This Privacy & Cookie Policy explains how The Beauty Tech Group Ltd (trading as CurrentBody) collects, uses, shares and protects your personal data when you visit our websites, make a purchase, contact us or receive marketing from us.

1. Who we are

Controller. The Beauty Tech Group Ltd (company number 06805380) of Glasshouse, Alderley Park, Congleton Road, Nether Alderley, Cheshire, SK10 4ZE, United Kingdom is the controller for your personal data ("CurrentBody", "we", "us", "our").

Group processors for payments. Depending on your location, payments may be processed by the following processors, acting on our instructions:

• EU: The Beauty Tech Group BV (Netherlands) – processor for payment collection only.
• US & Rest of World: The Beauty Tech Group LLC (United States) – processor for payment collection only.
• UK: The Beauty Tech Group Ltd processes payments directly.

How to contact us. Email  or write to the address above. If you would like to exercise your privacy rights, please see section 14.

Supervisory authority. You can complain to the UK Information Commissioner’s Office (ICO) (see section 15) if you are unhappy with how we handle your data. If you are based in the EEA, you may also complain to your local data protection authority.

2. Scope of this policy

This policy applies to  and any microsites that link to it (together, the "Site"), our social channels, email/SMS communications and customer support. It covers customers, prospective customers, site visitors and others who interact with us.

3. What data we collect

We collect the following categories of data:

• Identity and contact data – name, email address, phone number, billing/delivery address.
• Order and payment data – order history, purchase amounts, payment method details (tokenised where applicable), fraud-check information.
• Account data – login credentials, preferences, saved addresses, wishlists.
• Communications data – enquiries, complaints, chat transcripts, call notes, survey responses, product reviews/ratings.
• Device and usage data – IP address, device identifiers, browser type, time zone, cookie identifiers, pages viewed, clicks, referring/exit pages, site search terms.
• Marketing and cookie preferences – your opt-in/out choices and consent records.
• Social media data – handles and public profile information when you interact with us on those platforms.

We may also receive data from payment providers, delivery partners, analytics/advertising partners, credit reference agencies and fraud‑prevention agencies, and (where permitted) from affiliates or partners when you follow a tracked link.

4. How we use your data and our lawful bases

We only use your data where we have a lawful basis. The table below summarises the main purposes and bases.

5. Fraud checks and credit/fraud‑prevention agencies

We carry out identity verification and anti‑fraud checks. For these purposes we may share personal data with credit reference agencies (CRAs) and fraud‑prevention agencies (FPAs) (including Cifas), payment providers, law‑enforcement and other organisations that help prevent fraud and financial crime. These checks may use automated decision‑making. *If an automated decision produces legal or similarly significant effects (for example, an order refusal), you can request a human review by emailing * Our lawful basis is usually legitimate interests (preventing fraud and protecting our customers and business) and, in some cases, legal obligation. We keep fraud‑check records for as long as needed for prevention/detection and to establish or defend legal claims. Fraud‑prevention agencies may retain data for up to six years where risk is identified. For details of the CRAs/FPAs we use, please contact us, and see the fair‑processing notices published by those agencies (for example, Cifas).

6. Cookies and similar technologies

Cookies and similar technologies We use cookies, SDKs, pixels and similar technologies. We do not set non‑essential cookies until you choose Accept or configure your preferences. You can change or withdraw consent at any time via the Cookie settings link (available in the Site footer).

• Strictly necessary cookies are required for core functionality (e.g., basket, checkout, security). These do not require consent.
• All other cookies (e.g., analytics, personalisation and advertising/remarketing) are non‑essential and require your consent before we place them. You can change your choices at any time via our cookie settings tool.
• Some third parties set cookies or read identifiers to provide analytics and advertising services. Where we use these, we request your consent and provide controls to withdraw it.

Further details of the cookies we use, providers, purposes and expiry are listed in our Cookie Settings panel on the Site.

7. Marketing choices

7.1 Soft opt‑in (customers)

If you buy from us (or actively negotiate to buy), we may email or text you about our own products similar to your purchase, provided you had a clear chance to opt out when we collected your details and you can opt out in every message. You can also object at any time (see section 14). Soft opt‑in applies only to CurrentBody (the organisation that collected your details) and only to our own similar products — it does not extend to group companies or third parties. We will not use the soft opt‑in to market third‑party products.

7.2 Consent (non‑customers and where soft opt‑in doesn’t apply)

If you haven’t purchased, we will only send email/SMS marketing if you consent. You can withdraw consent at any time by using the unsubscribe link or contacting us.

Processing time: We aim to process marketing preference changes within 5 working days; some channels may update faster.

7.3 Post and live phone calls

We may send postal marketing or make live sales calls on legitimate interests. We screen calls against the Telephone Preference Service (TPS/CTPS) and maintain our own suppression list. You can ask us not to contact you at any time.

7.4 Social media and online advertising

If you consent to advertising cookies/IDs, we may use audience tools to show ads and measure performance, in line with the platforms’ terms. You can change your cookie settings at any time.

8. SMS text messaging

If you opt in to SMS marketing, message frequency may vary. Message and data rates may apply. Reply STOP to cancel and HELP for help. Transactional/service texts related to your order may be sent regardless of marketing preferences where necessary to perform our contract.

9. Sharing your data

We share data with:

• Payment providers and banks (to process payments, refunds and chargebacks).
• Delivery and logistics partners.
• Service providers (IT hosting, support, analytics, communications, customer service, reviews, marketing platforms, SMS providers).
• Credit reference and fraud‑prevention agencies; law‑enforcement (see section 5).
• Professional advisers (lawyers, auditors, insurers).
• Group companies that act as processors for us.
• Business transfers (we may disclose data in connection with a merger, acquisition or sale of assets, subject to confidentiality safeguards).

We require recipients to protect your data and only process it on our instructions where they act as processors.

10. International transfers

We may transfer personal data outside the UK (and, for EU customers, outside the EEA). Where we do, we use appropriate safeguards, such as:

• the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses;
• the European Commission Standard Contractual Clauses; and
• applicable adequacy decisions. For transfers to the United States, we rely on the EU–US Data Privacy Framework and the UK–US data bridge only where the recipient is certified under those frameworks; otherwise, we use SCCs/IDTA with supplementary measures where required.

We carry out transfer risk assessments where required and apply additional safeguards where appropriate.

11. Retention

We keep personal data only for as long as necessary for the purposes described in this policy, including to comply with legal, accounting or reporting requirements and to establish or defend legal claims. Typical periods include:

• Orders, invoices and tax records: at least 6 years from the end of the relevant financial year, and longer where required (for example, if HMRC is checking a return, the transaction spans accounting periods, or to establish or defend legal claims — note most simple contract claims have a six‑year limitation period, and deeds twelve years).
• Customer service records: up to 6 years after resolution (longer if needed to defend claims).
• Marketing preferences and consent records: while you remain subscribed and for a short period afterwards to evidence compliance.
• Fraud‑prevention records: for as long as needed for prevention/detection and to defend claims; fraud‑prevention agencies may retain data for up to six years where risk is identified.

We review retention regularly and erase or anonymise personal data when no longer needed. Where deletion from backups is not feasible, we put data beyond use. Automated decision‑making and profiling We use profiling for marketing segmentation and to personalise content where you have consented to the necessary cookies/technologies. Fraud‑prevention partners may use automated checks to help identify potential fraud. You can object to profiling for direct marketing at any time. If an automated decision produces legal or similarly significant effects, you can ask for human review.

13. Links to third‑party sites

Our Site may link to third‑party websites. Those sites have their own privacy notices and we are not responsible for their content or practices.

14. Your rights

You have the following rights, subject to conditions and exemptions:

• Access to your data and copies of it.
• Correction of inaccurate data.
• Erasure of your data ("right to be forgotten").
• Restriction of processing.
• Portability of data you provided to us, where processing is based on consent or contract and carried out by automated means.
• Object to processing based on legitimate interests (including a right to object absolutely to direct marketing, including profiling). Where required by law (for example, some US states), we honour Global Privacy Control (GPC) signals as an opt‑out of sale/sharing or targeted advertising.
• Withdraw consent where we rely on consent.

To exercise your rights, email  We will respond within one month (extendable by two months for complex requests). We may ask for proof of identity.

15. Complaints

Complaints If you are unhappy with how we handle your data, please contact us first so we can try to resolve the issue. You also have the right to complain to the Information Commissioner’s Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, 0303 123 1113, or via the ICO website. If you are in the EEA, you can complain to your local supervisory authority.

16. Children

Our Site is not intended for children and we do not knowingly collect data relating to children.

17. Changes to this policy

We may update this policy from time to time. Significant changes will be highlighted on the Site and emailed to customers where feasible. We will post the updated version on this page and change the “Last updated” date. Significant changes will be highlighted on the Site and emailed to customers where feasible. We will post the updated version on this page and change the “Last updated” date. Significant changes will be highlighted on the Site or notified to you by email where appropriate.

18. Cookie summary (high level)

See our Cookie Settings tool on the Site or our separate for a full list of cookies/SDKs, providers and expiry times, and to change your choices at any time.