Privacy Policy

  1. HairGrowthSerum.uk is the Data Controller – How do you contact us?
    HairGrowthSerum.uk is the data controller responsible for handling the personal data that we have collected from you.

If you have any questions, concerns, or complaints about our Privacy Policy, our data collection and processing practices, or if you wish to exercise any of your rights, or if you want to report any security violations to us, please contact us.

  1. Purpose and use of your personal data and the legal basis for the use of your data
    We use your Personal Data in the following ways:

2.1 When you visit our website, we collect information regarding your use of our website, including your browser type, which search terms you use, your IP address (including your network location), and information about the device you are using to visit our website. Furthermore, we collect information regarding which products and services you click on and add to your basket. This information is collected through cookies. Learn more about our use of cookies in our cookie policy. We use third-party analytics services to help analyze how users use our Site. The information generated by the Cookies or other technologies about your use of our Site is transmitted to the Analytics Services. The Analytics Services use Analytics Information to compile reports on user activity. The Analytics Services also transfer the Analytics Information to third parties where required to do so by law or where such third parties process Analytics Information on their behalf. Each Analytics Service’s ability to use and share Analytics Information is restricted by such Analytics Service’s Terms of Use and Privacy Policy. You can see who these third parties are in our cookie policy.

2.1.2 The purpose is:

2.1.2.1 to gather statistics to analyze trends about our user movements and use of our website, so we can better tailor our Services to our users’ needs;

2.1.2.2 to provide you with recommendations for products on our website that we think you might be interested in;

2.1.2.3 to carry out marketing of our products to you, including marketing via Facebook and Google; and

2.1.2.4 to improve the security of our website.

2.1.3 The legal basis for processing is the EU General Data Protection Regulation (henceforth “GDPR”) Article 6(1)(f), and your personal data will only be processed if you have given your consent to the processing of your personal data for this specific purpose.

2.2 When you order a product or communicate with us on our website, we collect the information you provide us, e.g., your name, address, email address, phone number, payment information, time of purchase, which products you purchase or may return, shipment information, and the IP address from which you make the order.

2.2.2 The purpose is:

2.2.2.1 to create a customer account and to deliver the products you have ordered as well as to fulfill our agreement with you;

2.2.2.2 to handle your rights to return and to complain;

2.2.2.3 to prevent fraud; and

2.2.2.4 to fulfill any legal requirements, including the Danish Accounting Law and Annual Report Law.

2.2.3 The legal basis for processing is GDPR Article 6(1)(b) (for 2.2.2.1-2), Article 6(1)(c) (for 2.2.2.4), and Article 6(1)(f) (for 2.2.2.3), as well as the Danish Accounting Law, Paragraph 10.

2.3 If you sign up for our newsletter, we collect information regarding your name, email address, IP address, and your phone number if you provide it to us. We collect information regarding when you signed up for our newsletter, when you unsubscribe from our newsletter, and information about where and when you open our newsletter.

2.3.2 The purpose is:

2.3.2.1 to send you the newsletter;

2.3.2.2 to construct statistics to optimize our newsletters and to carry out marketing of our services; and

2.3.2.3 to document your consent to receive the newsletter.

2.3.3 The legal basis for processing is the EU GDPR Article 6(1)(f).

2.4 If you provide us with feedback or contact us, we will collect your name and email address, as well as any other content included in the email, to send you a reply.

2.4.2 The purpose is:

2.4.2.1 to send you a response to your feedback or email; and

2.4.2.2 to process any complaint about a product failure.

2.4.3 The legal basis for processing is the EU GDPR Article 6(1)(f).

2.5 If you post content on our Website, such as a review, the information contained in your posting will be stored on our servers, and other users will be able to see it, along with your first name and last initial. The information that you provide will be visible to others, including anonymous visitors to the Site.

2.5.2 The purpose is:

2.5.2.1 to document who the author of the review is.

2.5.3 The legal basis for processing is the EU GDPR Article 6(1)(f).

2.6 When you visit our Facebook page, please be aware that we use Facebook’s analysis tool “Page Insights” to obtain statistics about visitors and to gain insights into visitors’ use of our Facebook page, including the number of likes, who likes our posts, the number of page visitors, interactions with our page, the reach of our posts, and other insights.

In connection with this, Facebook collects information as a data controller together with us. When you visit our Facebook page, you will gain access to information regarding the processing of these data. For more information, follow this link: https://www.facebook.com/legal/terms/information_about_page_insights_data.

We have entered into an agreement with Facebook regarding the shared responsibility of the data. You can read the agreement via this link: https://www.facebook.com/legal/terms/page_controller_addendum.

  1. Categories of personal data we process
    We process the following data about you:

We collect personal data as described in Section 2 of this Privacy Policy. We do not receive any personal data about you from any third party.

  1. Legitimate interests we pursue with processing your personal data
    As described above, parts of our processing of your personal data are carried out based on a legitimate interest according to GDPR Article 6(1)(f). Our legitimate interest in using your personal data to carry out marketing activities, improve our website, improve the security of our website, and prevent fraud has been balanced against your interests, basic rights, and freedom rights to ensure our use of your data does not exceed these. If you want to learn more about how we have balanced our use of your data according to this paragraph, please contact us using one of the methods stated in Section 1.
  2. Transfer of your data to recipients outside of the EU/EEA
    We will transfer your personal data to data processors established outside of the EU/EEA.

As mentioned in Section 2 of this Privacy Policy, we share data with companies for targeted marketing as well as handling our website. Among these companies are companies located outside of the EU/EEA.

Four of these data processors—Google Analytics (via Google LLC), ActiveCampaign LLC, Pinterest Inc, and Facebook Inc.—are established in the USA. The necessary guarantees for transferring data to the USA are secured through data processor certification under the EU-U.S. Privacy Shield, according to EU GDPR Article 45.

A copy of Google LLC’s certification can be found via this link:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

A copy of ActiveCampaign LLC’s certification can be found via this link:
https://www.privacyshield.gov/participant?id=a2zt0000000GnH6AAK.

A copy of Pinterest Inc’s certification can be found via this link:
https://www.privacyshield.gov/participant?id=a2zt00000008VVzAAM.

A copy of Facebook Inc’s certification can be found via this link:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

  1. Storage of your personal data
    Information collected when you make an order on our website, as described in Section 2.2, will normally be deleted after 2 years following the calendar year in which you made your order. However, information may be stored for a longer period if we have a legitimate need for longer storage, e.g., if it is necessary to store the data to determine, establish, or defend a legal claim. Also, the information will be stored if storage is necessary to fulfill a legal requirement. Furthermore, accounting records will be stored for 5 years from the end of the calendar year in which your order was made, to fulfill the requirements of the Danish Accounting Law.

Information collected when you sign up for our newsletter will be deleted when you withdraw your consent unless we have any other reason for using your data.

If you decide to delete your customer account, we will delete all data we have stored about you.

Information collected in connection with you making a post on our website will be deleted after 3 years unless we have another reason for using your information.

Information collected when you give us feedback or contact us via email will be deleted after 1 year unless we have another reason for using your information.

For information collected through your use of our website, as described in Section 2.1 (including cookies), you can find information regarding the deletion of such data in our cookie policy.

  1. The right to withdraw your consent
    If we have collected and processed your personal information with your consent, you can withdraw your consent at any time. To do this, please contact us via the contact information stated in Section 1.

Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

  1. Your rights regarding the use of your information
    According to the GDPR, you have several rights regarding our use of your personal data. To exercise any of these rights, please contact us.
  • Right to obtain access to the information: You can request access to the personal information we use about you, as well as other information we process.
  • Right to get untrue information corrected: You have the right to get any untrue information about you corrected.
  • Right to get data deleted: In certain circumstances, you have the right to get information about you deleted before we normally would delete such data.
  • Right to restricted processing: In some cases, you have the right to restrict the processing of your personal data. If you have the right to restrict the use of your personal data, we cannot process personal data about you in the future—except for storage—without your consent, unless we are required to do so by law or to protect a person or important public interests.
  • Right to object: In some cases, you can object to our or legal processing of your personal data. You can also object to the processing of your personal data for direct marketing.
  • Right to portability of your data: In some cases, you have the right to receive your personal information in a structured, commonly used, and machine-readable format, as well as to obtain any personal data that we have transferred to a third party.
  1. Complaint to a data protection authority
    You have the right to complain to a data protection authority about our collection and use of your personal information.