At GlowBeauty, we are committed to protecting your privacy and ensuring you understand how we collect, use, and safeguard your personal information. This Privacy Policy explains our practices regarding data collection, processing, and your rights as a user of our website.
By accessing and using the GlowBeauty website, you acknowledge that you have read this Privacy Policy and agree to its terms. We encourage you to read this policy carefully and contact us if you have any questions.
1. Cookie Categories 🍪
Essential Cookies
Essential cookies are necessary for the core functionality of our website. They enable secure authentication, session management, and prevent fraud. These cookies are activated automatically and do not require user consent.
Examples: session_id, csrf_token, cookie_consent_status
Consent Required: No
Retention Period: Session duration or up to 12 months for preference storage
Analytics Cookies
Analytics cookies help us understand how visitors interact with our website. They collect anonymized data about pages visited, time on site, and user behavior patterns. This information allows us to improve our website and user experience.
Tools Used: Google Analytics 4
Examples: _ga, _ga_XXXXXXXXX, _gid, _gat
Consent Required: Yes — activated only after user accepts
Retention Period: Up to 14 months
Marketing & Advertising Cookies
Marketing cookies enable personalized advertising and remarketing across Google's network and Meta platforms. They track conversions, build audience segments, and measure campaign effectiveness. These cookies are only activated with explicit user consent.
Tools Used: Google Ads, Meta Pixel
Consent Required: Yes — activated only after user accepts
Retention Period: Up to 540 days (Google Ads default)
2. Marketing Cookies & Third-Party Services
Third-Party Ad Serving
Third-party vendors, including Google, use cookies to serve ads based on a user's previous visits to this website and other sites on the internet. This practice is known as remarketing and allows us to reach visitors who have shown interest in our products.
Advertising Partners
We work with advertising partners such as Google and Meta to deliver advertisements tailored to your interests across various websites and platforms. These partners use sophisticated algorithms to match ads with relevant audiences based on their browsing behavior and preferences.
Remarketing & Retargeting
We use remarketing services to advertise to previous visitors of our website. After visiting our site, you may see our ads on other websites, apps, or platforms you visit. This helps us stay connected with interested customers and encourage them to complete their purchase.
Google Display Network & YouTube
Advertisements may appear across Google services including YouTube, Gmail, and the Google Display Network. These placements are based on your interests and browsing history, allowing us to reach customers at the right time with relevant product information.
Tracking Technologies in Use
We use the following tracking technologies on this website:
- Cookies (first-party and third-party)
- Tracking pixels (Google Ads tag / gtag.js, Meta Pixel)
- Device identifiers (browser fingerprint, IP address)
- Conversion event tags and custom event tracking
- Universal Analytics identifiers
Conversion Tracking & Measurement
We use conversion tracking to understand which advertisements lead to actions on our website — such as form submissions, product purchases, or inquiries. This allows us to measure campaign effectiveness, optimize ad spend, and allocate budget to the most successful channels. Conversion data may be shared with Google Ads and Meta for their own analysis and algorithm improvement.
Active Advertising & Analytics Technologies
The following advertising and analytics technologies are active on this site:
- Google Ads (gtag.js / Google Tag Manager)
- Google Analytics 4
- Google Remarketing Tag
- Meta Pixel (Facebook / Instagram)
Opt-Out from Personalized Advertising
You may opt out of personalized advertising at any time through the following resources. Note that opting out does not remove ads entirely — you will continue to see non-personalized advertisements.
3. Consent & Cookie Management
Consent Banner
Our website displays a cookie consent banner that offers you three clear options:
- Accept All: Enables all cookies including analytics and marketing
- Reject Non-Essential: Disables analytics and marketing cookies
- Manage Preferences: Opens a detailed preference panel for per-category control
Essential cookies remain active regardless of your choice. Analytics and marketing cookies are only activated after you explicitly accept them. Your preference is stored in localStorage for 12 months.
Consent Statement
By clicking 'Accept All Cookies', you consent to the storing of cookies on your device for analytics and advertising purposes, including personalized advertising delivered by Google and Meta. You may withdraw consent at any time through the cookie preferences panel without affecting the lawfulness of processing that occurred before withdrawal.
GDPR & UK GDPR Compliance
Users in the European Economic Area and the United Kingdom receive this consent notice in compliance with the General Data Protection Regulation (GDPR) and UK GDPR. Marketing and analytics cookies are activated solely after explicit, informed, freely given consent under GDPR Article 6(1)(a). Consent is recorded with a timestamp and may be audited upon request.
Withdrawal of Consent
You may withdraw consent at any time by clicking 'Manage cookie preferences' in the website footer, or by clearing cookies via your browser settings. Withdrawal does not affect processing that occurred while consent was valid. You remain in control of your privacy settings at all times.
4. Data Sharing with Advertising Partners
We share certain data with advertising partners for campaign delivery and measurement. These partners process data in accordance with their own privacy policies and applicable data protection laws.
Google LLC
Data Shared: Cookie identifiers, conversion events, anonymized behavioral data, remarketing lists
Purpose: Ad targeting, campaign measurement, and performance analysis
Privacy Policy: Google's Privacy Policy
Data transfers are governed by Standard Contractual Clauses where applicable.
Meta Platforms, Inc.
Data Shared: Pixel events, conversion data, custom audiences, website traffic information
Purpose: Ad delivery on Facebook and Instagram, audience building, and campaign optimization
Privacy Policy: Meta's Data Policy
Data transfers are governed by Standard Contractual Clauses where applicable.
Important: We do not sell personal data to unaffiliated third parties. Google and Meta may use this data across their own platforms in accordance with their respective policies. We encourage users to review those policies directly to understand how they process and utilize data.
All data transfers operate under appropriate legal mechanisms and safeguards. We remain committed to transparency regarding how your information is shared and processed.
5. Lead Forms & Contact Requests
When you submit a contact form, request a quote, or register interest in our services, we collect the information you provide. This typically includes your full name, email address, phone number, skin type preference, and your message or inquiry.
Legal Basis: Consent (GDPR Article 6.1.a) and, where a service relationship exists, performance of a contract (GDPR Article 6.1.b).
Data Retention: Form submission data is retained for up to 2 years from the date of submission, unless a longer period is required by applicable law or for legitimate business purposes such as customer service follow-up.
Your Rights: You may request deletion of your data at any time by contacting us at [email protected] or through the contact form on our website. We will process deletion requests within 30 days.
A link to this Privacy Policy appears adjacent to every submission button on this site. Submitting a form constitutes acknowledgment of this policy and consent to data processing as described herein.
6. Google Services & Technologies
Google Analytics 4
Google Analytics 4 (GA4) collects anonymized usage data, device information, and behavioral signals to help us understand how visitors interact with our website. IP anonymization is enabled by default to protect your privacy.
- Data Retention: 14 months
- Data anonymized and aggregated
- No personal identification possible
You may opt out via the Google Analytics Opt-out Browser Add-on.
Google Ads Conversion Tracking
We use Google Ads conversion tracking to record when a user completes a defined action (form submission, product inquiry, purchase) after clicking one of our advertisements. This data is used solely for measuring ad campaign performance and optimizing marketing spend. Conversion data is encrypted and processed securely.
Google Remarketing
Google Remarketing allows us to show targeted ads to previous visitors across Google's network. Remarketing lists are created based on pages visited and actions taken, but are not created from sensitive data categories such as health status, financial situation, religion, sexual orientation, or other protected attributes.
You can control remarketing preferences through your Google Ads Settings or by using the Google Analytics Opt-out Add-on.
Google Tag Manager
Google Tag Manager (GTM) is a container service that deploys tracking tags on our behalf. GTM itself does not collect personal data; it acts as a container for Google Analytics, Google Ads conversion tracking, and other analytics tags listed in this policy.
Governance: Google's advertising products and services are governed by Google's Ads Policy.
7. Meta Advertising Services
This website uses the Meta Pixel to measure the effectiveness of our advertising on Facebook and Instagram. The pixel may record page views, time on site, and specific conversion events such as form submissions or product inquiries.
Data Collected: Page views, website events, conversion actions, device information, and cookie identifiers.
Sensitive Data: We do not use the Meta Pixel to collect sensitive personal data, nor to target users based on health status, financial situation, religion, political views, sexual orientation, or any other protected attribute prohibited under Meta's advertising policies.
Data Controller: Meta acts as an independent data controller for data collected via its Pixel and processed within its own platform and services. Meta's use of this data is governed by their own policies and practices.
To manage your ad preferences on Meta platforms and learn more about how Meta uses your data:
8. Prohibited Content & Compliance
This website does not promote, sell, or facilitate access to prohibited product or service categories. We maintain strict compliance with advertising platform policies.
Prohibited categories we do not engage with include:
- Weapons and dangerous items
- Controlled substances and drugs
- Counterfeit goods
- Unlicensed gambling services
- Adult content and services
- Fraudulent financial products
- Services making misleading health or financial claims
All advertising conducted through Google Ads and Meta Ads complies with the respective platform policies in their entirety.
9. Landing Page Integrity & Transparency
Accurate Representation: The content of this website accurately represents the products and services advertised. We maintain high standards of honesty and transparency in all marketing communications.
No Bait-and-Switch: We do not employ bait-and-switch tactics or misleading advertising practices. The experience delivered to users arriving from paid advertisements matches the actual content and offerings on our website.
Cloaking Prevention: We do not use cloaking, automatic redirects, or interstitials that block content. All users, including search engine crawlers and Google's advertising review bots, see identical website content. There is no content variation based on traffic source or user profile.
Consistency: Landing page experience is consistent across all channels and user segments, ensuring that advertising promises match actual website content.
10. Children's Privacy
This website is not directed at individuals under the age of 16. We do not knowingly collect personal data from minors without verifiable parental consent as required by applicable law.
If we discover that data has been collected from a person under 16 without verifiable parental consent, we will delete it promptly. Parents or guardians who believe their child's information has been collected should contact us immediately at [email protected].
We comply with the Children's Online Privacy Protection Act (COPPA) and equivalent international regulations such as the UK Age Appropriate Design Code.
11. International Data Transfers
Personal data collected through this website may be transferred to and processed in countries outside the European Economic Area, including the United States, where Google LLC and Meta Platforms, Inc. are based.
Legal Safeguards: These transfers are conducted under Standard Contractual Clauses (SCCs) approved by the European Commission, which provide appropriate safeguards for personal data transferred internationally.
A copy of the applicable SCCs can be requested by contacting us directly at [email protected]. We remain committed to ensuring your data is protected no matter where it is processed.
12. Your Privacy Rights (GDPR & Data Protection)
If you are located in the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:
Right of Access (Article 15)
Request a copy of data we hold about you and information about how it is processed.
Right of Rectification (Article 16)
Correct inaccurate or incomplete data held about you.
Right of Erasure (Article 17)
Request deletion of your data (right to be forgotten) under certain circumstances.
Right to Restrict Processing (Article 18)
Limit how we process your personal data.
Right to Data Portability (Article 20)
Receive your data in a structured, machine-readable format for transfer to another controller.
Right to Object (Article 21)
Object to processing based on legitimate interest, including direct marketing.
Right to Withdraw Consent (Article 7.3)
Revoke consent at any time without penalty or affecting the lawfulness of prior processing.
How to Exercise Your Rights: To exercise any right, email us at [email protected] with your request. We will verify your identity and respond within 30 days of receipt. You have no obligation to pay a fee unless your request is manifestly unfounded or excessive.
You also have the right to lodge a complaint with your local supervisory authority if you believe we have violated your privacy rights:
- EDPB (European Data Protection Board) - EU users
- ICO (Information Commissioner's Office) - UK users
13. Categories of Personal Data We Collect
The following categories of personal data may be collected through this website:
Contact Information
- Full name
- Email address
- Phone number
- Mailing address
Technical Information
- IP address
- Browser type and version
- Device type and OS
- Browser fingerprint
Behavioral Data
- Pages visited
- Time on site
- Click paths
- Scroll depth
Conversion & Event Data
- Form submissions
- Product inquiries
- Purchases
- Email interactions
Preference Data
- Skin type
- Product preferences
- Communication preferences
- Cookie consent choices
Identifiers & Cookies
- Cookie identifiers
- Google Analytics IDs
- Advertising IDs
- Session tokens
14. Legal Basis for Data Processing (GDPR Article 6)
Under GDPR, we process personal data on the following legal bases:
Consent (Article 6.1.a)
Applied to: Contact form data, analytics cookies, marketing cookies, email subscriptions. You must explicitly consent; processing does not occur without your agreement.
Performance of Contract (Article 6.1.b)
Applied to: Form submission for service inquiries, where a service relationship may be formed. Processing is necessary to respond to your inquiry and provide requested services.
Legitimate Interest (Article 6.1.f)
Applied to: Security and fraud prevention, website optimization, and anonymous analytics. We balance our interests against your privacy rights; you have the right to object.
Legal Obligation (Article 6.1.c)
Applied to: Compliance with applicable laws, regulations, and legal requests. We may retain certain data as required by law.
15. Data Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specific retention periods for each data category are as follows:
If data is no longer necessary for its original purpose, we securely delete or anonymize it. Some data may be retained longer if required by law or for legitimate business, legal, or tax purposes.
16. Contact Us
If you have questions about this Privacy Policy, wish to exercise your rights, or need to report a privacy concern, please contact us:
GlowBeauty
📍 42 Regent Street, London, W1B 5TP, United Kingdom
Phone
📞 +44 20 7946 0958
We aim to respond to all privacy inquiries and data subject requests within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.
17. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and displaying a notice on our homepage for a minimum of 14 days before the changes become effective.
Your continued use of the website following notification of changes constitutes your acceptance of the updated Privacy Policy. We recommend reviewing this policy periodically to stay informed about how we protect your information.
Last Updated: January 15, 2026
Your Privacy Matters to Us
We are committed to transparency, security, and respecting your privacy rights. If you have any concerns or questions about our privacy practices, please contact us. Thank you for trusting GlowBeauty with your personal information.