Data Protection Policy

UK

Last update: April 2025

This Policy describes how Moroccanoil collects, uses, and shares your personal data in connection with our products and services.

We are deeply committed to complying with all relevant privacy laws, including the UK GDPR and the Data Protection Act 2018.

Moroccanoil prioritize the protection of personal information and continually strive to uphold the highest standards of data privacy and security in alignment with these regulations.

What Data Do We Collect?

As part of registering on the Website and using the services offered, as well as through our marketing campaigns, you may be asked to provide us with personal details such as:

(a)  Full name;

(b)  Email address;

(c)   Telephone number;

(d)  ID number;

(e)  Address.

These details are necessary to provide you with the service or to include you in various promotions, based on your request and explicit consent.

If you purchase one of our products or services, we may also collect information such as:

(a)  Payment method;

(b)  Products you have purchased;

(c)   Delivery method;

(d)  Additional relevant information, such as instructions for the courier if the recipient is not home, or a discount/benefit code (if applicable);

(e)  Optional comments in free text.

When contacting customer service, you may choose to provide sensitive personal information. Sharing this information is entirely optional and at your discretion, after considering whether it is relevant to your inquiry.

If you agree, we may also collect information such as:

(a)  How you use the Website;

(b)  Products you are interested in;

(c)   Content or advertisements you have viewed;

(d)  Pages you have visited;

(e)  Offers that interest you;

(f)    Actions you have taken on the Website, including those you started but did not complete;

(g)  Information received from other websites and services (such as Facebook, Google, and others).

To the extent that you provide personal information, you confirm that the information is true, accurate, and provided either on your own behalf or with legal authorization to do so for someone else. In any case, you are solely responsible for the information you provide.

How Will we Use your Data?

We use your personal data for the following purposes:

(a)  To operate and manage the Company’s business activities, including the services and products it offers, and the functionality of the Website.

(b)  To provide you with services, maintain contact with you, and improve customer service processes.

(c)   To process and fulfill your orders, manage your account, and provide you with customer support.

(d)  To verify payment information and carry out financial transactions related to your purchases.

(e)  To improve and enhance our services, develop new services and content that meet user expectations, and modify or cancel existing services.

(f)    To manage our relationship with you, including notifying you of changes to our terms or privacy policy, and inviting you to leave a review or respond to surveys.

(g)  To send you service-related communications, updates, and promotional offers (with your explicit consent). You may opt out at any time.

(h)  To resolve technical issues, respond to support requests, and improve the quality and reliability of our services.

(i)    To personalize your experience, including presenting relevant content and offers that match your interests.

(j)    To implement security and fraud prevention measures, including user identity verification and monitoring for suspicious activity.

(k)   To perform data analytics using aggregated and anonymized data to understand how users interact with our services, identify trends, evaluate features, and plan future improvements.

(l)    To comply with legal and regulatory obligations, including the prevention, detection, or investigation of fraud, crime, or other unlawful activities.

Disclosure of Personal Data to Third Parties

The Company may share your personal data under the following circumstances:

(a)  With service providers, to enable the delivery of our services in accordance with the purposes stated above;

(b)  With our business partners and other third parties for marketing or promotional purposes, but only with your separate, explicit consent, and subject to applicable law;

(c)   If you violate the Website’s terms of use or perform any unlawful actions through or in connection with the Website;

(d)  If we are legally required to disclose your data by court order or other legal directive;

(e)  If we believe disclosure is necessary to prevent serious harm to your health or property, or to the health or property of others;

(f)    In the form of aggregated, non-personally identifiable statistical data regarding Website usage;

(g)  In the event of a merger, acquisition, or sale of the Company’s shares or assets, to the extent required for completing such a transaction.

How will we store your data?

Your data is stored on Shopify's secure servers. Shopify uses industry-standard security measures to protect your data, including encryption, firewalls, and regular security audits.

We do not share your personal information with third parties for marketing purposes. However, we may share your information with service providers who help us process payments, fulfill orders, and provide customer support. These service providers are contractually obligated to keep your information confidential and secure.

If you have any concerns about how your data is being stored or processed, please contact us at dpo@moroccanoil.com. We will do our best to address your concerns and provide you with the information you need.

Children Privacy

This site is not intended for children, and you must be aged 13 or over to use our website. We do not solicit or knowingly collect personal information from children under the age of 13 without the specific consent of at least one of the parents or the legal guardian. If we are made aware that we have received such information or any information in violation of our policy, we will use reasonable efforts to locate and remove that information from our records.

What are cookies?

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with good experience when you browse our website and allows us to improve our site.

Cookies are small data files that are placed on your device or computer when you browse a website. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

How do we use cookies?

We use cookies to:

(a)  Analyze our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content, and functions;

(b)  Store information about your preferences and so allow us to customize our website and provide you with offers that are targeted to your individual interests;

(c)   Recognize when you return to our website. We may show your relevant content or provide functionality you used previously;

(d)  Cookies also help us identify and diagnose errors, and to detect and prevent fraud.

What types of cookies do we use?

We use the following types of cookies:

(a)  Strictly necessary cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.

(b)  Analytical/performance cookies: These cookies allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

(c)   Functionality cookies: These cookies are us to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name, and remember your preferences.

(d)  Targeting cookies: These cookies record your visit to our website, the pages you have visited, and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

How can you control cookies?

We use a cookie management solution to obtain your consent before placing any non-essential cookies on your device. The cookie management solution allows you to manage your cookie preferences and withdraw your consent at any time.

Retention Period

We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer need to retain your personal data, we will securely delete or anonymize it.

Disclosure of your Data

Moroccanoil may disclose your personal data to third-party service providers as necessary to facilitate your interactions with us.

These third parties are obligated to safeguard your information and are only permitted to use it for the purpose of providing services on our behalf. In accordance with our policies, they will dispose of your information appropriately once it is no longer required for the provision of such services.

If we intend to disclose any sensitive personal data to a third party, we will only do so in accordance with the basis for processing your personal data that were previously described.

Complaints

If you have any concerns about how Moroccanoil processes your personal data or about how we’ve handled your complaint, you can contact our Data Protection Officer or lodge a complaint with the UK Information Commissioner’s Office (ICO).

See our contact details below.

Data Security

We are committed to protecting the security of your personal data. We use appropriate technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction.

Some of the measures we take to protect your personal data include:

(a)    Encryption: We use encryption to protect your personal data while it is in transit to and from our website. This includes using secure socket layer (SSL) technology to encrypt data transmitted over the internet.

(b)    Access control: We limit access to your personal data to only those employees, contractors, and service providers who have a need to access it. We also require them to be subject to strict confidentiality obligations and we monitor their access.

(c)    Incident response: We have a data breach response plan in place to respond to any security incidents involving personal data quickly and effectively. This includes promptly investigating and remedying the cause of the incident and notifying you and any relevant regulatory authorities as required by law.

In the event of a personal data breach, we will promptly notify the UK Information Commissioner’s Office (ICO) and the affected individuals within 72 hours, in compliance with the General Data Protection Regulation (GDPR)

While we take reasonable steps to protect your personal data, no method of transmission or storage is completely secure, and we cannot guarantee its absolute security. You are responsible for keeping your login credentials, if any, confidential and for not sharing them with anyone.

Data Sharing

We do not share your personal data with third parties for marketing purposes. However, we may share your personal data with service providers who help us fulfill your orders and provide our products and services to you. These service providers are bound by data protection agreements and are not permitted to use your personal data for any other purposes.

We may also share your personal data with law enforcement or other government agencies when required by law or in response to a valid legal request.

Your Rights

Moroccanoil would like to make sure that you are fully aware of all your data protection rights.

You are entitled to the following:

(a)    Right to be informed: You have the right to be informed about how your personal data is being used and processed.

(b)    Right of access: You have the right to request access to the personal data that a company holds about you.

(c)    Right to rectification: You have the right to request that any inaccurate or incomplete personal data be corrected or updated.

(d)    Right to withdraw consent: You can withdraw your consent to the processing of your personal data at any time if the legal basis for collecting the information is consent. We will stop processing your personal data as soon as we receive your withdrawal of consent.

(e)    Right to erasure: You have the right to (under certain circumstances) ask for your personal data to be erased where:

1)    Your personal data is no longer necessary in relation to the purpose for which it was collected/processed;

2)    You withdraw your consent or object to the processing and there is no overriding legitimate interest to continue processing;

3)    You object to the processing and there are no overriding legitimate grounds for the processing;

4)     You object to the processing and your personal data was processed for direct marketing purposes.

(f)     Right to restrict processing: You have the right to request that the processing of your personal data is restricted under certain circumstances.

(g)    Right to data portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format.

(h)    Right to object: You have the right to object to the processing of your personal data in certain circumstances.

(i)     Rights related to automated decision-making and profiling: You have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

(j)     Right to Lodge Complaint: If you believe that the processing of your personal data infringes the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with the relevant supervisory authority in the member state of your habitual residence, place of work, or where the alleged infringement occurred.

If you make a request, we have one month to respond to you. Please see our contact details below.

International Data Transfer

We may transfer your personal data to countries outside the UK to provide our services and process your data in accordance with this policy.

We’ll only do so if the UK government has determined that the country ensures an adequate level of data protection or if we’ve put in place appropriate safeguards, such as UK approved standard contractual clauses, binding corporate rules or other legally valid mechanisms.

(a)    The appropriate safeguards we rely on for international data transfers include:
(a) adequacy decisions by the UK government and UK‑approved standard contractual clauses;

(b)    binding corporate rules (BCRs);

(c)    codes of conduct approved by the Information Commissioner’s Office (ICO);

(d)    ad hoc contractual clauses; and

(e)    administrative arrangements between public authorities or bodies.

We take all reasonable steps to ensure your personal data stays protected when transferred outside the UK.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes to this Privacy Policy by posting a notice on our website or by sending you an email.

Contact Us

If you would like to exercise any of these rights, please Contact us by email: dpo@moroccanoil.com.