Privacy policy

Effective Date: 22 Aug 2025

Lustre Skin Ltd respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website or purchase goods from us. It will also tell you about your privacy rights and how the law protects you.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Important information and who we are

We are Lustre Skin Ltd. We are a company incorporated and registered in Scotland. Our company number is SC264409. Our registered address is Alba Innovation Centre, Alba Campus, Livingston, West Lothian, Scotland, EH54 7GA.

When we refer to “we”, “us” or “our” in this policy, we are referring to Lustre Skin Ltd. We are the data ‘controller’ in relation to the personal data you provide to us, which means we determine the purposes and the way in which your personal data is, or will be, processed.

We process personal data as a Data Controller, as defined in the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). We have a data compliance manager who is responsible for matters relating to privacy and data protection. The data compliance manager can be reached at privacycompliancemanager@lustreskin.com.

If you are a data subject based in the EU and we are processing your data under the terms of this privacy policy, you can contact our EU Representative with any queries or to exercise your rights under EU data protection legislation.

Please contact privacycompliancemanager@lustreskin.com, for information on the EU Authorised representative associated with your product or country/region.

Purpose of this privacy policy

This privacy policy aims to give you information on how we collect and process your personal data so that you can be confident when you deal with us that you know what your personal data is being used for and that it is being kept safe. This covers the personal data we obtain from individuals in relation to our website at www.lustreclearskin.com (“Site”), our product distribution channels, and our Renew Pro mobile application (together, the “Services”).

It is important that you read this privacy policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them.

We use the following definitions in this policy to cover the different categories of individuals we interact with via our Site and Services:

  • Business Contact: an individual employee, consultant or agent of any retailer or e-commerce platform who sell our products.

  • Customer: an individual customer we sell to via our Site.

  • User: any person accessing any of our Site.

Third-party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave one of our websites, we encourage you to read the privacy notice of every website you visit.

EU Representative

If you are located in the EU and we are processing your data, you may contact our appointed EU Representative regarding all request related to data protection and privacy matters under the GDPR.

EU Representative Contact Details:
iuro Rechtsanwälte GmbH t/a Prighter
Schellinggasse 3, 1010 Vienna, Austria
Email: support@prighter.com

Prighter acts as representative according to Art 27 GDPR and is addressee for requests from data protection authorities and data subjects. For data subject requests (DSR) Prighter provides a solution to channel, filter and structure DSRs. The data provided by the data subject via the DSR tool is processed by Prighter using Hetzner Online GmbH as a data center solution. According to the data subject's request Prighter transfers the related personal data to the controller.

How is your personal data collected?

  • Direct interactions and RENEW Pro App. You may give us your personal data by filling in forms or by corresponding with us in person, by email, by phone, by post or otherwise. This includes personal data you provide when creating an account with us and when you request marketing communications to be sent to you.

  • Automated technologies or interactions. As you interact with our website and the Renew Pro App, we may automatically collect Technical Data about your equipment, device and app identifiers, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies on the website, and software development kits (SDKs) and similar technologies in the App (for example, for analytics and push notifications). Please see below on Cookies for further information. (App SDKs are functionally similar to cookies but operate within mobile applications.)

  • Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources. For example, analytics providers such as Google, and linked identity providers (Apple, Google, Facebook) if you choose to sign in with them.

Information we collect from you

We may collect and process the following data about you:

  • Account Data – name, address, phone, email (when creating an account).

  • Order Data – order details (if you do not set up an account).

  • Contact Data – details you provide in forms (name, email, phone).

  • Correspondence Data – records of communications with us.

  • Marketing Data – preferences and consents.

  • Technical Data (website) – IP, browser type, plug-in versions.

  • Transaction Data – purchase records.

  • App Data (Renew Pro):

    • Device Data & App Identifiers (model, OS, push notification token).

    • App Usage Data (interactions, feature usage, logs, timestamps).

    • Location Data (only with your permission).

    • Linked Account Data (if you sign in with Apple, Google or Facebook).

How do we use your personal data?

We will only use your personal data when the law allows us to. Most commonly, this includes:

  • To perform a contract (e.g. purchases, App account).

  • With your consent (e.g. marketing, geo-location, push notifications).

  • Where necessary for our legitimate interests (balanced with your rights).

  • Where we need to comply with a legal or regulatory obligation.

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Please note that we may process your personal data for more than one lawful ground depending on the specific purpose.

 

Purpose/activity Type of data Lawful basis for processing
To set up your account Account Data Performance of a contract with you
To respond to your enquiries Contact Data Consent (as you are requesting us to respond to you); Legitimate interests
To process your order Account Data; Order Data; Correspondence Data Performance of a contract with you
To send you marketing emails Marketing Data Consent
To personalise our website and improve user experience Technical Data Legitimate interests (to improve customer interactions)
To liaise with you if you are a Business Contact in relation to the distribution of our products Contact Data Legitimate interests (to comply with obligations to partner organisations)
For audit, record keeping and management purposes Transaction Data Legitimate interests (to run our business in a professional manner)
To request you complete a customer review/feedback process Contact Data; Transaction Data Legal obligation; Legitimate interests (to conduct post-market surveillance); Consent
To provide the Renew Pro App and its features (new) Account Data; App Usage Data; Device Data Performance of a contract; Legitimate interests (to operate and improve the App)
To send App push notifications (new) Device push token; App Usage Data Consent (you can withdraw in device settings at any time)
To provide location-based features in the App (new) Location Data Consent
To enable sign-in with Apple/Google/Facebook (new) Linked Account Data; Account Data Performance of a contract; Consent (with the third-party provider)
To monitor App performance and security (new) Technical Data; App Usage Data Legitimate interests (to keep our Services safe and reliable)


Children’s Data

Our services are not intended for individuals under 16. If you believe a child provided personal data please contact us so we can take action. For the Renew Pro App specifically, the App is not intended for children under 13 and we do not knowingly collect data from children under 13.

Disclosure of your information

We may share data with:

  • External service providers (hosting, analytics, marketing, payments, App SDKs).

  • Professional advisers (lawyers, auditors, insurers, bankers).

  • Regulators and authorities.

  • Prospective buyers/sellers in a business transaction.

We require all third parties to respect data security and act only under our instructions.

International transfers

If we transfer your personal data outside the UK, we ensure protection via:

  • ICO adequacy decisions, or

  • Standard Contractual Clauses approved for use in the UK.

Data Security

We apply appropriate technical and organisational measures including:

  • SSL encryption for payments.

  • PCI-DSS compliance.

  • Secure servers and restricted access.

  • Confidentiality obligations for staff/contractors.

No method of transmission is 100% secure, but we apply best practice to protect your data.

How long we store your personal data for

We retain data as long as necessary for the purposes collected:

  • Normally 7 years after last sale.

  • 30 years for medical device complaints (legal obligation).

  • Anonymised data may be kept indefinitely for research/statistics.

Cookies

We use cookies and similar technologies including HotJar, Google Analytics, and ShareThis. Categories: strictly necessary, performance, functionality, targeting.

App technologies (Renew Pro): the App does not use website cookies but may use SDKs (analytics, crash reporting, push notifications).

You can manage cookies in your browser settings. Blocking all cookies may affect site functionality.

Your rights

Under data protection laws you may have rights to:

  • Access your information.

  • Correct inaccurate data.

  • Request deletion (“right to be forgotten”).

  • Object to processing.

  • Restrict processing.

  • Request portability.

  • Withdraw consent.

  • Lodge a complaint with a supervisory authority.

Changes to our privacy policy

This version was last updated on 22nd Aug 2025. Historic versions are available by request (info@lustreskin.com).

Contact us

Questions, comments, and requests regarding this policy are welcome and should be addressed to our Privacy Compliance Manager at privacycompliancemanager@lustreskin.com.

 

-