8COM Beauty – Privacy Policy 

Shape 

1. Introduction 

8COM Beauty (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. 

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you visit our website, create an account, place an order, or otherwise interact with our services. 

We comply with: 

  • UK General Data Protection Regulation (UK GDPR) 

  • EU General Data Protection Regulation (EU GDPR) 

  • UK Data Protection Act 2018 

  • Saudi Personal Data Protection Law (PDPL) (where applicable) 

  • Other applicable data protection laws in GCC & MENA 

This policy must be read together with: 

  • Terms & Conditions 

  • Shipping Policy 

  • Returns & Refunds Policy 

  • Cosmetics Warranty Policy 

  • Cookie Policy 

Shape 

2. Data Controller 

Brand Name: 8COM Beauty 
Business Type: Online retailer of cosmetics and beauty products 
Fulfilment Locations: UK and EU 
Service Regions: UK, EU, GCC, MENA 

Data Protection Contact: 
📧 legal@8combeauty.com 

Customer Support: 
📧 support@8combeauty.com 

(Legal entity name, registration number, and registered address should be added here once published.) 

Shape 

3. Personal Data We Collect 

A. Identity & Contact Data 

  • Full name 

  • Email address 

  • Phone number 

  • Billing and shipping address 

B. Order & Transaction Data 

  • Products purchased 

  • Order history 

  • Invoice and payment references 

⚠️ We do not store card details. Payments are handled by PCI-DSS compliant providers. 

C. Technical Data 

  • IP address 

  • Browser and device type 

  • Operating system 

  • Cookies and usage logs 

D. Customer Support Data 

  • Communications sent to us 

  • Images or evidence provided (e.g. damaged items) 

E. Third-Party Data 

  • Payment confirmations 

  • Shipping and tracking updates 

  • Fraud prevention indicators 

Shape 

4. Purposes & Legal Bases (UK/EU GDPR) 

Purpose 

Legal Basis 

Account creation & management 

Contract performance 

Order processing & delivery 

Contract performance 

Payments & invoicing 

Legal obligation 

Customer service & returns 

Contract / Legitimate interest 

Fraud prevention & security 

Legal obligation / Legitimate interest 

Website improvement & analytics 

Legitimate interest 

Marketing communications 

Consent (opt-in only) 

Shape 

5. Marketing Communications 

You will only receive marketing communications if you explicitly opt in. 

You may withdraw consent at any time by: 

  • Clicking “unsubscribe” 

  • Updating account preferences 

  • Contacting support 

Transactional messages (order confirmations, shipping updates) are not marketing. 

Shape 

6. Cookies & Tracking 

We use cookies in line with UK PECR and EU ePrivacy rules. 

  • Essential cookies – required for site operation 

  • Analytics cookies – only with consent 

  • Marketing cookies – only with consent 

You can manage preferences via: 

  • Cookie banner 

  • Browser settings 

See our Cookie Policy for full details. 

Shape 

7. Data Sharing 

We only share data where strictly necessary, including with: 

  • Payment processors 

  • Shipping and logistics providers 

  • Hosting, analytics, and security providers 

  • Regulatory or law-enforcement authorities (when legally required) 

🚫 We never sell personal data. 

Shape 

8. International Transfers 

Because we operate across regions, your data may be transferred outside the UK or EU. 

When this occurs, we apply appropriate safeguards, including: 

  • UK Addendum to EU Standard Contractual Clauses 

  • EU SCCs 

  • Contractual data protection obligations 

  • Secure cloud infrastructure 

Shape 

9. Data Retention 

We retain personal data only as long as necessary: 

Data Type 

Retention 

Orders & invoices 

Up to 7 years (tax/legal) 

Customer accounts 

Until deletion request 

Marketing data 

Until consent withdrawn 

Fraud/security data 

As required by law 

Shape 

 

10. Your Rights (UK & EU GDPR) 

You have the right to: 

  • Access your data 

  • Correct inaccurate data 

  • Request erasure (where legally permitted) 

  • Restrict or object to processing 

  • Withdraw consent 

  • Data portability 

  • Not be subject to automated decision-making 

To exercise rights: 
📧 support@8combeauty.com | legal@8combeauty.com 

We respond within 30 days. 

Shape 

11. Supervisory Authorities 

  • UK: Information Commissioner’s Office (ICO) 

  • EU: Your local Data Protection Authority 

Shape 

12. Children’s Data 

Our services are not intended for children under 16. 
If a child’s data has been provided without consent, contact us for removal. 

Shape 

13. Security Measures 

We use: 

  • SSL/TLS encryption 

  • Role-based access controls 

  • Secure hosting 

  • Fraud monitoring 

Shape 

14. Policy Updates 

We may update this policy to reflect legal or operational changes. 
The latest version will always be published on our website. 

Shape