untitled design 31 scaled 02
Book a Call

Home > Privacy

PRIVACY AND DATA PROTECTION POLICY

Effective date: 1st May 2026

1. SCOPE AND CONTROLLER

This Privacy Policy outlines how Cosmetic Compliance Services Limited (CCS) (referred to as “we”, “our” or “us”) collects and makes use of your personal data when you use our Service. At CCS, we prioritize Data Protection and act as the Data Controller for users in the UK, European Union (EU), and globally. By using the Service, you agree to the practices described in this policy. Unless otherwise defined here, terms carry the same meanings as our Terms and Conditions.

2. INFORMATION WE COLLECT

We may collect, store, and use the following categories of personal information to provide our global compliance services:
  • Business Contacts: Name, title, business telephone number, business email, and professional history (e.g., your role within your company).
  • Customers: Personal contact details, information provided via our website or social media (Facebook, Instagram, LinkedIn), data provided during telephone consultations, and technical information (e.g., IP addresses and analytics).
  • Suppliers: Name, business address, bank account information for payment processing, and contact details.
  • Technical & Navigation Data: Automatically collected data such as IP addresses, browser types, and session duration to ensure site security and performance.
  • Regulatory Service Data: Product formulations, safety data sheets, or supplier details required for safety assessments and regulatory filings

3. HOW WE USE YOUR INFORMATION (Lawful Basis)

We will only use your personal information when the law allows us to. We rely on the following legal grounds to process data for our global clients:
  • Performance of a Contract: Where we need to perform the contract we have entered into with you or your company.
  • Legal Obligation: Where we need to comply with specific UK, EU, or international regulatory requirements related to cosmetic safety and compliance.
  • Legitimate Interests: Where it is necessary for our interests (or those of a third party) to improve our services, maintain website security, or provide “Service and Billing” updates, provided your fundamental rights do not override those interests.
  • Consent: Where you have provided explicit consent—for example, when signing up for our newsletter or specific marketing communications. You may withdraw this consent at any time.

4. SPECIFIC USES OF DATA

We use the collected information for the following professional purposes:

  • Service Delivery: To evaluate product formulations, facilitate the creation of CPSR Safety Reports, and manage Responsible Person (RP) duties on your behalf.
  • Portal Management: To access and manage your accounts on the SCPN (UK) and CPNP (EU) portals as your authorised agent.
  • Business Development: Dealing with enquiries made via our “Contact Us” page or social media to ensure they are handled efficiently and professionally.
  • Website Optimization: To administer our website for internal operations, including troubleshooting, data analysis, testing, and ensuring a secure user experience.

5. DATA SHARING AND THIRD PARTIES

We do not sell your data. However, to fulfill our professional obligations, we may share your information with the following parties:
  • Professional Partners: We share necessary data (such as product formulations) with third-party Qualified Safety Assessors and toxicologists to facilitate the production of CPSR Safety Reports.
  • Government Portals: As your authorised agent, we share required data with the SCPN (UK) and CPNP (EU) portals to ensure your products are legally notified.
  • Service Providers: We use trusted third-party providers for secure cloud storage, email management, and payment processing.
  • Confidentiality: All third parties are bound by strict confidentiality agreements and are only permitted to process your data for specified purposes in accordance with our instructions.
  • Corporate Restructuring: In the event of a merger or sale of CCS, your data may be transferred to the successor entity to ensure uninterrupted service.

6. COOKIES AND TRACKING

We use cookies and similar tracking technologies to monitor activity on our Service and hold certain information.
  • Purpose: These are used to remember your preferences, protect your data, and help us understand how visitors use our site.
  • Third-Party Cookies: We may use cookies from social media platforms (such as LinkedIn or Meta) and analytics providers (like Google Analytics) to measure the effectiveness of our business development and marketing efforts.
  • Your Choice: You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

7. DATA SECURITY

We implement high-level technical and organisational security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way.
  • Access Control: We limit access to your personal data to those employees, agents (such as Safety Assessors), and contractors who have a business “need to know.”
  • Breach Procedures: We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (like the ICO) where we are legally required to do so.

8. YOUR GLOBAL DATA RIGHTS

Regardless of your location, we respect your rights under the UK and EU GDPR. You have the right to:
  • Request Access: Ask for a copy of the data we hold about you.
  • Request Correction: Ask us to fix any incomplete or inaccurate data.
  • Request Erasure: Ask us to delete your data when there is no good reason for us to continue processing it.
  • Object to Processing: Stop us from using your data for direct marketing.
  • Data Portability: Request the transfer of your data to another party.

9. CONTACT AND COMPLAINTS

If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: contact@cosmeticcomplianceservices.com
Address: Suit A, 82 James Carter Road, Mildenhall, UK, IP28 7DE.
If you are in the UK, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us first.