Privacy Policy

1. INTRODUCTION

Your privacy is important to us, Celeste D’or Curve (“Celeste D’or Curve”, “we” or “us”). This Privacy Policy (Privacy Policy or Policy) outlines how your information is collected, used and disclosed when you access or use our Services. This information is collected, used and disclosed in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For purposes of this Privacy Policy, “you” and “your” means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.

Please read this Privacy Policy carefully. By accessing or using our Services, you agree to the collection and use of information in accordance with this Policy.

2. WHAT INFORMATION DO WE COLLECT AND HOW IS IT COLLECTED?

We collect personal data when you access or use our Services. The types of personal data we obtain depends on how you interact with our Site and use our Services. When we use the term “personal data”, we refer to information that identifies, relates to, describes or can be associated with you.

2.1 Information provided by you

We collect information that you directly submit to us through our Services as well as through any other means used to contact us. The kinds of personal data we collect include:

  • Contact details including your name, address, phone number, and email address

  • Order information including your name, billing address, shipping address, payment confirmation, email address, and phone number

  • Account information including your username, password, security questions and other information used for account security purposes

  • Customer support information including the information you choose to include in communications with us

Some features of the Services may require you to directly provide us with certain information. You may elect not to provide this information, but doing so may prevent you from using or accessing these features.

2.2 Automatically collected personal data

We automatically record certain information from your device and its software when you access our Services (“Usage Data”). To do this, we may use cookies, pixels and similar technologies. Usage Data may include:

  • Device and browser information, including IP address, operating system, and browser type

  • Network connection information and internet service provider

  • Pages visited, features used, and navigation patterns on our Site

  • Date and time stamps of your visits

  • Geographical location data (country and city area) derived from your IP address


2.3 Personal data collected via cookies

Our Services use cookies — small text files stored on your device — to recognise your device, remember your preferences, compile usage statistics, and personalise content. Cookies do not usually contain information that directly identifies you.

Most browsers automatically accept cookies by default, but you can choose to set your browser to remove or reject cookies through your browser controls. Please be aware that removing or blocking cookies may negatively impact your user experience and may cause some features of the Services to work incorrectly or no longer be available.

Please note that while your browser may allow you to transmit a “do not track” signal, our Site is not currently designed to respond to such signals. To learn more, visit http://www.allaboutdnt.com/.

2.4 Information obtained from third parties

We may obtain information about you from third parties, including vendors and service providers who collect information on our behalf, such as:

  • Companies who support our Site and Services, such as Shopify

  • Payment processors who collect payment information (e.g., bank account, credit or debit card information, billing address) to process payments and fulfil orders

  • Analytics providers, including Google Analytics, Facebook Pixels, TikTok Pixels, and Pinterest Pixels

Any information we obtain from third parties will be treated in accordance with this Privacy Policy.

3. FOR WHAT PURPOSES DO WE COLLECT AND USE PERSONAL DATA?

We collect your personal data for the following purposes. Under UK GDPR, we are required to identify a lawful basis for each purpose:

  • Providing products and services: To process payments, fulfil orders, manage your account, arrange shipping, and facilitate returns and exchanges. Lawful basis: Performance of a contract.

  • Marketing and advertising: To send promotional communications by email, SMS, or post, and to tailor advertising on our Site and other websites. Lawful basis: Consent (for SMS and email marketing); Legitimate interests (for other advertising).

  • Security and fraud prevention: To detect, investigate, and take action regarding possible fraudulent, illegal, or malicious activity. Lawful basis: Legitimate interests.

  • Customer support and service improvement: To provide customer support and improve our Services. Lawful basis: Legitimate interests.

  • Legal compliance: To comply with applicable legal obligations and enforce our Terms of Service. Lawful basis: Legal obligation.


4. HOW DO WE STORE AND PROTECT YOUR INFORMATION?

4.1 Storage of personal data

Your personal data is transferred and stored electronically via a secured SSL connection in secured, password-protected servers. We take reasonable technical and organisational steps to protect your personal data against unauthorised access, loss, misuse, or disclosure.

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee absolute security. Any information you send to us may not be secure while in transit. We recommend that you do not use insecure channels to communicate sensitive or confidential information to us.

4.2 International transfers

Your personal data may be transferred to and processed in countries outside the UK. Where we transfer your personal data outside the UK, we will ensure that appropriate safeguards are in place, such as the use of UK International Data Transfer Agreements (IDTAs) or equivalent mechanisms approved by the Information Commissioner’s Office (ICO).

4.3 Retention of personal data

How long we retain your personal data depends on different factors, such as whether we need the information to maintain your account, provide the Services, comply with legal obligations, resolve disputes, or enforce applicable contracts and policies. We will not retain your personal data for longer than is necessary for the purposes outlined in this Policy.

5. TO WHOM IS YOUR PERSONAL DATA DISCLOSED?

In certain circumstances, we may disclose your personal data to third parties. Such circumstances may include:

5.1 Service providers

We may disclose your personal data to vendors and third parties who perform services on our behalf, including IT management, payment processing, data analytics, customer support, cloud storage, fulfilment, and shipping providers.

5.2 Business and marketing partners

We may share your personal data with business and marketing partners to provide services and advertise to you. Our business and marketing partners will use your information in accordance with their own privacy notices.

5.3 Corporate transactions

We may disclose your personal data in connection with a business transaction such as a merger, sale of assets, reorganisation, or acquisition of all or a portion of our business by another company or third party, or in the event of bankruptcy or dissolution.

5.4 Legal requirements

We may disclose your personal data to comply with any applicable legal obligations, including to respond to court orders, subpoenas, search warrants and similar requests from law enforcement or regulatory authorities.

5.5 With your consent

When you direct, request, or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations.

We do not use or disclose sensitive personal data without your consent or for the purposes of inferring characteristics about you.

6. SMS MARKETING PROGRAMME

6.1 SMS Programme Description

By consenting to Celeste D’or Curve’s SMS marketing, you agree to receive recurring automated promotional and transactional text messages (e.g., order confirmations, shipping updates, cart reminders, and marketing offers) at the phone number you have provided. Consent is not a condition of any purchase. Message and data rates may apply. Message frequency varies.

6.2 Lawful Basis for Processing

We process your personal data for the purposes of SMS marketing on the basis of your consent, in accordance with UK GDPR Article 6(1)(a). You may withdraw your consent at any time by:

  • Replying STOP to any message

  • Clicking the unsubscribe link included in any SMS

  • Contacting us at contact@celeste-dor.com

Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

6.3 Data Collection & Use

When you opt in to our SMS programme, we collect and use the following information:

  • Your mobile phone number

  • Your SMS consent status and opt-in date

  • Information related to your interactions with our text messages (e.g., delivery status, responses)

  • Browsing and shopping activity on our website, including items added to your cart (see Abandoned Cart section below)


6.4 Third-Party Data Sharing

We will not share your opt-in to an SMS campaign with any third party for purposes unrelated to providing you with the services of that campaign. We may share your personal data, including your SMS opt-in or consent status, with third parties that help us provide our messaging services, including but not limited to platform providers, phone companies, and any other vendors who assist us in the delivery of text messages.

6.5 Abandoned Cart SMS

This website uses cookies and similar tracking technologies to help keep track of items you place into your shopping cart, including when you have abandoned your cart. This information is used to determine when to send you cart reminder messages via SMS. You may opt out of abandoned cart reminders at any time by replying STOP to any message you receive.

6.6 Opt-Out & Help

You can opt out of receiving SMS messages at any time by replying STOP to any message or by clicking the unsubscribe link included in our text messages. After opting out, you will receive a one-time confirmation message and will no longer receive SMS messages from us unless you re-subscribe. For assistance, reply HELP to any message.

7. THIRD PARTY WEBSITES AND LINKS

Our Site may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites.

Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

8. CHILDREN’S DATA

The Services are not intended to be used by children under the age of 13, and we do not knowingly collect any personal data about children. If you are the parent or guardian of a child who has provided us with their personal data, you may contact us using the contact details set out below to request that it be deleted.

9. YOUR RIGHTS UNDER UK GDPR

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights in relation to your personal data. These rights are not absolute and may apply only in certain circumstances.

9.1 Summary of rights

  • Right of access: You can request a copy of the personal data we hold about you.

  • Right to rectification: You can ask us to correct any inaccurate or incomplete data.

  • Right to erasure: You can request that we delete your personal data (“right to be forgotten”).

  • Right to restrict processing: You can ask us to limit how we use your data.

  • Right to data portability: You can request your data in a structured, commonly used and machine-readable format.

  • Right to object: You can object to the processing of your personal data for marketing purposes at any time.

  • Rights related to automated decision-making: You have the right not to be subject to a decision based solely on automated processing that produces a legal or similarly significant effect on you.

9.2 Exercising your rights

To exercise any of these rights, please contact us at contact@celeste-dor.com. We will respond to your request within one calendar month as required under UK GDPR, with a possible extension of a further two months for complex or numerous requests.

We will not discriminate against you for exercising any of these rights. We may need to verify your identity before providing a substantive response. You may also designate an authorised representative to make requests on your behalf.

10. COMPLAINTS

If you have complaints about how we process your personal data, please contact us in the first instance using the contact details provided below so that we can try to resolve the matter.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues:

  • Website: ico.org.uk

  • Telephone: 0303 123 1113


11. AMENDMENTS

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site and update the “Last updated” date. We encourage you to review this Policy periodically to stay informed about how we protect your information.

12. CONTACT US

All requests for access or corrections to your personal data, complaints, and privacy enquiries should be directed to our Privacy Officer:

  • By email at: contact@celeste-dor.com

  • By contact form at: celeste-dor.com

For the purpose of applicable data protection laws and if not explicitly stated otherwise, we are the data controller of your personal data.