General Data Protection Regulation Policy (GDPR)

GDPR POLICY

Last updated 05/07/2026

Version (1)

  1. We are Aigelle, a small skincare business based in the UK. This policy explains how we collect, use and protect your personal data in line with UK GDPR and the Data Protection Act 2018.

  2. What personal data we collect

    We may collect:

    Name.

    Billing and shipping address.

    Email address.

    Phone number.

    Payment details (handled securely by our payment providers - PayPal and Stripe)

    Order history.

    Account details

    Website usage data.

    Any information you provide through contact forms or messages.

  3. Why we use your data

    We use your data to:

    Process and deliver orders.

    Provide customer support.

    Send order updates.

    Manage payments and refunds.

    Send marketing emails (only if you have opted in).

  4. Sharing your data

    Delivery and courier companies - We will share your details with Royal Mail and Parcel force, so that you may receive your order.

    We do not share your data with any outside individuals.

  5. Keeping your data safe

    The information collected through the checkout process is stored on our website server. Our website is hosted through Hostinger and they employ the following security measures to ensure all of the data collected is secure-

    Hostinger employ full time security consultants, dedicated to the security of customer information.

    Hostinger is currently developing the tools to allow the right to access and the right to be forgotten, which will meet the GDPR requirements.

    Our payments are taken by PayPal which is fully Payment Card Industry Data Security Standards (PCI DSS) compliant and is accredited as a level 1 service provider and merchant.This standard helps create a secure environment by increasing card holder data, thus reducing credit card fraud. They regularly perform internal security audits to maintain ISO/PCI security certifications.

    Our payments are taken by Stripe which is fully Payment Card Industry Data Security Standards (PCI DSS) compliant and is accredited as a level 1 service provider. This is the highest level of certification available in the payments industry, verified annually by an independent Qualified Security Assessor.

  6. Your rights

    You have the right to:

    Access your personal data.

    Request deletion of your data.

    Withdraw consent at any time.

    To exercise your rights, please contact us at Hello@Aigelle.co.uk

  7. Cookies

    Our website may use cookies to improve functionality, analyse traffic, and support marketing. You can manage cookies through your browser settings or cookie banner.

  8. Marketing

    If you opt in, we may send you emails about products, offers and news. You can unsubscribe at any time using the link in your emails.

  9. Contact us

    You can request a copy of all the data we currently hold on file for you. We are legally required to provide this to you free of charge and within one month of the original request.

    If you have any questions about this policy or your data, contact:

    Aigelle via email Hello@Aigelle.co.uk

    If you want us to delete all information we have on file, we are legally required to do so, should you request it. See above.