Privacy Policy

We are committed to fostering strong, transparent, and trustworthy relationships with our customers. Protecting your personal data ("Data" — meaning any information that identifies or relates to you) is a priority for us. This Privacy Policy outlines how we collect, use, and safeguard your Data.

This Privacy Policy (“Policy”) is designed in accordance with applicable data protection laws and explains how we handle your Data when you interact with us—whether online via our website, mobile applications, or other digital platforms (collectively referred to as the “Services” or the “Site”), or offline when you engage with us at events or through other channels.

In certain cases not specifically addressed in this Policy, we may provide additional privacy notices or request your consent separately. Such notices or consents will supplement this Policy and may refer back to it where appropriate.

Who controls the processing of your Data?

Bellavita Luxury is part of the brand portfolio of Bellavita Perfumes Limited.

Bellavita Perfumes Limited and its designated representative in the United Kingdom, are the joint controllers of your personal data.

This means that it determines the purposes (i.e., why your data is processed) and the means (i.e., how your data is processed) for such processing and is responsible for your personal data. Bellavita Perfumes Limited acts as the local representative for data protection matters within the UK.

For the purposes of this policy, Bellavita Perfumes Limited and all affiliates may be referred to as "we", "our", or "us".

2. What Data Do We Collect and From Which Sources?

Depending on how you interact with us—whether online (through our website or mobile applications), offline (in-store or at events), or by phone—we may collect various categories of personal data ("Data") from you, as detailed below:

a) Data You Provide to Us

You may share different types of Data with us when you visit our Site, shop with us, participate in promotions, contact customer service, or interact with our brand in any other way. In some cases, we may also generate Data based on your interactions with us. The categories include:

Identification Information: Such as your name, date of birth, age or age range, title, account ID, and general geographic location (e.g., city, state, or postal code).
Contact Information: Including your email address, phone number (mobile or landline), home and/or billing address, preferred language of communication, etc.
Marketing Information: When you subscribe to our newsletter or other marketing communications, we collect Data such as your consent, engagement with our campaigns, and interests in our products, to assess the relevance of continued communications.
Order and Product Information: Including the items you have browsed or purchased (online or offline), order history, transaction details, preferred stores, shipping charges, tax details, and other purchase-related information.
Preferences and Lifestyle Data: Information you choose to share with us about your product preferences, concerns related to self-care or beauty, and responses to marketing campaigns or surveys.
Payment and Transaction Information: While purchasing through our Site, you may provide payment details via secure payment gateways. Please note that we do not have access to your full payment information, which is processed directly by our third-party payment providers. Refer to their privacy policies for more details.
User-Generated Content: Any content you voluntarily share—such as reviews, feedback, stories, photos, videos, or posts on our social media pages. Please ensure such content does not include any sensitive data or infringe on third-party rights.
Health-Related Data: In the event of adverse reactions to our products, you may provide information on allergies, intolerances, or health issues. We only process this data to meet our regulatory obligations concerning product safety.
Data for Legal or Regulatory Requests: To help you exercise your rights under applicable data protection laws (e.g., GDPR), we may collect your name, the nature of your request (e.g., access, correction, deletion), and other necessary verification details.

b) Data Automatically Collected

When you browse our Site, certain Data may be collected automatically, subject to your browser and cookie settings. This includes:

Technical Information: Such as partial IP address, browser type and version, device type, operating system, access provider, and language preferences.
Connection and Usage Data: Including login details, session times, pages visited, search terms, referral sites, and duration of site visits.
Navigation Data: Data on how you interact with our Site or apps, including viewed products, click paths, and frequency of visits.

c) Data from Other Sources

Third Parties and Advertising Partners: We may receive Data from external sources like advertisers, especially when you accept cookies. This helps us better understand your preferences, purchasing habits, and engagement with our content and advertisements.
Social Media Platforms: Based on your cookie settings and account permissions, we may receive Data from platforms like Facebook or Instagram—such as when you use your social media account to interact with us (e.g., login, share, or participate in promotions). Social media platforms may independently process your Data for their own purposes, including personalized advertising. Please consult their respective privacy policies for more details.

3. What Are the Legal Grounds for Processing Your Data?

We rely on the following legal bases to collect and use your personal data:

a. Contractual Necessity
We process your Data when it is necessary to perform a contract with you or to take steps at your request before entering into a contract. For example, when you place an order through our website, we need your name, contact information, and address to fulfil your purchase and deliver your products. If you do not provide this Data, we may not be able to provide the requested services. Mandatory fields are clearly marked on our forms.

b. Your Consent
In some cases, we will ask for your explicit consent before using your personal Data—for instance, when sending promotional emails to individuals who are not existing customers. You have the right to withdraw your consent at any time by contacting us or by using the unsubscribe option provided in our communications.

c. Legal Obligation
We may process your Data when required to comply with a legal obligation. For example, tax and accounting regulations require us to retain certain records of transactions, such as invoices and billing information, for a legally mandated period.

d. Legitimate Interests
We may also process your Data where it is necessary for our legitimate business interests—provided that those interests are not overridden by your rights and freedoms. This includes activities such as improving our website, enhancing user experience, conducting analytics, and ensuring the security of our platform.

4. For What Purposes Do We Use Your Data?

We collect, use, and disclose your personal data for the following key purposes.

Purpose of Processing	Types of Data Processed	Legal Basis
Set up and manage your online profile	• Contact and identity details • Purchase history • Preferences and habits • Login and session data	Your consent
Process and deliver your orders	• Contact and delivery data • Order details • Payment and transaction data • Connection and usage information	Performance of a contract
Send personalized offers and updates based on your profile	• Shopping behavior • Preferences and habits	Legitimate interest
(For Italian users) Perform profiling for commercial purposes, both manually and automatically	• Preferences and habits	Consent (for users accessing our Italian platforms)
Administer your participation in promotions or contests	• Identity and contact data • Order details • Content you submit	Your consent

Delivering Quality In-Store Services

Purpose of Processing	Types of Data Processed	Legal Basis
Set up and manage your personalized profile to offer tailored in-store services and recommendations based on your interests	· Identity and contact details · Product and purchase history · Preferences and usage patterns (may include allergy-related info)	Your explicit consent
Schedule and manage your beauty consultations, tutorials, or event bookings	· Identity and contact details · Preferences and usage patterns	Fulfilling our service-related obligations to you
Facilitate your in-store treatments	· Identity and contact details · Product and service history · Preferences and usage patterns (may include sensitive health information)	Fulfilling our service-related obligations to you Your explicit consent (for sensitive data)
Handle your participation in loyalty schemes	· Identity and contact details · Product and purchase information	Execution of pre-contractual and contractual commitments
Process your remote shopping orders (e.g., click & collect, phone orders)	· Identity and contact details · Product and purchase information · Transaction and payment details	Fulfilment of the sales contract with you

Interacting with You

Purpose of Processing	Types of Data Processed	Legal Basis
Send you promotional messages through email, SMS, or phone, based on your consent or prior interactions with our in-store beauty consultants.	-Your identification and contact details -Information about your purchases and products used -Your preferences and usage habits -Technical details about your device or browser -Internet connection and activity logs -Data about how you interact with our websites and mobile applications	-Based on our legitimate business interests -Where required, with your prior consent
Respond to you when you reach out to our customer service through any channel—such as online chat, email, text message, or phone—for inquiries, feedback, compliments, or support requests	Your identification and contact details -Information related to your orders and purchased products -Content you provide, such as messages or reviews -Technical details about your device or browser -Internet connection and usage data	Necessary to take steps before or fulfill a contract with you Based on our legitimate business interests
Handle and display the comments and product reviews you submit	-Your identification and contact details -Information about your orders and purchased products -Content you create and share, such as reviews or comments
Evaluate Your Level of Satisfaction	-Identification and contact details -Order and product information -Habits and preferences -Content created by users	Our Legitimate Interests
Conducting Market Research Surveys	-Identification and contact details -Order and product information -Habits and preferences -Content created by users	Our Legitimate Interests
Handling Notifications for Back-in-Stock Emails	Identification and contact details	Fulfillment of the Sales Contract with You
Managing Notifications Related to Adverse Events	-Identification and contact details -Order and product information -Habits and preferences -Details regarding adverse events, including health-related information and any photos you may provide -Content created by users	Your prior consent Compliance with legal obligations applicable to us
Handling Your Requests Regarding Your Personal Data	-Identification and contact details -Content created by users	Execution of Pre-Contractual and Contractual Actions

WEBSITE ANALYSIS

Purpose of Processing

Types of Data Processed

Legal Basis

Providing you with online content tailored to your interests and browsing behaviour

-Usage patterns and personal preferences

-Information regarding your interactions with our websites and apps

-Technical data, such as browser type, device information, and system settings

-Our lawful business interests

-Your explicit permission

Monitoring and analyzing traffic, user navigation, and interactions on our websites

- Log and connection information

- Usage data from your interaction with our websites and mobile applications

- Engagement data from social media and third-party platforms

- Device and technical specifications

-Based on our legitimate business interests

- With your explicit consent

OTHERS

Purpose of Processing	Types of Data Processed	Legal Basis
Conducting data analysis and statistical assessments	- Details of your orders and purchased products - Content you submit (e.g., reviews, comments, feedback) - Your usage habits and personal preferences -Log and connection data - Information on how you interact with our websites and apps - Device and technical data (e.g., browser type, operating system)	Our legitimate interest
Exercise Our legal rights in case of proceedings	- Personal identification and contact details - Purchase and product-related information - Reports or details of adverse events - Content submitted by users (e.g., reviews, feedback, posts)	Legal obligation Legitimate interest
Maintaining the security of our websites	- Personal identification and contact details - Device and system-related technical data - Information about your interactions with our websites and applications -Internet connection and access-related data	Our legitimate interest

5. Data Enrichment and Profiling

To better understand your preferences and provide a more personalized experience, we may combine information collected from different sources and interactions you have with us. For instance, data generated through your online activities—such as shopping, browsing, or account creation—may be combined with information gathered when you visit one of our physical stores.

This process of enriching your customer profile may also occur across different brands within our group. For example, if you make a purchase on one of our brand websites and later create an account using the same email address on another brand’s website, the data from both interactions may be merged to create a more complete customer profile.

Such data enrichment allows us to offer product recommendations and advice that are more relevant to your interests—whether through email communication or in-store experiences.

You may object to this profiling activity at any time by contacting us. For further details, please refer to Section 11.

6. With Whom Do We Share Your Data?

Depending on the nature of the Data we process and the purpose for which it is used, we may grant access to your information only to the following authorised parties:

6.1 Other Brands Within our group: -

To the extent permitted by applicable law—and subject to any consents you have provided—some of your Data may be shared with other brands and our entities. This sharing enables us to:

Enrich your overall customer profile, ensuring that future product recommendations and communications reflect your interests;
Develop audience insights across our group’s media channels;
Keep your records up to date as you interact with any US.

Access to your Data within our group is strictly limited to a defined number of employees or systems on a “need-to-know” basis.

6.2 Other Affiliates and Group Entities

If another affiliate of ours is directly involved in processing your Data—such as a manufacturing partner, logistics provider, or fulfilment centre—then we may share the information necessary for them to perform those services. Again, their access is limited to what is strictly required for the specified purpose.

6.3 Third-Party Vendors and Service Providers

Generally, we do not sell or rent your Data to external organisations. However, in certain scenarios we may need to share your Data with trusted third-party vendors or service providers who process information on our behalf and under our instructions. These third parties act either as “Data Processors” (processing your Data under our control) or as “Joint Data Controllers” (processing your Data in order to deliver a specific service to you). Such sharing is strictly limited to the purposes outlined in Section 4 (How We Use Your Data). Examples include:

Delivery and Logistics Partners: Carriers and couriers require your name, delivery address, and contact details to fulfil your orders.
Marketing and Communication Providers: Email-marketing platforms or SMS providers may need your contact information and preferences in order to send you newsletters, order updates, or promotional offers you have opted into.
IT and Infrastructure Maintenance: Our cloud-hosting, data-storage, and technical support partners may have limited access to certain Data in the event of a system incident or routine maintenance.
Digital & Social Media Platforms: When you interact with our content on social networks (e.g., clicking the “like” or “share” buttons), the operators of those platforms (e.g., Facebook, Instagram, Google) may receive information about your activities on our website. Additionally, we may use tools such as Google Analytics and Facebook Custom Audience to optimise our online advertising—those providers may process your browsing behaviour (as Data Controllers) and match it to your existing profiles on their systems.
Payment Processors: When you complete a purchase, we use third-party payment gateways (e.g., PayPal, Stripe) to process your bank or card details. Those providers act as Data Controllers and handle sensitive financial information; We do not retain your full payment credentials.

Before granting access, we require all third parties to:

Enter into a written contract with US, that imposes strict data-protection and confidentiality obligations;
Commit to comply with all applicable data-protection laws and process your Data only for the purposes specified in our agreement;
Implement appropriate technical and organisational safeguards (e.g., encryption, access controls) to protect the integrity and confidentiality of your Data.

6.4 Digital & Social Media Partners (More Detail)

Social-Media Widgets and Plugins: If you click on social-media “like,” “share,” or “follow” buttons embedded on our site, the social-media platform can register that activity—even if you do not interact directly—provided you are logged in to that platform.
Online Advertising Tools: We use services such as Google Ads and Facebook Ads to deliver targeted advertisements. These providers may combine your browsing data with their existing user profiles (in their capacity as Data Controllers). In some cases, we use “lookalike” audience features (e.g., Facebook Lookalike Audiences) to find potential customers who share similar interests with our existing customers; however, your personal information is only used in an aggregated, anonymised way to create these audience segments.

Each of these third parties has its own privacy policy, which explains how they handle and protect your Data. We encourage you to review their terms and adjust your cookie or privacy settings as you see fit.

6.5 Interactive Community Platform

If you choose to participate in Our community reviews or rewards platform (e.g., leaving product reviews or engaging with other customers), we may access and store your user-generated content, points, and rewards status. This Data is hosted on a secure third-party server We retain community member Data for up to three years and non-member Data for up to three weeks unless you request otherwise or applicable law requires a different retention period.

6.6 Public and Regulatory Authorities

We may be legally obliged to share certain Data with public or judicial authorities in the following situations:

Tax or Financial Audits
Health & Safety Reporting
Legal Proceedings

We comply with any valid, lawful request from a competent authority but will challenge or limit disclosure if we believe the request is overbroad or not legally justified.

6.7 Professional Advisers

When necessary (for example, during an audit, a tax review, insurance claim, or legal matter), we may share your Data with our professional advisers—such as accountants, auditors, lawyers, or insurers—provided that:

They are bound by professional-secrecy or confidentiality obligations;
They process your Data solely to the extent required for their advisory role; and
They implement adequate technical and organisational measures to safeguard your Data.

6.8 Potential Acquirers or Business Partners

If WE (or any of its subsidiaries) are involved in a merger, acquisition, joint venture, sale of assets, or any other business-restructuring event, your Data may be shared with the prospective buyer or partner. In such cases:

The receiving entity will typically become the new Data Controller for your information;
We will inform you before your Data is transferred, and you will continue to have rights over how it is used;
The transfer will only cover what is strictly necessary for the transaction—e.g., customer lists, billing records, or product-interest data.

6.9 Strict “Need-to-Know” Access

Under no circumstances will we rent, trade, or sell your Data to unrelated third parties for marketing purposes. Access to your Data—whether within Our group or with external partners—is always restricted to the minimum amount of information required to carry out a specific, lawful purpose.

If you have any questions about how or with whom we share your Data, you may contact us at care@bellavitaluxury.uk or visit Section 11 (Your Rights) to learn how to exercise your rights regarding data-sharing and profiling.

7. Where May We Transfer Your Data?

We have operations across many jurisdictions hence there are vendors, and partners located across various countries worldwide. As a result, it may be necessary to transfer your personal Data to entities located in jurisdictions outside your country of residence. Some of these countries may not provide the same level of data protection as your home jurisdiction.

In all such cases, we ensure that appropriate safeguards are in place to protect your Data in accordance with applicable data protection laws.

For further information regarding the international transfer of your Data, or if you have any concerns, please contact us on care@bellavitaluxury.uk (see Section 11).

8. How Do We Protect Your Data?

We understand the importance of data security and are committed to safeguarding your personal information. We implement appropriate technical and organizational measures to protect your Data against unauthorized access, alteration, disclosure, or destruction. We pay special attention to sensitive information such as payment card details, allergy or intolerance data, and other personal health information.

However, please be aware that any information you voluntarily share in public areas—such as community forums on our website or other social platforms—is inherently public and may be accessible to anyone who visits those platforms.

9. How Long Do We Retain Your Data?

We will retain your personal Data only for as long as necessary to fulfill the purposes described in this Policy (see Section 4).

When determining the appropriate retention period, we consider several factors, including:
(i) The duration of our ongoing relationship with you;
(ii) Any legal or regulatory obligations requiring us to retain your Data;
(iii) Whether applicable laws permit or require longer retention periods.

We are continuously enhancing our data protection practices, including implementing updated data retention policies, to ensure your privacy is protected to the highest standard.

10. Data About Children

Our website and services are not intended for individuals under the age of 16, even if they have consent from a parent or guardian. We do not knowingly collect or solicit any personal information from anyone under 16 years of age.

Since we cannot always verify the age of users, we encourage parents and guardians to actively supervise their children’s online activities to help prevent the inadvertent collection of children’s Data.

If we discover that we have unintentionally collected personal information from a child under 16, we will promptly delete that information from our records as soon as possible.

11. Your Rights and Choices

Under applicable data protection laws, you have the right to:

Access the personal Data we hold about you and confirm whether your Data is being processed.
Correct any inaccurate or incomplete Data.
Request the deletion of your Data where legally permitted. Please note that in some cases, we may be required to retain your Data for legal or legitimate purposes.
Object to the processing of your Data when our legal basis is our legitimate interests, unless we have overriding legitimate grounds. You also have the right to object at any time to the use of your Data for marketing purposes. You can unsubscribe from our marketing communications at any time by clicking the “unsubscribe” link included in every message.
Request the restriction of processing your Data as permitted by law.
Receive a copy of the Data you have provided to us in a structured, commonly used, and machine-readable format, and, where applicable, request that your Data be transmitted to another data controller. This right applies when the processing is based on your consent or a contract and is carried out by automated means.

To exercise any of these rights or if you have any questions about how we use your Data, please contact our Data Protection Officer:

Via our online contact form
By mail: care@bellavitaluxury.uk
Bellavita Luxury

Please note that we may request proof of identity to process your request.

This policy is subject to further modification to comply with relevant and applicable laws, regulations, rules, and orders.