Privacy Policy
MCOBEAUTY – PRIVACY POLICY
Welcome to MCoBeauty! MCoBeauty is a trading name of VidaCorp UK Ltd, a company registered in England and Wales, with company number 16046095 and VidaCorp Netherlands B.V., a company registered in the Netherlands with company number 96704942 (we, us or our). We understand that protecting your personal data is important. This Privacy Policy sets out our commitment to protecting the privacy of personal data provided to us, or otherwise collected by us when providing our website and beauty products (Services) or when otherwise interacting with you.
Within the scope of this Privacy Policy VidaCorp UK Ltd acts as the controller for the personal data we process for the operations in the United Kingdom and the Republic of Ireland. For the operations in Europe (Netherlands, Belgium and Luxembourg), VidaCorp Netherlands B.V. acts as the controller for the processing of personal data. It is important that you read this Privacy Policy together with any other detailed privacy notices we may provide when we are collecting or processing personal data about you so that you understand our privacy practices in relation to your data.
The information we collect
Personal data: is information that relates to an identified or identifiable individual. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and disclose different kinds of personal data about you which we have listed below:
- Identity Data including first name and last name.
- Contact Data including billing address, delivery address, email address and telephone numbers.
- Financial Data including bank account and payment card details (through our third party payment processors, Shopify Payments, Afterpay, PayPal and Klarna).
- Transaction Data including details about payments from you to us and other details of products and services you have purchased from us.
- Technical and Usage Data including internet protocol (IP) address, your login data, your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour, information about your access and use of our website, including through the use of Internet cookies, your communications with our website, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider.
- Profile Data including your username and password for our website, profile picture, purchases or orders you have made with us, support requests you have made, content you post, send, receive and share through our website, information you have shared with our social media platforms, your interests, preferences, feedback and survey responses.
- Interaction Data, including information you provide to us when you participate in any interactive features of our Services, including surveys, contests, promotions, activities or events.
- Marketing and Communications Data, including your preferences in receiving marketing from us and our third parties, and your communication preferences.
- Professional data, including where you are applying for a role with us, your professional history, such as your previous positions and professional experience.
- Special Categories of Personal Data is a special category of personal data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not actively request special categories of data about you, nor do we collect any information about criminal convictions and offences. If at any time we need to collect special categories of data about you, we will only collect it and use it as required or authorised by law.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.
How we collect personal data
We collect personal data in a variety of ways, including:
- Directly: We collect personal data which you directly provide to us, including when you register for an account, make a purchase via our website, through the ‘contact us’ form on our website or when you request our assistance via email, or over the telephone.
- Indirectly: We may collect personal data which you indirectly provide to us while interacting with us, such as when you use our website, in emails, over the telephone and in your online enquiries.
- From third parties: We collect personal data from third parties, such as details of your use of our website from our analytics and cookie providers and marketing providers. See the “Cookies” section below for more detail on the use of cookies.
- From publicly available sources: We collect personal data from publicly available resources such as social media sites including Facebook, Instagram and TikTok.
Purposes and legal bases for processing
We collect and process personal data about you only where we have legal bases for doing so under applicable laws. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please reach out to us if you need further details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|
Purpose of use / disclosure |
Type of Data |
Legal Basis for processing |
|
To provide our Services to you, including to dispatch and deliver our products to you. |
· Identity Data · Contact Data · Transaction Data |
· Performance of a contract with you |
|
To contact and communicate with you about our Services including in response to any support requests you lodge with us or other enquiries you make with us. |
· Identity Data · Contact Data · Profile Data
|
· Performance of a contract with you · Legitimate interests: to ensure we provide the best client experience we can offer by responding to your enquiries
|
|
To contact and communicate with you about any enquiries you make with us via our website. |
· Identity Data · Contact Data · Profile Data |
· Legitimate interests: to ensure we provide the best client experience we can offer by answering all of your questions |
|
For internal record keeping, administrative, invoicing and billing purposes. |
· Identity Data · Contact Data · Financial Data · Transaction Data |
· Performance of a contract with you · To comply with a legal obligation · Legitimate interests: to recover debts due to us and ensure we can notify you about changes to our terms of service and any other administrative points |
|
For analytics, market research and business development, including to operate and improve our Services, associated applications and associated social media platforms. |
· Profile Data · Technical and Usage Data |
· Legitimate interests: to keep our website updated and relevant, to develop our business, improve our Services and to inform our marketing strategy |
|
For advertising and marketing, including to send you promotional information about our events and experiences and information that we consider may be of interest to you. |
· Identity Data · Contact Data · Technical and Usage Data · Profile Data · Marketing and Communications Data |
· Consent · Legitimate interests: to develop our Services and grow our business |
|
To run promotions, competitions and/or offer additional benefits to you. |
· Identity Data · Contact Data · Profile Data · Interaction Data · Marketing and Communications Data |
· Consent · Legitimate interests: to facilitate engagement with our business and grow our business |
|
If you have applied to work with us; to consider your application. |
· Identity Data · Contact Data · Professional Data |
· Legitimate interests: to consider your employment application
|
|
To comply with our legal obligations or if otherwise required or authorised by law. |
· All relevant Personal Data |
· To comply with a legal obligation
|
We may in some cases use automated decision-making, including profiling if it is authorised by relevant legislation. These decisions are based on data such as your browsing behaviour and previous purchases, which are analysed to assess your preferences and match you with products you are likely to be interested in. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you. If you are subject to an automated decision with significant effects, you have the right to request human intervention, express your point of view, and contest the decision.
If you have consented to our use of data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your data because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using our services. Further information about your rights is available below.
Our disclosures of personal data to third parties
We may disclose your personal data to third parties in accordance with this Privacy Policy, but we will never sell your personal data.
We may disclose personal data to the extent that this is strictly necessary, to:
- our employees, contractors and/or related entities;
- IT service providers, data storage, web-hosting and server providers such as Shopify, Microsoft Azure, Google Workspace and Gorgias;
- marketing or advertising providers such as Klaviyo, Flowbox, Power Reviews, Bazaarvoice, Tolstoy and Okendo;
- our logistics providers;
- professional advisors, bankers, auditors, our insurers and insurance brokers;
- payment systems operators such as Shopify Payments, Afterpay, PayPal and Klarna;
- our existing or potential agents or business partners;
- sponsors or promoters of any promotions or competition we run;
- anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
- courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
- courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
- third parties to collect and process data, such as Triple Whale, Meta Pixel or other relevant analytics businesses; and
- any other third parties as required or permitted by law, such as where we receive a summons.
Overseas transfers
We are a global business, and some of our employees, contractors and/or related entities are located in countries outside of the United Kingdom or the Netherlands, as applicable.
Where we disclose personal data to the third parties listed above, these third parties may store, transfer or access personal data outside of the United Kingdom or the Netherlands (as applicable), including Australia and the United States of America. The level of data protection in countries outside of the United Kingdom or the Netherlands (as applicable) may be less comprehensive than what is offered in the United Kingdom.
Where we transfer your personal data outside of the United Kingdom or the Netherlands (as applicable), whether to our related entities or to other third parties, we will perform those transfers using appropriate safeguards in accordance with the requirements of applicable data protection laws and we will protect the transferred personal data in accordance with this Privacy Policy. This includes
- only transferring your personal data to countries that have been deemed by applicable data protection laws to provide an adequate level of protection for personal data; or
- including standard contractual clauses in our agreements with third parties that are overseas.
Data retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us. In some circumstances you can ask us to delete your data: see below for further information.
Your rights and controlling your personal data
Your choice: Please read this Privacy Policy carefully. If you provide personal data to us, you understand we will collect, hold, use and disclose your personal data in accordance with this Privacy Policy. You do not have to provide personal data to us, however, if you do not, it may affect our ability to provide our Services to you and your use of our Services.
Information from third parties: If we receive personal data about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal data about somebody else, you represent and warrant that you have such person’s consent to provide the personal data to us.
Access, correction, processing and portability: You may request details of the personal data that we hold about you and how we process it (commonly known as a “data subject request”). You may also have a right in accordance with applicable data protection law to have your personal data rectified or deleted, to restrict our processing of that information, to object to decisions being made based on automated processing where the decision will produce a legal effect or a similarly significant effect on you, to stop unauthorised transfers of your personal data to a third party and, in some circumstances, to have personal data relating to you transferred to you or another organisation.
Unsubscribe: To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.
Withdraw consent: Where we are relying on consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You have the right to make a complaint at any time to the relevant supervisory authority.
For the United Kingdom this is the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk).
For the Republic of Ireland this is the Data Protection Commissioner (How to contact us | Data Protection Commission).
For the Netherlands this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
Autoriteit Persoonsgegevens
PO Box 93374
2509 AJ The Hague
The Netherlands
www.autoriteitpersoonsgegevens.nl
A list of Europe’s data protection authorities can be found here.
We would, however, appreciate the chance to deal with your concerns before you approach the relevant supervisory authority, so please contact us in the first instance.
If you wish to exercise any of the rights set out above, please contact us using the details set out below. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Storage and security
We are committed to ensuring that the personal data we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal data and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.
Cookies
We may use cookies on our website from time to time. Cookies are text files placed in your computer's browser or hard drive to store your preferences and to provide a better user experience. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online services and may allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If you choose to provide our online services with personal data, this data may be linked to the data stored in the cookie. Where required by law, we will always seek your consent before placing any non-essential cookies on your device. For more information about the cookies we use, or to update your consent preferences, please see our Cookie Policy available here.
Links to other websites
Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal data which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.
Amendments
We may change this Privacy Policy from time to time. We will notify you if we make a significant change to this Privacy Policy, by contacting you through the contact details you have provided to us and by publishing an updated version on our website.
For any questions or notices, please contact our Data Protection Officer (DPO) at:
For UK and the Republic of Ireland: VidaCorp UK Ltd, a company registered in England and Wales, with company number 16046095.
Email: info@mcobeauty.co.uk
For Europe: VidaCorp Netherlands B.V., a company registered in the Netherlands with company number 96704942
Email: info@mcobeauty.eu
Please ensure that any communications to VidaCorp are marked for the attention of the Data Protection Officer.
Last update: 18 June 2025
Want 20% off?
Join the world of MCoBeauty to receive 20% off your first purchase
©2025 MCoBeauty. All Rights Reserved.
