Free UK tracked delivery on featured beauty boxes — weekly updates.
Beauty Box LogoBeauty Box
MakeupSkincareHairFragranceVegan PicksUnder £25

Privacy Policy

Identity of the Data Controller

Beauty Box Limited is a company incorporated in England and Wales with company registration number 14258739. Our registered office is located at 18 Rosewood Avenue, Manchester, M14 6FH, United Kingdom. Beauty Box Limited acts as the data controller for the purposes of applicable data protection laws, including the UK GDPR and the Data Protection Act 2018. For any privacy-related inquiries, you may contact us via email at privacy@beautybox.co.uk.

Scope of This Privacy Policy

This Privacy Policy applies to all personal data collected through the Beauty Box website and related services within the beauty sector. It explains how we collect, use, disclose, and safeguard your information in compliance with UK GDPR and, where applicable, the California Consumer Privacy Act (CCPA). By accessing or using our services, you acknowledge that your personal data will be processed as described herein. This policy applies regardless of the device or method used to access our platform.

Categories of Personal Data Collected

We collect personal data including, but not limited to, identification information such as name, email address, billing and shipping addresses, and payment details. We may also collect technical data such as IP address, browser type, and usage data through cookies and similar technologies. Additionally, we may process transactional data relating to purchases and preferences within our beauty product offerings. All data is collected lawfully, fairly, and transparently.

Legal Basis for Processing

We process personal data in accordance with the lawful bases set out under the UK GDPR. This includes processing necessary for the performance of a contract, compliance with legal obligations, legitimate business interests, and, where applicable, your consent. Where consent is relied upon, you have the right to withdraw it at any time without affecting the lawfulness of prior processing. We ensure that all processing activities are proportionate and necessary.

Use of Personal Data

Your personal data is used to provide and improve our services, process transactions, and manage customer relationships. We may also use your data to personalize your experience and communicate marketing materials where you have provided consent. We also use personal data to comply with legal obligations and to prevent fraudulent or unlawful activities. All uses are aligned with the purposes for which the data was collected.

Sharing and Disclosure of Data

We may share personal data with trusted third-party service providers, including payment processors, delivery partners, and IT service providers, strictly for operational purposes. All third parties are contractually bound to process data in compliance with applicable data protection laws. We do not sell personal data; however, under CCPA definitions, certain disclosures may be considered “sharing” for service delivery purposes. Data may also be disclosed where required by law or regulatory authorities.

Data Security Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorized access, loss, or destruction. These measures include encryption, access controls, and secure server infrastructure. While we strive to safeguard all data, no system is entirely secure, and we cannot guarantee absolute security. We regularly review and update our security practices to ensure ongoing compliance.

Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. Retention periods are determined based on the nature of the data and the applicable legal requirements. Once data is no longer required, it is securely deleted or anonymised. We maintain clear internal policies governing data retention and disposal.

Your Rights Under GDPR and CCPA

Under UK GDPR, you have rights including access, rectification, erasure, restriction of processing, data portability, and objection to processing. Under CCPA, eligible individuals have rights to know, delete, and opt out of certain data sharing practices. You may exercise these rights by contacting us using the details provided below, and we will respond within statutory timeframes. We may require verification of identity before fulfilling any request.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you may contact us at Beauty Box Limited, 18 Rosewood Avenue, Manchester, M14 6FH, United Kingdom. You can also reach our data protection team via email at legal@beautybox.co.uk. We are committed to resolving any issues promptly and in accordance with applicable data protection laws. You also have the right to lodge a complaint with the UK Information Commissioner's Office if necessary.