Data Protection Policy
At Moroccanoil we are committed to protecting the privacy and security of our customer's personal information.
This Policy applies to all personal data we collect and process from individuals who interact with our services.
This Policy describes how we collect, use, and share your personal data in connection with our products and services.
What Data Do We Collect
We collect personal data about you when you visit our website, purchase products from us, or otherwise interact with us. The personal data we collect may include:
- Contact information, such as your name, email address, phone number, and shipping address.
- Payment information, such as your credit card number and billing address.
- Order information, such as the products you purchase and the date and time of your purchase.
- Device information, such as your IP address, browser type, and operating system.
- Other information you provide to us, such as your preferences and feedback.
Our legal bases for processing your personal data
Under the GDPR, we are required to have a legal basis for processing your personal data. The legal bases we rely on for processing your personal data may include:
- Consent: We may process your personal data based on your consent. For example, if you sign up for our newsletter or participate in a survey, we will ask for your consent to collect and use your personal data for these purposes. You have the right to withdraw your consent at any time by contacting us using the information provided at the end of this policy.
- Performance of a contract: We may process your personal data to fulfill a contract with you, such as when you purchase products from us or request services. For example, we may use your personal data to process your payment, ship your products, and communicate with you about your order.
- Legal obligation: We may process your personal data when it is necessary to comply with a legal obligation, such as a court order or a regulatory requirement.
- Legitimate interests: We may process your personal data when it is necessary for our legitimate interests and does not override your rights and freedoms. For example, we may process your personal data to improve our products or services, analyze and understand customer preferences and behavior, or to prevent fraud and unauthorized access to our systems.
- Vital interests: In rare circumstances, we may process your personal data when it is necessary to protect your or someone else's vital interests, such as in the case of a medical emergency.
We will only process your personal data for the purposes for which we collected it, and we will not use it for any other purpose without your consent or a valid legal basis. If we need to use your personal data for a new purpose that is not compatible with the original purpose, we will inform you and seek your consent or a new legal basis for the processing.
If you have any questions or concerns about our legal bases for processing your personal data, please contact us using the information provided at the end of this policy.
How will we store your data?
Your data is stored on Shopify's secure servers. Shopify uses industry-standard security measures to protect your data, including encryption, firewalls, and regular security audits.
We do not share your personal information with third parties for marketing purposes. However, we may share your information with service providers who help us process payments, fulfill orders, and provide customer support. These service providers are contractually obligated to keep your information confidential and secure.
If you have any concerns about how your data is being stored or processed, please contact us at [insert email address]. We will do our best to address your concerns and provide you with the information you need.
This site is not intended for children, and you must be aged 16 or over to use the Moroccanoil websites. Moroccanoil does not solicit or knowingly collect personal information from children under the age of 16. If we are made aware that we have received such information or any information in violation of our policy, we will use reasonable efforts to locate and remove that information from our records.
What are cookies?
What are cookies?
Cookies are small data files that are placed on your device or computer when you browse a website. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
- Analyze our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content, and functions.
- Store information about your preferences, and so allow us to customize our website and provide you with offers that are targeted to your individual interests.
- Recognize when you return to our website. We may show your relevant content or provide functionality you used previously.
- Cookies also help us identify and diagnose errors, and to detect and prevent fraud.
What types of cookies do we use?
We use the following types of cookies:
- Strictly necessary cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
- Analytical/performance cookies: These cookies allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies: These cookies are us to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name, and remember your preferences.
- Targeting cookies: These cookies record your visit to our website, the pages you have visited, and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
How can you control cookies?
We use a cookie management solution to obtain your consent before placing any non-essential cookies on your device. The cookie management solution allows you to manage your cookie preferences and withdraw your consent at any time.
We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer need to retain your personal data, we will securely delete or anonymize it.
Disclosure of your Data
Moroccanoil may disclose your personal data to third-party service providers as necessary to facilitate your interactions with us. These third parties are obligated to safeguard your information and are only permitted to use it for the purposes of providing services on our behalf. In accordance with Moroccanoil's policies, they will dispose of your information appropriately once it is no longer required for the provision of such services.
If we intend to disclose any sensitive personal data to a third party, we will only do so in accordance with the bases for processing your personal data that were previously described.
The following third parties may receive your personal data as part of our processing activities, as specified below:
Payment gateway (installments)
Email Service Provider
Supporting our Hair Quiz
logistic system for (US and Canada)
help desk management
In the event that you wish to make a complaint about how your personal data is being processed by Moroccanoil, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Moroccanoil’s Data Protection Officer.
See our contact details below.
We are committed to protecting the security of your personal data. We use appropriate technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction.
Some of the measures we take to protect your personal data include:
- Encryption: We use encryption to protect your personal data while it is in transit to and from our website. This includes using secure socket layer (SSL) technology to encrypt data transmitted over the internet.
- Access control: We limit access to your personal data to only those employees, contractors, and service providers who have a need to access it. We also require them to be subject to strict confidentiality obligations and we monitor their access.
- Incident response: We have a data breach response plan in place to quickly and effectively respond to any security incidents involving personal data. This includes promptly investigating and remedying the cause of the incident and notifying you and any relevant regulatory authorities as required by law.
While we take reasonable steps to protect your personal data, no method of transmission or storage is completely secure, and we cannot guarantee its absolute security. You are responsible for keeping your login credentials, if any, confidential and for not sharing them with anyone.
We do not share your personal data with third parties for marketing purposes. However, we may share your personal data with service providers who help us fulfill your orders and provide our products and services to you. These service providers are bound by data protection agreements and are not permitted to use your personal data for any other purposes.
We may also share your personal data with law enforcement or other government agencies when required by law or in response to a valid legal request.
Moroccanoil would like to make sure that you are fully aware of all your data protection rights.
You are entitled to the following:
- Right to be informed: You have the right to be informed about how your personal data is being used and processed.
- Right of access: You have the right to request access to the personal data that a company holds about you.
- Right to rectification: You have the right to request that any inaccurate or incomplete personal data be corrected or updated.
- Right to withdraw consent: You can withdraw your consent to the processing of your personal data at any time if the legal basis for collecting the information is consent. We will stop processing your personal data as soon as we receive your withdrawal of consent.
Right to erasure: You have the right to (under certain circumstances) ask for your personal data to be erased where:
- your personal data is no longer necessary in relation to the purpose for which it was collected/processed;
- you withdraw your consent or object to the processing and there is no overriding legitimate interest to continue processing;
- you object to the processing and there are no overriding legitimate grounds for the processing;
- you object to the processing and your personal data was processed for direct marketing purposes.
- Right to restrict processing: You have the right to request that the processing of your personal data is restricted under certain circumstances.
- Right to data portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format.
- Right to object: You have the right to object to the processing of your personal data in certain circumstances.
- Rights related to automated decision-making and profiling: You have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- Right to Lodge Complaint: You also have the right to lodge a complaint with a supervisory authority if you believe that your data protection rights have been violated. The supervisory authority at UK is the Information Commissioner’s Office (ICO).
If you make a request, we have one month to respond to you. Please see our contact details below.
Contact us by email: firstname.lastname@example.org