IMPORTANT NOTICE ABOUT INTERNATIONAL TRANSFERS OF YOUR PERSONAL INFORMATION
We’re based in the United Arab Emirates. Many of our suppliers are based all over the world – as are many of our website visitors and valued customers. As a result, if you use Huda Beauty websites, it will involve transferring your personal information from your country to a country which might not have the same degree of protection in place.
Welcome to our privacy notice! You’re in the right place if you’re looking to find out what Huda Beauty does with your personal information when you visit or use our websites, or if you want to know about your privacy rights and how the law protects you.
Huda Beauty respects your privacy and is committed to protecting your personal information. That’s why, although we’re based in the United Arab Emirates, we’re using European law as our bench mark when it comes to your privacy – it’s the gold standard.
This privacy notice explains how we collect and process your personal information when you visit our websites www.shophudabeauty.com, www.hudabeauty.com, www.kayalifragrance.com and www.fauxfilter.com. It also applies to personal information you may provide through our websites when you sign up to our newsletters, or purchase our products.
If you’re under the age of 16, please don’t give us your personal information unless you’ve first asked your parents or legal guardian, and they’ve allowed you to.
Huda Beauty FZ-LLC, a company registered in the United Arab Emirates with company registration no. 94206 and registered address at Huda Beauty FZ-LLC, PBU – E70 & E71, Production City, Dubai, UAE, PO BOX 503443 is the data controller responsible for your personal information. If you have any questions about this privacy notice, or want to exercise your rights, please contact us by sending an email to: firstname.lastname@example.org.
We keep our privacy notice under regular review, so please check back from time to time to ensure that you stay informed about what we’re doing with your personal information.
Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow others to collect or share personal information about you. We don’t control those third-party websites and aren’t responsible for their privacy statements. Please take care when you leave our websites, and we encourage you to read the privacy notice of every website you visit.
We may collect, use, store and transfer different kinds of personal information about you which we’ve grouped together as follows:
- Identity Information includes your first name, last name, username or similar identifier, and title.
- Contact Information includes billing address, delivery address, email address and telephone numbers.
- Financial Information includes bank account and payment card details.
- Transaction Information includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Information includes internet protocol (IP) address, your login information, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our websites.
- Profile Information includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Information includes information about how you use our websites, products and services.
- Marketing and Communications Information includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Information such as statistical or demographic information for any purpose. Aggregated Information could be derived from your personal information but isn’t considered personal information in law as this information won’t directly or indirectly reveal your identity.
For example, we may aggregate your Usage Information to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Information with your personal information so that it can directly or indirectly identify you, we treat the combined information as personal information which will be used in accordance with this privacy notice.
If you don’t provide us with personal information which we need to collect by law, or under the terms of a contract we have with you, we might not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products you’ve ordered). In that case, we might have to cancel your order, but we’ll let you know at the time.
Generally, we collect your personal information when you decide to interact with us. This could include online purchases, or when you sign up to receive emails from us. We also look at how customers use our websites, so that we can offer the best possible experience.
We use different methods to collect information from and about you including through:
- Direct interactions. You may give us your Identity, Contact and Financial Information by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal information you provide when you:
- Purchase our products or services
- Create an account on our websites
- Subscribe to our service or publications
- Ask for marketing to be sent to you
- Enter a competition, promotion or survey
- Give us feedback or contact us
We only use personal information when the law allows us to. Most commonly, we’ll use your personal information in the following circumstances:
- Where we need to perform the contract we’re about to enter into or have entered into with you.
- Where it’s necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights don’t override those interests.
- Where we need to comply with a legal obligation.
Generally, we don’t rely on consent as a legal basis for processing your personal information (but where we do, you’ve got the right to withdraw consent at any time by contacting us.)
We’ve set out below, in a table format, a description of all the ways we use your personal information, and which of the legal bases we rely on to do so. We’ve also identified what our legitimate interests are where appropriate.
Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we’re using your information. Please contact us if you need details about the specific legal ground we’re relying on to process your personal information where more than one ground has been set out in the table below.
|Purpose/Activity||Type of information||Lawful basis for processing including basis of legitimate interest|
|To register you as a new customer||(a) Identity(b) Contact||Performance of a contract with you|
|To process and deliver your order including:(a) Manage payments, fees and charges||(a) Identity(b) Contact|
|(a) Performance of a contract with you|
|To manage our relationship with you which will include:(a) Notifying you about changes to our terms or privacy notice|
(b) Asking you to leave a review or take a survey
|(a) Identity(b) Contact|
(d) Marketing and Communications
|(a) Performance of a contract with you(b) Necessary to comply with a legal obligation|
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
|To enable you to partake in a prize draw, competition or complete a survey||(a) Identity(b) Contact|
(e) Marketing and Communications
|(a) Performance of a contract with you(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)|
|To administer and protect our business and this website (including troubleshooting, information analysis, testing, system maintenance, support, reporting and hosting of information)||(a) Identity(b) Contact|
|(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)(b) Necessary to comply with a legal obligation|
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||(a) Identity(b) Contact|
(e) Marketing and Communications
|Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To use information analytics to improve our website, products/services, marketing, customer relationships and experiences||(a) Technical(b) Usage||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about goods or services that may be of interest to you||(a) Identity(b) Contact|
(f) Marketing and Communications
|Necessary for our legitimate interests (to develop our products/services and grow our business)|
We want you to be able to make choices about how we use your personal information, especially when it comes to marketing and advertising.
You’ll receive marketing communications from us if you’ve requested information from us (e.g. by signing up to our newsletter) or if you’ve purchased products from us and haven’t opted out of receiving marketing.
Either way, if at any time you change your mind and don’t want to receive marketing messages from us, you can tell us to stop by:
- Unsubscribing (just click on the ‘unsubscribe’ link in any message we send you and follow the instructions – please note that it might take a short period of time to process your unsubscribe request) or
- Sending an email to email@example.com, with ‘Unsubscribe’ as the subject of the email.
We use a number of different suppliers to provide elements of our service for us. These include: IT suppliers; payment processors; fulfilment companies; email marketing platforms and enterprise management platforms.
In some circumstances we’re legally obliged to share personal information with third parties. For example, to comply with a court order. Other times, we share personal information to protect the rights, property or safety of us or others. For example, to prevent fraud and reduce credit risk. In any scenario, we’ll satisfy ourselves that our sharing is lawful.
We might also share your information with another business if we buy/sell any business or assets from/to them, or are otherwise combined with that business (including during any negotiations with them). If a change happens to our business, then the new owners may use your personal information in the same way as set out in this privacy notice.
We’re based in the United Arab Emirates. Many of our suppliers are also based outside of the European Economic Area (EEA), as are many of the visitors to our websites and our valued customers. So when you use our websites, it will involve transferring your personal information from your country to a country which may not have the same degree of protection in place.
We’ll only keep your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We might keep your personal information for a longer period in the event of a complaint or if we reasonably believe there’s a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Please contact us for details of retention periods for different aspects of your personal information.
Under certain circumstances, you have the right to:
- Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we’re lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we might need to verify the accuracy of the new information you provide to us.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there’s no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you’ve successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we’re required to erase your personal information to comply with local law. Note, however, that we might not always be able to comply with your request for erasure because of specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal information where we’re relying on our own legitimate interest (or that of a third party) and there’s something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You’ve also got the right to object where we’re processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios:
- If you want us to establish the information’s accuracy.
- Where our use of the information is unlawful but you don’t want us to erase it.
- Where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You’ve objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal information to you or to a third party. We’ll provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use, or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal information. However, this won’t affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We’ll advise you if this is the case at the time you withdraw your consent.
- Lodge a complaint with the relevant regulator if you feel that your personal information hasn’t been handled correctly, or you’re not happy with the way we’ve responded to anything you’ve asked us to do with your personal information. If you’re based outside of the United Arab Emirates, you’ve got the right to complain to the relevant data protection authority in your country of residence. Here’s a list of EU data protection authorities with the contact details.