Privacy Policy
Last updated: 1 June 2026
Your privacy matters to us. This policy explains, in plain English, what personal data VVIFY collects, how and why we use it, who we share it with, and the rights you have under UK GDPR and the Data Protection Act 2018.
1. Who we are & how to contact us
This Privacy Policy explains how VVIFY ("we", "us", "our") collects, uses, shares and protects your personal data when you visit VVIFY at vvify.com, place an order, or otherwise interact with us. It also sets out your rights under UK data protection law.
VVIFY is the data controller responsible for your personal data. This means we decide how and why your data is processed.
You can reach us by email at support@vvify.com, by phone on +44 7775 554848, or by post at VVIFY Beauty, 128 Regent Street, London, W1B 5SA, United Kingdom. If you have a question or concern about how we handle your data, please contact us first so we can try to resolve it.
2. What personal data we collect
We only collect the data we need to run our shop, fulfil your orders and support you as a customer. Depending on how you use the site, we may collect the following:
- Identity and contact details — your name, email address and phone number.
- Order and delivery details — your billing address, shipping address, the products you buy, order value, order history and any delivery notes you give us.
- Payment information — your card payments are processed securely by our payment provider, Stripe. We never see or store your full card number. We receive only a confirmation of payment and limited details such as the result of the transaction and the last four digits of the card.
- Communications — the content of emails, contact-form messages or phone enquiries you send us, and our replies.
- Marketing preferences — whether you have consented to receive marketing emails, and your subsequent choices.
- Technical and usage data — your IP address, browser type, device information, the pages you view and how you move through the site, collected via cookies and similar technologies (see section 6).
3. How and why we use your data
We use your personal data for the following purposes:
- To process and fulfil your orders — taking payment, dispatching your products, arranging tracked delivery and handling returns or refunds.
- To provide customer support — answering your questions and resolving any issues with your order.
- To send service messages — order confirmations, dispatch and tracking updates, and other communications necessary to complete your purchase.
- To prevent fraud and keep our site secure — verifying transactions and protecting against fraudulent or unauthorised activity.
- To comply with our legal obligations — including tax, accounting and consumer-protection requirements.
- To send marketing — only where you have given consent. You can withdraw consent at any time by clicking "unsubscribe" in any marketing email or by contacting us.
- To improve our website and products — understanding how the site is used so we can make it better.
4. Our legal bases for processing
Under UK GDPR we must have a lawful basis for using your personal data. We rely on the following:
- Performance of a contract — to process your order, take payment and deliver the products you have purchased from us.
- Legitimate interests — to run and improve our business, prevent fraud, keep our site secure and respond to your enquiries, provided this is not overridden by your rights and interests.
- Consent — for optional marketing emails and for non-essential cookies. You can withdraw consent at any time.
- Legal obligation — where we are required to keep records or share information to comply with the law.
5. Who we share your data with
We do not sell your personal data, and we never will. We share it only with trusted service providers who help us run our shop, and only to the extent they need it to provide their service to us:
- Stripe — our payment processor, which securely handles your card payment and fraud checks.
- Delivery couriers — to deliver your order and provide tracking, we share your name, shipping address and contact details.
- Email, hosting and IT providers — including our SMTP email provider, which sends transactional and (where consented) marketing emails on our behalf.
- Analytics providers — to help us understand how the site is used, where you have accepted analytics cookies.
- Professional advisers and authorities — such as accountants, or law-enforcement and regulators, where we are legally required to disclose information.
6. Cookies and similar technologies
Our site uses cookies — small text files stored on your device. Essential cookies are necessary for the site to work, for example to remember the contents of your basket and to keep checkout secure; these do not require your consent. Non-essential cookies, such as analytics cookies that help us measure and improve site performance, are only used where you have given consent.
You can control or delete cookies through your browser settings, and you can change your cookie preferences at any time. Blocking essential cookies may stop parts of the site from working correctly.
7. How long we keep your data
We keep your personal data only for as long as we need it for the purposes set out in this policy, after which it is securely deleted or anonymised.
Order and transaction records are retained for at least six years to meet UK tax and accounting obligations. Marketing data is kept until you withdraw consent or ask us to stop. Customer-support correspondence is kept for as long as is reasonably needed to handle your query and any follow-up.
8. Your rights
Under UK data protection law you have the following rights in relation to your personal data:
- Access — to request a copy of the personal data we hold about you.
- Rectification — to have inaccurate or incomplete data corrected.
- Erasure — to ask us to delete your data where there is no continuing reason for us to keep it.
- Restriction — to ask us to limit how we use your data in certain circumstances.
- Portability — to receive certain data in a portable, machine-readable format, or have it transferred to another provider.
- Objection — to object to processing based on our legitimate interests, and to object to direct marketing at any time.
- Withdraw consent — to withdraw any consent you have given, at any time, without affecting processing carried out before withdrawal.
- Complain — to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority, at ico.org.uk. We would, however, appreciate the chance to address your concerns first.
9. How we keep your data secure
We take the security of your data seriously and use appropriate technical and organisational measures to protect it against loss, misuse and unauthorised access. Our checkout is encrypted, and all card payments are handled by Stripe over a secure, PCI-DSS compliant connection — we never store your card details on our systems.
Access to personal data within VVIFY is limited to those who need it to do their job. While no method of transmission over the internet is completely secure, we work to protect your data and to respond promptly should any issue arise.
10. International transfers
Some of our service providers, such as our payment, email or IT providers, may process data outside the UK. Where this happens, we make sure your data continues to receive an adequate level of protection — for example through UK "adequacy" regulations or the use of approved safeguards such as the International Data Transfer Agreement or Standard Contractual Clauses.
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we do, we will revise the "last updated" date at the top of this page, and we encourage you to review it periodically. If we make significant changes, we will take reasonable steps to let you know.
This is template content — please have it reviewed by your own legal advisor before publishing.