Data Protection Policy

This Policy describes how Moroccanoil collects, uses, and shares your personal data in connection with our products and services.

We are deeply committed to complying with all relevant privacy laws, including the UK General Data Protection Regulation (UK GDPR).

Moroccanoil prioritize the protection of personal information and continually strive to uphold the highest standards of data privacy and security in alignment with these regulations.

What Data Do We Collect

We collect personal data about you when you visit our website, purchase products from us, or otherwise interact with us. The personal data we collect may include:

  • Contact information, such as your name, email address, phone number, and shipping address.
  • Payment information, such as your credit card number and billing address.
  • Order information, such as the products you purchase and the date and time of your purchase.
  • Device information, such as your IP address, browser type, and operating system.
  • Other information you provide to us, such as your preferences and feedback.

How will we use your data?

We use your data for the following purposes:

  • Order Processing: To process and fulfill your orders, manage your account, and provide you with customer service.
  • Payment Verification: To verify your payment information and carry out financial transactions in relation to payments you make.
  • Customer Relationship Management: To manage our relationship with you, which includes notifying you about changes to our terms or privacy policy and asking you to leave a review or take a survey.
  • Communication: We may use your contact information to send you updates, promotional offers, and other communications related to our services. You can opt out of these communications at any time.
  • User Support: We use your data to resolve technical issues you encounter, to respond to your requests for assistance, and to repair and improve our services.
  • Marketing: With your consent, we may use your data for marketing purposes, including but not limited to, sharing your information with our partners for promotional activities.
  • Personalization and Service Improvement: We use your data to personalize your experience on our platform, including showing you relevant content and offers. This helps us improve the quality of our services and better meet your needs.
  • Security and Anti-Fraud Measures: We process your data to ensure the security of our services and protect against fraud. This includes monitoring for suspicious activities and verifying user identity. Our legal basis for this processing is compliance with legal obligations and our legitimate interests in protecting our services and users.
  • Analytics: We use aggregated and anonymized data for analytics purposes to understand how users interact with our services. This helps us identify trends, evaluate the effectiveness of our features, and plan for future improvements.
  • Legal Obligations: We may be required to use and retain personal data for legal and compliance reasons, such as the prevention, detection, or investigation of a crime, loss prevention, or fraud.

Our legal Bases for Processing your Personal Data

The legal bases we rely on for processing your personal data may include:

  • Consent: We may process your personal data based on your consent. For example, if you sign up for our newsletter or participate in a survey, we will ask for your consent to collect and use your personal data for these purposes. You have the right to withdraw your consent at any time by contacting us using the information provided at the end of this policy.
  • Performance of a contract: We may process your personal data to fulfill a contract with you, such as when you purchase products from us or request services. For example, we may use your personal data to process your payment, ship your products, and communicate with you about your order.
  • Legal obligation: We may process your personal data when it is necessary to comply with a legal obligation, such as a court order or a regulatory requirement.
  • Legitimate interest: We may process your personal data when it is necessary for our legitimate interests and does not override your rights and freedoms. For example, we may process your personal data to improve our products or services, analyze and understand customer preferences and behaviour, or to prevent fraud and unauthorized access to our systems.
  • Vital interests: In rare circumstances, we may process your personal data when it is necessary to protect your or someone else's vital interests, such as in the case of a medical emergency.

We will only process your personal data for the purposes for which we collected it, and we will not use it for any other purpose without your consent or a valid legal basis. If we need to use your personal data for a new purpose that is not compatible with the original purpose, we will inform you and seek your consent or a new legal basis for the processing.

If you have any questions or concerns about our legal bases for processing your personal data, please contact us using the information provided at the end of this policy.

How will we store your data?

Your data is stored on Shopify's secure servers. Shopify uses industry-standard security measures to protect your data, including encryption, firewalls, and regular security audits.

We do not share your personal information with third parties for their marketing purposes. However, we may share your information with service providers who help us process payments, fulfill orders, and provide customer support. These service providers are contractually obligated to keep your information confidential and secure.

If you have any concerns about how your data is being stored or processed, please contact us at We will do our best to address your concerns and provide you with the information you need.



Children Privacy

This site is not intended for children, and you must be aged 13 or over to use our website. We do not solicit or knowingly collect personal information from children under the age of 13 without the specific consent of at least one of the parents or the legal guardian. If we are made aware that we have received such information or any information in violation of our policy, we will use reasonable efforts to locate and remove that information from our records.

What are cookies?

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

Cookies are small data files that are placed on your device or computer when you browse a website. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

How do we use cookies?

We use cookies to:

  • Analyze our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content, and functions.
  • Store information about your preferences, and so allow us to customize our website and provide you with offers that are targeted to your individual interests.
  • Recognize when you return to our website. We may show your relevant content or provide functionality you used previously.
  • Cookies also help us identify and diagnose errors, and to detect and prevent fraud.

What types of cookies do we use?

We use the following types of cookies:

  • Strictly necessary cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
  • Analytical/performance cookies: These cookies allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies: These cookies are us to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name, and remember your preferences.
  • Targeting cookies: These cookies record your visit to our website, the pages you have visited, and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.



How can you control cookies?

We use a cookie management solution to obtain your consent before placing any non-essential cookies on your device. The cookie management solution allows you to manage your cookie preferences and withdraw your consent at any time.

Retention Period

We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer need to retain your personal data, we will securely delete or anonymize it.

Disclosure of your Data

Moroccanoil may disclose your personal data to third-party service providers as necessary to facilitate your interactions with us.

These third parties are obligated to safeguard your information and are only permitted to use it for the purposes of providing services on our behalf. In accordance with our policies, they will dispose of your information appropriately once it is no longer required for the provision of such services.

If we intend to disclose any sensitive personal data to a third party, we will only do so in accordance with the bases for processing your personal data that were previously described.

The following third parties may receive your personal data as part of our processing activities, as specified below:

  Vendor        |   Our Use

Klarna           |   Payment gateway (installments)

Klaviyo          |   Email Service Provider

Onetrust        |   Privacy Management

Yotpo            |  Product Review

Zendesk        |  Help desk management

Sufio              | Generate invoices


In the event that you wish to make a complaint about how your personal data is being processed by Moroccanoil, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Moroccanoil’s Data Protection Officer.

See our contact details below.


Data Security

We are committed to protecting the security of your personal data. We use appropriate technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction.

Some of the measures we take to protect your personal data include:

  • Encryption: We use encryption to protect your personal data while it is in transit to and from our website. This includes using secure socket layer (SSL) technology to encrypt data transmitted over the internet.
  • Access control: We limit access to your personal data to only those employees, contractors, and service providers who have a need to access it. We also require them to be subject to strict confidentiality obligations and we monitor their access.
  • Incident response: We have a data breach response plan in place to respond to any security incidents involving personal data quickly and effectively. This includes promptly investigating and remedying the cause of the incident and notifying you and any relevant regulatory authorities as required by law.

In the event of a personal data breach, we will promptly notify the Information Commissioner's Office (ICO) and any affected individuals within 72 hours, as mandated by the General Data Protection Regulation (GDPR).

While we take reasonable steps to protect your personal data, no method of transmission or storage is completely secure, and we cannot guarantee its absolute security. You are responsible for keeping your login credentials, if any, confidential and for not sharing them with anyone.

Data Sharing

We do not share your personal data with third parties for marketing purposes. However, we may share your personal data with service providers who help us fulfill your orders and provide our products and services to you. These service providers are bound by data protection agreements and are not permitted to use your personal data for any other purposes.

We may also share your personal data with law enforcement or other government agencies when required by law or in response to a valid legal request.

Your Rights

Moroccanoil would like to make sure that you are fully aware of all your data protection rights.

You are entitled to the following:

  • Right to be informed: You have the right to be informed about how your personal data is being used and processed.
  • Right of access: You have the right to request access to the personal data that a company holds about you.
  • Right to rectification: You have the right to request that any inaccurate or incomplete personal data be corrected or updated.
  • Right to withdraw consent: You can withdraw your consent to the processing of your personal data at any time if the legal basis for collecting the information is consent. We will stop processing your personal data as soon as we receive your withdrawal of consent.
  • Right to erasure: You have the right to (under certain circumstances) ask for your personal data to be erased where:
  • Your personal data is no longer necessary in relation to the purpose for which it was collected/processed;
  • You withdraw your consent or object to the processing and there is no overriding legitimate interest to continue processing;
  • You object to the processing and there are no overriding legitimate grounds for the processing;
  • You object to the processing and your personal data was processed for direct marketing purposes.
  • Right to restrict processing: You have the right to request that the processing of your personal data is restricted under certain circumstances.
  • Right to data portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format.
  •  Right to object: You have the right to object to the processing of your personal data in certain circumstances.
  • Rights related to automated decision-making and profiling: You have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  •  Right to Lodge Complaint: You also have the right to lodge a complaint with a supervisory authority if you believe that your data protection rights have been violated. The supervisory authority at UK is the Information Commissioner’s Office (ICO).

If you make a request, we have one month to respond to you. Please see our contact details below.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes to this Privacy Policy by posting a notice on our website or by sending you an email.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at. If you would like to exercise any of these rights, please Contact us by email:

Last update: 12/02/2024