Privacy Statement

This Privacy Statement (our Statement) sets out the basis on which any personal data within the meaning of the General Data Protection Regulation (GDPR) (EU) 2016/679 is collected and used by us.


Who we are

We are The Beauty Basket 


What we do

We sell, promote and market a range of different beauty products and cosmetics.


What is personal data?

Personal data is information which relates to an identifiable natural person.

Who is the Data Controller

The Beauty Basket is the controller of your data and is responsible for our website. We are not required to have a Data Protection Officer but have taken the step to appoint a Data Champion. This data champion can be contacted at  

Do we collect personal data?

Yes, when:

  • you opt in and provide consent to us to contact you via our website or through social media/email;
  • you use your credit or debit card to pay for your purchases on our site;
  • you interact with us via social media such as Facebook or Twitter or Instagram;
  • you direct message us via various social media platforms;
  • you make an enquiry with us;
  • you subscribe to our newsletter and/or other publications;
  • you communicate with via post and other correspondence.


What types of personal data do we obtain?

The data that we obtain includes but is not limited to the following - name, IP address, telephone number, email address and social media ‘handles’. For clarity we do not collect or process and sensitive personal data.

Categories of data that we collect

We process personal data relating to the following categories of data subject: our employees, our customers who are natural persons, our social media followers and third party employees and contractors who we do business with or who provide services to us.

How do we use your data?

We use it in order to:

  • provide products and services;
  • process your payment for your purchase;
  • protect both our interests;
  • verify credit or other charge card details;
  • manage your loyalty and reward/discount programme (if applicable);
  • identify ways that we can improve our service;
  • meet our legal and regulatory obligations;
  • provide you with marketing content that you have consented to receive;
  • answer your queries.
  • Provide you with news updates and information that you have consented to receive.


Are we allowed use your data?

Yes, provided we can identify a legitimate basis for doing so. To use your information lawfully, we rely on one or more of the following basis:

  • It is necessary for the performance of a contract to which you are party to with us;
  • it is necessary for purposes of the legitimate interests of third parties (except where those interests are overridden by your interests or fundamental rights and freedoms);
  • in compliance with legal obligations;
  • in protecting the vital interest of you or others.

Generally we do not rely on consent as a legal basis for processing your data other than in relation to sending you direct marketing communications. We have ensured that you ‘Opt In’ to receive or continue to receive these services. You have the right to withdraw consent at any time by contacting us.

Do we collect sensitive personal data?

No. Sensitive personal data includes certain categories of personal information, such as that about race, ethnicity, religion or health. 

Our Security measures

When you give us personal information, we take steps to make sure that it’s treated securely. We use strict procedures and technical security measures to safeguard your information in our offices and across all of our computer systems, networks, website and social media platforms. Our security measures include the following:

  • maintaining ongoing confidentiality, integrity, availability, access, and resilience of processing systems and services;
  • restoring the availability of and access to personal data, in the event of a physical or technical security breach;
  • maintaining robust security measures (both IT and physical)
  • ensuring our staff are fully data security and GDPR trained;
  • that our internal processes and procedures are reviewed and fit for purpose;
  • that we conduct Data Risk Impact Assessments;
  • that we test and evaluate the effectiveness of our technical and organisation measures;
  • that we ensure our third party service providers and/or contractors are GDPR compliant. 

Non-sensitive details (your email address etc.) are sent normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.


Do we share personal data with third parties?

Yes, we share personal data with:

(a) third parties who provide services to us in the course of our business subject that we disclose only the personal information that is necessary for the purpose of the performance of their services and we have contracts in place that guarantee the security of your data and the integrity of our service providers’ systems. These parties include,:

  • software management services providers;
  • payment processor service providers;
  • IT service providers;
  • data security consultants in the context of auditing our data security systems, policies and protocols.


International transfers of data

We do not transfer your data outside of the European Economic Area (EU members and Iceland, Liechtenstein and Norway) (EEA). 

The following countries have been approved by the EU Commission as providing an adequate level of data protection for the purpose of the international transfer of data: Switzerland, Guernsey, Argentina, Isle of Man, Faroe Islands, Jersey, Andorra, Israel, New Zealand and Uruguay have been approved in full. Canada has been approved for certain types of personal data. The Commission has also approved the transfer of advance airline passenger data to the US, Canada and Australia. For clarity we do not transfer data to these countries either.


We require your express consent if we wish to contact you for direct marketing purposes (by email or social media). You are entitled to withdraw your consent at any time at any time. To withdraw your consent you simply contact 


Cookies are small encrypted text files that are stored on your device by a website. Our Websites use cookies to enable you to shop, enhance your shopping experience and to analyse our traffic. For further information visit

You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. Please note that we're not responsible for the content of external websites.

How long will we hold your data for?

We will hold your data while you are a customer and for the minimum period thereafter that we are required pursuant to our legal and regulatory obligations. We will keep your data for no longer than is necessary and then securely delete your data or anonymise it so that it cannot be linked to you.

Your rights

You have the right to:

(a) request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please contact us using the contact details mentioned below. We will respond to your request within one month;

(b) ensure that your personal information held by us is accurate and up to date. If you would like us to correct or remove information you think is inaccurate please contact us using the contact details mentioned below;

(c) object to the processing of your personal data on grounds relating your particular situation if we claim that the processing is carried out on the basis that it is necessary for the purposes of our legitimate interests or those of your employer or a third party.
We can only deny your request if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claims;

(d) receive the personal data which you have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:

  • the processing is based on consent or on a contract, and
  • the processing is carried out by automated means. 

(e) require that we no longer contact you for marketing purposes (by means of an ‘unsubscribe’ link or ‘Stop’ text message);

(f) be forgotten. Should you wish for us to completely delete all information that we hold about you please contact us using the contact details mentioned below;

(g) lodge a complaint (concerning the manner and means of our processing of your personal data) with the Office of the Data Protection Commissioner (

Our contact details

If you wish to contact us for any of the reasons set out above or you have any questions about our privacy policy or you wish to make a complaint with regard to the manner and means in which your data is processed by us or with regard to any other matter in relation to your data, you can write, call or email our data champion at:


Changes to our Privacy Statement

Finally, please note that we may revise or update our Policy at any time subject that we will at all times comply with our obligations under the General Data Protection Regulation (GDPR) (EU) 2016/679.