Privacy Policy

Last Updated: 15th June 2025

Introduction

Miss Temptress Limited (“Little Miss Temptress”, “we”, “us” or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website or use our services. It also outlines your rights in relation to your personal data and how you can exercise them, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We adhere to the core data protection principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity/confidentiality, and accountability.

Please read this policy carefully to understand our practices regarding your information. By using our website (including creating an account or making a purchase), you agree to the collection and use of information in accordance with this Privacy Policy. We may update this policy from time to time to reflect changes in law or our business practices. If we make material changes, we will notify you by updating the “Last updated” date and, if appropriate, via email or website notice. We encourage you to review this page periodically for the latest information on our privacy practices.

Who We Are

Little Miss Temptress (16348024) is a brand registered in the United Kingdom. Our registered address is 4th Floor, Silverstream House, 45 Fitzroy Street, Fitzrovia, London, W1T 6EB. For the purposes of UK data protection law, Little Miss Temptress is the “data controller” of the personal data collected via our website. This means we determine how and why your personal data is processed. In this policy, “we” or “us” refers to Little Miss Temptress.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details in the How to Contact Us section below. We take our responsibility to safeguard your information seriously and have measures in place to keep it secure.

What Data We Collect

We collect and process various types of personal data from you when you interact with our website, create an account, make a purchase, or otherwise use our services. The types of information we may collect include:

Identity and Contact Information: When you create an account or checkout on our site, we collect information such as your name, email address, billing and shipping addresses, and phone number. This information is necessary to register your account and to process and deliver your orders.
Account Credentials: If you register an account, we collect the login credentials you create (such as username or email and password). Passwords are stored in an encrypted form for security. These details allow you to log into your account and manage your profile.
Order and Transaction Data: When you make a purchase, we collect details about the products you order, your order number, and purchase history. We also receive information about the transaction, such as payment confirmation and billing/shipping details. Payment information (e.g. credit/debit card details) is handled securely by our third-party payment processors (like Shopify Payments, PayPal, or other providers) and we do not store your full card details on our systems. We may retain non-sensitive payment details (such as card type or last 4 digits, and the transaction ID) for record-keeping and fraud prevention.
Communication Data: If you contact us with a query, request, or feedback (via email, contact form, or phone), we will collect the information you provide in those communications. This may include your contact details and the content of your messages. We also record your preferences if you subscribe to our email newsletter (with your consent) or opt-in to receive marketing messages.
Marketing Preferences: When you sign up to our email newsletter or other marketing communications, we record your consent and preferences (e.g. whether you want to receive promotions via email or SMS). You can opt out of marketing at any time (see Your Rights below).
Technical and Usage Information: When you visit our website, we automatically collect certain information about your device and how you use the site. This includes your IP address, browser type and version, device identifiers, time zone setting, and operating system. We also collect information about your visit, such as the pages you viewed, page response times, access times and dates, referral URLs, and navigation paths. We gather this data through cookies and similar tracking technologies (explained in Cookies and Tracking Technologies below) to understand how users interact with our site and to improve your experience.
Cookies and Tracking Data: We use cookies, pixels, and similar technologies to collect data about your browsing actions and preferences. For example, cookies help us remember items in your shopping cart, recognize you on return visits, and understand which products or pages are of interest to you. Some cookies are essential for site functionality (e.g. to enable checkout), while others are used for analytics or advertising (with your consent, where required). See Cookies and Tracking Technologies for more details on the types of cookies we use and your choices.

Special Category Data: We do not intentionally collect any sensitive personal data (also known as “special category” data) about you, such as information about your health, ethnicity, religious beliefs, or biometric identifiers. Our products and services are not directed at collecting such data, and we will always seek your explicit consent if we ever wish to gather sensitive information (for example, a future feature that asks for beauty or skin preferences would be purely optional). Additionally, our website and services are not intended for children under 13 years of age, and we do not knowingly collect personal data from anyone under 13. If you are under the age of 13, please do not provide any personal information. If we discover that a child under 13 has provided us with personal data, we will delete it.

Note: You are not obligated to provide personal data to us. However, if you choose not to provide certain information, we may not be able to offer you some services or fulfill your order. For example, without your name and address we cannot ship a product to you, and without an email we cannot send you order confirmations or updates. We will make clear when personal data is required (e.g. during checkout or account registration) and when it is optional.

How We Use Your Data

We use your personal data for the following purposes, in accordance with UK GDPR requirements, and only when we have a valid legal basis to do so (see Legal Basis for Processing below). In particular, we may use your information to:

Process and Fulfill Your Orders: We require your personal and payment details to process transactions and deliver products you purchase. This includes using your data to confirm and accept your order, process your payment through our payment partners, provide you with order and shipping confirmations, and arrange delivery to your address. We also use this information to handle returns, refunds, or exchanges as necessary.
Manage and Maintain Your Account: If you create an account, we use your information to set up and maintain your user profile. This lets you log in, update your details, view your order history, and use other account features. We also use your data to verify your identity when you log in and to keep your account secure (for example, by monitoring for suspicious login attempts).
Communicate with You (Customer Service): We will use your email or phone number to communicate with you about your orders (e.g. order confirmation, shipping updates) and respond to any inquiries or requests you send us. This includes providing customer support, answering your questions, and notifying you about important changes or issues (such as product recalls or changes to our terms or this policy).
Send You Newsletters and Marketing Communications: With your consent, we will use your name and email address to send you our newsletter, product news, special offers, and promotions. These communications are only sent if you have subscribed or explicitly agreed to receive them (for example, by ticking a signup box). You can opt out of marketing emails at any time by clicking the “unsubscribe” link in any email or by contacting us. If you are an existing customer, we may send you occasional product recommendations or offers about similar products you previously purchased, on the basis of our legitimate interests, but we will always provide a clear opt-out option in such communications (see Legal Basis below for more on this).
Personalize Your Experience: We may use data about your past purchases, browsing history, or wish list items to tailor your experience on our website. This could include displaying products that we think you might be interested in, suggesting complementary items, or customizing content on our site to better suit your preferences. We might also use this information to show you relevant advertisements for our products on other websites or social media platforms (commonly via pixels or cookies), but at present we are not actively running third-party ad campaigns. If we introduce targeted advertising or advanced personalization in the future, it will be done in accordance with this Privacy Policy and applicable laws, and we will update you or obtain consent where required.
Improve Our Website and Services: The technical and usage data we collect (e.g. via analytics cookies) is used to understand how our customers use the site and how we can improve. We analyze this data to troubleshoot problems, perform testing, and enhance the functionality, user-friendliness, and security of our website. For example, understanding which pages are most popular or where users encounter errors helps us refine our interface and product offerings. We may also use feedback you provide (through surveys or customer service interactions) to improve our products and services.
Analytics and Performance: We currently use basic site analytics (possibly provided via our Shopify hosting platform) to monitor traffic and site performance. This helps us measure the effectiveness of campaigns and understand user demographics and behavior in aggregate. We may in future use additional analytics tools such as Google Analytics or similar services to gain deeper insights into site usage. If we do so, we will update our Cookie and Tracking disclosures and ensure any such tools are deployed in compliance with privacy regulations (e.g. obtaining consent for non-essential cookies).
Security and Fraud Prevention: We process personal data as necessary to protect our website, our business, and our users from fraud and other illegal activities. This includes using certain information to verify transactions (for example, through our payment processor’s fraud screening) and to monitor for suspicious activity on our site. We also may use IP address and device information to prevent attacks on our site (such as misuse of our website, hacking attempts, or spam). These measures are in place to keep our services safe and secure for all users.
Legal Obligations and Compliance: In some cases we need to use your personal data to comply with our legal or regulatory obligations. For instance, we may retain transaction records to satisfy tax and accounting laws, or we may be required to verify identity to comply with anti-fraud or anti-money laundering regulations. We will also use and disclose personal information where necessary to respond to lawful requests by public authorities (such as to comply with law enforcement or court orders) or to meet other legal requirements under applicable law.
Other Purposes (with Notice/Consent): If we need to use your personal data for a new purpose that is not covered by the above, we will only do so after informing you and, if required, obtaining your consent. We will ensure any new use of data remains consistent with the privacy expectations set out in this policy. For example, if in the future we launch a loyalty program or partnership requiring additional personal information or data sharing, we will update our privacy documentation and provide any necessary opt-ins.

We will never use your personal data for purposes that are incompatible with the original purpose for which it was collected, unless we obtain your permission or are required by law. We do not engage in any form of automated decision-making that produces legal or similarly significant effects on you. Any automated processing we do (such as basic profiling to personalize content or using algorithms to recommend products) is intended to enhance your shopping experience and does not deprive you of any rights or have a substantial impact on you. If that changes in the future (for instance, if we implement a feature that makes automated decisions about creditworthiness or similar), we will update this policy and ensure all legal safeguards are in place.

Legal Basis for Processing

Under the UK GDPR, we must have a valid legal basis to process your personal data. We rely on one or more of the following legal bases when processing your information:

Performance of a Contract: Most of our data processing is necessary to perform the contract we have with you, or to take steps at your request before entering into a contract. When you make a purchase from us or otherwise engage our services, a contract is formed. We must process your personal data (such as your payment and contact details) to fulfill our obligations under that contract – for example, to process your payment and deliver the products to you. If you create an account, we process your data to maintain your account as part of our service to you. Without this information, we cannot execute the contract (i.e., we wouldn’t be able to sell and ship products to you).
Consent: We will obtain your consent before processing your data in certain ways, when required by law. For instance, we rely on consent to send you promotional emails or newsletters (if you sign up), and to place non-essential cookies or use certain tracking technologies on your device. Where we ask for consent, you have the right to withdraw it at any time. Withdrawal of consent will not affect the lawfulness of any processing we have already carried out, but it will stop the future processing of your data for the purpose you originally consented to. For example, if you withdraw your consent for marketing emails, we will stop sending them.
Legal Obligation: We may process your personal data when we need to in order to comply with a legal obligation to which we are subject. This includes retaining certain transaction records for tax and accounting purposes, disclosing information to law enforcement or regulatory authorities when required by law, or fulfilling obligations under consumer protection laws. For example, UK companies are required to keep accounting records (including transaction data) for 6 years after the end of the financial year. Such legal requirements necessitate our handling and retaining of some of your personal data.
Legitimate Interests: We sometimes process your data to pursue legitimate interests of our own or of third parties, but only if your interests and fundamental rights do not override those interests. Our legitimate interests include things like improving our products and services, understanding our customer base, securing our IT infrastructure, and conducting direct marketing to our customers. For example, when we analyze how customers use our website to improve navigation or product offerings, we do so under legitimate interests (ensuring our business remains competitive and our site user-friendly). Similarly, if you are an existing customer, we may send you marketing about similar products you bought, relying on our legitimate interest in growing our business – but you always have the right to opt-out of such marketing at any time. When we process data for our legitimate interests, we consider and balance any potential impact on you (both positive and negative) and your rights under data protection laws.
Vital Interests or Public Interest: In almost all cases, the above bases will cover our processing. Only in very rare circumstances would we rely on vital interests (processing necessary to protect someone’s life) or a public interest/task carried out under official authority – these are generally not applicable to a beauty retail business. We will let you know if this ever changes.

Clarification on Consent and Legitimate Interest for Marketing: We will always obtain your consent before sending you marketing communications from third parties or if required by law (for example, electronic marketing to new customers). If you are an existing customer of Miss Temptress, we may send you marketing about our own similar products based on our legitimate interest, as permitted by the Privacy and Electronic Communications Regulations (soft opt-in rule), but we will always provide a clear way to opt out in every message. We do not currently share your data with any third parties for their own marketing purposes, or sell your information, without your consent.

If you have questions about the legal bases we rely on or need more information, feel free to contact us. We will also specify the applicable legal basis at the point of data collection where appropriate. For instance, our account signup and checkout forms indicate which information is necessary for contract (and thus must be provided to complete your purchase) versus which information is optional or collected with consent.

How Long We Keep Your Data

Data Retention: We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In general, this means we keep your data for the duration of our relationship with you, and thereafter only as required by law or legitimately necessary (for example, to resolve disputes or enforce our agreements).

Our retention practices are designed to comply with the principle of storage limitation under data protection law. We do not hold on to personal data indefinitely. Once the retention period for a particular piece of data expires, or the data is no longer needed, we will securely erase it or anonymize it so that it can no longer be associated with you. Below is a summary of how long we typically keep different categories of data (these timeframes may be adjusted to meet changes in legal requirements or business needs):

Account Information: If you have an online account with us, we will keep your account data active for as long as your account exists. If you choose to delete your account or it remains inactive for an extended period, we will delete or anonymize your account information after a reasonable period of time. (We may contact you before deletion in case you want to keep your account.) Backup copies might persist for a short time after deletion, but we will ensure they are erased or anonymized in due course.
Order and Transaction Records: We retain records of your purchases and transactions for as long as necessary to fulfill your order and handle any returns or issues, and thereafter for a period required by law or our internal policies. In the UK, for tax and accounting purposes, we are generally required to keep basic transaction information (like invoices, payment records, names and addresses of customers) for 6 years from the end of the financial year in which the transaction took place. Therefore, even if you delete your account or request erasure, we may need to retain certain information about your purchases in order to comply with these legal obligations. We also retain transaction data as needed to defend legal claims, ensure warranty/service commitments, and maintain accurate financial records.
Customer Service Communications: Any emails or communications you send to us (queries, support requests, etc.) will be kept as long as necessary to resolve your inquiry and for a short period thereafter in case of follow-up questions. We may retain these communications for up to 1-2 years (depending on the nature of the correspondence) to help us improve our customer service and to have a reference if you contact us again about the same matter. In some cases, where communications might be relevant to a legal dispute or liability, we may keep them for a longer period as needed.
Marketing Data: If you have consented to receive marketing emails, we will keep your contact details on our marketing list until you unsubscribe or otherwise withdraw your consent. If you unsubscribe or opt-out from marketing, we will remove you from our active marketing list promptly and will not send further marketing communications. However, we may retain a suppressed record of your email address (and opt-out request) indefinitely to ensure we respect your opt-out in the future. This suppression is a legal requirement to demonstrate compliance with direct marketing laws.
Technical and Analytics Data: Analytics data collected via cookies and similar technologies is typically retained as long as is necessary for the purposes it was collected. Some analytics tools might retain aggregated data for analysis (e.g. Google Analytics, if used, retains data for a set period which can be configured – often 14 months or more). We will either configure such retention to an appropriate timeframe or ensure data is anonymized if kept longer. Raw web server logs capturing IP addresses are usually retained only for a short duration (a few weeks up to a few months) for security monitoring and then automatically deleted.
Legal Compliance and Protection: In cases where we need to keep data longer to comply with a legal obligation or for the establishment, exercise, or defense of legal claims, we will retain the necessary information until that obligation is fulfilled or the claim is resolved. For example, if we receive a complaint or dispute, we will retain relevant data throughout the resolution of that complaint. Similarly, if a law enforcement agency legitimately requires us to preserve data, we will do so for as long as instructed.

Once we no longer have a legitimate reason to keep your personal data, we will securely dispose of it. This may involve deleting it from our active systems and backups, or anonymizing the data so that it can no longer be linked to you. Anonymized or aggregated data (which no longer identifies you) may be retained for longer periods for statistical or business analysis purposes without further notice, since it is no longer personal data.

If you have any questions about our specific retention periods for certain types of data, you are welcome to contact us for more detail. In some cases, retention periods can be complex and depend on various factors (contractual obligations, statutory limitations, etc.), but we aim to be transparent about how long we hold your data.

Sharing Your Data

We treat your personal data with care and confidentiality. We do not sell your personal information to third parties for their own marketing or any other purposes. However, in order to run our business and provide our services to you, we do need to share your data with certain trusted third parties. These third parties fall into the following categories:

Service Providers and Processors: We share information with third-party companies that provide services on our behalf, such as:
- Website Hosting and E-Commerce Platform: Our website is hosted on the Shopify platform. Shopify acts as our data processor in hosting the site and processing data needed to operate our online store. This means that information you provide on our site (account details, order information, etc.) is stored on Shopify’s servers. Shopify is a reputable e-commerce provider and operates in compliance with data protection laws. They only use your data to provide services to Miss Temptress and are contractually bound to keep it secure and confidential.
- Payment Processors: We use third-party payment gateways (such as Shopify Payments, which may be powered by Stripe, as well as options like PayPal or other payment providers) to handle your payments securely. These payment processors receive the necessary personal and payment information to process your transaction (for example, they will receive your credit card details, billing name and address). They are responsible for processing your payment data in a secure manner and only for the purposes of payment processing. We do not have access to your full card details; we only receive confirmation of payment or any partial information necessary for record-keeping (e.g. a transaction ID or card token).
- Shipping and Logistics Partners: In order to deliver your orders, we share your shipping name, address, and contact phone/email with our delivery partners or couriers (for example, Royal Mail, DHL, UPS, or other postal/courier services depending on your location). These third parties need the information to transport your products to you, to provide tracking updates, and to contact you if needed regarding delivery. They are authorized to use your data only for the purpose of delivering goods and performing related logistics services.
- Email Service Providers: We may use an email service platform (such as an email marketing service or SMTP relay) to send out transactional emails (order confirmations, password resets) and marketing emails (newsletters, if you are subscribed). For instance, if we use an email marketing tool (like Mailchimp, Klaviyo, or Shopify’s built-in email tool), that provider will handle your email address and name to send our communications. These providers act under our instructions and cannot use your email for their own purposes. They also typically offer features to manage subscriptions and ensure compliance with spam laws.
- Analytics and Advertising Partners: Currently, our use of third-party analytics/advertising is minimal. We may use basic analytics provided by Shopify or consider integrating tools like Google Analytics or Facebook Pixel in the future to help us understand user behavior and possibly advertise our products. If and when we use such services, we may allow those partners to set cookies or other trackers (as described in Cookies and Tracking Technologies). These partners would process usage data (like page views, IP addresses, device info) for analytics or advertising on our behalf. We will ensure any such partners are reputable and that appropriate data protection agreements (like standard contractual clauses if they are overseas – see International Data Transfers) are in place. At present, we do not send your personal details (like name or email) to advertising networks; we may share pseudonymous data (like a cookie ID or hashed email) if we engage in retargeting or similar campaigns, but only in accordance with privacy laws and, where required, with your consent.
- IT and Infrastructure Providers: We use various other tools to run our business that may involve processing of personal data, such as cloud storage providers, CRM (customer relationship management) systems, or customer support ticketing systems. For example, if we maintain customer records in a CRM or use a cloud-based software for managing our orders, the providers of those systems may host data that includes your personal information. We ensure all such providers are bound by confidentiality and security obligations.
Affiliated Companies: Currently, Miss Temptress Limited is a single company. If in the future we establish subsidiaries, affiliates, or merge with another business, we may share data within our corporate group as necessary to operate our services and provide a seamless experience. Any affiliated entities would be required to honor this Privacy Policy and treat your information in accordance with the same principles. If a corporate transaction occurs (such as a merger, acquisition, or asset sale), personal data might be transferred to the new ownership as part of that deal, but we would ensure the continuity of your privacy rights and provide notice of any significant changes.
Legal and Regulatory Requirements: We may disclose your personal data to third parties when required to do so by law or when such disclosure is necessary to:
- Comply with a legal obligation or request (for example, responding to government or law enforcement subpoenas, warrants or orders, or to meet national security or law enforcement requirements).
- Enforce our terms and conditions or other agreements, or to investigate potential breaches of those terms.
- Protect the rights, property, or safety of Miss Temptress, our customers, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. For instance, we might share information with payment fraud screening services or with law enforcement in cases of suspected fraud or cyber-crime affecting our site.
Third-Party Marketing (Currently None): As noted, we do not currently share your information with third-party companies for their direct marketing purposes (for example, we don’t give or sell our customer list to other brands). If this ever changes in the future, we will obtain your explicit consent before doing so. You will have the opportunity to choose whether or not to share your data in this way, and we would update this Privacy Policy accordingly to reflect any new data sharing practices.

Whenever we share your data with third parties, we ensure that they only receive the minimum amount of information necessary for the specific purpose. We also require all third-party service providers to handle your data securely and in accordance with applicable data protection laws. We have contracts in place with our processors which oblige them to respect the confidentiality and security of your data, and to use it only for providing the agreed services to us (and not for their own purposes).

If any third-party processing is to be carried out outside of the UK (or EEA), we will make sure that appropriate safeguards are in place (see the next section International Data Transfers for more details on how we protect your data when it’s transferred abroad).

In summary, aside from the circumstances described above, we will not disclose your personal data to any third party without your consent. If you ask us to share data with a third party (for example, if you participate in a co-branded promotion or use a feature that involves another service), we will do so only with your direction and with appropriate safeguards.

International Data Transfers

Miss Temptress Limited is based in the UK, and generally, your personal data will be stored and processed within the United Kingdom or the European Economic Area (EEA). However, many of our third-party service providers are international companies, and some of your data may be transferred to or accessed from outside the UK/EEA in order to provide our services. This section explains how we handle such international data transfers and ensure your data remains protected.

Shopify (Hosting & Platform): Our website operates on Shopify, which is a global e-commerce platform. Shopify’s primary operations are in Canada and the United States. When you provide personal data on our site, that information may be stored on servers located in the United States or other countries outside the UK. Canada is currently recognized by the UK as providing an adequate level of data protection (under adequacy regulations), and Shopify International Ltd. (its Irish affiliate) handles data for UK/EU customers in compliance with EU/UK data laws. Shopify may in some cases transfer data to its parent company in Canada or sub-processors in other countries. We have a data processing agreement with Shopify which incorporates standard contractual clauses and ensures that any transfers of EU/UK customer data outside of those regions are protected in line with GDPR requirements.

Other Service Providers Abroad: Some of our other processors or partners might be located (or use servers) in other countries:

For example, if we use an email service like Mailchimp (USA-based) or if we use Google Analytics (which might store data in the US or globally), or if our payment processor’s servers are outside the UK, this involves transferring personal data internationally.
We might also engage customer support providers or cloud storage services that operate from the US, India, or other locations. For instance, if we utilize a customer support center or live chat service outside the UK, staff in those locations might access customer data to assist you.
Additionally, if you are an international customer (outside the UK) making a purchase, your personal data will be transferred to the UK so we can process your order, and then we will transfer necessary data (like your name and address) to logistics partners in your country to deliver the product. For example, if you order from the United States or Australia, we will send your shipping details to a courier or postal service in that region to complete delivery.

We want to assure you that, regardless of where your data is processed, we take steps to protect it. When your personal data is transferred outside of the UK (and if outside the EEA as well), we ensure at least one of the following safeguards is implemented:

Adequacy Decisions: We may transfer personal data to countries that have been officially recognized by the UK (or EU) as providing an adequate level of data protection. For example, transfers to the EEA countries, Canada, Japan, and certain other jurisdictions are permitted because those places have data protection laws deemed essentially equivalent to UK standards.
Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision (such as the United States, if applicable), we use the UK International Data Transfer Agreement or the European Commission’s Standard Contractual Clauses (as approved by the UK). These are legal contracts that oblige the recipient to protect your data to the same standard as it would be under UK/EEA law. We will also assess on a case-by-case basis whether additional technical or organizational measures are needed to ensure your data is secure (for instance, encryption in transit and at rest).
Other Safeguards: In some cases, we may rely on other permitted transfer mechanisms under data protection law, such as binding corporate rules (if applicable), or specific exceptions under Article 49 UK GDPR (e.g., transfer necessary for the performance of a contract with you, or with your explicit consent, etc.). However, we will typically use the above safeguards for routine transfers.

If we cannot ensure that an overseas recipient will protect your data adequately, we will pause such transfers and seek solutions or ask for your explicit consent, as required by law. Our aim is that your personal information receives continuous protection and that your rights remain enforceable even when your data is transferred outside your home country.

You can request more information about the international transfers of your personal data and the safeguards we have put in place by contacting us (see How to Contact Us). We will be happy to provide further details, such as pointing you to relevant privacy policies of our providers or excerpts of contractual clauses (subject to commercial confidentiality).

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to distinguish you from other users and to improve your experience on our site. This section explains what cookies and tracking technologies are, how we use them, and your choices regarding them.

What Are Cookies? Cookies are small text files that are stored on your browser or device by websites, apps, or advertisements. They contain information that is transferred to your device’s hard drive. Cookies can be “first-party” (served by us from our domain) or “third-party” (served by other companies whose services we use). They may last only for your session (session cookies, which are deleted when you close your browser) or remain longer (persistent cookies, which stay until they expire or you delete them).

Other Tracking Technologies: In addition to cookies, we and our partners may use other technologies like web beacons/pixels, tags, or SDKs in our emails or on our site. These are tiny graphic images or code snippets that function in a similar way to cookies, allowing us to track user actions (such as whether an email was opened or a link was clicked) and gather usage information.

How We Use Cookies/Tracking: We use these technologies for a few key purposes:

Essential Functions: Some cookies are necessary for our website to function properly. For example, they enable basic features like the shopping cart to remember the items you added, or allow you to log into secure areas of the site. Without these cookies, you wouldn’t be able to make full use of our site. Because they are necessary, they are typically stored without requiring consent.
Preferences and Functionality: We use cookies to remember your preferences, such as your chosen currency, items in your wishlist, or your login status. These help personalize your experience and make the site more convenient (for instance, keeping you logged in or retaining your cart between visits).
Analytics and Performance: We use analytics cookies and similar tools to collect information about how visitors use our site. This helps us count visitors, see which pages or products are most popular, identify when errors occur, and understand overall usage patterns. The data we get is typically aggregated and does not directly identify you. For example, we may use Google Analytics (a widely-used analytics tool) to gather information like your IP address (anonymized if possible), pages visited, time spent, and referring website. This helps us improve site performance and design. (Currently, we have basic analytics via Shopify’s platform; we may implement Google Analytics or similar tools in future to further analyze site usage. If we do, those tools’ cookies will be disclosed and run only with appropriate consent.)
Advertising and Social Media Cookies: As of now, we are not running third-party advertising campaigns on our site that would use targeting cookies (aside from basic Facebook Pixel integration for our own potential ad tracking). However, in the future we may use advertising cookies or pixels to deliver ads more relevant to you and to measure the effectiveness of our ads. For instance, a Facebook Pixel or Google Ads tag might track that you visited our site and allow us to show you ads on Facebook or Google’s network. These cookies record your visit to our site, the pages you have visited, or products you’ve viewed, and might also track if you complete a purchase (conversion tracking). If implemented, this helps us reach people who showed interest in our products and avoid showing repetitive ads to you. We would only activate such marketing cookies with your consent via our cookie management tool.
Third-Party Features: If our site integrates content or features from third parties (such as an Instagram feed, YouTube video, or “share” buttons for social media), those third parties may set cookies on your device. These cookies are not set by Miss Temptress, but by the third-party provider, and could track your interaction or identity if you are logged into their service. We currently have limited third-party embedded content, but if you interact with, say, a social media share plugin, that social network might set a cookie.

Consent and Managing Cookies: When you first visit our site, you will see a cookie notice or banner that allows you to set your cookie preferences. Except for cookies that are strictly necessary, you have the choice to accept or reject various categories of cookies (e.g., “Analytics” or “Marketing” cookies). If you opt in, you can always change your mind later:

You can adjust settings by using our cookie consent management tool (if available on the site) to withdraw consent or modify preferences.
Additionally, most web browsers allow you to control cookies through their settings (you can usually refuse new cookies, delete existing ones, or have the browser notify you when cookies are set). Please note that disabling certain cookies (especially essential ones) may affect the functionality of our site. For example, if you disable all cookies, our site’s shopping cart and account login may not work properly.
To learn more about cookies and how to manage or disable them, you can visit www.allaboutcookies.org or the help section of your browser. For information on how to opt-out of Google Analytics, you can visit the Google Analytics opt-out page. For advertising cookies, websites like YourOnlineChoices.eu (in the EU/UK) or optout.aboutads.info (in the US) provide tools to opt out of interest-based advertising.

Do-Not-Track Signals: Some browsers have a “Do Not Track” (DNT) feature that signals to websites that you do not want to be tracked. Currently, there is no uniform standard for how to interpret DNT signals, and our site does not respond to them. We recommend using the cookie consent tools and settings described above to manage your preferences.

More Information on Tracking Technologies: We maintain a Cookie notice or list (often found in our Cookie Policy or at the end of this Privacy Policy) that details each cookie we use, its purpose, type, and duration. If it’s not present here, you can contact us and we will provide you with more specific information. We believe in transparency about how and why data is collected.

By continuing to use our site with cookies enabled, you are agreeing to our use of cookies as described here. However, if you choose to disable certain cookies, we will respect your decision and will not use those cookies (though some functionality may be limited as a result).

Your Rights

Under data protection laws, you have a range of rights regarding your personal data. Miss Temptress Limited is committed to honoring these rights and has procedures in place to enable you to exercise them. Please note that these rights are not absolute – in some cases, legal exemptions may apply, but we will inform you if any such exemption is relevant. Your data subject rights include:

Right to Be Informed: You have the right to be given clear, transparent and easily understandable information about how we use your personal data and your rights. This Privacy Policy is part of fulfilling this right. If anything is unclear, please contact us and we'll be happy to provide more information.
Right of Access: You have the right to request access to the personal data we hold about you and to obtain information about how we process it (commonly known as a "Data Subject Access Request"). This means you can ask us to confirm whether we are processing your personal data, and if so, provide you with a copy of that data along with certain other details (similar to what's provided in this policy). We will provide this free of charge within one month of your request (or up to three months if the request is complex, but we will inform you if an extension is needed). For example, you can ask for a copy of the information you provided to us when you made a purchase and what other data we have linked to your profile.
Right to Rectification: It is important to us that your information is accurate and up to date. You have the right to request that we correct or update any personal data that you believe is incorrect or incomplete. If you have an account, you can log in and update some information yourself (like your contact details). For other changes, just contact us and we will rectify the inaccurate data. We may need to verify the new information you provide, but we will promptly make the corrections or add supplementary statements as needed.
Right to Erasure: Also known as the "right to be forgotten," this gives you the right to request the deletion of your personal data when there is no compelling reason for us to continue processing it. You can ask us to erase your data in certain circumstances, for example if the data is no longer necessary for the purpose it was collected, you withdraw consent (and no other legal basis applies), or you object to processing and we have no overriding legitimate grounds to continue. Please note, this right is not absolute – sometimes we must retain certain data to comply with legal obligations (e.g. we cannot delete information that we must keep for tax reporting), or in case of legal claims. We will inform you if that is the case. If you have an online account, you may also have the option to delete your account which will remove most of your personal data. Even after erasure, basic information may remain in backup archives (temporarily) or a record of your request may be kept to ensure your data stays deleted.
Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain situations. This means we would store your data but temporarily stop any other processing activities. You can exercise this right if you contest the accuracy of your data (until we verify it), if our processing is unlawful but you do not want full erasure, if you need the data to be retained for legal claims after we would normally delete it, or if you have objected to processing based on legitimate interests (pending verification of whose interests prevail). When processing is restricted, we will mark the data as such and only process it with your consent or for specific legal reasons.
Right to Data Portability: For the personal data that you have provided to us, and which we process by automated means based on your consent or for performance of a contract, you have the right to obtain a copy in a structured, commonly used, machine-readable format and to request that we transfer that data directly to another service provider (where technically feasible). In simpler terms, this right enables you to take your data from us and reuse it elsewhere. For example, if you request a copy of your transaction history or account details to import into a different service, we will provide it in a CSV or similar format that is easily readable and portable.
Right to Object: You have the right to object to our processing of your personal data when that processing is based on legitimate interests (including profiling) or performed for direct marketing purposes:
- Objecting to Legitimate Interests: If we are processing your data on the basis of a legitimate interest, you can object to this. If you raise an objection, we will consider whether our legitimate grounds for processing override your rights and freedoms. Unless we have a compelling justification to continue processing, or the processing is needed for legal claims, we will stop processing the data you objected to.
- Objecting to Direct Marketing: You have an absolute right to object to direct marketing (including any profiling related to such marketing) at any time. If you object, we will stop using your personal data for marketing purposes immediately. As noted above, you can always opt out of marketing emails by using the unsubscribe link, and that is an example of exercising your right to object to marketing. There is no exception to this right – if you object or opt out, we will honor it.
Right not to be subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In practice, this means if we ever intended to use algorithms or AI to make significant decisions about you (for example, an automated credit approval or something with a substantial impact), we would need to provide you an option for human review or not do it without your explicit consent. As stated earlier, Miss Temptress does not engage in such automated decision-making. Should that change, we will inform you and ensure all appropriate safeguards and options are provided in accordance with the law. Minor profiling (like analyzing your preferences) that does not have a significant effect on you is allowed; still, you can object to profiling used for direct marketing as mentioned above.

In addition to the above rights, you also have the right to withdraw consent at any time for any processing that is based on your consent. For example, you can withdraw your consent to marketing emails or to non-essential cookies. Withdrawal of consent will not affect the lawfulness of processing carried out before you withdrew consent, but it means we will stop the specific activity that was based on consent.

To exercise any of your rights, please contact us using the information in the How to Contact Us section. We may need to verify your identity to ensure that we do not disclose your data to someone else. This is for your security – for instance, we might ask you to provide certain information to confirm you are the account holder or we may require you to use a certain channel (like logging in to your account or using a registered email) to make the request.

We will respond to all legitimate requests within one month, as required by law, and at no cost to you. If your request is particularly complex or if you have made a large number of requests, we may extend this period by up to two further months, but we will inform you and explain the reason if that happens. In very rare cases, where requests are manifestly unfounded or excessive, we might charge a reasonable fee or refuse to act on the request, but we will provide justification if that occurs.

Finally, you have the right to lodge a complaint with the relevant supervisory authority if you believe we have infringed your privacy rights. In the UK, the supervisory authority is the Information Commissioner's Office (ICO). You can find more information about your rights and how to complain on the ICO's website. We would, however, appreciate the chance to address your concerns directly before you approach the ICO or another authority, so please consider reaching out to us first. We take complaints very seriously and will do our best to resolve any issues you raise.

How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please do not hesitate to contact us. We are here to help and inform you. You can reach us in the following ways:

By Email: The quickest way to get in touch is to email us at privacy@littlemisstemptress.co.uk. You can also use this email address to exercise any of your data protection rights (please include "Data Subject Request" in the subject line for faster handling).
By Post: You may also write to us at our registered mailing address:

Privacy Team  
Miss Temptress Limited  
4th Floor, Silverstream House  
45 Fitzroy Street, Fitzrovia  
London, W1T 6EB  
United Kingdom

Please indicate that your mail is regarding the Privacy Policy or data protection, so it can be directed to the appropriate team.

By Phone: If you prefer to speak with us, you can call our customer service number and specifically request to discuss a privacy matter. (Our general customer service number can be found on our website's contact page. Please note that for certain rights requests, we may still ask that you submit your request in writing/email so we have a clear record of it.)

We will address your inquiries as promptly as possible, typically within a few business days. If you are contacting us to exercise a specific right, we will guide you through any identity verification steps and keep you updated on the progress of your request.

We value your privacy and trust. Thank you for reading our Privacy Policy. We hope it has clarified how we handle your personal data. If you have any further questions or suggestions on how we can improve our privacy practices, please let us know.

Our site is protected by hCAPTCHA and the Google Privacy Policy and Terms of Service also apply.