Privacy Policy
Last updated: April 2026 • Shop21stCY skincare Store, United Kingdom
Introduction
At Shop21stCY Skincare Store, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website or make a purchase from us.
We are committed to handling your data responsibly and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
UK GDPR Compliant
Data Protection Act 2018
No Data Selling
Secure Encryption
By using our website, you consent to the collection and use of your data as described in this Privacy Policy. If you do not agree, please discontinue use of our website and services.
Who We Are
Shop21stCY skincare Store is the data controller responsible for your personal information. We are an online skincare retailer based in the United Kingdom.
📍 Data Controller
21stCY Skincare
Epsom Road, Sutton
SM3
United Kingdom
📧 Privacy Contact
For all data-related enquiries:
Skincare@shop21stcy.co.uk
We aim to respond to all privacy requests within 30 days.
Data We Collect
We collect personal data in a number of ways. Below is a breakdown of the types of information we may collect and why.
| Type of Data | Examples | How We Collect It |
|---|
| Identity Data |
Full name, username |
Account registration, order placement |
| Contact Data |
Email address, phone number, delivery address |
Account registration, order placement, contact forms |
| Transaction Data |
Order history, payment amounts, purchase details |
Orders placed on our website |
| Technical Data |
IP address, browser type, device information, cookies |
Automatically via your use of our website |
| Usage Data |
Pages visited, time on site, links clicked |
Analytics tools (e.g. Google Analytics) |
| Marketing Data |
Communication preferences, newsletter opt-ins |
When you subscribe or create an account |
| Communications Data |
Emails, messages, customer service correspondence |
When you contact us directly |
We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data through our standard website operations.
How We Use Your Data
We use your personal data only for legitimate business purposes. The table below outlines how and why we process your information.
| Purpose | Legal Basis |
|---|
| Processing and fulfilling your orders |
Performance of a contract |
| Managing your account and customer portal access |
Performance of a contract |
| Sending order confirmations, dispatch notifications, and delivery updates |
Performance of a contract |
| Processing returns, refunds, and resolving complaints |
Performance of a contract / Legal obligation |
| Sending marketing emails and promotions (with your consent) |
Consent (you may opt out at any time) |
| Improving our website, products, and services through analytics |
Legitimate interests |
| Detecting and preventing fraud or abuse |
Legitimate interests / Legal obligation |
| Complying with our legal and regulatory obligations |
Legal obligation |
Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies to improve your browsing experience, analyse website traffic, and personalise content. Cookies are small text files stored on your device.
Types of Cookies We Use
🔧 Essential Cookies
Required for the website to function. These cannot be disabled. Examples include session cookies and shopping cart data.
📊 Analytics Cookies
Help us understand how visitors use our site (e.g. Google Analytics). All data is anonymised and aggregated.
🎯 Marketing Cookies
Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns. Require your consent.
You can control cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may affect the functionality of our website.
We use Google Analytics to analyse website traffic. Data collected is anonymised and used only to improve our website experience. You can opt out of Google Analytics tracking via the Google Analytics Opt-Out Browser Add-on.
Sharing Your Data
We do not sell, rent, or trade your personal data to third parties. We may share your information with trusted partners only where necessary to fulfil our services to you.
Who We Share Data With
- Shipping carriers (e.g. Royal Mail, DHL, Evri) — to fulfil and track your delivery.
- Payment processors (e.g. Stripe, PayPal, Klarna) — to securely process your payment. We do not store full card details.
- Email marketing platforms (e.g. Klaviyo, Mailchimp) — to send you order updates and, with your consent, marketing emails.
- Website hosting & analytics providers (e.g. Hostinger, Google Analytics) — to operate and improve our website.
- Legal and regulatory authorities — where required by law or to protect our legal rights.
International data transfers: Some of our third-party service providers may process your data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) to protect your data in accordance with UK GDPR.
How Long We Keep Your Data
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting, or reporting obligations.
| Data Type | Retention Period | Reason |
|---|
| Order & transaction records |
7 years |
HMRC / tax compliance requirements |
| Customer account data |
Duration of account + 2 years after closure |
Customer service & legal protection |
| Marketing preferences & consent records |
Until you unsubscribe or withdraw consent |
GDPR compliance |
| Customer service correspondence |
3 years |
Dispute resolution & service improvement |
| Technical / analytics data |
26 months (anonymised) |
Website performance analysis |
Once your data is no longer required, it is securely deleted or anonymised so that it can no longer be linked back to you.
Your Data Rights
Under UK GDPR, you have the following rights regarding your personal data. You can exercise any of these rights by contacting us at Skincare@21stcy.co.uk.
Right of Access
Request a copy of the personal data we hold about you (Subject Access Request).
Right to Rectification
Ask us to correct inaccurate or incomplete personal data we hold about you.
Right to Erasure
Request that we delete your personal data where there is no legitimate reason for us to continue processing it.
Right to Restrict Processing
Ask us to limit how we use your data in certain circumstances.
Right to Data Portability
Request a copy of your data in a structured, machine-readable format to transfer to another service.
Right to Object
Object to us processing your data for direct marketing or legitimate interests purposes.
Right to Withdraw Consent
Where processing is based on consent, you may withdraw it at any time by unsubscribing or contacting us.
Right to Lodge a Complaint
If you are unhappy with how we handle your data, you may complain to the ICO (UK data protection regulator).
We will respond to all data rights requests within 30 days. In complex cases, this may be extended by a further two months — we will notify you if this applies. We do not charge a fee for exercising your rights, unless a request is manifestly unfounded or excessive.
Data Security
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against accidental loss, unauthorised access, alteration, or disclosure.
- All data transmitted via our website is encrypted using SSL/TLS technology (HTTPS).
- Payments are processed through PCI-DSS compliant payment processors. We do not store full card details on our servers.
- Access to personal data within our organisation is restricted on a need-to-know basis.
- We regularly review our security practices and update them as necessary.
Data breach notification: In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and will contact you directly where required by law.
Marketing Communications
With your consent, we may send you promotional emails, offers, and product updates from Shop21stCY Skin Store. You can opt out at any time by:
- Clicking the unsubscribe link at the bottom of any marketing email.
- Updating your preferences in your 21stCY Customer Portal.
- Emailing us directly at Skincare@21stcy.co.uk with the subject line "Unsubscribe".
Please note that even if you opt out of marketing emails, we will still send you transactional emails (such as order confirmations, dispatch notifications, and returns updates) as these are necessary for fulfilling your orders.
Children's Privacy
Our website and services are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at Skincare@21stcy.co.uk and we will take steps to delete that data promptly.
For users aged 13–17, parental or guardian consent is recommended before using our website or making purchases.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Any updates will be posted on this page with a revised "Last updated" date at the top.
We encourage you to review this page periodically. Where changes are material, we may also notify you by email or by placing a prominent notice on our website. Your continued use of our website following any changes constitutes acceptance of the updated policy.
Contact & Complaints
If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact our team:
📧 Privacy Enquiries
Email: Skincare@21stcy.co.uk
Subject line: "Privacy Request — [Your Name]"
We respond within 30 days.
🏛️ Information Commissioner's Office
If you are unsatisfied with our response, you have the right to lodge a complaint with the ICO.
Website: ico.org.uk
Helpline: 0303 123 1113
