Privacy Policy

How we use the personal data which you provide to us or which we collect about you.

At NCBA Inc., we are committed to protecting our customers’ privacy. This Privacy Policy explains in detail how and why we collect and use the personal data which you provide to us or which we collect about you when you interact with us, for example, when you use our website or visit our store. 

We want you to be fully informed about how we use your data, how we keep it secure and your rights. We trust this Privacy Policy will answer any questions that you may have, but if not, please do get in touch with us directly at [email protected].   

This Privacy Policy is provided by NCBA, Inc. (referred to as “we”, “us” or “our” in this Privacy Policy). We are the data controller of any personal data we collect about you in the UK, and we are responsible for the Code8 website (www.codeeight.com) and any orders placed by customers on the website or in our UK flagship store.

"Personal data" means any information or pieces of information that could identify you either directly (e.g. your name) or indirectly (e.g. through pseudonymised data, such as a unique ID number). This means that personal data includes things like email/home addresses, usernames, profile pictures, personal preferences and shopping habits, user generated content, financial information, and health information. It could also include unique numerical identifiers like your computer's IP address or your mobile device's MAC address, as well as cookies. This privacy policy covers all personal data about you that is collected and used by NCBA Ltd.

We collect personal data from you when you provide it to us directly and through your use of the Site. This information may include:

The information you provide to us when you use our Site (e.g. your name, contact details, gender, product reviews, and any information which you add to your account profile),

Transaction and billing information, if you make any purchases from us or using our Site (e.g. credit/debit card details and delivery information),
Records of your interactions with us (e.g. if you contact our customer service team, interact with us on social media),

The information you provide us when you enter a competition or participate in a survey,
Information collected automatically, using cookies and other tracking technologies (e.g. which pages you viewed and whether you clicked on a link in one of our email updates).
We may also collect information about the device you use to access our Site, and other information necessary to provide the Site, for example, we may access your location if you give us your consent.

If you also shop in one of our stores, we may combine information you give us in-store (e.g. if you make a purchase or join our mailing list in-store) with the information above.

We might collect or receive your personal data from you via our websites, forms, apps, devices, or brand pages on social media or otherwise. Sometimes you give this to us directly (e.g. when you create an account, when you contact us, when you purchase from our website or stores) or sometimes we collect it (e.g. using cookies to understand how you use our websites and apps).


In the table below, we explain: 

  1. In what context is your personal data collected? 
  2. What personal data may we hold about you? 
  3. How and why we use it 
  4. What is our legal basis for using your personal data? 

If you do not provide the personal data marked with an asterisk, this may affect the goods and servies that we can provide. 

In which context is your personal data collected?

What personal data may we hold about you?

How and why may we use it?

What is our legal basis for processing your personal data?

Account Creation and Management

Where your personal data are collected during the creation or management of an account on NCBA Ltd. websites/apps, through a social media login or in store.

First name and surname;



Gender;



Email address;



Address;



Phone number;



Photo;



Birthday or age range;



ID/username, and password;



Personal description or preferences;



Order details;



Social media profile (where you use your social media login or share this personal data with us);



User generated content; and/or



Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or by participating in a contest, game, survey etc.).

To:



Manage your orders;



Send you marketing communications (where you have asked us to) which may be tailored to your “profile” (i.e. based on the personal data we know about you and your preferences);



Offer and manage a loyalty program;



Offer personalised services based on your characteristics;



Allow you to manage your preferences;



Monitor and improve our websites and apps;



Run analytics or collect statistics;



Secure our websites and protect you and us against fraud;



Respond to your questions and otherwise interact with you; and/or



Manage any competitions, promotions, surveys or contests you enter.

The performance of a contract – so you can create and manage your account;



Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud or criminal activity; and (iv) secure our tools; and



Consent – so you can receive marketing communications from us.

Newsletter and marketing subscriptions

Where your personal data are collected when you subscribe to receive our marketing communications.

First name and surname;



Email address;



Gender;



Address;



Phone number;



Birthday or age range



ID/username, and password;



Personal description or preferences;



Order details;



Social media profile (where you use your social media login or share this personal data with us);



User generated content; and/or



Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or by participating in a contest, game, survey etc.).

To :



Send you marketing communications (where you have asked us to) which may be tailored to your “profile” based on the personal data we know or learn about you and your preferences;



Show you marketing communications on other websites, including social media platforms. Note that you may also see our ads on other websites, including on social media sites, but these may not be tailored to you;



Keep an up to date suppression list if you have asked not to be contacted;



Run analytics or collect statistics; and/or

Consent – so you can receive marketing communications from us; and



Our legitimate interests: (i) to improve our products and services; and (ii) better engage with you.

Purchases and order management

Where your personal data are collected during the purchase process made on NCBA Ltd. websites/apps or in store

First name and surname;



Email address;



Address;



Phone number;



Personal description or preferences;



Social media profile (where you use your social media login or share this personal data with us);



Transaction information including purchased products;



Payment and information; and/or



Purchase history.

To:



Contact you to finalise your order where you have saved your shopping cart or placed products in your cart without completing the checkout process;



Inform you when a product you wanted to purchase is available;



Process your order including delivering the product to the address you indicated;



Manage payment. Please note that your payment information (credit card number/Paypal/bank account details) are not collected by us directly, but by secure payment service providers;



Manage any contact you have with us about your order;



Secure your transactions against fraud. We may use a third party provider’s solution to detect fraud and make sure that payment is completed;



If you place a purchase using a registered account, we will add this transaction to your profile so we can understand your interests and preferences and you will see a record of your transactions with us within your account (where applicable);



Manage any dispute relating to a purchase; and/or



Run analytics or collect statistics.

The performance of a contract – so you can make purchase and we can manage the associated logistics.



Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud or criminal activity; and (iv) secure our tools.



To comply with a legal obligation – to keep information we are required to.

Online browsing

Where your personal data are collected by cookies or similar technologies ("cookies"*) when you browse NCBA Ltd. websites/apps or on third-party websites/apps where we have cookies.



For information on specific cookies placed on a particular website/app, please check the cookies table on the specific website/app.



*Cookies are small text files stored on your device (computer, tablet or mobile) when you are on the Internet, including on NCBA Ltd. websites.

Data related to your use of our websites, including:



Where you came from,



Login details,



Location,



Data related to your navigation on our apps/websites, incl. scroll/mouse movement (but in a manner that does not identify you),



Videos you watched,



Pages/ads/content you looked at, clicked or tapped on,



Duration of your visit, and/or



Products you searched for and/or selected to create your basket.



Technical information:



Your IP address;



Browser information;



Device information; and/or



Your unique ID which is given to each visitor, and the expiration date of the ID.

We use cookies, together with other personal data you have already shared with us (such as previous purchases, or whether you’re signed up to our email newsletters) for the following purposes:



To deliver targeted advertising, that is to show you:



online advertisements for products which may be of interest to you, based on your previous behaviour, and/or



ads and content on social media platforms, such as Facebook, Instagram, TikTok and Pinterest or other websites.



You can opt out of targeted advertising by using the function available on our website (where applicable), or in your browser settings. For opting out of targeted advertising on social media platforms, please visit the relevant social media platform to explore the options they may provide.



To tailor our services for you, that is to:



show you recommendations, marketing, or content based on your profile and interests, and/or



display our websites in a tailored way, for example, show you products we think you might like.



To allow our websites/apps to function properly, that is to:



ensure the proper display of content,



create and remember your shopping cart,



create and remember your account login details,



interface personalisation, such as language, or any user-interface customisation (i.e. parameters attached to your device including your screen resolution or font preference), etc.,



perform troubleshooting, and/or



improve user experience and our websites/apps, for example, by testing new ideas or layouts.



Please note that we only track your navigation on the website/app (e.g., mouse movements) to ensure our websites/apps function properly, for troubleshooting, and to improve user experience, as explained above. We do so in a way that does not identify you to ensure that the personal data provided on the website/app is always masked and never recorded.



To ensure our websites/apps are secure and safe, and to protect you against fraud or misuse of our websites/apps or services.



To run statistics, that is to:



avoid visitors being recorded twice,



know users’ reaction to our advertising campaigns.



improve our offers, and/or



understand how you discovered our websites/apps.



To allow sharing of our content on social media platforms.

Consent – to store cookies on your device.



Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii secure our tools.

Social Media Platforms

Where your personal data are collected from your activity on social media platforms.



For more information on how your personal data may be shared with Facebook and Google, please see the respective sections under “We may disclose your personal data to our partners” below.

We may get information you publicly post on social media platforms and use it to better understand how consumers view our products/services and interact with us. For example, we may use public posts to identify beauty trends. Where possible, we do this in way that we are unable to directly identify you.



We may also collect your personal data when you mention us on social media platforms. The personal data we collect may include:



Social media handle,



Photo, and/or



Any comments mentioned in your post.



If we want to re-use any content you post on social media platforms, we will always ask your permission first (see ‘User Generated Content’ below).

To



Monitor and improve our websites and apps; and/or



Run analytics or collect statistics.

Our legitimate interests: (i) to improve our products and services; and (ii) better engage with you.

Promotions

Where your personal data are collected during a competition, game, contest, promotional offer, sample request, survey, etc.

First name and surname,



Email address,



Phone number,



Birth day or age range,



Gender,



Mailing Address,



Personal description or preferences,



Social media profile (where you use your social media login or share this personal data with us), and/or



User generated content,



Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or by participating in a contest, game, survey etc.).

To:



Complete tasks that you have asked us to, for example, to manage your participation in the promotion, including to take into account your feedback and suggestions,



Run analytics and statistics.

The performance of a contract – so you may entered into the promotion/we can deliver the prize).



Our legitimate interests: (i) to improve our products and services; and (ii) better engage with you.

User Generated Content

Where your personal data are collected when you submit content (for example images or ratings and reviews) on one of our websites/apps/social media platforms or accept our re-use of any content you posted on social media platforms.

First name and surname or alias;



Email address;



Photo;



Personal description or preferences;



Social media profile (where you use your social media login or share this personal data with us); and/or



Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, or by providing your own content such as photos or a review, or a question via the chat function available on some websites).

To:



Use the content you have created and/or shared in accordance with the specific terms and conditions accepted by you e.g. to post your review/content and to promote our products;



Run analytics and statistics; and/or



Add your content to your profile so we can understand your interests and preferences.

Consent – to provide you with the service you have requested, for example, so you can upload the content of your choice.



Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii) secure our tools and design new features.

Use of websites/apps and devices

Where your personal data are collected as part of your use of our websites/apps and/or devices (for example when you provide your personal data when completing online forms or trying on our products virtually via our apps).

First name and surname;



Gender;



Email address;



Photo;



Location;



Birth day and/or age range;



Personal description or preferences, including characteristics such as skin tone, skin/hair type (e.g. your beauty profile); and/or



Application or device usage data.

To:



Provide you with the service(s) you requested (e.g. enable you to purchase our products),



Analyse your personal characteristics and recommend appropriate products (including bespoke products) and routines,



Monitor and improve our apps and devices, and/or



Run analytics and statistics.

Consent – to provide you with the service you have requested, for example, show you recommended products or complete your purchase.



The performance of a contract – to deliver the service you have requested e.g. to enable you to try on products virtually.



Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii) secure our tools.

Enquiries

Where your personal data are collected when you ask questions relating to our brands, our products and their use, or your purchases, account or rights.

First name and surname;



Phone number;



Email address;



Other information you have shared with us about yourself in relation to your enquiry (which may include welfare, health data and call recordings).

To:



Answer and manage your enquiries, and/or



Run analytics and statistics.

The performance of a contract – to respond to your enquiries.



Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii) secure our tools.

Our premises

Where your personal data are collected when you visit our premises (e.g. our Burlington Arcade Flagship store or any other popup locations)

Photo/Video captured via CCTV; and



Attendance/visitor forms (which may include the collection of welfare and health data).

To:



Assist in the prevention and detection of crime and manage enquiries; and/or



Help ensure the health, safety and security of employees and visitors, information located or stored within the premises, and assets.

Our legitimate interests: (i) prevent fraud and criminal activity; and (ii) secure our tools.



To comply with legal obligation – to meet health and safety requirements.

Depending on how you use our Site, your interactions with us, and the permissions you give us, the purposes for which we use your personal data include:

  • To fulfil your order and maintain your online account.
  • To manage and respond to any queries or complaints to our customer service team.
  • To personalize the Site to you and show you content we think you will be most interested in, based on your account information, your purchase history and your browsing activity.
  • To improve and maintain the Site, and monitor its usage.
    For market research, e.g. we may contact you for feedback about our products.
  • To send you marketing messages and show you targeted advertising, where we have your consent or are otherwise permitted to do so.
    For security purposes, to investigate fraud and where necessary to protect ourselves and third parties.
  • To comply with our legal and regulatory obligations.
    We rely on the following legal basis, under data protection law, to process your personal data:
  • Because the processing is necessary to perform a contract with you, or take steps prior to entering into a contract with you (e.g. where you have made a purchase with us, we use your personal data to process the payment and fulfil your order).
  • Because we have obtained your consent (e.g. where you contact us with a query, where you add optional information to your account profile, or if you consent to receive marketing from us).
    Because it is in our legitimate interests as an e-commerce provider to maintain and promote our services. We are always seeking to understand more about our customers in order to offer the best products and customer experience. We use information about you to tailor your view of the Site, to make it more interesting and relevant in respect of the products and offers on view.


Our Site may allow you the option of adding additional information to your account profile, such as information about your body type, skin type, hair type, hair condition, training regime, performance goals, height and weight. We treat this information with particular sensitivity, as we understand it can reveal information about your health or ethnicity, for example. You do not have to provide this information to us, and can delete it or update it at any time.

We may share your data with trusted third parties to allow us to provide our services to you. When we do share your data with these third parties we only provide the information they need to perform the service. We have written contracts in place with them to ensure they only use your data for the purpose we specify to them and that your privacy is secure and respected. 

These trusted third parties include the following: 

DESCRIPTION

EXAMPLES

Companies that help us fulfil your orders and, where required, get your purchases to you, such as delivery couriers and payment providers

Royal Mail, DPD, Stripe, PayPal 

Professional service providers such as website hosting providers, system providers, website and social media analytics providers, advertisers and appointment booking providers, who help us run our business

Acuity, Google Analytics, Magento 

Social Media or Web platforms to show you products that might interest you while you’re browsing the internet

Facebook, Instagram, YouTube

Credit reference agencies, law enforcement and fraud prevention agencies, so that we can help tackle fraud

Stripe, PayPal 

 

We may be required to share your personal data with the police, administrative authorities (such as HMRC) or other enforcement, regulatory or Government bodies, where we are legally obliged to do so.

We will only share your personal data with third parties for them to use for their own direct marketing purposes when you have given your consent for us to do so. 

 

We love to communicate with our customers and so, depending on your marketing preferences, we may use your personal data to send you marketing messages by email, phone or post. Some of these messages may be tailored to you, based on your previous browsing or purchase activity, and other information we hold about you.

If you no longer want to receive marketing communications from us (or would like to opt back in!), you can change your preferences at any time by contacting us (details below), clicking on the ‘unsubscribe’ link in any email, or updating your settings in your account. If you unsubscribe from marketing, please note we may still contact you with service messages from time to time (e.g. order and delivery confirmations, and information about your legal rights).

You may also see ads for our Site on third party websites, including on social media. These ads may be tailored to you using cookies (which track your web activity, so enable us to serve ads to customers who have visited our Site). Where you see an ad on social media, this may because we have engaged the social network to show ads to our customers, or users who match the demographic profile of our customers. In some cases, this may involve sharing your email address with the social network. If you no longer want to see tailored ads you can change your cookie and privacy settings on your browser and these third party websites.

Please visit our cookie policy here.

We would like to make sure that you are fully aware of all of your data protection rights. Every user is entitled to the following:


The Right to Access: You have the right to request copies of your personal data from NCBA Ltd. We may charge you a small fee for this service.
The Right to Rectification: You have the right to request that NCBA Ltd. correct any information that you believe is inaccurate. You also have the right to request that NCBA Ltd. complete any information that you believe is incomplete.

The Right to Erasure: You have the right to request that NCBA Ltd. erase your personal data, under certain conditions.
The Right to Restrict Processing: You have the right to object to NCBA Ltd.'s processing of your personal data, under certain conditions.

The Right to Data Portability: You have the right to request that NCBA Ltd. transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at

  • Our email: [email protected]
  • Call us at: +44 020 7352 4921
  • Or write us: NCBA Ltd., 2nd Floor, 146 New Cavendish Street, W1W6YQ, London, United Kingdom