Timeless Beauty – Privacy Policy

Effective Date: 4 December 2025
Last Revised: 4 December 2025
Contact: support@timelessbeautyantiaging.com
Registered Address: United Kingdom

1. Introduction

Timeless Beauty (“we,” “us,” “our”) is committed to protecting your privacy and handling your Personal Data in a transparent and secure manner. This Privacy Policy outlines how we collect, use, disclose, store, transfer, and protect information when you visit https://timelessbeautyantiaging.com or interact with our services.

By accessing our website, you consent to the practices described in this Policy.

2. Categories of Personal Data We Collect

We may collect the following categories of information:

2.1 Information You Provide Directly

  • Name, email address, phone number

  • Billing address, shipping address

  • Payment information (processed by third-party payment processors; we do not store full card data)

  • Account login credentials

  • Customer support inquiries

  • Survey responses or user-generated content

2.2 Information Collected Automatically

  • IP address

  • Browser type and device information

  • Operating system

  • Referring/exit pages

  • Usage data and interaction metrics

  • Cookies, web beacons, pixels, and similar tracking technologies

2.3 Information from Third Parties

  • Analytics providers

  • Advertising partners

  • Payment processors

  • Social media platforms (if you interact or connect via them)

2.4 Sensitive Personal Data

We do not intentionally collect sensitive data (health information, biometric data, etc.). If you voluntarily provide such information, it will be processed only with explicit consent.

3. Legal Basis for Processing (GDPR/UK GDPR)

Where applicable, we rely on the following lawful bases:

  • Consent (e.g., newsletter opt-in, cookie acceptance)

  • Contract performance (e.g., fulfilling orders)

  • Legitimate interests, including:

    • improving website functionality

    • marketing to existing customers

    • fraud prevention and security

  • Legal obligations (e.g., tax and accounting requirements)

  • Vital interests (rare; only when necessary to protect life/safety)

4. How We Use Personal Data

We may use your information to:

  • Process orders and deliver products/services

  • Communicate service updates, marketing messages (with consent), and transactional notices

  • Personalize website content and advertising

  • Improve user experience, analytics, and website performance

  • Prevent fraud, security threats, and abuse

  • Comply with legal and regulatory obligations

We do not sell Personal Data in the conventional sense. Under the CCPA definition, certain data sharing may be considered a “sale” or “sharing for cross-context behavioral advertising,” and user rights apply accordingly.

5. Cookies and Tracking Technologies

We use cookies, pixels, and similar technologies to:

  • Enable site functionality

  • Remember user preferences

  • Perform analytics

  • Support advertising and retargeting campaigns

You may manage cookies via your browser settings or applicable cookie banner controls.
Rejecting cookies may impact site functionality.

6. Third-Party Sharing and Disclosure

We may share Personal Data with:

6.1 Service Providers

  • Payment processors

  • Hosting providers

  • Email and SMS delivery platforms

  • Analytics and advertising partners

  • Fulfillment and logistics providers

These providers are contractually required to protect your data and use it only for specified purposes.

6.2 Legal and Regulatory Authorities

We may disclose information when required by law, regulation, subpoena, or to protect our legal rights, users, or the public.

6.3 Business Transfers

If Timeless Beauty undergoes a merger, acquisition, restructuring, or sale of assets, Personal Data may be transferred as part of that transaction.

We do not permit unauthorized third parties to access or use Personal Data for their own marketing purposes.

7. International Data Transfers

Your information may be transferred to and processed in countries outside your jurisdiction, including the United States and the United Kingdom.

Where required (e.g., GDPR/UK GDPR), such transfers rely on:

  • Adequacy decisions,

  • Standard Contractual Clauses (SCCs), or

  • Other appropriate safeguards.

8. Data Retention

We retain Personal Data only as long as necessary to:

  • Fulfill the purposes for which it was collected

  • Comply with legal and financial recordkeeping obligations

  • Resolve disputes

  • Enforce agreements

Typical retention periods:

  • Transactional records: 6–10 years

  • Marketing data: until consent is withdrawn or after a defined inactivity period

  • Account information: retained until deletion request

Where deletion is not technically feasible, we will securely anonymize the data.

9. Security Measures

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including:

  • Encryption in transit (TLS)

  • Access controls and authentication

  • Monitoring and intrusion detection

  • Secure data storage and backup systems

  • Vendor security vetting

No system is 100% secure, and we cannot guarantee absolute protection, but we implement industry-standard measures to minimize risk.

10. Breach Notification Procedures

If a data breach occurs and affects your Personal Data, we will:

  • Investigate promptly

  • Mitigate risks

  • Notify affected individuals and authorities where legally required (e.g., GDPR 72-hour rule)

  • Provide guidance on protective steps you may take

11. Your Rights

Depending on your jurisdiction (e.g., GDPR, UK GDPR, CCPA/CPRA), you may have the following rights:

11.1 GDPR / UK GDPR Rights

  • Access: obtain a copy of your Personal Data

  • Correction: rectify inaccurate or incomplete data

  • Deletion (“Right to be Forgotten”)

  • Restriction of processing

  • Data portability

  • Objection to processing (including marketing)

  • Withdraw consent at any time

  • Lodge a complaint with a supervisory authority

11.2 California (CCPA/CPRA) Rights

  • Right to know categories and sources of Personal Data collected

  • Right to access specific pieces of Personal Data

  • Right to delete Personal Data

  • Right to correct Personal Data

  • Right to opt out of “sale” or “sharing”

  • Right to limit the use of sensitive Personal Data

  • Right to non-discrimination for exercising privacy rights

To exercise rights, contact us at support@timelessbeautyantiaging.com.

We may require verification of your identity before fulfilling a request.

12. Children’s Privacy

Our website is not intended for individuals under 16 years of age, and we do not knowingly collect Personal Data from minors.
If we learn that a child’s data has been collected, we will delete it promptly.

13. Third-Party Websites

Links to third-party sites are provided for convenience only. We do not control and are not responsible for their privacy practices.
You should review their policies before interacting with them.

14. Jurisdiction and Governing Law

This Privacy Policy is governed by the laws of the United Kingdom, without regard to conflict-of-law principles.
Any disputes shall be brought exclusively in the courts of the United Kingdom.

15. Severability

If any provision of this Privacy Policy is held invalid or unenforceable, the remaining provisions will remain in full force and effect.

16. Changes to This Privacy Policy

We may update this Policy periodically. Significant changes will be posted prominently on our website.

Revision History

  • v1.0 – 4 December 2025: Initial publication.