Privacy Policy

A woman in a turquoise bikini, tanning in the sun, with a dark, even tan on her skin, symbolising the UK Onyx Privacy Policy page.

CONTENTS

  1. Data Controller
  2. How We Collect Personal Data
  3. Legal Basis for Processing
  4. How We Use Your Data
  5. How Long We Keep Your Data
  6. How We Protect Your Data
  7. Sharing Your Data
  8. International Data Transfers
  9. Cookies
  10. Analytics and Marketing Tools
  11. Your Rights
  12. Voluntary Provision of Data
  13. Your Acknowledgement
  14. Policy Updates
  15. Age Limitations
  16. Contact

Your privacy matters to us. This Privacy Policy explains how we collect, use and protect your personal data when you browse our website or purchase our tanning products via uk.onyxtan.com.

1. Data Controller

The data controller responsible for your personal data is:

ONYX INTERNATIONAL sp. z o.o.
ul. Polna 125
87-100 Toruń
Poland

ONYX INTERNATIONAL sp. z o.o. operates the online store at uk.onyxtan.com, processes your orders and manages customer accounts. UK logistics and returns are supported by ONYX INTERNATIONAL LTD (27 Old Gloucester St, London WC1N 3AX, United Kingdom), which may process your data as a service provider for delivery and returns, but does not act as the data controller.

2. How We Collect Personal Data

We collect personal data in several ways, for example when you:

  • create an account or register on our website,
  • place an order, complete a checkout form or use our contact form,
  • provide information such as your name, email address, telephone number and delivery address.

We may also receive limited information about you from our payment providers and fraud-prevention partners (for example confirmation of payment status or risk scores) to help us verify transactions and prevent fraud.

We process your personal data under the following legal bases, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018:

  • Performance of a contract (Article 6(1)(b) UK GDPR) – when processing is necessary to create and fulfil your order, manage your account or handle your customer requests.
  • Legal obligation (Article 6(1)(c) UK GDPR) – when we need to store data for tax, accounting or other legal requirements.
  • Legitimate interests (Article 6(1)(f) UK GDPR) – for example to respond to enquiries, prevent fraud, improve our services, analyse sales statistics, or defend or establish legal claims.
  • Consent (Article 6(1)(a) UK GDPR) – when you agree to receive marketing communications such as newsletters. You can withdraw your consent at any time.

4. How We Use Your Data

We use the personal data we collect to:

  • process and fulfil your orders, including payment and delivery,
  • create and manage your customer account, if you choose to register,
  • respond to your messages and customer service enquiries,
  • improve our website, products and customer experience,
  • send optional marketing messages or newsletters, if you have given your consent,
  • carry out basic fraud checks and protect our website and business from abuse,
  • tailor the marketing and adverts you see on our website and third-party platforms, where you have agreed to this through your cookie preferences.

You can opt out of marketing emails at any time by clicking the “unsubscribe” link in any of our marketing messages or by contacting us using the details in the Contact section below.

We may use automated tools (for example basic fraud detection and advertising tools) to help us make decisions about transactions and which adverts to show. These tools do not have legal or similarly significant effects on you.

5. How Long We Keep Your Data

We keep your personal data only for as long as it is needed for the purposes set out in this Privacy Policy or as required by law. In particular:

  • Order and transaction data – stored for the period required by tax and accounting regulations (typically up to 6 years for UK tax purposes).
  • Customer account data – stored while your account is active. You may request deletion at any time; we may retain some data where required by law or for the establishment or defence of legal claims.
  • Marketing data (newsletter, offers) – stored until you withdraw your consent or object to processing for marketing purposes.
  • Contact form and customer service communications – stored for the time needed to handle your enquiry and for up to 12 months after the conversation ends, where necessary for evidence or follow-up.
  • Technical logs and security data – basic technical logs (such as IP address, browser type and access times) are stored for a limited period, typically up to 12 months, for security, troubleshooting and fraud-prevention purposes.

Retention periods for cookies and similar technologies are described in our Cookie Policy.

6. How We Protect Your Data

We use modern security measures, including SSL encryption, to protect your personal data. Our IT systems are regularly updated and access to personal data is limited to authorised staff and service providers who need it to perform their duties.

7. Sharing Your Data

We do not sell or trade your personal data. We may share it with trusted third parties only where necessary to operate our store, fulfil your order or improve our services, in particular:

  • payment service providers and payment processors (for example card processors, PayPal, Shopify Payments),
  • courier and logistics companies delivering your orders, including ONYX INTERNATIONAL LTD for UK logistics and returns,
  • accountants, legal advisers and other professional service providers,
  • IT, hosting and e-commerce platform providers that support our website and store (including Shopify).

We do not sell your personal data under any circumstances.

These partners are required to keep your data secure and to process it only in line with our instructions and applicable data protection laws.

In most cases these partners act as our data processors, processing personal data on our behalf. Some partners, such as payment providers (for example PayPal or card issuers) and Shopify in relation to certain fraud-prevention and payment services, may also act as independent data controllers and use your data in line with their own privacy notices.

Card and online payments are processed securely and may involve Strong Customer Authentication (SCA) in line with applicable payment regulations.

We use the Shopify platform to operate our online store. This means your data may be transferred outside the United Kingdom, for example to Canada or the United States. Shopify uses appropriate safeguards, such as Standard Contractual Clauses and other measures required by data protection law. You can read more about how Shopify handles personal data in their Privacy Policy.

8. International Data Transfers

Some of our service providers (for example analytics and advertising providers or Shopify) may process your data outside the UK and the European Economic Area, including countries such as the United States and Canada. Where this happens, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent legal mechanisms, to protect your personal data.

9. Cookies

Our website uses cookies and similar technologies to ensure it works properly, remember your preferences, improve performance and tailor content and adverts. Cookies are small text files stored on your device when you visit a website.

You can manage cookie settings in your browser, including blocking or deleting cookies. Please note that restricting cookies may affect some features of the website, such as keeping items in your basket or remembering your login.

Cookie storage periods vary depending on their purpose and are set out in our Cookie Policy. You can also review and adjust your cookie choices at any time through your browser settings and, where available, the options provided in our cookie banner.

For details on how we use cookies, please see our Cookie Policy.

10. Analytics and Marketing Tools

We use analytics and marketing tools such as Google Analytics, Google Tag Manager, Google Ads and Meta (Facebook) Pixel. These tools help us:

  • understand how visitors use our website,
  • measure the performance of our marketing campaigns,
  • show adverts that are more relevant to your interests.

We also use these tools for remarketing and personalised advertising, so that our adverts may be displayed to you on third-party websites and apps based on how you use our website.

These tools may collect information such as your IP address, device details, cookie identifiers, approximate location, browsing activity on our website and purchase history. Data is processed on the basis of your consent given through the cookie banner, or, where permitted by law, on our legitimate interests (for example basic analytics and fraud prevention). Where we use these tools to create audience groups or profiles for advertising purposes, this is done to help us show more relevant adverts and does not produce legal or similarly significant effects for you.

Some of these providers may transfer data outside the UK. They use appropriate safeguards such as Standard Contractual Clauses or other lawful mechanisms to protect your data.

11. Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have the right to:

  • Access – request a copy of the personal data we hold about you.
  • Rectification – ask us to correct inaccurate or incomplete data.
  • Erasure – request deletion of your personal data in certain circumstances (the “right to be forgotten”).
  • Restriction – request that we limit processing of your data in specific situations.
  • Data portability – receive your data in a structured, commonly used and machine-readable format and, where technically feasible, have it transmitted to another controller.
  • Object – object to processing based on legitimate interests, including profiling, and to processing for direct marketing purposes.
  • Withdraw consent – where processing is based on your consent (for example marketing emails), you may withdraw it at any time. This will not affect the lawfulness of processing before withdrawal.

You also have the right to lodge a complaint with the UK data protection authority, the Information Commissioner’s Office (ICO), if you believe your data protection rights have been breached. More information is available at www.ico.org.uk.

Although we do not make decisions with legal or similarly significant effects solely by automated means, you can contact us if you have any questions or concerns about any automated processing or profiling we use.

12. Voluntary Provision of Data

Providing personal data is generally voluntary. However, in some cases it is necessary for us to provide services, for example to process your order, create an account or send you a newsletter. If you do not provide the data required for a particular service, we may not be able to complete your order or provide that service.

13. Your Acknowledgement

By using our website, you acknowledge that you have read this Privacy Policy.

14. Policy Updates

We may update this Privacy Policy from time to time, for example to reflect changes in the law or how we process personal data. The latest version will always be available on this page together with the date of the most recent update.

15. Age Limitations

Our website and products are intended for adults. We do not knowingly collect personal data from children under 16 years of age. If you are under 16, you should not use our website or provide any personal data to us. If we become aware that we have collected personal data from a child under 16, we will delete it as soon as reasonably possible.

16. Contact

If you have any questions about how we handle your personal data or wish to exercise your rights, please contact us:

Email: contact@onyxtan.eu
Or use our contact form.

Last updated: 27 November 2025