FREE Delivery over £25
Next Day Delivery Until Midnight
New Customers Get Up To Extra 20%
4.7* Trustpilot Rating 450k+ Reviews
PAYDAY SALE: UP TO 55% OFF | CLICK TO SHOP

Privacy Policy

INTRODUCTION

allbeauty respects your privacy and we want you to feel confident and comfortable with how your personal information will be looked after or used by us when you access our website, purchase a product, contact us, or otherwise interact with us. We have prepared this privacy policy (“Privacy Policy”) to explain to you how we collect, use, store, and disclose your personal information in connection with our business, including via the website www.allbeauty.com (“Website”). The Website is hosted on the Shopify e-commerce platform. It also explains what rights you have in relation to accessing or changing your personal information. Please take the time to read and understand this Privacy Policy.

Our Website is not intended for children. We do not knowingly collect or maintain the personal information of children under the age of 13. If you are under the age of 13, please do not access our Website. We will take appropriate steps to delete the personal information of persons under the age of 13.

ABOUT US

We are IEB Trading Limited t/a allbeauty, a private company registered in Guernsey under registration number 44872 with its registered office at Unit 10, Rock Business Centre, Braye Road, Guernsey, GY3 5PG (allbeauty, we, us, our). Our VAT number is GB206369021.

If you have any questions about this Privacy Policy or our use of your personal information, you can contact us as follows:

FAO: info@allbeauty.com

You can also contact us to inform us of any changes to the personal information we hold about you. This will help us to make sure that our records are accurate and up to date.

INFORMATION WE WILL COLLECT ABOUT YOU

We will collect, use, store and transfer different kinds of information that you provide to us when you:

  • Make an enquiry, provide feedback, make a complaint or any other correspondence over the phone, by email or on the Website.

  • Report a problem with the Website.

  • Subscribe to our newsletter and/or mailing lists.

  • Enter one of our prize draws.

  • Order products from us.

  • Submit any reviews and comments on the Website or interact with our social media accounts which may include Twitter, Facebook and Instagram.

  • Use the Website generally. This means that we will collect certain information about how you use the Website and the device that you use to access the Website, even where you have not created an account or logged in. This information may include login data, IP address, page views, searches, requests, orders, pre-approvals, confirmations and other actions on the Website, and may be collected by a third-party website analytics service provider on our behalf and/or may be collected using cookies or similar technologies. For more information on cookies please refer to our Cookie Banner, managed by Pandectes, which is presented when you first visit the Website.

Such information may include (depending on the circumstances):

Identity and contact data: This includes titles, names, delivery address, email addresses, phone numbers and other contact details you may provide to us.

Financial data: If you are using the Website to purchase products you will also provide payment details, which may include billing addresses and credit/debit card details. Payment transactions are processed by Adyen, our third-party payment gateway. We do not store your full payment card details on our systems.

Account data: If you create an account on the Website, we will collect your username, password and other information used for account security purposes. You are responsible for keeping your account credentials safe. We recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately using the details set out above.

Website usage data: This includes information about your interactions with the Website, such as login data, IP address, page views, searches, and other actions on the Website. Our Website is hosted on Shopify, which collects certain usage data as part of the platform’s operation, including through Shopify’s own analytics tools.

Technical data: For example, your geographical location, information about the device you use to access the Website such as your hardware model, mobile network information, unique device identifiers.

Marketing and communications data: This includes your preferences in receiving marketing from us and our third parties and your communication preferences.

In certain circumstances, we will receive information about you from third parties. For example:

Advertising parties: We may receive personal information that you submit to any third party website that you access from an advertisement on the Website. Please check the privacy policy of any website to which you submit information.

Service providers: We may collect personal information from our website platform provider (Shopify), payment gateway (Adyen), IT support providers, customer service support providers and marketing services providers (who may be based inside or outside the UK and/or the EU).

Publicly available sources: We may use publicly available sources for instance to carry out identity and compliance checks.

Other third parties: We might also receive information about you from third parties if you have indicated to such third party that you would like to hear from us.

USE OF YOUR INFORMATION

We use your information in the following ways:

Provide access to the Website: To provide you with access to the Website in a convenient and optimal manner.

Products: To process orders for products placed on the Website and to provide customer service in relation to such product orders.

Prize Draw: To administer any prize draw, including notifying winners.

Relationship management: To manage our relationship with you, which may include notifying you about changes to our Terms and Conditions and Privacy Policy.

User and customer support: To provide user or customer service and support by dealing with enquiries or complaints about the Website and share your information with our website platform provider, IT support providers, payment services provider, and security providers as necessary to provide the necessary support.

Marketing: To keep in contact with you about our news, events, new features, products or services that we believe may interest you, provided that, where necessary, we have the requisite permission to do so, or where it is in our legitimate interests to provide you with marketing communications where we may lawfully do so.

Social media interactions: To interact with users on social media platforms including Instagram, for example, responding to comments and messages, posting, ‘retweeting’ and ‘liking’ posts.

Research and Analytics: To carry out research about general engagement with our Website, including through Shopify’s built-in analytics, and to use data analytics to improve our Website, products/services, marketing, customer relationships and experiences.

Fraud prevention: To detect and prevent crime including fraud, including through fraud detection services provided by Adyen.

Compliance with policies, procedures and laws: To enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our staff and share your information with our technical and legal advisors.

DISCLOSURE OF YOUR INFORMATION

We do not sell your personal information. However, we may disclose it to certain third parties in order to allow us to provide the Website and other services to you, enforce our rights or to comply with legal or regulatory obligations. Such third parties include:

Platform provider: Our Website is hosted on Shopify. Shopify processes your personal data as a data processor on our behalf in order to provide us with the e-commerce platform and related services. Shopify’s processing of your data is governed by their Data Processing Addendum. For EEA and UK customer data, Shopify’s initial processing is handled by Shopify International Limited (Ireland), though data may subsequently be transferred to other jurisdictions including Canada and Singapore.

Payment gateway: Adyen processes your payment data as a data processor on our behalf. Adyen N.V. is headquartered in the Netherlands and is supervised by the Dutch Central Bank as a regulated bank. Adyen uses Standard Contractual Clauses to safeguard any transfers of personal data outside the EEA.

Other service providers: Service providers we work with to deliver our business, who are acting as processors and provide us with:

  • IT, system administration and security services;

  • marketing and advertising services; and

  • delivery services.

Shopify apps: We may use third-party applications integrated with the Shopify platform to provide additional functionality on our Website. These apps may access certain personal data in order to perform their functions. We require all such app providers to process your data in accordance with applicable data protection laws.

Regulators and governmental bodies: HM Revenue & Customs, regulators, governmental bodies and other authorities acting as processors or separate controllers who require reporting of processing activities in certain circumstances.

Marketing partners: Any selected third party that you consent to our sharing your information with for marketing purposes.

Prospective sellers and buyers of our business: Any prospective seller or buyer of such business or assets, only in the event that we decide to sell or buy any business or assets.

Other third parties (including professional advisers): Any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION

We will only process your personal information where we have a legal basis to do so. The legal basis will depend on the purposes for which we have collected, and use, your personal information. In almost every case the legal basis will be one of the following:

  • Performance of your contract with us and the provision of our services and/or products to you.

  • Your consent (where we request it).

  • Our legitimate interests or the legitimate interests of a third party (where appropriate).

  • Where we need to comply with a legal or regulatory obligation.

Where we use your information for our legitimate interests (or that of a third party), we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests (or those of a third party) do not automatically override yours and we will not use your information if we believe your interests should override ours, unless we have other grounds to do so (such as your consent or a legal obligation).

WHERE WE STORE YOUR PERSONAL DATA

We are located in Guernsey. Our Website is hosted on Shopify’s platform. For EEA and UK customer data, Shopify’s initial processing is handled by Shopify International Limited in Ireland. However, your personal data may subsequently be transferred to and processed in other countries, including Canada and Singapore, where Shopify, its affiliated companies or third-party sub-processors are located. Payment data is processed by Adyen N.V., headquartered in the Netherlands, with transfers outside the EEA governed by Standard Contractual Clauses.

Your personal information may also be stored and processed in Guernsey and in other countries which have less strict or no data protection laws when compared to those in the EEA or the UK.

Whenever we transfer your information as described above, we will take steps which are reasonably necessary to ensure that adequate safeguards are in place to protect your personal information and to make sure it is treated securely and in accordance with this Privacy Policy. Safeguards relied upon include:

  • Adequacy decisions by the European Commission (this includes Guernsey);

  • Standard Contractual Clauses approved by the European Commission (used by both Shopify and Adyen for international data transfers); and

  • Other approved data transfer mechanisms as appropriate.

If you are located in the EEA or the UK, you may contact us for a copy of the safeguards which we have put in place to protect your personal information and privacy rights in these circumstances.

DATA RETENTION

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

By law, we have to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for a minimum statutory period after they cease being customers for tax, corporate, and legal purposes.

As a general rule, we apply the following specific retention periods:

  • Customer Accounts and Transactional Data: We retain your account information, purchase history, and transactional data for 6 years from the date of your last transaction or account activity. This is to comply with our statutory obligations under Guernsey tax law and to ensure we can resolve any subsequent legal claims or product queries.

  • Marketing and Newsletter Data: We will retain your contact details for marketing purposes for as long as you choose to remain subscribed. If you opt out or withdraw your consent, we will move your data to a suppressed "do not contact" list within 30 days to ensure your preference is respected, and we will delete the historical marketing tracking data within 12 months of your unsubscription.

  • Customer Enquiries and Correspondence: If you contact our customer support team with an enquiry, complaint, or feedback (via email, phone, or website form) and do not hold an active customer account, we will securely delete or anonymize this correspondence 2 years after the matter has been fully resolved.

  • Website Analytics and Device Data: Technical data collected automatically via our website cookies and analytics tools (such as IP addresses and browsing behavior) is retained for a maximum of 14 months before being automatically deleted or completely anonymized, in line with industry standards.

In some circumstances, you can ask us to delete your data: see YOUR LEGAL RIGHTS below for further information. In some circumstances, we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

COOKIES AND TRACKING TECHNOLOGIES

Our Website uses cookies and similar tracking technologies (such as pixels, web beacons, and scripts). These technologies are placed both by us and by third parties whose services we use (including Shopify platform cookies necessary for the secure operation of our e-commerce platform).

When you first visit our Website, you will be presented with a cookie consent banner managed by Pandectes, our Consent Management Platform. Depending on your geographical location, the banner functions as follows:

  • Guernsey, UK, and EU Residents: Non-essential cookies (such as analytics, performance, and targeted advertising cookies) will be blocked by default and will not be placed on your device unless you provide explicit, affirmative consent via the banner.

  • United States and Canadian Residents: You will be provided with options to customize your preferences or opt-out of cookies used for targeted advertising. Our Pandectes framework is also configured to recognize and automatically honor the Global Privacy Control (GPC) signal transmitted by your browser, treating it as a valid opt-out request for targeted advertising.

Essential cookies required for the basic operation of the Website, shopping cart functionality, user security, and the core Shopify platform will be set regardless of your choice, as they are legally processed under our legitimate interests to provide a functioning website.

Managing Your Preferences: You are never locked into your initial choice. You can view a full, dynamically updated list of the specific cookies active on our store, view their expiration periods, and modify or completely withdraw your consent at any time by clicking the "Cookie Settings" link located in the footer of our Website.

PROTECTION OF YOUR INFORMATION, SECURITY AND PASSWORDS

Our Website has security measures in place to protect against the loss, misuse, unauthorised use, access or alteration of your personal data. For example, certain areas of our Website use industry standard SSL to encrypt sensitive data, like your billing address.

Unfortunately the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of data transmitted to our Website.

THIRD PARTY WEBSITES

Our Website has security measures in place to protect against the loss, misuse, unauthorised use, access or alteration of your personal data. The Website is hosted on Shopify’s platform, which provides industry-standard security measures including SSL/TLS encryption across all pages. Payment data is processed by Adyen, which is PCI DSS compliant and uses tokenisation to protect cardholder data.

If you create an account on the Website, you are responsible for maintaining the confidentiality of your account credentials. We recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately using the contact details set out above.

Unfortunately the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of data transmitted to our Website.

USER GENERATED CONTENT

The Website may enable you to post product reviews and other user-generated content. If you choose to submit user-generated content to any public area of the Website, this content will be public and accessible by anyone.

We do not control who will have access to the information that you choose to make available to others, and cannot ensure that parties who have access to such information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available, or for the accuracy, use or misuse of any information that you disclose or receive from third parties.

THIRD PARTY WEBSITES

The Website may contain advertisements and links to websites that are operated by third parties including our affiliates. We do not control and accept no liability or responsibility for those advertisements, websites or feeds and this Privacy Policy does not apply to those advertisements or websites. Please consult the terms and conditions and privacy policy of the third party responsible for such advertisements or websites to find out how they collect and use your personal information and to establish what they may use your personal information for.

YOUR RIGHTS

In some situations, you can ask for access to your personal data, correct your data, delete your data, or object to our use of your data. If you wish to exercise any of those rights, please contact us using the contact details set out at the top of this Privacy Policy.

Subject to certain legal conditions, you have a number of rights in respect of the personal information we hold about you. These include:

Information: you have the right to be informed of the ways we use your information, as we seek to do in this Privacy Policy;

Access: you have the right to request, free of charge, access to a copy of the personal information that we hold about you;

Rectification: you can ask us to change, correct, or complete any inaccurate, incomplete, or out-of-date personal information that we hold about you;

Consent: If you have given us your consent to use your personal information (for example, for marketing purposes), you can withdraw your consent at any time;

Objection: you can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You can also object to our use of your personal information for direct marketing purposes;

Portability: In certain circumstances, you can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form;

Restriction: you can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it;

Erasure: you can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it;

Right to opt out of sale, sharing or targeted advertising: Depending on where you are located, you may have the right to direct us not to “sell” or “share” your personal information, or to opt out of the processing of your personal information for purposes considered to be “targeted advertising”, as defined in applicable privacy laws. We do not sell your personal information. If you visit our Website with the Global Privacy Control opt-out preference signal enabled, we will treat this as a request to opt out of any “sharing” of information for the device and browser you use to visit the Website; and

Managing communication preferences: We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made.

EXERCISING YOUR RIGHTS

If you wish to exercise your rights, please contact us using the contact details set out at the top of this Privacy Policy. You will not have to pay a fee to exercise the above rights, however, we reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your information.

Please also note that we may ask for proof of your identity. This is a security measure to ensure that we do not disclose personal information to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We will try to respond to all legitimate requests within one month. Sometimes it may take us longer if your request is complex or you have made several requests. In this case, we will notify you and keep you updated.

Please also be aware that not all of those rights are absolute and there may be circumstances in which we will not fully comply with your request because of a specified legal ground or exemption.

You have the right to make a complaint at any time to The Office of the Data Protection Authority, the Guernsey supervisory authority for data protection issues (www.odpa.gg), as well as the relevant authority in your country of work or residence, if you do not believe that we have handled your request in an appropriate manner. For EEA residents, a list of data protection supervisory authorities is available at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en. We would appreciate the opportunity to deal with your concerns before you complain to The Office of the Data Protection Authority/the relevant authority – you can contact us using the contact details set out at the top of this Privacy Policy.

CHANGES TO OUR PRIVACY POLICY

allbeauty may amend this Privacy Policy so please remember to check back from time to time. Where we have made any significant changes to this Privacy Policy, we will post these to our Website or otherwise notify you of any material changes by email.

This Privacy Policy was last updated in May 2026.

Trustpilot