Privacy Policy
Your privacy matters. This policy explains what personal information we collect when you visit or order from globaltanninglotions.com, why we collect it, how we use it, and the rights you have over your data under UK law.
★ Contents
01 Who we are
Global Tanning Lotions is a trading name of Tan Cosmetics Global Ltd, a company registered in England and Wales. We are the “data controller” for the personal information described in this policy.
- Registered office: 252b Barking Road, London, E6 3BB, United Kingdom
- Email: globaltanninglotions@gmail.com
02 Information we collect
We only collect the information we need to take your order, deliver it, support you afterwards, and (if you opt in) keep you updated on new products. Specifically:
| Category | Examples |
|---|---|
| Identity | Name, business name (wholesale enquiries) |
| Contact | Delivery address, billing address, email, phone |
| Order | Items purchased, order value, order history |
| Payment | Card information is processed by Stripe — we do not store full card details on our servers |
| Marketing | Email address if you sign up for our newsletter; your preferences |
| Technical | IP address, browser type, device type, pages visited, referring URL (via cookies / analytics) |
| Communications | Any messages or emails you send us |
We do not knowingly collect data from anyone under 18. If you believe we have collected data from a minor, please contact us and we will delete it.
03 How we use your data
- To process and deliver your order — including payment, packaging, dispatch, courier handover, and any returns or refunds.
- To respond to your enquiries — including wholesale and trade enquiries, returns, and customer support.
- To keep you updated — if you have opted in to receive our newsletter, we send occasional product updates, offers and content.
- To improve our website and service — using anonymised analytics to understand how visitors use the site.
- To comply with legal obligations — including keeping tax records as required by HMRC.
- To prevent fraud and protect our business — including verifying payment details and identifying unusual order patterns.
04 Legal basis for processing
Under UK GDPR we must have a lawful basis for each use of your data. We rely on the following:
| Activity | Lawful basis |
|---|---|
| Processing your order, delivery and after-sales | Performance of a contract with you |
| Tax records and accounting | Legal obligation |
| Marketing emails (newsletter) | Your consent — you can unsubscribe at any time |
| Cookies (analytics & marketing) | Your consent (via the cookie banner) |
| Essential cookies (cart, login) | Legitimate interests — necessary for the site to work |
| Fraud prevention | Legitimate interests — protecting our business and customers |
05 Who we share data with
We do not sell your personal data. We share it only with the trusted service providers we need to run the business:
- Payment processors — Stripe (for handling card payments). Stripe is its own data controller for payment data — see stripe.com/gb/privacy.
- Couriers and postal services — Royal Mail and third-party couriers, who need your name and delivery address to deliver your order.
- E-commerce platform — Shopify (or our hosting provider) stores order and customer information in line with their data-processing agreement.
- Email service provider — for sending order confirmations, dispatch notifications and (if you opt in) marketing emails.
- Analytics providers — Google Analytics (or equivalent) for anonymised usage statistics. Analytics cookies only run if you accept them via the cookie banner.
- HMRC, regulators and law enforcement — where we are legally required to share information.
All processors are contractually required to protect your data and use it only for the purposes we instruct them to.
06 Cookies & tracking
Cookies are small text files stored on your device when you visit a website. We use them in four ways:
- Strictly necessary cookies — for the site to function (your shopping cart, login session, security). These cannot be disabled.
- Functional cookies — to remember your preferences (language, region).
- Analytics cookies — to understand how visitors use the site so we can improve it. Anonymised; require your consent.
- Marketing cookies — to show you relevant offers via platforms like Meta and Google. Require your consent.
You can accept or decline non-essential cookies via the banner shown on your first visit. You can also manage cookie preferences in your browser settings at any time. Disabling some cookies may affect how the site works.
07 International transfers
Most of our processing happens within the UK and the EEA. Some service providers (for example Stripe, Shopify, Google) may transfer data outside the UK and EEA. When this happens, we rely on the safeguards required by UK GDPR — typically the UK’s International Data Transfer Agreement, the EU Standard Contractual Clauses with the UK Addendum, or an adequacy decision from the UK Government.
08 How long we keep data
We keep your information only as long as we need it:
- Order and customer-account data — for 6 years after your last order, in line with HMRC tax-record requirements.
- Marketing subscriber list — until you unsubscribe, with periodic re-confirmation requests.
- Customer support correspondence — typically 2 years from the date of last contact.
- Wholesale enquiries — typically 12 months from the enquiry, unless we agree a longer relationship.
- Cookies — vary by type, from a single session up to 24 months. See the cookie banner for details.
09 Your rights
Under UK GDPR you have a number of rights over your personal data. You can:
- Access — ask for a copy of the personal data we hold about you.
- Rectify — ask us to correct inaccurate or incomplete information.
- Erase — ask us to delete your data where there is no good reason for us to keep it (sometimes called the “right to be forgotten”).
- Restrict — ask us to limit how we use your data while we sort out a query you have raised.
- Object — object to processing where we rely on legitimate interests.
- Portability — ask us to send your data to you, or another provider, in a portable format.
- Withdraw consent — where we rely on consent (for example marketing emails or non-essential cookies), you can withdraw it at any time.
To exercise any of these rights, email globaltanninglotions@gmail.com. We will respond within one month. There is no charge unless your request is manifestly unfounded or excessive.
10 How we protect your data
We take security seriously. The site uses HTTPS encryption end-to-end. Payment information is handled exclusively by PCI-compliant providers (Stripe) and never stored on our servers in full. Access to customer data inside our business is limited to the staff who need it to do their job, on need-to-know basis, and protected by strong passwords and two-factor authentication where available.
We cannot guarantee absolute security — no internet system is perfectly secure — but we follow industry standard practices to protect your information.
11 Changes to this policy
We may update this policy from time to time, for example if we add new services or as regulations change. We will post any changes on this page and update the “last updated” date below. For significant changes that affect how we use existing data, we will email customers who have provided an address.
12 Contact & complaints
Questions about this policy, or about how we handle your data, please contact us:
- Email: globaltanninglotions@gmail.com
- Trading address: 252b Barking Road, London, E6 3BB, United Kingdom
★ Your right to complain. If you are not happy with how we handle your data, you have the right to lodge a complaint with the UK’s data-protection regulator: the Information Commissioner’s Office (ICO). You can contact them at ico.org.uk or by phone on 0303 123 1113. We would always prefer you raise concerns with us first so we have a chance to put things right.
Last updated: May 2026 · Tan Cosmetics Global Ltd, registered in England.