

We rely on the following legal bases under UK GDPR:

• Consent: where you have given clear consent for us to process your data for a specific purpose
• Contractual necessity: where processing is necessary to fulfil a contract with you
• Legitimate interest: where processing is necessary for our legitimate business interests, provided these do not override your rights
• Legal obligation: where we are required by law to process your data

6. Data Sharing

We do not sell your personal data to third parties. We may share your data with:

• Delivery partners (to fulfil your order)
• Payment processors (to process transactions securely)
• IT service providers (to maintain our website)
• Legal authorities (where required by law)

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Order data is retained for up to 6 years for accounting and legal compliance purposes. Marketing data is retained until you withdraw your consent.

8. Your Rights

Under UK GDPR, you have the following rights:

• The right to access your personal data
• The right to rectification of inaccurate data
• The right to erasure ("right to be forgotten")
• The right to restrict processing
• The right to data portability
• The right to object to processing
• The right to withdraw consent at any time

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These include encryption, secure servers, and access controls.

10. International Transfers

Your data is primarily processed within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

11. Children's Privacy

Our website and products are not intended for individuals under the age of 18. We do not knowingly collect personal data from children.

12. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Phone: 0303 123 1113

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

14. Contact Us

For any questions about this Privacy Policy, please contact:
Email: [email protected]
Post: LuluTox Ltd, 47 Wellness Lane, London, EC2A 4NE