Data Protection Policy

UK

Last update: June 2026

This Policy describes how Moroccanoil collects, uses, and shares your personal data in connection with our products and services. For the purposes of applicable data protection law, the controller of your personal data is Moroccanoil UK Ltd, of Handel House, 95 High Street, Edgware, Middlesex, HA8 7DB. If you have any questions about this Policy or wish to exercise your rights, you may contact us at dpo@moroccanoil.com.

We are deeply committed to complying with all relevant privacy laws, including the UK GDPR and the Data Protection Act 2018.

Moroccanoil prioritizes the protection of personal information and continually strives to uphold the highest standards of data privacy and security in alignment with these regulations.

1.         WHAT DATA DO WE COLLECT?

 

1.1.         As part of registering on the website and using the services offered, as well as through our marketing campaigns, you may be asked to provide us with personal details such as:

a)    Full name;

b)    Email address;

c)     Telephone number;

d)    ID number;

e)    Address.

 

1.2.         We process your personal data only where we have a valid legal basis to do so. Depending on the circumstances, we process your personal data because:

a)    it is necessary for the performance of a contract with you or to take steps at your request before entering a contract;

b)    it is necessary for compliance with a legal obligation;

c)     it is necessary for our legitimate interests, provided those interests are not overridden by your rights and interests; or

d)    you have given your consent, where consent is required by applicable law.

 

1.3.         If you purchase one of our products or services, we may also collect information such as:

a)    Payment method;

b)    Products you have purchased;

c)     Delivery method;

d)    Additional relevant information, such as instructions for the courier if the recipient is not home, or a discount/benefit code (if applicable);

e)    Optional comments in free text.

 

1.4.         Please do not provide special category personal data or other sensitive personal information unless it is strictly necessary for your request. For example, you may be required to provide such data while contacting our customer service, in order to handle your requests. If you choose to provide such information, we will process it only where we have a valid legal basis and, where required by applicable law.

 

1.5.         If you agree, we may also collect information such as:

a)    How you use the website;

b)    Products you are interested in;

c)     Content or advertisements you have viewed;

d)    Pages you have visited;

e)    Offers that interest you;

f)      Actions you have taken on the website, including those you started but did not complete;

g)     Information received from other websites and services (such as Facebook, Instagram, TikTok, Google, and others).

 

1.6.         To the extent that you provide personal information, you confirm that the information is true, accurate, and provided either on your own behalf or with legal authorization to do so for someone else. In any case, you are solely responsible for the information you provide.

 

2.         HOW WILL WE USE YOUR DATA?

 

2.1.         We use your personal data for the following purposes:

a)    To operate and manage Moroccanoil's business activities, including the services and products it offers, and the functionality of the website;

b)    To provide you with services, maintain contact with you, and improve customer service processes;

c)     To process and fulfill your orders, manage your account, and provide you with customer support;

d)    To verify payment information and carry out financial transactions related to your purchases;

e)    To improve and enhance our services, develop new services and content that meet user expectations, and modify or cancel existing services;

f)      To manage our relationship with you, including notifying you of changes to our terms or privacy policy, inviting you to leave a review or respond to surveys, and using and displaying reviews submitted on our websites on other Moroccanoil websites and on third-party retailer, distributor, marketplace, or partner websites;

g)     To send you service-related communications, updates, and promotional offers (with your explicit consent). You may opt out at any time;

h)    To resolve technical issues, respond to support requests, and improve the quality and reliability of our services;

i)      To personalize your experience, including presenting relevant content and offers that match your interests. We may use profiling and audience segmentation for marketing, personalization, analytics, and customer experience improvement purposes. However, unless specifically stated otherwise at the point of collection, we do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you;

j)      To implement security and fraud prevention measures, including user identity verification and monitoring for suspicious activity;

k)    To perform data analytics using aggregated and anonymized data to understand how users interact with our services, identify trends, evaluate features, and plan future improvements;

l)      To comply with legal and regulatory obligations, including the prevention, detection, or investigation of fraud, crime, or other unlawful activities.

 

2.2.         In addition, where you enrol in a loyalty, rewards, membership, or similar program operated by us, we may use your personal data to administer your membership, verify eligibility, allocate benefits or rewards, communicate with you about the program, maintain records relating to your participation, prevent abuse of the program, and improve the operation of the program. We process your personal data only where we have a valid legal basis to do so. Depending on the circumstances, such processing may be based on the performance of a contract with you, compliance with a legal obligation, our legitimate interests, or your consent where required by applicable law.

 

3.         DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

We may disclose your personal data, where necessary and lawful, to the following categories of recipients:

a)         service providers and processors that support our business operations, including hosting, e-commerce platform, payment processing, logistics, customer support, analytics, marketing, security, and IT providers;

b)         review and ratings platform providers, and third-party retailer, distributor, marketplace, or partner websites, where reviews submitted on our websites are displayed as part of our review and ratings program;

c)         professional advisers, auditors, insurers, and legal or compliance advisers;

d)         group companies, where relevant for internal administration and service provision;

e)         advertising, social media, and marketing partners, where you have consented or where otherwise permitted by applicable law;

f)          regulators, courts, law enforcement agencies, and public authorities where required by law or necessary to establish, exercise, or defend legal claims; and

g)         a prospective or actual buyer, seller, investor, or transaction counterparty in connection with a merger, acquisition, financing, reorganization, or sale of all or part of our business. We do not sell your personal data to third parties.

 

4.         HOW WILL WE STORE YOUR DATA?

 

4.1.         Your data is stored on Shopify's secure servers. Shopify uses industry-standard security measures to protect your data, including encryption, firewalls, and regular security audits.

 

4.2.         We may share your personal data with service providers who help us process payments, fulfill orders, and provide customer support, and — where you have consented or where otherwise permitted by applicable law — with advertising, marketing, and social media partners as described under "Disclosure of Personal Data to Third Parties" above. These service providers and partners are contractually obligated to keep your information confidential and secure. We do not sell your personal data to third parties.

 

4.3.         If you have any concerns about how your data is being stored or processed, please contact us at dpo@moroccanoil.com. We will do our best to address your concerns and provide you with the information you need.

 

5.         CHILDREN PRIVACY

This website is not intended for children. We do not knowingly collect personal data directly from children except where permitted by applicable law and, where required, with appropriate parental or guardian authorization. If you believe that a child has provided personal data to us in breach of this Policy, please contact us and we will take appropriate steps to investigate and, where necessary, delete the information.

 

6.         WHAT ARE COOKIES AND SIMILAR TECHNOLOGIES?

 

6.1.         Cookies are small text files that are stored on your browser or device when you visit a website. Cookies allow the website to recognize your browser or device, remember your preferences, support website functionality, and help understand how the website is used.

 

6.2.         We may also use similar technologies, such as pixels, tags, web beacons, local storage, software development kits (SDKs), and other tracking, analytics, advertising, or measurement technologies. These technologies may collect, store, or provide access to information about your device, browser, interactions with the website, and use of our services.

 

6.3.         For ease of reference, we refer to all of these technologies in this section as “cookies and similar technologies”.

 

7.         HOW DO WE USE COOKIES AND SIMILAR TECHNOLOGIES?

 

7.1.         We use cookies and similar technologies to operate, secure, improve, personalize, measure, and market our website and services.

 

7.2.         We may use these technologies to:

a)    Analyse website traffic and usage patterns, including through analytics tools, so we can improve the website’s structure, design, content, performance, and functionality;

b)    Remember your preferences and settings and personalize your experience on the website;

c)     Recognize when you return to our website and provide content or functionality you used previously;

d)    Measure the effectiveness of our advertising and marketing campaigns, including conversions and interactions with ads;

e)    Provide offers, content, and advertisements that may be more relevant to your interests;

f)      Identify, diagnose, and resolve technical errors;

g)     Detect, prevent, and respond to fraud, misuse, security incidents, or other unlawful activity.

 

7.3.         These technologies may collect or make available information such as your IP address, device and browser identifiers, online identifiers, pages viewed, links clicked, time spent on pages, referral source, approximate location derived from IP address, interactions with the website, and other usage or technical information. Some of this information may be considered personal information under applicable law.

 

7.4.         Cookies and similar technologies may collect, store, or make available information including IP address, online identifiers, device identifiers, browser identifiers, pages viewed, links clicked, actions taken on the website, time spent on pages, referral source, conversion events, technical and diagnostic information, and approximate location derived from IP address. Depending on the circumstances, this information may constitute personal data under applicable data protection law.

 

8.         WHAT TYPES OF COOKIES AND SIMILAR TECHNOLOGIES DO WE USE?

 

8.1.         We use the following categories of cookies and similar technologies:

a)    Strictly necessary cookies – these cookies are required for the operation, security, and availability of our website. They include, for example, cookies that enable you to log into secure areas, maintain your session, remember your privacy choices, prevent fraud, and protect the website from misuse. These cookies cannot generally be disabled through our cookie management tool.

b)    Analytics and performance cookies – these cookies and similar technologies allow us to recognize and count visitors, understand how users move around and interact with the website, measure website performance, and improve the way the website works. For example, they help us understand which pages are most popular, whether users encounter errors, and whether users can easily find what they are looking for.

c)     Functionality cookies – these cookies allow us to recognize you when you return to our website, remember your preferences, personalize content, and provide enhanced functionality. For example, they may help us remember language preferences, region settings, or previously used features.

d)    Targeting and advertising cookies – these cookies, pixels, tags, and similar technologies record your visit to our website, the pages you viewed, the links you followed, and your interactions with our content or advertisements. We may use this information to make our website, marketing, and advertising more relevant to your interests, to build or use advertising audiences, to conduct remarketing, to attribute conversions, to measure campaign performance, to understand user interactions with advertisements, and to measure campaign effectiveness.

 

8.2.         We may share this information with advertising, analytics, social media, measurement, marketing, advertising technology, and technology partners for these purposes.

 

9.         THIRD-PARTY COOKIES AND SIMILAR TECHNOLOGIES

 

9.1.         Some cookies and similar technologies are provided by third parties, including analytics providers, advertising networks, social media platforms, measurement providers, advertising technology providers, and other technology partners. These technologies may be deployed by us or directly by such third parties through our website.

 

9.2.         We may use third-party services and technologies provided by companies such as Google, Meta, TikTok, and other analytics, advertising, marketing, social media, and technology providers. The specific providers used by us may change from time to time.

 

9.3.         Such third-party technologies, including pixels, tags, SDKs, and similar tools, may enable information about your interactions with our website, purchases, advertising engagements, or other online activities to be shared with the relevant third-party provider for analytics, measurement, attribution, advertising, remarketing, or related purposes, subject to your consent where required by applicable, law.

 

9.4.         These third parties may collect information directly from your browser or device when you use our website. They may use this information to provide services to us, measure performance, deliver or personalize advertisements, measure advertising effectiveness, prevent fraud, or for their own purposes, in accordance with their privacy policies.

 

9.5.         We recommend reviewing the privacy policies and cookie policies of the relevant third parties to understand how they process your information.

 

10.      RETENTION PERIOD

 

10.1.      We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

10.2.      When we no longer need to retain your personal data, we will securely delete or anonymize it.

 

10.3.      Retention periods may vary depending on the type of data and the purpose of processing. For example, transaction and accounting records may be kept for longer periods where required by law, while marketing data may be retained until you withdraw consent or object, or until the data is no longer needed for that purpose.

 

11.      COMPLAINTS

 

11.1.      You may contact our Data Protection Officer (DPO) if you have any questions, concerns, or complaints about how Moroccanoil processes your personal data, or about how we have handled a privacy request. When you contact the Data Protection Officer (DPO), you will receive an automatic reply with a link to our online privacy request form, where you can submit your request or select ‘Complaint’. If you are not satisfied with our response, you may lodge a complaint with the UK Information Commissioner’s Office (ICO).

 

11.2.      See our contact details below.

 

12.      DATA SECURITY

 

12.1.      We are committed to protecting the security of your personal data. We use appropriate technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction.

 

12.2.      Some of the measures we take to protect your personal data include:

a)    Encryption - we use encryption to protect your personal data while it is in transit to and from our website. This includes using secure socket layer (SSL) technology to encrypt data transmitted over the internet;

b)    Access control - We limit access to your personal data to only those employees, contractors, and service providers who have a need to access it. We also require them to be subject to strict confidentiality obligations and we monitor their access;

c)     Incident response - We have a data breach response plan in place to respond to any security incidents involving personal data quickly and effectively. This includes promptly investigating and remedying the cause of the incident and notifying you and any relevant regulatory authorities as required by law.

 

12.3.      In the event of a personal data breach, we will assess the incident and notify the relevant supervisory authority and affected individuals where required by applicable law and within the timeframes prescribed by such law.

 

12.4.      While we take reasonable steps to protect your personal data, no method of transmission or storage is completely secure, and we cannot guarantee its absolute security. You are responsible for keeping your login credentials, if any, confidential and for not sharing them with anyone.

 

13.      YOUR RIGHTS

 

13.1.      Moroccanoil would like to make sure that you are fully aware of all your data protection rights.

 

13.2.      You are entitled to the following:

a)    Right to be informed - you have the right to be informed about how your personal data is being used and processed;

b)    Right of access – you have the right to request access to the personal data that we hold about you;

c)     Right of rectification – you have the right to request that any inaccurate or incomplete personal data be corrected or updated.

d)    Right to withdraw consent – you can withdraw your consent to the processing of your personal data at any time if the legal basis for collecting the information is consent. We will stop processing your personal data as soon as we receive your withdrawal of consent

e)    Right to erasure – you have the right to (under certain circumstances) ask for your personal data to be erased where:

·       Your personal data is no longer necessary in relation to the purpose for which it was collected/processed;

·       You withdraw your consent or object to the processing and there is no overriding legitimate interest to continue processing;

·       You object to the processing and there are no overriding legitimate grounds for the processing;

·       You object to the processing and your personal data was processed for direct marketing purposes.

f)      Right to restrict processing - you have the right to request that the processing of your personal data is restricted under certain circumstances;

g)     Right to data portability - you have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format;

h)    Right to object - you have the right to object to the processing of your personal data in certain circumstances;

i)      Rights related to automated decision-making and profiling - you have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you; and

j)      Right to Lodge Complaint - if you believe that our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

 

13.3.      If you make a request, we have one month to respond to you. Please see our contact details below.

 

14.      INTERNATIONAL DATA TRANSFER

Where we transfer your personal data outside the United Kingdom, we will ensure that an appropriate level of protection is provided in accordance with applicable data protection law, including by relying on adequacy regulations, UK approved standard contractual clauses, binding corporate rules, or other lawful transfer mechanisms, as applicable to the relevant transfer. You may contact us using the details below to request further information about the safeguards used for any such transfers.

 

15.      CHANGES TO THIS POLICY

We may update this Policy from time to time. We will notify you of any material changes to this Policy by posting a notice on our website or by sending you an email.

 

16.      CONTACT US

If you would like to exercise any of these rights, please contact us by email: dpo@moroccanoil.com.