PRIVACY POLICY

Last updated: September 16, 2025

RECO SKINLAB operates this store and website to provide you with a curated shopping experience (the “Services”). The Services are hosted by Shopify. This Privacy Policy explains how we collect, use and disclose personal information in compliance with the GDPR, the LSSI and applicable EU/UK law. In case of conflict between this Privacy Policy and the Terms, this Privacy Policy governs the processing of personal information.

Personal Information We Collect or Process
“Personal information” means information that identifies or can reasonably be linked to an individual. We may process:

  • Contact details: name, email, phone, billing/shipping addresses.

  • Financial/transaction: payment method/token (processed by our providers), transaction IDs, totals, refunds.

  • Account: login, preferences, wishlists, consents.

  • Usage/device: IP address, device/browser data, cookies/SDK identifiers, pages viewed, cart events.

  • Communications: support messages, reviews, returns.

  • Marketing & cookies: preferences and identifiers as set in our Cookie Banner.

Personal Information Sources

  • Directly from you (creating an account, checkout, contacting us).

  • Automatically via cookies/SDKs when you use the Services (see Cookie Policy).

  • Service providers/partners (e.g., Shopify, payments, fulfilment, analytics/ads with consent).

  • Affiliates/third parties where lawful and relevant.

How We Use Your Personal Information

  • Provide and improve the Services (contract performance – Art. 6(1)(b) GDPR).

  • Customer support and communications (contract/legitimate interest).

  • Security and fraud prevention (legitimate interest – Art. 6(1)(f)).

  • Marketing/advertising (consent where required; legitimate interest for customer soft opt-in permitted by law; you can opt out at any time).

  • Legal compliance (legal obligations – Art. 6(1)(c)).

Relationship with Shopify
The Services are hosted by Shopify, which processes your personal information to provide and improve the platform. Shopify may use certain data to provide enhanced features across merchants. For details and your rights see Shopify’s Consumer Privacy Policy and the Shopify Privacy Portal.

Third Party Websites and Links
Links to third-party sites are provided for convenience; their privacy/security practices are their responsibility. Review their policies before use.

Children's Data
The Services are not intended for minors. We do not knowingly process data of children below the age of majority in your jurisdiction.

Security and Retention of Your Information
We implement appropriate technical and organisational measures. No system is 100% secure.
Retention: orders/invoices 6–10 years (tax/accounting); account data while active; marketing until you withdraw consent/opt-out (then kept on suppression lists); support/claims retained for limitation periods.

Your Rights and Choices
Depending on where you live and subject to legal limits, you may have rights to access, rectify, erase, restrict, portability, object (including to direct marketing) and to withdraw consent. We may need to verify your identity. You will not be discriminated against for exercising your rights.
To exercise rights regarding data processed by Shopify, visit https://privacy.shopify.com/en.

Complaints
You can contact us (see Contact below) or lodge a complaint with your local authority. In Spain, AEPD: www.aepd.es.

International Transfers
Where data is transferred outside the EEA/UK, we rely on adequacy decisions or Standard Contractual Clauses (and, where relevant, the UK IDTA/Addendum) with supplementary measures as needed.

Changes to This Privacy Policy
We may update this notice. We will post the revised version with the “Last updated” date and notify you where required.