Privacy policy

This Privacy Policy explains what personal data AIMEN SOLTANI LLC trading as QureSkin (“QureSkin”, “we”, “us”, “our”) collects from you when you visit tryqureskin.fit, place an order, or interact with our marketing communications, and how we handle that data. As a non-UK established trader directing our services to consumers in the United Kingdom, we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 in respect of UK personal data we process. We are the data controller for the personal data described in this policy.

1. Who We Are and How to Contact Us

AIMEN SOLTANI LLC, a single-member Limited Liability Company organised in New Mexico, USA (NM Entity ID 0008075821; EIN 98-1919036), with registered address at 2105 Vista Oeste NW, Suite E #3759, Albuquerque, NM 87120, USA, is the data controller for your personal data.

For any data protection enquiry, please email qureskin@outlook.com.

2. Data We Collect

We collect the following categories of personal data:

  • Identity and contact data: name, email address, postal address, phone number (optional).
  • Order data: products ordered, order history, delivery address, billing address.
  • Payment data: we do not store full card numbers. Payment is processed by our payment provider (Shopify Payments / Stripe), who handle card data directly under PCI-DSS compliance. We retain only the last four digits and the card type for fraud and dispute purposes.
  • Account data: login email, hashed password, account preferences.
  • Marketing data: consent flags, communication preferences, engagement with our emails (opens, clicks).
  • Technical data: IP address, browser type, device identifiers, cookie identifiers, pages visited, referring URL.
  • Communications data: records of correspondence between you and our support team.

3. How We Collect Your Data

  • Directly from you when you create an account, place an order, contact our support team, or subscribe to our newsletter.
  • Automatically via cookies and similar technologies when you browse the Site (see Cookies below).
  • From third parties such as our payment provider, our shipping carriers (delivery confirmations), and our email service provider (engagement analytics).

4. Why We Use Your Data and Our Legal Basis

Under UK GDPR Article 6, we rely on the following legal bases for processing your personal data:

  • Performance of a contract: to process your orders, manage your subscription, deliver your products, and handle returns and refunds.
  • Legitimate interests: to operate and improve our Site, prevent fraud, ensure security, and (where you are an existing customer) send you marketing about similar products subject to your right to opt out.
  • Consent: to send you marketing emails (where you have actively opted in), and to set non-essential cookies.
  • Legal obligation: to comply with tax, accounting, and consumer protection laws applicable to us as a US trader directing services to UK consumers.

5. Who We Share Your Data With

We share your personal data only with the following categories of recipients, all of whom act as our data processors and are bound by appropriate contractual safeguards:

  • Shopify Inc. (Canada / United States): our ecommerce platform host.
  • Shopify Payments / Stripe (United States / Ireland): our payment processor.
  • Klaviyo (United States): our email marketing service provider.
  • Royal Mail, Evri, ParcelWILL, and other UK couriers: for delivery and tracking.
  • Kaching (European Economic Area): our subscription bundles and cart drawer provider.
  • Tax authorities and regulators: where required by law in the United Kingdom or the United States.
  • Professional advisers: accountants, auditors, lawyers, where strictly necessary.

We do not sell your personal data to third parties.

6. International Transfers

As a US-organised company, your personal data is transferred to and processed in the United States. Some of our service providers (notably Shopify, Klaviyo, Stripe) are also based in the United States. Where personal data is transferred outside the United Kingdom, we rely on:

  • The UK extension to the EU-US Data Privacy Framework (UK Data Bridge) where the recipient is certified;
  • The UK International Data Transfer Agreement (IDTA) or Addendum to EU Standard Contractual Clauses; and
  • Appropriate supplementary technical and organisational measures, including encryption in transit and at rest.

By placing an order or creating an account with us, you acknowledge that your personal data will be processed in the United States and other jurisdictions outside the UK.

7. How Long We Keep Your Data

  • Order and tax records: 6 years from the end of the relevant tax year, to comply with UK HMRC and US IRS retention requirements.
  • Account data: as long as your account remains active, plus 2 years after closure.
  • Marketing data: until you withdraw consent or unsubscribe, plus 2 years for suppression list purposes.
  • Customer service correspondence: 3 years from the date of the last communication.
  • Technical and analytics data: typically 14 to 26 months, depending on the cookie category.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access — to know what data we hold about you and obtain a copy.
  • Right of rectification — to correct inaccurate or incomplete data.
  • Right of erasure — to have your data deleted in certain circumstances.
  • Right of restriction — to limit how we process your data.
  • Right to data portability — to receive your data in a machine-readable format.
  • Right to object — to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent — at any time, where processing is based on consent.
  • Right to lodge a complaint — with the UK Information Commissioner’s Office (ico.org.uk).

To exercise any of these rights, please email us at qureskin@outlook.com. We will respond within one calendar month.

9. Cookies

We use cookies and similar technologies on our Site for essential functionality (such as your shopping cart and login session), analytics (to understand how visitors use our Site), and marketing (to deliver relevant advertising and measure campaign effectiveness). You can control cookies via the cookie banner displayed on your first visit and at any time via the cookie settings link in our footer.

10. Children’s Data

Our Site and products are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. All payment data is processed under PCI-DSS standards. Communications between your browser and our Site are encrypted with TLS.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on the Site, with the date of the most recent revision shown at the top. Material changes will be notified to active customers by email.

13. Contact

For any privacy-related question or to exercise your rights, please email qureskin@outlook.com.