Privacy policy

Last updated: February 2025

Our Commitment to You

Membership Enrollment

Maelys Cosmetics Ltd. and its affiliated companies (together: "Maelys", "us" or "we") are dedicated to providing clients and site visitors (collectively, "users") with the highest level of transparency and control over the use of their information. In order for us to provide you with our services we are required to collect and process certain personal information about you and your activity.

By entrusting us with your information, we would like to assure you of our commitment to keep such information private. We have taken measurable steps to protect the confidentiality, security and integrity of this information.

When you use our Services, you consent to the collection, storage, use, disclosure and other uses of your Personal Data as described in this Privacy Policy.

We urge you to read this Privacy Policy carefully and make sure that you fully understand and agree to it. If you do not agree to this Privacy Policy, please discontinue and avoid using our Services.

Contents

Grounds for Data Collection

You are not legally required to provide us with your "Personal Data" (meaning any information which may potentially allow your identification with reasonable means), but without it we might not be able to provide you with the full range of, or the best experience while using, our websites or services (together, the "Services").

Processing of Personal Data is necessary for the performance of our contractual obligations towards you, for providing you with our services, for protection of our legitimate interests and for compliance with legal and regulatory obligations to which we are subject.

Our legal basis for collecting and using your Personal Data will depend on the particular purpose for which your data is being processed. We generally use the following legal bases:

  1. Performance of a contract: processing necessary to make the Services, including support services, available to you, and to send you service communications.
  2. Consent: in limited cases (for example, direct marketing emails/text messages and accepted website cookies) we process your Personal Data based on your consent. You can withdraw consent at any time using the contact details below.
  3. Legitimate interests: maintaining and improving our Services, understanding usage, improving customer service and support, and securing users and systems.
  4. Compliance with legal obligation: where processing is required by applicable law or by order of a court or regulatory body.

What Type of Data We Collect

Personal Data

In the course of using the Service, we may ask you to provide us with certain Personal Data to provide and improve the Service, to contact or identify you, to enable access to certain parts of the Website, and as otherwise indicated in this Policy. We collect the following Personal Data:

  • Registration and order information: name, mailing address, email address, telephone number, and, if registering via social account, profile picture and other data made available under your social privacy settings.
  • Information received from you: data you voluntarily provide when contacting us (contact forms, email, support channels), or when signing up to receive newsletters or other communications.
  • Billing information: data required to complete transactions, including payment-related and billing-related information and invoice details. Payment method details may be encrypted and stored by third-party payment providers compliant with PCI DSS.
  • Website usage data: IP address and general location data (for example city/country) collected by our webserver.
  • Information from third parties: contact details and business-related details received from business partners.

Non-Personal Data

We also collect data about Service usage and user activity in order to operate and improve the Service.

  • Technical information: website visits, browser and display settings, operating system, device type, session times, referral URL, time zone, network connection type, and cookie information.

If we combine Personal Data with non-Personal Data, the combined data will be treated as Personal Data.

Tracking Technologies

A "cookie" is a small text file used, for example, to collect data about activity on our Site. Some cookies and other technologies recall Personal Data such as an IP address.

When you visit or access our Services we use (and authorize third parties to use) pixels, cookies, events and other technologies ("Tracking Technologies") to collect information about you, your device and online behavior for navigation improvements, analytics, advertising effectiveness and personalization.

We also use Google Analytics to collect information about use of our Service. Information collected through Google Analytics is used to improve our Services.

Types of Cookies We Use

  • Strictly necessary cookies: required for operation of the website.
  • Analytical or performance cookies: help measure traffic and usage patterns to improve the Service.
  • Functionality cookies: recognize returning users and remember preferences, including cart state.
  • Targeting cookies: record your visit and browsing actions to improve ad relevance.

How to Manage Tracking Technologies Settings

UK and EU customers can manage cookie preferences via the "Your Privacy Choices" tool. Blocking cookies may affect some features of the Services.

Common browser controls include Google Chrome, Internet Explorer, Mozilla Firefox, Safari (Desktop/Mobile), and Android Browser. Mobile users can also limit ad tracking through device settings.

You can also turn off certain third-party targeting/advertising cookies via Network Advertising Initiative options.

How Do We Use the Data We Collect

  • Provision of service: to provide and improve our Services and respond to your queries.
  • Service announcements: to communicate updates and service offers.
  • Marketing purposes: to send newsletters and promotional materials, including profile-based marketing.
  • Opt-out handling: you may unsubscribe from promotional communications; we may still send service-related notices.
  • SMS services: we do not share SMS opt-in for unrelated purposes; we may share related data with vendors that help deliver messaging services.
  • Analytics, surveys and research: to test, evaluate and improve Service features.
  • Protecting our interests: fraud prevention, claim defense, and security/integrity protection.
  • Policy enforcement: including enforcement of client agreements and internal policies.
  • Legal compliance: where required by law, regulation, subpoena or similar legal process.

With Whom Do We Share Your Personal Data

  • Internal concerned parties: group companies and employees to provide Services.
  • Business partners: We share your information with business partners, such as storage and analytics providers who help us provide you with our Service. These third parties may have access to your Personal Data so that they may perform these tasks on our behalf, but they are obligated to comply with this Privacy Policy and may not use your Personal Data for any other purpose.
    In addition, we may work with post-purchase offer and advertising technology providers to display third-party offers on our order confirmation (“thank you”) page and to measure performance. Post-Purchase Offer and Advertising Technology Providers – Following a completed purchase, we may present additional third-party offers or advertisements on our order confirmation or “thank you” page. These offers are provided through technology partners that assist us in displaying relevant content and measuring the performance of such placements. In connection with these services, we may share certain identifiers such as name, email address (including hashed email), IP address, device information, and general geolocation with these partners. These providers process this information on our behalf under contractual obligations that limit their use of Personal Data to providing services to us, including ad delivery, fraud prevention, attribution, and performance measurement. These providers are not permitted to use your Personal Data for their own independent marketing purposes or share it with other inapplicable third parties.
  • Compliance with laws and law enforcement entities: where disclosure is necessary to comply with legal process, enforce rights, or protect safety/security.
  • Merger and acquisitions: in connection with merger, acquisition, reorganization, bankruptcy or asset sale.

Transfer of Data Outside the EEA (for EU Data Subjects)

Some data recipients may be located outside the EEA. In such cases, we transfer data only to countries approved by the European Commission as providing an adequate level of protection, or under legal agreements that ensure adequate data protection safeguards.

How We Protect Your Information

We implement administrative, technical and physical safeguards to prevent unauthorized access, use, or disclosure of Personal Data. Data is stored on secure servers and access is limited on a need-to-know basis.

Despite these measures, absolute security cannot be guaranteed. You are responsible for protecting your account credentials and limiting access to your account.

Retention

We retain Personal Data for as long as necessary to provide Services and as needed to comply with legal obligations, resolve disputes and enforce policies. Retention periods depend on the nature of the data and collection purpose.

User Rights

European Union Users

If you reside in the EU, you may request to:

  • Receive confirmation whether Personal Data concerning you is processed and access that data with supplementary information.
  • Receive a copy of data you provided in a structured, commonly used and machine-readable format.
  • Request rectification of Personal Data.
  • Request erasure of Personal Data.
  • Object to processing of Personal Data.
  • Request restriction of processing.

These rights are not absolute and may be subject to legitimate interests and regulatory requirements.

California Users

You have rights to know, delete, non-discrimination, and opt-out of sale/share of personal information as defined by applicable California law.

You may designate an authorized agent to submit requests on your behalf, subject to statutory verification requirements.

Additional Information for California Residents

This section addresses disclosure requirements under the California Consumer Privacy Act of 2018 and related regulations.

In the preceding twelve (12) months, we have collected the following categories of Personal Information:

Category Personal Information Collected Sources Business Purpose
A. Identifiers Name, email address, social media identifier, IP address, username Directly from consumers; website activity via cookies and tracking technologies; third parties including social networks and advertising networks Operate Services, product development and improvement, customer service, security, internal analytics and reporting
B. Personal information categories listed in California Customer Records statute Name and related customer record information Directly from consumers and integrated service/business partners Service maintenance and enhancement, debugging, internal research
C. Internet or other electronic network activity information Interaction with Services Advertising networks, data analytics providers, consumer devices via cookies/tracking technologies Auditing interactions and transactions, advertising/direct marketing, security and fraud prevention
D. Geolocation data Country, state (derived from IP address) Directly from consumer device (IP address) Fraud prevention, policy enforcement, legal compliance
E. Inferences Preferences and characteristics used to create profile/summary Advertising networks, social networks, direct submissions, publicly available/social sources Personalization, analytics, legal and regulatory compliance
F. Commercial information Transaction records and purchase history Directly from transactions and payment/order systems Order processing, analytics, customer support, compliance

Selling and Sharing Personal Information

We do not "sell" or "share" personal information as those terms are commonly understood. However, we allow certain third-party advertising partners to collect pseudonymized data for advertising-related purposes, including ad measurement and analytics.

You may opt out from sale/share by using Your Privacy Choices, resetting advertising identifiers on your device, limiting ad tracking in device settings, or contacting us.

How to Contact Us

If you wish to exercise any of the aforementioned rights, or receive more information, contact: [email protected].

Maelys EU representative information:
MAELYS EU COSMETICS 2017 LTD
2A Cheilonos str.
The Riverside Forum
Nicosia, Cyprus

Updates to This Policy

This Privacy Policy is subject to change from time to time, in our sole discretion. The most current version will be posted on our website (as reflected in the "Last Updated" heading). You are advised to check for updates regularly.

By continuing to access or use our Services after revisions become effective, you agree to be bound by the updated Privacy Policy.

Introduction

When you visit or access our website, or when you interact or engage with our content ("Services"), we use (and authorize third parties to use) web beacons, cookies, pixel tags, scripts, tags, API and other technologies ("Tracking Technologies").

The Tracking Technologies allow us to automatically collect information about you and your online behavior, as well as your device (for example your computer or mobile device), in order to enhance your navigation on our Services, improve our Services performance and customize your experience on our Services.

We also use this information to collect statistics about the usage of our Services, perform analytics, deliver content tailored to your interests and administer services to our users, advertisers, publishers, customers and partners.

We also allow third parties to collect information about you through Tracking Technologies.

What Are Cookies?

Cookies are small text files (composed only of letters and numbers) that a web server places on your computer or mobile device when you visit a webpage.

When used, a cookie can help make our Services more user-friendly, for example by remembering your language preferences and settings.

Cookies are widely used to make websites work efficiently. They allow navigation between pages, remember preferences, improve interaction with the Services and help ensure that advertisements shown online are relevant to you and your interests.

Storing Tracking Technologies

We store Tracking Technologies when you visit or access our Services (for example when visiting our websites). These are called "First Party Tracking Technologies".

In addition, Tracking Technologies are stored by third parties (for example analytics providers, business partners and advertisers) that run content on our Services. These are called "Third Party Tracking Technologies".

Both types may be stored either for the duration of your visit or for repeat visits.

What Types of Tracking Technologies Do We Use?

There are five main types of Tracking Technologies:

  • Strictly necessary Tracking Technologies.
  • Functionality Tracking Technologies: remember choices you make (such as language), support authentication and provide personalized features.
  • Performance Tracking Technologies: collect information about online activity (for example visit duration, behavioral data and engagement metrics) for analytics, research and statistics.
  • Marketing or Advertising Tracking Technologies: deliver tailored offers/ads, support marketing campaigns, cap ad frequency and measure campaign effectiveness.
  • Social media Tracking Technologies: support social features (for example Facebook "Like" or "Share") and are governed by third-party platform privacy statements.
Tracking Technology Type Purpose
Google Analytics Third party, Performance Collect data on how visitors use Services, including visitor numbers, traffic sources and pages visited, to compile reports and improve our Services.
Google Tag Manager Third party, Webstite Perfromance Loads scripts on website pages and supports measurement and analytics tools.
Yotpo Third party, Webstite Perfromance Supports review and feedback services that allow customers to publish comments about products.
Google AdWords Third party, Marketing/Advertising Measures advertising effectiveness by tracking actions taken after users click on ads and helps improve campaign performance.
Bing Third party, Marketing/Advertising Displays personalized ads and measures campaign performance based on actions taken after users click on ads.
Facebook Custom Audience Third party, Marketing/Advertising Uses pixel data and lookalike audiences to reach users who are similar to visitors that have taken actions on our websites.
Facebook Connect Third party, Social media Enables social sharing and account recognition across social networks.
AppLovin Third party, Marketing/Advertising Measures advertising effectiveness by tracking actions taken after users click on ads and helps improve campaign performance.
AWIN Third party, Webstite Perfromance Supports affiliate marketing by tracking referrals, measuring performance, and attributing commissions.
ShopMy Third party, Webstite Perfromance Supports influencer affiliate marketing by tracking creator referrals, measuring performance, and attributing commissions where applicable.
Justuno v4 Third party, Marketing/Advertising Displays promotional offers on the website.
Klaviyo Third party, Performance Collects email addresses and phone numbers and enables us to send email and SMS communications.
Noibu Third party, monitoring tool Uses Noibu to detect fraud, identify technical issues, and improve website performance and customer experience.
Rokt Third party, Marketing/Advertising Enables the delivery and measurement of relevant post-purchase offers on our website.
Snapchat Third party, Social media Uses pixel data and lookalike audiences to reach users who are similar to visitors that have taken actions on our websites.
TikTok Third party, Social media Uses pixel data and similar technologies to measure campaign performance and deliver relevant content and advertising.
VWO Third party, Webstite Perfromance Runs A/B tests and experiments, analyzes user behavior, and helps optimize the website experience based on performance insights.
Falcon Third party, Marketing/Advertising Enables the delivery and measurement of relevant post-purchase offers on the website.
Youtube/ Google Ads Third party, Marketing/Advertising Measures advertising effectiveness by tracking actions taken after users click on ads and helps improve campaign performance.