Privacy Policy

When you visit npskin.com, place an order, or contact us, we may collect the following categories of personal information:

• Identity & Contact: first name, last name, email address, phone number, and billing/shipping address.
• Transaction Data: details of products purchased, order history, and payment method details (card number, expiry, CVV — processed and encrypted by our payment processor; we do not store raw card data).
• Technical Data: IP address, browser type and version, time-zone, browser plug-in types, operating system, and platform information collected automatically via cookies and similar technologies.
• Usage Data: information about how you use our website, products, and services including pages visited, click-stream data, and session duration.
• Marketing Preferences: your preferences for receiving marketing communications from us.

We do not knowingly collect personal information from children under the age of 16.

We use the information we collect for the following purposes:

• To process and fulfil your orders, including sending order confirmations and shipping updates.
• To manage your account and provide customer support.
• To send you marketing and promotional communications where you have opted in to receive them.
• To improve and personalise your experience on our website.
• To detect and prevent fraudulent transactions and other illegal activities.
• To comply with our legal obligations.
• To analyse website performance and conduct internal research and development.

We will only use your personal data for the purpose for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose.

We process your personal data on the following legal bases (where applicable under relevant data protection law):

• Performance of a contract: where processing is necessary to fulfil an order you have placed with us.
• Legitimate interests: where processing is necessary for our legitimate business interests, such as fraud prevention, network security, and direct marketing (where you would reasonably expect it).
• Consent: where you have given us clear consent to process your data for a specific purpose, such as email marketing.
• Legal obligation: where processing is necessary to comply with a legal obligation.

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small text files placed on your device that help us:

• Keep you signed in and remember your cart contents between visits.
• Understand how you use our site so we can improve it.
• Show you relevant advertisements on third-party sites (where permitted).
• Measure the effectiveness of our marketing campaigns.

You can control or disable cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our website, including the shopping cart.

We do not sell, rent, or trade your personal information to third parties. We may share your data with trusted third parties only where necessary:

• Payment Processors: to securely process your payment. We use industry-standard PCI-DSS compliant payment processors.
• Shipping & Logistics Partners: to fulfil and deliver your orders.
• Email & Marketing Platforms: to send transactional and marketing emails where you have consented.
• Analytics Providers: such as Google Analytics, to help us understand website usage.
• Legal & Regulatory Authorities: where we are required to disclose information by law, court order, or government authority.

All third parties are required to respect the security of your personal data and to treat it in accordance with applicable data protection laws.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Order data is typically retained for seven (7) years to comply with tax and financial regulations. Marketing data is retained until you unsubscribe or withdraw consent. You may request deletion of your data at any time (see Your Rights below), subject to any legal obligations we must comply with.

Depending on your location, you may have the following rights regarding your personal data:

• Right of Access: request a copy of the personal data we hold about you.
• Right to Rectification: request correction of inaccurate or incomplete data.
• Right to Erasure: request deletion of your personal data (“right to be forgotten”).
• Right to Restriction: request that we restrict processing of your data in certain circumstances.
• Right to Portability: request a machine-readable copy of your data to transfer to another provider.
• Right to Object: object to processing based on our legitimate interests, including direct marketing.
• Right to Withdraw Consent: withdraw consent at any time where we rely on consent as the legal basis for processing.

To exercise any of these rights, please contact us at hello@npskin.com. We will respond to your request within 30 days.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include SSL/TLS encryption for data in transit, restricted access to personal data on a need-to-know basis, and regular security reviews of our systems. While we take every reasonable precaution, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy notice of every website you visit.

We reserve the right to update this Privacy Policy at any time. Any changes will be posted on this page with a revised effective date. Where changes are material, we will notify you by email or by placing a prominent notice on our website. Your continued use of our website following any changes constitutes acceptance of the updated policy.