Privacy Policy
Privacy Policy
1. Who we are (Data Controller)
This website and its services are operated by N. Evgeniou Limited (registration number HE 161605) (“we”, “us”, “our”). We are the data controller for the personal data described in this Privacy Policy.
Registered / business address: Methanon 10, Germasogeia, Limassol 4042, Cyprus
Email: contact@effectivehair.cy
Phone: 253 253 77
This Privacy Policy explains how we collect, use, share, and protect your personal data when you visit our website, create an account, place an order, choose Click & Collect, contact us, or otherwise use our services.
2. Personal data we collect
Depending on how you use our website, we may collect:
A) Account and profile data (My Account / registration)
Name and surname
Email address and phone number
Username (if applicable)
Password (stored in encrypted/hashed form)
Account preferences and language settings
Login and security information (for example failed login attempts)
B) Order and checkout data (WooCommerce)
Billing details (name, address, email, phone)
Shipping details (name, address, phone) or Click & Collect selection
Purchased items, order notes, order history
Refund and return history
Invoice details (if provided)
C) Payment data (Stripe)
Payments are processed securely by Stripe. We do not receive or store your full card details. We may receive limited payment information such as payment status, transaction identifiers, and refund confirmation.
D) Delivery and pickup data
Information needed to deliver orders via ACS Courier
For Click & Collect: your name, contact details, and order information so we can notify you when your order is ready
E) Customer support communications
Messages you send us by email, forms, WhatsApp, or other channels
Information you choose to provide when requesting help with an order, return, account access, or product questions
F) Technical and usage data
IP address, device and browser information, pages visited, approximate location (based on IP), and interaction data
Cookie and similar technology data (see Cookie Policy)
3. Whether you must provide personal data
Certain personal data is required to provide our services. For example, if you do not provide the necessary billing and shipping details (or pickup details), we will not be able to process and fulfil your order. Creating an account is optional, unless a feature requires it (for example viewing order history in My Account).
Consent for marketing and non-essential cookies is optional.
4. How we use your personal data
We use personal data to:
Create and manage your account
Process orders, payments, and refunds
Deliver orders via ACS Courier or arrange Click & Collect
Send essential service communications (order confirmation, shipping updates, password reset, account notifications)
Provide customer support and handle returns/complaints
Improve website performance and user experience (analytics)
Measure and improve advertising performance (if Meta Pixel is enabled and you consent)
Protect our website, customers, and business (fraud prevention and security)
Comply with legal and regulatory obligations (for example accounting and tax requirements)
5. Legal basis for processing (GDPR)
We process personal data under one or more of the following legal bases:
Contract: to fulfil your order, manage your account, deliver products, and provide requested services
Legal obligation: for accounting, tax, and regulatory compliance
Legitimate interests: to secure our website, prevent fraud, maintain operations, and improve services
Consent: for non-essential cookies and marketing technologies (where required), and for optional marketing communications (if used)
6. Cookies and similar technologies
We use cookies and similar technologies to:
Enable core site functionality (for example cart and checkout)
Keep the site secure and prevent abuse
Measure and improve performance using analytics
(If enabled) measure and improve advertising performance using marketing pixels
Details, including cookie categories and how to manage your choices, are provided in our Cookie Policy.
7. Third parties we share data with
We share only the minimum necessary personal data with trusted third parties in order to operate the website and provide services:
A) Courier / delivery
ACS Courier (delivery of your orders)
B) Payments
Stripe (payment processing and refunds)
C) Analytics
Google Analytics (GA4) (to understand website usage and improve performance)
D) Marketing / advertising (if enabled)
Meta Pixel (to measure advertising performance and understand customer interactions originating from Meta platforms)
E) Security and spam prevention
Google reCAPTCHA (to protect forms and prevent spam/abuse)
F) Social login providers
Google and Facebook (if you choose to sign in using these services)
G) Hosting and website infrastructure
Hosting, backups, and technical service providers who support operation and security of the website (acting as processors)
Some third parties may act as independent controllers for their own purposes (for example Google and Meta). In such cases, their own privacy policies also apply.
8. Social login (Google / Facebook)
If you choose to register or sign in using Google or Facebook, we may receive limited data from that provider (typically your name, email address, and a unique identifier) to create or link your account. We use this data only to provide login functionality and manage your account.
You can also create an account using email and password instead.
9. Marketing communications and Meta Pixel (if enabled)
If we send marketing emails (for example promotions or new product announcements), we do so only where permitted by law and where consent is required we will request it. You can unsubscribe at any time using the link in the email or by contacting contact@effectivehair.cy.
If Meta Pixel is enabled, it may use cookies or similar technologies to measure advertising performance and understand actions taken on our website (for example viewing a product, adding to cart, or completing a purchase). Where required, this will be enabled only after you provide consent via the cookie banner.
10. Automated decision-making and profiling
We do not use automated decision-making that produces legal or similarly significant effects on you. However, analytics and advertising tools (such as Google Analytics and Meta Pixel, if enabled) may use cookies and similar technologies to measure performance and understand user interactions, which can involve profiling for marketing measurement.
11. Data retention
We keep personal data only for as long as necessary for the purposes described in this policy:
Orders, invoices, and payment records: kept as required for legal, accounting, and tax compliance
Account data: kept while your account is active; you can request deletion, subject to legal retention requirements
Customer support messages: kept as needed to resolve issues and maintain records
Security logs: retained for a limited period for monitoring and fraud prevention
When data is no longer needed, we delete it or anonymise it.
12. Data security
We apply reasonable technical and organisational measures to protect personal data from unauthorised access, misuse, loss, alteration, or disclosure. No method of transmission or storage is completely secure, but we work to protect your information.
Access to order and account information is limited to authorised personnel and service providers who need it for fulfilment, support, and website administration.
13. International data transfers (outside the EEA)
Some of the third parties we use (including Google, Meta, and Stripe) may process or store personal data outside the European Economic Area (EEA), depending on how their services are configured.
Where personal data is transferred outside the EEA, we rely on appropriate safeguards recognised under GDPR, such as:
adequacy decisions (where applicable), and/or
Standard Contractual Clauses and other lawful transfer mechanisms.
14. Your rights under GDPR
You have the right to:
Access your personal data
Correct inaccurate or incomplete data
Request deletion (subject to legal exceptions)
Restrict processing in certain circumstances
Object to processing based on legitimate interests in certain circumstances
Data portability (where applicable)
Withdraw consent at any time (where processing is based on consent)
Lodge a complaint with a supervisory authority
To exercise your rights, contact contact@effectivehair.cy.
You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection (Cyprus) or your local EU supervisory authority.
15. User Data Deletion Instructions (Facebook Login)
If you have used Facebook Login to create an account or sign in to our website, you can request deletion of your personal data as follows:
Option A: Request deletion from us (recommended)
Email us at contact@effectivehair.cy with the subject line: Data Deletion Request
Include the email address used on your account and your name, and request deletion of your account and personal data. If you used Facebook Login, mention this in the email.
We may request additional information to verify your identity before processing your request.
What we delete
Your website account profile (where legally possible)
Personal data associated with your account that is not required to be retained by law
Social login identifiers used to link your Facebook Login to your account (where applicable)
What we may retain
We may need to retain certain information for legal, accounting, tax, or fraud-prevention purposes (for example invoices and transaction records). In such cases we will retain only what is required and restrict it to those purposes.
Option B: Remove our app access via Facebook
You can also remove access from your Facebook account:
Go to Facebook Settings and privacy
Open Settings → Apps and Websites
Find our app (for example the name shown in the login screen)
Click Remove
Removing app access stops future data sharing from Facebook to our website. If you also want us to delete your website account data, please use Option A.
16. Children’s privacy
Our website and services are not intended for children under the age of 16, and we do not knowingly collect personal data from children.
17. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with an updated “Last Updated” date.
18. Contact
If you have questions about this Privacy Policy or how we handle personal data, contact: