1. Controllers of Personal Information

Heaven is the controller of personal information collected to provide you with information and services.

This privacy notification explains what data we collect, for what purpose, and how to exercise your rights under the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and UK GDPR.

2. Purpose and Scope of Processing by Heaven

Heaven processes data to deliver its services, provide content, gather feedback, and inform you about related offerings and updates.

The main services we offer include:

Skincare product recommendations and content

Online events, newsletters, and updates for our community

Personalised skincare advice and consultations

Promotions and loyalty programmes such as our Heaven Rewards & Referral Programme

Where applicable, when you (or your company) purchase a service, a specific agreement may be signed. In the absence of such an agreement, this privacy notice governs how we treat personal data.

Heaven does not sell or transfer control of personal information to third parties, except to use sub-processors necessary to provide our services (see Section 5).

We may also receive personal information from other data controllers in connection with delivering or promoting our services.

For example, referrals or marketing lists from third-party partners.

If this occurs, individuals will be notified, and all protections outlined in this privacy policy will apply.

Heaven may process the following personal data: Email address First and last name Contact telephone number Record of purchases (e.g. product orders, subscriptions) Record of customer support interactions Payment information (credit/debit card or bank details) IP address and website usage data collected through cookies

3. Data Retention Policy

We retain personal information for up to 3 years after the last interaction, or until you request deletion. For specific data related to billing or legal obligations, we retain it for the period required by law.

4. Data Protection and Your Rights

Heaven employs industry-standard practices to protect your data. We implement both technical and organizational safeguards to prevent unauthorized access or breaches. All team members handling data are bound by confidentiality obligations. You may: Request deletion of your data at any time by contacting: [insert your email] Request access to your personal data stored by us via the same contact File a privacy complaint either with us or your relevant supervisory authority Please note: if you’ve purchased a service, we can only delete your data after the conclusion of that service.

5. Sub-processors and Place of Processing

Heaven may use sub-processors to support the delivery of its services. All sub-processors are vetted and bound by data processing agreements that ensure compliance with the GDPR and UK data protection laws. Where data is processed outside the UK or EEA (e.g. by US-based service providers), we ensure proper safeguards are in place, such as Standard Contractual Clauses or adequacy agreements.

1. Controllers of Personal Information

Heaven is the controller of personal information collected to provide you with information and services.

This privacy notification explains what data we collect, for what purpose, and how to exercise your rights under the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and UK GDPR.

2. Purpose and Scope of Processing by Heaven

Heaven processes data to deliver its services, provide content, gather feedback, and inform you about related offerings and updates.

The main services we offer include:

Skincare product recommendations and content

Online events, newsletters, and updates for our community

Personalised skincare advice and consultations

Promotions and loyalty programmes such as our Heaven Rewards & Referral Programme

Where applicable, when you (or your company) purchase a service, a specific agreement may be signed. In the absence of such an agreement, this privacy notice governs how we treat personal data.

Heaven does not sell or transfer control of personal information to third parties, except to use sub-processors necessary to provide our services (see Section 5).

We may also receive personal information from other data controllers in connection with delivering or promoting our services.

For example, referrals or marketing lists from third-party partners.

If this occurs, individuals will be notified, and all protections outlined in this privacy policy will apply.

Heaven may process the following personal data: Email address First and last name Contact telephone number Record of purchases (e.g. product orders, subscriptions) Record of customer support interactions Payment information (credit/debit card or bank details) IP address and website usage data collected through cookies

3. Data Retention Policy

We retain personal information for up to 3 years after the last interaction, or until you request deletion. For specific data related to billing or legal obligations, we retain it for the period required by law.

4. Data Protection and Your Rights

Heaven employs industry-standard practices to protect your data. We implement both technical and organizational safeguards to prevent unauthorized access or breaches. All team members handling data are bound by confidentiality obligations. You may: Request deletion of your data at any time by contacting: [insert your email] Request access to your personal data stored by us via the same contact File a privacy complaint either with us or your relevant supervisory authority Please note: if you’ve purchased a service, we can only delete your data after the conclusion of that service.

5. Sub-processors and Place of Processing

Heaven may use sub-processors to support the delivery of its services. All sub-processors are vetted and bound by data processing agreements that ensure compliance with the GDPR and UK data protection laws. Where data is processed outside the UK or EEA (e.g. by US-based service providers), we ensure proper safeguards are in place, such as Standard Contractual Clauses or adequacy agreements.

1. Controllers of Personal Information

Heaven is the controller of personal information collected to provide you with information and services.

This privacy notification explains what data we collect, for what purpose, and how to exercise your rights under the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and UK GDPR.

2. Purpose and Scope of Processing by Heaven

Heaven processes data to deliver its services, provide content, gather feedback, and inform you about related offerings and updates.

The main services we offer include:

Skincare product recommendations and content

Online events, newsletters, and updates for our community

Personalised skincare advice and consultations

Promotions and loyalty programmes such as our Heaven Rewards & Referral Programme

Where applicable, when you (or your company) purchase a service, a specific agreement may be signed. In the absence of such an agreement, this privacy notice governs how we treat personal data.

Heaven does not sell or transfer control of personal information to third parties, except to use sub-processors necessary to provide our services (see Section 5).

We may also receive personal information from other data controllers in connection with delivering or promoting our services.

For example, referrals or marketing lists from third-party partners.

If this occurs, individuals will be notified, and all protections outlined in this privacy policy will apply.

Heaven may process the following personal data: Email address First and last name Contact telephone number Record of purchases (e.g. product orders, subscriptions) Record of customer support interactions Payment information (credit/debit card or bank details) IP address and website usage data collected through cookies

3. Data Retention Policy

We retain personal information for up to 3 years after the last interaction, or until you request deletion. For specific data related to billing or legal obligations, we retain it for the period required by law.

4. Data Protection and Your Rights

Heaven employs industry-standard practices to protect your data. We implement both technical and organizational safeguards to prevent unauthorized access or breaches. All team members handling data are bound by confidentiality obligations. You may: Request deletion of your data at any time by contacting: [insert your email] Request access to your personal data stored by us via the same contact File a privacy complaint either with us or your relevant supervisory authority Please note: if you’ve purchased a service, we can only delete your data after the conclusion of that service.

5. Sub-processors and Place of Processing

Heaven may use sub-processors to support the delivery of its services. All sub-processors are vetted and bound by data processing agreements that ensure compliance with the GDPR and UK data protection laws. Where data is processed outside the UK or EEA (e.g. by US-based service providers), we ensure proper safeguards are in place, such as Standard Contractual Clauses or adequacy agreements.