index

Privacy Policy

Showy Cosmetics Effective Date: February 11, 2026 | Last Updated: February 11, 2026

Showy Cosmetics ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you visit our website (hosted on Shopify), place an order, or interact with us in any way.

This policy is designed to comply with applicable data protection laws worldwide, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), the Brazilian Lei Geral de Proteção de Dados (LGPD), the UK Data Protection Act 2018, the Australian Privacy Act 1988, and other applicable regional privacy laws.

1. Information We Collect

1.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you interact with our website, including:

  • Name, email address, phone number, and shipping/billing address when you create an account or place an order.
  • Payment information (credit/debit card details, billing address). Note: payment data is processed securely by Shopify Payments and/or third-party payment gateways; we do not store full card numbers.
  • Communications you send us, such as customer service inquiries, product reviews, and survey responses.
  • Account login credentials (email and encrypted password).
  • Preferences such as marketing opt-in choices and product interests.

1.2 Information Collected Automatically

When you visit our website, certain information is collected automatically through cookies and similar technologies:

  • Device and browser information (IP address, browser type, operating system, device identifiers).
  • Usage data (pages visited, time spent on pages, referring URLs, click patterns).
  • Location data (general geographic location derived from your IP address).
  • Shopping behavior (products viewed, items added to cart, purchase history).

1.3 Information from Third Parties

We may receive information about you from third-party sources, including social media platforms (if you interact with us through social media), analytics providers, advertising partners, and Shopify's platform services.

2. How We Use Your Information

We use the personal information we collect for the following purposes:

  • Order Fulfillment: Processing and shipping your orders, sending order confirmations and shipping updates, and handling returns or exchanges.
  • Customer Service: Responding to your inquiries, resolving issues, and providing support.
  • Account Management: Creating and maintaining your customer account and personalizing your experience.
  • Marketing and Communications: Sending promotional emails, newsletters, and product recommendations (only with your consent where required by law). You may opt out at any time.
  • Website Improvement: Analyzing usage patterns to improve our website, products, and services.
  • Fraud Prevention and Security: Detecting and preventing fraudulent transactions, unauthorized access, and other illegal activities.
  • Legal Compliance: Meeting our legal and regulatory obligations, including tax reporting and responding to lawful requests from authorities.

3. Legal Bases for Processing (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction that requires a legal basis for processing personal data, we rely on the following:

  • Performance of a Contract: Processing necessary to fulfill your orders and provide our services.
  • Consent: Where you have given clear consent for us to process your data for a specific purpose (e.g., marketing emails). You may withdraw consent at any time.
  • Legitimate Interests: Processing necessary for our legitimate business interests (e.g., fraud prevention, website analytics, improving our products), provided these interests do not override your rights.
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations.

4. Cookies and Tracking Technologies

Our website uses cookies and similar technologies (pixels, web beacons, local storage) to enhance your browsing experience, analyze site traffic, and personalize content.

Types of Cookies We Use

  • Essential Cookies: Required for the website to function properly (e.g., shopping cart, checkout, authentication). These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics). These collect anonymized data.
  • Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness (e.g., Meta Pixel, Google Ads).
  • Preference Cookies: Remember your settings and preferences for a better experience.

Managing Cookies

You can manage your cookie preferences through your browser settings or through any cookie consent banner displayed on our website. Please note that disabling certain cookies may affect site functionality.

For more information about cookies, visit www.allaboutcookies.org.

5. How We Share Your Information

We do not sell your personal information to third parties. We may share your data with the following categories of recipients:

  • Service Providers: Third parties that help us operate our business, including Shopify (e-commerce platform), payment processors, shipping carriers, email marketing platforms, and analytics providers. These providers are contractually obligated to protect your data and use it only for the services they provide to us.
  • Advertising Partners: We may share limited data (such as hashed email addresses or cookie identifiers) with advertising platforms to deliver relevant ads. You can opt out of personalized advertising through your account settings or the platform's ad preferences.
  • Legal and Regulatory Authorities: We may disclose your information when required by law, court order, or governmental regulation, or to protect our legal rights.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity.

6. International Data Transfers

Your personal information may be transferred to and processed in countries outside your country of residence, including the United States and Canada, where our service providers may operate. When we transfer data internationally, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, data processing agreements with all third-party providers, and encryption of data in transit and at rest. By using our website and providing your information, you acknowledge that your data may be processed in jurisdictions with different data protection laws than your own.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specifically:

  • Order and transaction data is retained for a minimum of 7 years for tax and accounting purposes.
  • Account data is retained for as long as your account is active. You may request account deletion at any time.
  • Marketing data is retained until you unsubscribe or withdraw consent.
  • Website analytics data is retained in anonymized form and may be kept indefinitely.

When your data is no longer needed, we will securely delete or anonymize it.

8. Your Privacy Rights

Depending on your location, you may have some or all of the following rights regarding your personal data:

8.1 Rights Under GDPR / UK GDPR (EEA and UK Residents)

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal data, subject to legal exceptions.
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
  • Right to Lodge a Complaint: File a complaint with your local Data Protection Authority.

8.2 Rights Under CCPA / CPRA (California Residents)

  • Right to Know: Request details about the categories and specific pieces of personal information we have collected.
  • Right to Delete: Request deletion of your personal information.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt Out of Sale/Sharing: We do not sell your personal information. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

8.3 Rights Under PIPEDA (Canadian Residents)

  • Right to access your personal information held by us.
  • Right to challenge the accuracy and completeness of your information and request amendments.
  • Right to withdraw consent for the collection, use, or disclosure of your information.

8.4 Rights Under LGPD (Brazilian Residents)

  • Right to confirmation of the existence of processing, access to data, correction, anonymization, portability, deletion, and information about sharing with third parties.

8.5 Rights Under the Australian Privacy Act

  • Right to access your personal information and request corrections.
  • Right to complain to the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached.

How to Exercise Your Rights

To exercise any of these rights, please contact us at the details provided in Section 13 below. We will respond to your request within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before fulfilling your request.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include SSL/TLS encryption for all data transmitted through our website, secure hosting through Shopify's PCI-DSS compliant infrastructure, restricted access to personal data on a need-to-know basis, regular security assessments and monitoring, and secure password hashing for customer accounts.

While we strive to protect your data, no method of transmission over the internet is 100% secure. We encourage you to use strong passwords and keep your account credentials confidential.

10. Children's Privacy

Our website and products are not intended for individuals under the age of 16 (or the minimum age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us immediately.

11. Third-Party Links

Our website may contain links to third-party websites, social media platforms, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website with a revised "Last Updated" date. Where required by law, we will seek your consent before making changes that affect how we process your data. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Showy Cosmetics Email: [Insert your email address] Mailing Address: [Insert your business address] Phone: [Insert your phone number]

For GDPR-related inquiries, you may also contact our Data Protection Officer (if applicable) at the email address above.

If you are not satisfied with our response to your privacy concern, you have the right to lodge a complaint with your local data protection authority.

14. Shopify

Our store is hosted on Shopify Inc. Shopify provides us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify's data storage, databases, and the general Shopify application. Shopify stores your data on secure servers behind a firewall. For more information, you may review Shopify's Privacy Policy at https://www.shopify.com/legal/privacy.

This Privacy Policy was last updated on February 11, 2026.