Privacy Policy
Privacy Policy
Fir Beauty Ltd. (“Fir Beauty,” “we,” “us,” or “our”) is committed to safeguarding and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our website www.firbeauty.com (the “Website”), contact our customer service, or engage with us for wholesale, private label, and custom sample orders in the beauty and personal care sector. It also describes your rights regarding your data.
For the purposes of the EU General Data Protection Regulation (GDPR), the UK Data Protection Act, and similar laws, Fir Beauty Ltd. is the data controller of your personal information.
Our business operates globally, serving B2B clients across various jurisdictions. We design our practices to comply with major data protection frameworks, including the GDPR, the UK Data Protection Act, the California Consumer Privacy Act (CCPA), and other applicable regulations, to the extent they apply.
For complete transparency, this policy is accessible on our homepage and at every point where personal information may be requested.
1. Information We Collect
We may collect personal information directly from you, automatically through your use of the Website, and from third parties. Personal information means any data that identifies or can be used to identify an individual.
Information You Provide Directly:
- Account Registration & Orders: When you create an account or place a sample/wholesale order, we collect your name, email address, telephone number, shipping and billing addresses, company name (if applicable), tax identification number (where required), and marketing preferences.
- Wholesale & Custom Sample Inquiries: When you submit an inquiry for bulk pricing, private labeling, or custom sample development via our contact forms or customer service, we collect your name, company name, job title, email address, phone number, product interests, and any project requirements you share.
- Newsletter & SMS Marketing: When subscribing to marketing communications, we collect your email address and/or phone number. By opting in, you agree that your contact details may be shared with trusted technology partners assisting in campaign delivery. You may unsubscribe anytime using the link in our messages.
- Customer Service Interactions: When you contact our support team via email (support@firbeauty.com), we may record the communication and keep related details to resolve inquiries.
Information Collected Automatically:
- Website Usage Data: Through cookies and similar technologies, we automatically collect information about your device, browser, IP address, referring pages, pages visited, and time spent on the Website. This data is mostly aggregated and does not directly identify you.
- Transactional Information: We maintain records of your orders, samples requested, and wholesale history.
Information We Do NOT Collect:
We do not collect or store full credit/debit card numbers. All payment card data is tokenized and processed directly by PCI-DSS Level 1 compliant payment gateways (e.g., Stripe, PayPal). No complete card information is ever held on our servers.
CCPA Categories of Personal Information Collected:
In the past 12 months, we have collected the following categories of personal information as defined under the CCPA:
- Identifiers: Name, email address, telephone number, postal address, IP address.
- Commercial Information: Records of products or services purchased, obtained, or considered, including wholesale and sample history.
- Internet or Other Electronic Network Activity: Browsing history, search history, and interactions with our Website.
- Professional or Employment-Related Information: Company name and job title (for B2B inquiries).
- Geolocation Data: Approximate location derived from IP address.
We do not collect sensitive personal information (such as precise geolocation, biometric data, or government ID numbers) without your explicit consent where required.
2. How We Use Your Information
We process your personal data for the following purposes, relying on the lawful bases indicated below. Based on our data processing activities (order fulfillment, marketing, analytics, legal compliance, etc.), we provide a transparent summary:
| Processing Purpose | Personal Data Categories | Lawful Basis (GDPR/UK) |
|---|---|---|
| Processing & fulfilling wholesale, sample, and custom orders; shipping and invoicing. | Identifiers, commercial info, company details, payment token (no full card). | Performance of a contract (art. 6(1)(b)). |
| Customer support and managing inquiries (including custom sample development). | Contact details, order history, project requirements. | Performance of a contract / Legitimate interests (art. 6(1)(f)). |
| Marketing communications (newsletters, SMS, product offers) — only if you opt-in. | Email, phone number, marketing preferences. | Consent (art. 6(1)(a)). You may withdraw anytime. |
| Website analytics, improving user experience, and security monitoring. | IP address, device info, browsing behavior (anonymized where possible). | Legitimate interests (art. 6(1)(f)) — enhancing our services & security. |
| Compliance with legal obligations (tax records, anti-fraud, regulatory requests). | Transactional records, identity data, tax numbers. | Legal obligation (art. 6(1)(c)). |
| Preventing fraud, abuse, and maintaining site integrity. | IP address, account activity, device identifiers. | Legitimate interests (art. 6(1)(f)). |
Where we rely on legitimate interests, we have assessed that these interests are not overridden by your rights and freedoms. You have the right to object to such processing (see Section 7).
Automated Decision-Making: We do not engage in automated decision-making that produces legal or similarly significant effects concerning you.
3. Children’s Privacy
We comply with applicable laws and do not knowingly collect personal information from children. In accordance with the GDPR and similar regulations, we do not knowingly collect data from individuals under the age of 16, or the lower age threshold set by applicable local law (not below 13). Our Website and marketing are not directed at anyone under this age. If we become aware that a child has provided us with data, we will delete it promptly.
4. Sharing and Disclosure of Personal Data
We respect your privacy and do not sell your personal data to any third party for monetary consideration. We also do not share personal information for cross-context behavioral advertising (as defined under the CCPA). We may share data in the following limited circumstances:
- Service Providers & Partners: With trusted third parties that perform services on our behalf, including payment processors, shipping and logistics companies, email/SMS delivery platforms, cloud hosting providers, and analytics services. They are contractually bound to use your data only as instructed and in compliance with this policy.
- Business Partners: When you consent to receive communications from selected partners, we may share your contact details accordingly. No sensitive financial data is ever shared.
- Legal & Regulatory Compliance: If required by law, subpoena, or to protect the rights, property, or safety of Fir Beauty, our clients, or the public.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred, subject to the same privacy commitments.
Our Website is built on WordPress and may use plugins that process data. We strive to ensure all third-party components comply with data protection standards. For instance, our contact forms include anti-spam mechanisms, and analytics may be provided by Google Analytics.
5. International Data Transfers
Because we serve B2B clients around the world, your personal information may be transferred to and processed in countries outside your own (including the United States, where our hosting servers may be located). We ensure that such transfers are subject to adequate safeguards. For transfers from the European Economic Area (EEA), we rely on European Commission-approved Standard Contractual Clauses (SCCs). For transfers from the United Kingdom, we rely on the UK International Data Transfer Agreement or UK Addendum to the EU SCCs, as applicable. By using our Website and providing your data, you acknowledge that your information may be transferred across borders as described.
6. Data Security and Retention
We implement appropriate technical and organizational measures to protect your data. The Website uses Secure Socket Layer (SSL/TLS) encryption during transmission. Access to personal data is limited to employees, contractors, and service providers on a strict need-to-know basis, bound by confidentiality obligations.
However, no method of transmission over the Internet is 100% secure. While we take commercially reasonable steps, we cannot guarantee absolute security.
Data Retention Periods
- Order and transaction records: retained for tax and legal purposes for up to 10 years after the last transaction, in accordance with applicable corporate and tax laws.
- Marketing consents: until you withdraw consent or unsubscribe. We will act on such requests promptly.
- Website analytics logs: generally anonymized or deleted after 26 months.
- Inquiry and inactive account data: periodically reviewed and deleted if no longer relevant, typically after 3 years of inactivity.
When the retention period expires, data is securely deleted or anonymized.
7. Your Data Protection Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access & Portability: Request a copy of your data in a structured, machine-readable format.
- Rectification: Correct inaccurate or incomplete information.
- Erasure (“Right to be Forgotten”): Request deletion of your data, subject to legal retention obligations.
- Restriction: Limit our processing under certain circumstances.
- Objection: Object to processing based on legitimate interests, including profiling for direct marketing.
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time (e.g., marketing emails). Withdrawal does not affect prior lawful processing.
- Non-Discrimination: We will not discriminate against you for exercising privacy rights.
Additional Rights for California Residents (CCPA/CPRA):
If you are a California resident, you have the right to:
- Know what personal information we have collected, used, disclosed, and sold/shared over the past 12 months.
- Request deletion of your personal information.
- Opt-out of the “sale” or “sharing” of personal information (we do not sell or share data for cross-context behavioral advertising).
- Correct inaccurate personal information.
- Limit use and disclosure of sensitive personal information (we do not use sensitive data for inferring characteristics).
To exercise these rights, contact us at support@firbeauty.com. You may also designate an authorized agent. We will verify your identity before processing requests.
For EU/UK residents, you also have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK) if you believe our processing violates data protection law.
To submit a request, please email us with the subject “Privacy Rights Request.” We will respond within the timeframe required by law (usually one month).
8. Cookies and Similar Technologies
Our Website uses cookies, pixels, and local storage to enhance your experience. Cookies are small text files placed on your device. We categorize them as follows:
- Strictly Necessary Cookies: Essential for site navigation and features like shopping cart and account login. The Website cannot function properly without them.
- Analytics/Performance Cookies: Help us understand how visitors interact with the site (e.g., Google Analytics). They collect aggregated, anonymous data about page visits and traffic sources.
- Functional Cookies: Remember choices you make (e.g., language, region) for a more personalized experience.
- Targeting/Advertising Cookies: Used to deliver ads relevant to your interests and measure campaign effectiveness (e.g., Facebook Pixel, Google Ads).
We will request your consent for non-essential cookies (analytics, functional, advertising) via a cookie banner upon your first visit. You can manage or withdraw your consent at any time through our cookie preference center or by adjusting your browser settings. Disabling cookies may affect site functionality.
Do Not Track Signals: Our Website does not currently respond to browser “Do Not Track” (DNT) signals. We recognize that a uniform standard is not yet established, and we will review our approach as guidance evolves.
For detailed information about specific cookies we use, please refer to our Cookie Declaration (available in our consent manager).
9. Third-Party Links and Integrations
Our Website may include links to social media platforms (e.g., Instagram, LinkedIn) or embed features such as sharing buttons. These third-party sites have their own privacy policies, and we are not responsible for their practices. We encourage you to review those policies before submitting personal data.
10. Updates to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. When we make material changes, we will notify you by posting a prominent notice on the Website and/or sending an email to the address we have on file. The “Last updated” date at the top indicates when the policy was revised. We encourage you to review this page regularly to stay informed.
11. Contact Information
If you have any questions, concerns, or wish to exercise your data rights, please contact us:
Fir Beauty Ltd.
Email: support@firbeauty.com
Address: No. 1 Bohong 1st Road, Middle Hanxi Avenue, Panyu District, Guangzhou City, Guangdong Province, China
We are committed to resolving any privacy-related inquiries promptly and transparently.