Data Protection Policy

UK

Last update: March 2026

This Policy describes how Moroccanoil collects, uses, and shares your personal data in connection with our products and services. For the purposes of applicable data protection law, the controller of your personal data is Moroccanoil UK Ltd, of Handel House, 95 High Street, Edgware, Middlesex, HA8 7DB. I. If you have any questions about this Policy or wish to exercise your rights, you may contact us at dpo@moroccanoil.com

We are deeply committed to complying with all relevant privacy laws, including the UK GDPR and the Data Protection Act 2018.

Moroccanoil prioritize the protection of personal information and continually strive to uphold the highest standards of data privacy and security in alignment with these regulations.

WHAT DATA DO WE COLLECT?

As part of registering on the Website and using the services offered, as well as through our marketing campaigns, you may be asked to provide us with personal details such as:

(a) Full name;

(b) Email address;

(c) Telephone number;

(d) ID number;

(e) Address.

We process your personal data only where we have a valid legal basis to do so. Depending on the circumstances, we process your personal data because:

(i)  it is necessary for the performance of a contract with you or to take steps at your request before entering a contract;

(ii)  it is necessary for compliance with a legal obligation;

(iii) it is necessary for our legitimate interests, provided those interests are not overridden by your rights and interests; or

(iv) you have given your consent, where consent is required by applicable law.

If you purchase one of our products or services, we may also collect information such as:

(a)  Payment method;

(b)  Products you have purchased;

(c)   Delivery method;

(d)  Additional relevant information, such as instructions for the courier if the recipient is not home, or a discount/benefit code (if applicable);

(e)  Optional comments in free text.

Please do not provide special category personal data or other sensitive personal information unless it is strictly necessary for your request. If you choose to provide such information, we will process it only where we have a valid legal basis and, where required by applicable law, an additional condition for processing under applicable data protection law..

If you agree, we may also collect information such as:

(a)  How you use the Website;

(b)  Products you are interested in;

(c)   Content or advertisements you have viewed;

(d)  Pages you have visited;

(e)  Offers that interest you;

(f)    Actions you have taken on the Website, including those you started but did not complete;

(g)  Information received from other websites and services (such as Facebook, Google, and others).

To the extent that you provide personal information, you confirm that the information is true, accurate, and provided either on your own behalf or with legal authorization to do so for someone else. In any case, you are solely responsible for the information you provide.

HOW WILL WE USE YOUR DATA?

We use your personal data for the following purposes:

(a)  To operate and manage the Company’s business activities, including the services and products it offers, and the functionality of the Website.

(b)  To provide you with services, maintain contact with you, and improve customer service processes.

(c)   To process and fulfill your orders, manage your account, and provide you with customer support.

(d)  To verify payment information and carry out financial transactions related to your purchases.

(e)  To improve and enhance our services, develop new services and content that meet user expectations, and modify or cancel existing services.

(f)  To manage our relationship with you, including notifying you of changes to our terms or privacy policy, inviting you to leave a review or respond to surveys, and using and displaying reviews submitted on our websites on other Moroccanoil websites and on third-party retailer, distributor, marketplace, or partner websites.

(g)  To send you service-related communications, updates, and promotional offers (with your explicit consent). You may opt out at any time.

(h)  To resolve technical issues, respond to support requests, and improve the quality and reliability of our services.

(i)    To personalize your experience, including presenting relevant content and offers that match your interests. We may use profiling and audience segmentation for marketing, personalization, analytics, and customer experience improvement purposes. However, unless specifically stated otherwise at the point of collection, we do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you.

(j)  To implement security and fraud prevention measures, including user identity verification and monitoring for suspicious activity.

(k)  To perform data analytics using aggregated and anonymized data to understand how users interact with our services, identify trends, evaluate features, and plan future improvements.

(l)  To comply with legal and regulatory obligations, including the prevention, detection, or investigation of fraud, crime, or other unlawful activities.

In addition, where you enroll in a loyalty, rewards, membership, or similar program operated by us, we may use your personal data to administer your membership, verify eligibility, allocate benefits or rewards, communicate with you about the program, maintain records relating to your participation, prevent abuse of the program, and improve the operation of the program. We process your personal data only where we have a valid legal basis to do so. Depending on the circumstances, such processing may be based on the performance of a contract with you, compliance with a legal obligation, our legitimate interests, or your consent where required by applicable law

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

We may disclose your personal data, where necessary and lawful, to the following categories of recipients:

(i)  service providers and processors that support our business operations, including hosting, e-commerce platform, payment processing, logistics, customer support, analytics, marketing, security, and IT providers;

(ii)  review and ratings platform providers, and third-party retailer, distributor, marketplace, or partner websites, where reviews submitted on our websites are displayed as part of our review and ratings program;

(iii) professional advisers, auditors, insurers, and legal or compliance advisers;

(iv) group companies, where relevant for internal administration and service provision;

(v) advertising, social media, and marketing partners, where you have consented or where otherwise permitted by applicable law;

(vi) regulators, courts, law enforcement agencies, and public authorities where required by law or necessary to establish, exercise, or defend legal claims; and

(vii) a prospective or actual buyer, seller, investor, or transaction counterparty in connection with a merger, acquisition, financing, reorganization, or sale of all or part of our business. We do not sell your personal data to third parties.

HOW WILL WE STORE YOUR DATA?

Your data is stored on Shopify's secure servers. Shopify uses industry-standard security measures to protect your data, including encryption, firewalls, and regular security audits.

We do not share your personal information with third parties for marketing purposes. However, we may share your information with service providers who help us process payments, fulfill orders, and provide customer support. These service providers are contractually obligated to keep your information confidential and secure.

If you have any concerns about how your data is being stored or processed, please contact us at dpo@moroccanoil.com. We will do our best to address your concerns and provide you with the information you need.

CHILDREN PRIVACY

This Website is not intended for children. We do not knowingly collect personal data directly from children except where permitted by applicable law and, where required, with appropriate parental or guardian authorization. If you believe that a child has provided personal data to us in breach of this Policy, please contact us and we will take appropriate steps to investigate and, where necessary, delete the information.

WHAT ARE COOKIES?

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with good experience when you browse our website and allows us to improve our site.

Cookies are small data files that are placed on your device or computer when you browse a website. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

HOW DO WE USE COOKIES?

We use cookies to:

(a)  Analyze our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content, and functions;

(b)  Store information about your preferences and so allow us to customize our website and provide you with offers that are targeted to your individual interests;

(c)   Recognize when you return to our website. We may show your relevant content or provide functionality you used previously;

(d)  Cookies also help us identify and diagnose errors, and to detect and prevent fraud.

WHAT TYPES OF COOKIES DO WE USE?

We use the following types of cookies:

(a)  Strictly necessary cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.

(b)  Analytical/performance cookies: These cookies allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

(c)   Functionality cookies: These cookies are us to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name, and remember your preferences.

(d)  Targeting cookies: These cookies record your visit to our website, the pages you have visited, and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

HOW CAN YOU CONTROL COOKIES?

Where required by law, we will obtain your consent before placing or using non-essential cookies or similar technologies, including analytics, functionality, targeting, advertising, and cross-site tracking technologies. You may manage or withdraw your consent at any time through our cookie management tool. Further information about the specific cookies and technologies we use, their providers, purposes, and duration will be made available through our cookie notice or consent tool.

RETENTION PERIOD

We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer need to retain your personal data, we will securely delete or anonymize it.

Retention periods may vary depending on the type of data and the purpose of processing. For example, transaction and accounting records may be kept for longer periods where required by law, while marketing data may be retained until you withdraw consent or object, or until the data is no longer needed for that purpose.

DISCLOSURE OF YOUR DATA

Moroccanoil may disclose your personal data to third-party service providers as necessary to facilitate your interactions with us.

These third parties are obligated to safeguard your information and are only permitted to use it for the purpose of providing services on our behalf. In accordance with our policies, they will dispose of your information appropriately once it is no longer required for the provision of such services.

If we intend to disclose any sensitive personal data to a third party, we will only do so in accordance with the basis for processing your personal data that were previously described.

Complaints

If you have any concerns about how Moroccanoil processes your personal data or about how we’ve handled your complaint, you can contact our Data Protection Officer or lodge a complaint with the UK Information Commissioner’s Office (ICO).

See our contact details below.

DATA SECURITY

We are committed to protecting the security of your personal data. We use appropriate technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction.

Some of the measures we take to protect your personal data include:

(a)    Encryption: We use encryption to protect your personal data while it is in transit to and from our website. This includes using secure socket layer (SSL) technology to encrypt data transmitted over the internet.

(b)    Access control: We limit access to your personal data to only those employees, contractors, and service providers who have a need to access it. We also require them to be subject to strict confidentiality obligations and we monitor their access.

(c)    Incident response: We have a data breach response plan in place to respond to any security incidents involving personal data quickly and effectively. This includes promptly investigating and remedying the cause of the incident and notifying you and any relevant regulatory authorities as required by law.

In the event of a personal data breach, we will assess the incident and notify the relevant supervisory authority and affected individuals where required by applicable law and within the timeframes prescribed by such law.

While we take reasonable steps to protect your personal data, no method of transmission or storage is completely secure, and we cannot guarantee its absolute security. You are responsible for keeping your login credentials, if any, confidential and for not sharing them with anyone.

DATA SHARING

We do not share your personal data with third parties for marketing purposes. However, we may share your personal data with service providers who help us fulfill your orders and provide our products and services to you. These service providers are bound by data protection agreements and are not permitted to use your personal data for any other purposes.

We may also share your personal data with law enforcement or other government agencies when required by law or in response to a valid legal request.

YOUR RIGHTS

Moroccanoil would like to make sure that you are fully aware of all your data protection rights.

You are entitled to the following:

(a)    Right to be informed: You have the right to be informed about how your personal data is being used and processed.

(b)    Right of access: You have the right to request access to the personal data that a company holds about you.

(c)    Right to rectification: You have the right to request that any inaccurate or incomplete personal data be corrected or updated.

(d)    Right to withdraw consent: You can withdraw your consent to the processing of your personal data at any time if the legal basis for collecting the information is consent. We will stop processing your personal data as soon as we receive your withdrawal of consent.

(e)    Right to erasure: You have the right to (under certain circumstances) ask for your personal data to be erased where:

1)    Your personal data is no longer necessary in relation to the purpose for which it was collected/processed;

2)    You withdraw your consent or object to the processing and there is no overriding legitimate interest to continue processing;

3)    You object to the processing and there are no overriding legitimate grounds for the processing;

4)     You object to the processing and your personal data was processed for direct marketing purposes.

(f)     Right to restrict processing: You have the right to request that the processing of your personal data is restricted under certain circumstances.

(g)    Right to data portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format.

(h)    Right to object: You have the right to object to the processing of your personal data in certain circumstances.

(i)     Rights related to automated decision-making and profiling: You have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

(j)     Right to Lodge Complaint: If you believe that our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO)..

If you make a request, we have one month to respond to you. Please see our contact details below.

INTERNATIONAL DATA TRANSFER

Where we transfer your personal data outside the United Kingdom, we will ensure that an appropriate level of protection is provided in accordance with applicable data protection law, including by relying on adequacy regulations, UK approved standard contractual clauses, binding corporate rules, or other lawful transfer mechanisms, as applicable to the relevant transfer. You may contact us using the details below to request further information about the safeguards used for any such transfers.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of any material changes to this Privacy Policy by posting a notice on our website or by sending you an email.

CONTACT US

If you would like to exercise any of these rights, please Contact us by email: dpo@moroccanoil.com.