Privacy Policy

Last updated: 12/13/2025

1. Introduction

Welcome to GirlSecret UK. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: GirlSecret UK Ltd
Registered in: England and Wales
Email: privacy@girlsecretuk.com
Data Protection Officer: dpo@girlsecretuk.com

2. Information We Collect

We collect and process the following categories of personal data about you:

Identity Data:

  • First name and last name
  • Username or similar identifier
  • Title
  • Date of birth (if provided)

Contact Data:

  • Email address
  • Telephone numbers
  • Billing and delivery addresses

Financial Data:

  • Payment card details (processed securely by our payment providers)
  • Bank account details (if provided for refunds)

Transaction Data:

  • Details about payments to and from you
  • Products and services you have purchased
  • Order history

Technical Data:

  • IP address
  • Browser type and version
  • Device type
  • Operating system
  • Time zone setting and location
  • Cookie data

Usage Data:

  • Information about how you use our website
  • Pages viewed and time spent on pages
  • Products viewed
  • Search queries

Marketing and Communications Data:

  • Your preferences for receiving marketing from us
  • Your communication preferences

3. How We Collect Your Data

We collect personal data through:

  • Direct interactions: When you create an account, place an order, subscribe to our newsletter, contact us, or complete forms on our website
  • Automated technologies: As you interact with our website, we automatically collect Technical and Usage Data through cookies and similar technologies
  • Third parties: We may receive data from analytics providers (such as Google Analytics), advertising networks, and payment processors

4. How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • To process and deliver your orders: Including managing payments, fees, and charges, and collecting money owed to us
  • To manage our relationship with you: Including notifying you about changes to our terms or privacy policy, and asking you to leave a review or take a survey
  • To provide customer service: Responding to your queries, complaints, and requests
  • To send you marketing communications: About products and services we think may interest you (only where you have consented or we have a legitimate interest)
  • To improve our website and services: Using data analytics to improve our website, products, services, marketing, and customer experience
  • To protect our business: Fraud prevention, security monitoring, and compliance with legal obligations
  • To personalize your experience: Showing you content and recommendations based on your preferences

5. Legal Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal bases:

  • Contract performance: Processing necessary to fulfill our contract with you (e.g., processing orders)
  • Legitimate interests: Processing necessary for our legitimate business interests (e.g., improving our services, fraud prevention)
  • Consent: Where you have given clear consent for us to process your data for a specific purpose (e.g., marketing emails)
  • Legal obligation: Processing necessary to comply with the law (e.g., tax and accounting requirements)

6. Marketing Communications

We may send you marketing communications about our products and services if:

  • You have created an account or made a purchase and have not opted out
  • You have subscribed to our newsletter
  • You have consented to receive marketing communications

Your right to opt-out: You can unsubscribe from marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Contacting us at unsubscribe@girlsecretuk.com
  • Updating your preferences in your account settings

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience. Cookies are small text files stored on your device.

Types of cookies we use:

  • Essential cookies: Necessary for the website to function (e.g., shopping cart)
  • Performance cookies: Collect anonymous data about how visitors use our site (e.g., Google Analytics)
  • Functionality cookies: Remember your preferences and choices
  • Marketing cookies: Track your online activity to show you relevant ads

Managing cookies: You can set your browser to refuse cookies or alert you when cookies are being sent. However, some parts of our website may not function properly without cookies.

8. Sharing Your Data

We may share your personal data with third parties in the following circumstances:

  • Service providers: Delivery companies, payment processors, email service providers, and website hosting companies who help us operate our business
  • Analytics providers: Such as Google Analytics to help us understand website usage
  • Marketing partners: With your consent, for targeted advertising
  • Legal requirements: When required by law, court order, or to protect our legal rights
  • Business transfers: In the event of a sale, merger, or acquisition of our business

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only permit them to process your data for specified purposes and in accordance with our instructions.

9. International Transfers

Your personal data may be transferred to and processed in countries outside the UK. When we transfer your data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO)
  • Adequacy decisions recognizing countries with adequate data protection laws
  • Binding Corporate Rules for transfers within multinational companies

10. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized way. These include:

  • SSL/TLS encryption for all data transmission
  • Secure servers with firewall protection
  • Access controls limiting who can access your data
  • Regular security assessments and updates
  • Staff training on data protection

Payment security: We do not store your complete payment card details. All payment transactions are processed securely by PCI-DSS compliant payment providers.

11. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including:

  • Account data: Retained while your account is active, plus 2 years after closure (for legal and accounting purposes)
  • Transaction data: Retained for 7 years (to comply with tax and accounting laws)
  • Marketing data: Until you unsubscribe or request deletion
  • Technical data: Typically retained for 2 years

When we no longer need your data, we will securely delete or anonymize it.

12. Your Legal Rights

Under the UK GDPR and Data Protection Act 2018, you have the following rights:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing: Request that we limit how we use your data
  • Right to data portability: Receive your data in a portable format to transfer to another provider
  • Right to object: Object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent: Withdraw consent for processing at any time (where consent is the legal basis)
  • Right to complain: Lodge a complaint with the Information Commissioner's Office (ICO)

How to exercise your rights: Contact us at privacy@girlsecretuk.com. We will respond to your request within one month.

13. Children's Privacy

Our website is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

14. Third-Party Websites

Our website may contain links to third-party websites, plug-ins, and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. Please review their privacy policies before providing them with any information.

15. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. The updated policy will be posted on this page with a new "Last updated" date.

We encourage you to review this privacy policy periodically. If we make significant changes, we will notify you by email or through a prominent notice on our website.

16. Contact Us & Complaints

If you have any questions about this privacy policy or how we handle your personal data, please contact us:

Email: privacy@girlsecretuk.com
Data Protection Officer: dpo@girlsecretuk.com
Phone: +44 (0) 20 1234 5678
Post: GirlSecret UK Ltd, Data Protection Enquiries, [Full Address to be provided]

Right to complain to ICO: If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Phone: 0303 123 1113
Website: ico.org.uk