Cart

No products in the cart.

Sign out

Are you sure you want to sign out of your accaunt?

Sign out

Privacy Policy

OVOSKINS LTD

 

Effective Date: 20 January 2026

 

This Privacy Policy explains how OVOSKINS LTD (OVOSKINS, we, us, or our) collects, uses, stores, shares, and otherwise processes personal data in connection with the skin4beast website, platform, and related services (together, the Service).

This Policy is intended to provide the transparency information required under applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where relevant, the General Data Protection Regulation (EU) 2016/679 for individuals located in the European Economic Area (EEA).

This Policy should be read together with our Terms and Conditions and Cookie Policy.

1. Controller Information and Scope

1.1. Data controller

The controller responsible for personal data processed in connection with the Service is: OVOSKINS LTD

50 Princes Street, Ipswich, United Kingdom, IP1 1RJ Email: info@skin4beast.com

Registration Number: 16883234

1.2. Scope of this Policy

This Policy applies to personal data processed in connection with the skin4beast website, user accounts, item listings, purchases, sales, withdrawals, payouts, support interactions, platform security functions, and related operational activities carried out through the Service.

1.3. Reading this Policy

By accessing or using the Service, the user acknowledges that they have read and understood this Privacy Policy. Personal data is processed on the lawful bases described in this Policy and not solely because a user has accepted or continued to use the Service.

1.4. Age restriction

The Service is intended only for individuals who are at least 18 years of age. By creating an account or using the Service, a user confirms that they meet this requirement.

2. Categories of Personal Data We May Process

Depending on how the Service is used, we may process the following categories of personal data.

2.1. Account and profile data

This may include username, account identifier, linked profile information, display name, avatar, email address, account settings, and other information reasonably necessary to create, maintain, secure, or recover an account.

2.2. Transaction and marketplace data

This may include records relating to purchases, sales, listings, withdrawals, payouts, exchanges, transaction references, order history, balance-related information, and similar marketplace activity.

2.3. Payment and payout administration data

Where financial operations are supported, we may process limited payment-status information, billing references, payout details, refund references, chargeback records, and other administrative data required to support, reconcile, or defend transactions. Full payment card details or wallet credentials are ordinarily processed by independent third-party payment providers rather than by OVOSKINS.

2.4. Technical and device data

This may include IP address, browser type and version, device type, operating system, language settings, session information, cookie identifiers, referral data, and other technical information generated when a device accesses the Service.

2.5. Usage and activity data

This may include login records, timestamps, interaction history, navigation behavior, usage patterns, and platform event logs.

2.6. Support and communications data

Where a user contacts us, we may process the content of the communication and related information, including contact details, message history, attachments, issue descriptions, and complaint or support records.

2.7. Security and fraud-prevention data

We may process information relevant to detecting misuse, fraud, suspicious behavior, account compromise, abuse of the Service, payment disputes, and other security-related risks.

3. How Personal Data Is Collected We may collect personal data:

  • directly from the user, such as when an account is created, a transaction is initiated, a payout is requested, or support is contacted;
  • automatically through use of the Service, including through logs, cookies, and similar technologies;
  • from third parties involved in providing the Service, including payment providers, technical service providers, fraud-prevention tools, or compliance partners, where reasonably necessary.

Purposes of Processing

We may process personal data for the following purposes:

  • providing access to the Service and its functions;
  • creating, administering, and securing user accounts;
  • operating the marketplace and related transaction flows;
  • processing purchases, sales, exchanges, withdrawals, and payouts;
  • communicating with users regarding account matters, support requests, service notices, or security issues;
  • detecting, preventing, investigating, and responding to fraud, abuse, suspicious conduct, unauthorized access, and technical threats;
  • complying with legal, regulatory, tax, accounting, and record-keeping obligations;
  • enforcing our Terms and Conditions and other policies;
  • resolving disputes, payment reversals, or complaints;
  • maintaining platform functionality, reliability, and security; and
  • improving the Service through operational analytics and performance monitoring where permitted by law.

5. Automated Monitoring and Risk Review

We may use automated tools and monitoring systems to support:

  • fraud detection and prevention;
  • suspicious transaction monitoring;
  • technical threat detection;
  • abuse prevention;
  • account security; and
  • compliance review where required by law or operational necessity.

These tools are used to support security and platform integrity. They are not intended to produce solely automated decisions with legal or similarly significant effects on users unless such processing is lawful and appropriate safeguards apply.

6. Lawful Bases for Processing

We process personal data only where a lawful basis exists under applicable data protection law. Depending on the circumstances, the lawful basis may include:

6.1. Contractual necessity

Processing may be necessary in order to provide the Service, create and manage accounts, process transactions, administer payouts, respond to support requests, and otherwise perform our contractual obligations.

6.2. Legal obligation

Processing may be necessary to comply with legal or regulatory requirements, including obligations relating to accounting, taxation, fraud prevention, complaint handling, lawful requests from public authorities, and record retention.

6.3. Legitimate interests

Processing may be necessary for our legitimate interests, including maintaining platform security, preventing misuse, preserving evidence, improving platform reliability, enforcing our rights, and ensuring the safe and effective operation of the Service, provided such interests are not overridden by the rights and freedoms of the individual.

6.4. Consent

Where required by law, we rely on consent. This may apply to non-essential cookies and similar technologies, or to other optional processing where consent is legally required. Consent may be withdrawn at any time.

7. Data Sharing

We may share personal data only where reasonably necessary for the purposes set out in this Policy or where disclosure is required or permitted by law.

Recipients may include:

7.1. Payment Service Providers

Payment Service Providers (PSPs) may process personal data in connection with payments, payouts, verification, refunds, reversals, and fraud controls. PSPs may act as independent data controllers in relation to payment processing and handle personal data in accordance with their own privacy policies.

7.2. Hosting and infrastructure providers

We may share data with technical service providers responsible for website hosting, infrastructure support, system availability, monitoring, and cybersecurity.

7.3. Fraud prevention, verification, and compliance service providers

Where necessary, personal data may be shared with service providers supporting fraud checks, identity verification, risk review, security monitoring, dispute handling, or compliance operations.

7.4. Professional advisers

We may share personal data with legal advisers, accountants, auditors, consultants, or insurers where reasonably necessary for compliance, governance, dispute resolution, or legal protection.

7.5. Authorities and regulators

We may disclose personal data where required by law, regulation, court order, or lawful request from public authorities, regulators, law enforcement agencies, tax authorities, or supervisory bodies.

We do not sell personal data to third parties for their own direct marketing purposes.

8. Cookies and Similar Technologies

The Service uses cookies and similar technologies to support platform functionality, account authentication, security, user preferences, and, where permitted, analytics and related operational purposes.

Strictly necessary cookies may be used without consent where they are required for the operation, reliability, or security of the Service. Non-essential cookies will be used only in accordance with applicable law and the user’s choices made through the cookie consent mechanism.

Users may manage cookie preferences through the cookie banner and, to a certain extent, through browser settings. Further details are available in the Cookie Policy.

9. Data Subject Rights

Under the UK GDPR and, where applicable, the EU GDPR, individuals may have the following rights:

  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restriction of processing;
  • the right to object;
  • the right to data portability;
  • the right to withdraw consent where processing is based on consent; and
  • rights relating to certain automated decision-making where applicable.

Requests to exercise these rights may be submitted using the contact details provided below. The Company may require verification of the user’s identity before processing such requests.

10. Withdrawal of Consent

Where processing is based on consent, that consent may be withdrawn at any time.

Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. After consent is withdrawn, we will stop the relevant consent-based processing unless another lawful basis applies.

11. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Policy and to comply with legal, regulatory, tax, accounting, security, evidential, and dispute-resolution requirements.

Depending on the context:

  • account-related information may be retained while the account remains active and for a reasonable period thereafter;

transaction and payment-administration records may be retained for as long as necessary to meet legal, compliance, and dispute-handling obligations;

  • support communications may be retained for as long as reasonably necessary to address the issue and preserve evidence;
  • technical and security logs may be retained for as long as necessary to protect the Service and investigate incidents.

When personal data is no longer required, it may be deleted, anonymized, or securely archived in restricted form where continued retention is necessary for legal or evidential reasons.

12. Security of Personal Data

We maintain appropriate technical and organizational measures designed to protect personal data against unauthorized access, unlawful disclosure, accidental loss, destruction, or alteration.

Depending on the circumstances, these measures may include encrypted transmission, access controls, logging and monitoring, internal restrictions on access, secure hosting practices, malware protections, backup procedures, and security review processes.

Although we take reasonable steps to safeguard personal data, no online system can be guaranteed to be completely secure.

13. International Transfers

Personal data may be transferred to, stored in, or accessed from countries outside the United Kingdom and, where relevant, outside the EEA.

Where international transfers occur, we seek to ensure that appropriate safeguards are implemented in accordance with applicable law. Depending on the circumstances, this may include recognized adequacy arrangements, contractual safeguards, or another lawful transfer mechanism permitted under applicable data protection law.

14. Children

The Service is intended exclusively for individuals aged 18 years or older. We do not knowingly collect personal data from children or minors who are not legally permitted to use the Service.

If we become aware that personal data relating to such an individual has been collected, we may delete it and take associated account action where appropriate.

Parents or guardians who believe that personal data relating to a child has been provided to us may contact us using the details below.

15. Complaints

If a person believes that their personal data has been processed in breach of applicable law, they may lodge a complaint with a competent supervisory authority.

For matters subject to UK supervision, the competent authority is the Information Commissioner’s Office (ICO). Individuals in the EEA may also have the right to complain to the supervisory authority in their country of residence, place of work, or place of the alleged infringement, where applicable.

16. Changes to This Privacy Policy

We may revise, update, supplement, or replace this Privacy Policy from time to time to reflect changes in law, regulatory expectations, platform functionality, security practices, or operational processes.

Updated versions will be published with the revised effective date. Users are encouraged to review this Policy periodically.

17. Contact Details

Questions, complaints, or requests relating to this Privacy Policy or the processing of personal data may be directed to:

Data Controller: OVOSKINS LTD

50 Princes Street, Ipswich, United Kingdom, IP1 1RJ Email: info@skin4beast.com

Registration Number: 16883234