Privacy Policy

Last Updated: July 23, 2025

Cu-Nu.com (“we,” “our,” or “us”) is committed to protecting the privacy of our customers and website visitors. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you visit our website cu-nu.com, purchase our skincare products, or otherwise interact with us.

By using our website, you agree to the collection and use of your information in accordance with this Privacy Policy.

1. Data Controller

Cu-Nu.com Office 1278 92 Castle Street Belfast, BT1 1HE United Kingdom Email: care@cu-nu.com

2. Personal Data We Collect

We collect various types of personal data from you, including:

  • Contact Information: Name, email address, postal address (billing and shipping), phone number.
  • Account Information: Username, password (encrypted), and other registration details.
  • Payment Information: Details required to process payments, such as credit card numbers and billing addresses. (Note: We do not store full credit card details on our servers; these are processed securely by our third-party payment processors).
  • Transaction Information: Details about products you purchase, order history, and fulfillment details.
  • Communication Information: Your communications with us, including customer service inquiries, reviews, feedback, and survey responses.
  • Marketing Preferences: Your preferences for receiving marketing communications from us.
  • Technical Data: Internet Protocol (IP) address, browser type and version, operating system, device type, time zone setting, browser plug-in types and versions, and other technology on the devices you use to access our website.
  • Usage Data: Information about how you use our website, products, and services, including pages viewed, links clicked, time spent on pages, navigation paths, and referring website addresses.
  • Cookies and Tracking Data: Information collected through cookies and similar tracking technologies (see Section 7 for more details).

3. How We Collect Your Personal Data

We collect your personal data through various methods:

  • Direct Interactions:
    • When you create an account on our website.
    • When you place an order for products.
    • When you subscribe to our newsletter or other marketing communications.
    • When you fill out forms on our website (e.g., contact forms, surveys, product reviews).
    • When you communicate with us via email, phone, or live chat for customer service or inquiries.
    • When you participate in promotions or competitions.
  • Automated Technologies or Interactions:
    • As you interact with our website, we may automatically collect Technical Data and Usage Data using cookies, server logs, and other similar technologies.
  • Third Parties or Publicly Available Sources:
    • We do not currently receive personal data about you from third parties or public sources, beyond what is necessary to process payments or shipping initiated by you. If this changes in the future, we will update this policy.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To Process and Fulfill Your Orders: To manage your purchases, process payments, deliver products to you, and notify you about the status of your order.
  • To Manage Your Account: To set up and manage your user account, provide you with access to your order history, and manage your preferences.
  • To Provide Customer Service: To respond to your inquiries, provide support, and resolve any issues you may encounter.
  • To Send Marketing Communications: To send you newsletters, promotional offers, product updates, and information about sales, where you have consented to receive such communications.
  • To Improve Our Website and Services: To analyze website usage, troubleshoot problems, personalize your experience, and develop new features and products.
  • To Personalize Your Experience: To tailor product recommendations and content based on your Browse and purchase history.
  • For Internal Analytics and Research: To understand user demographics, interests, and behavior to improve our business operations.
  • For Security and Fraud Prevention: To protect our website, customers, and business from fraudulent transactions, unauthorized access, and other illegal activities.
  • To Comply with Legal Obligations: To meet our legal, regulatory, and compliance requirements, including tax obligations.

5. Sharing Your Personal Data

We share your personal data with the following categories of third parties for the purposes outlined above:

  • Payment Processors: Such as Stripe, PayPal, or other reputable payment gateway providers, to securely process your payments.
  • Shipping and Delivery Services: Such as Royal Mail, DPD, or other courier services, to deliver your purchased products.
  • IT and System Administration Services: Providers who support our website hosting, data storage, and other essential IT infrastructure.
  • Marketing and Advertising Partners: To manage and deliver marketing campaigns and advertisements, where you have provided consent.
  • Analytics Providers: Such as Google Analytics, to help us understand website traffic and usage patterns.
  • Professional Advisers: Lawyers, bankers, auditors, and insurers who provide professional services.
  • Law Enforcement or Regulatory Bodies: Where required by law or to protect our legal rights.

We only share personal data necessary for these third parties to perform their specific functions and ensure they are obligated to protect your data in accordance with applicable laws.

6. Data Security

We are committed to ensuring that your data is secure. We implement a variety of security measures to maintain the safety of your personal data, including:

  • Encryption: Using SSL/TLS technology to encrypt data during transmission (e.g., when you make a purchase or log in).
  • Secure Servers: Storing your data on secure servers with restricted access.
  • Access Controls: Limiting access to your personal data to authorized employees, agents, contractors, and other third parties who have a business need to know, and who are subject to confidentiality obligations.
  • Regular Security Audits: Conducting periodic security assessments to identify and address vulnerabilities.
  • Data Minimization: Collecting only the personal data that is strictly necessary for our stated purposes.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your Browse experience, analyze site usage, and support our marketing efforts.

  • What are Cookies? Cookies are small text files placed on your device by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
  • Types of Cookies We Use (Standard Cookie Policy):
    • Strictly Necessary Cookies: Essential for the website to function correctly (e.g., enabling you to add items to your shopping cart and check out). These cannot be switched off.
    • Performance/Analytical Cookies: Allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.
    • Functionality Cookies: Enable the website to provide enhanced functionality and personalization (e.g., remembering your preferences).
    • Targeting/Advertising Cookies: May be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.
  • Your Choices: Most web browsers allow you to control cookies through their settings. You can choose to block or delete cookies. However, please note that disabling certain cookies (especially strictly necessary ones) may affect the functionality of our website. We provide a cookie consent banner that allows you to manage your preferences.

8. Children’s Privacy

Our website is not intended for individuals under the age of 13, and we do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13 without verifiable parental consent, we will take steps to remove that information from our servers. If you believe we might have any information from or about a child under 13, please contact us at care@cu-nu.com.

9. Your Data Protection Rights

Under applicable data protection laws (including the UK GDPR), you have the following rights regarding your personal data:

  • The Right to Access: To request copies of your personal data.
  • The Right to Rectification: To request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The Right to Erasure (Right to be Forgotten): To request that we erase your personal data, under certain conditions.
  • The Right to Restrict Processing: To request that we restrict the processing of your personal data, under certain conditions.
  • The Right to Object to Processing: To object to our processing of your personal data, under certain conditions (e.g., for direct marketing).
  • The Right to Data Portability: To request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • The Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

To exercise any of these rights, please contact us using the details provided in Section 1 (Data Controller). We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

10. Legal Basis for Processing Personal Data

We will only process your personal data when we have a valid legal basis to do so, as required by the UK GDPR. Our legal bases include:

  • Consent: Where you have given us clear consent for processing your personal data for a specific purpose (e.g., sending marketing emails). You can withdraw your consent at any time.
  • Contractual Necessity: Where the processing is necessary for the performance of a contract with you or to take steps at your request before entering into such a contract (e.g., processing your order and delivering products).
  • Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and interests (e.g., for website security, fraud prevention, internal analytics, and improving our services).
  • Legal Obligation: Where processing is necessary for compliance with a legal or regulatory obligation that we are subject to (e.g., maintaining records for tax purposes).

11. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

12. International Data Transfers

Our business is located in the United Kingdom, and our servers are also located in the United Kingdom. We do not currently transfer your personal data outside the United Kingdom.

If we decide to transfer data internationally in the future, we will ensure that adequate safeguards are in place to protect your personal data, such as using Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO) or relying on an adequacy decision from the UK government. We will update this Privacy Policy accordingly if such transfers occur.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the “Last Updated” date at the top. We encourage you to review this Privacy Policy periodically for any changes.

14. Contact Us

If you have any questions about this Privacy Policy, our data practices, or if you wish to exercise any of your data protection rights, please contact us:

By Email: care@cu-nu.com

By Post: Office 1278 92 Castle Street Belfast, BT1 1HE United Kingdom

Via our Contact Form: [Insert Link to your website’s contact form here]