Website Privacy Policy

1. Introduction

This Privacy Policy explains how iBeauthentic, LLC, on behalf Innovative Salon Products Netherlands (“Loma”, “we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you visit or interact with our website, make a purchase, subscribe to our marketing, or contact us.

We process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable EU and Member State laws.

This Policy applies to the LOMA EU online store and to users located in the European Economic Area (EEA), the United Kingdom, and Switzerland.

 

---

 

2. Data Controller

The Data Controller responsible for your personal data is:

Innovative Salon Products Netherlands
Vivaldistraat 3
7132 AG Lichtenvoorde
The Netherlands
Email: EUCustomer-Info@isp-beauty.com
Phone: +31 (0) 0544378951

 

---

 

3. Data Protection Officer / EU Representative

A Data Protection Officer is not required based on the nature of our activities. If this changes, we will update this Policy.

For all privacy matters, please use the contact details above.

 

---

 

4. Personal Data We Collect

We may collect and process the following categories of personal data:

4.1. Data you provide directly

• Name and surname
  
  

• Email address
  
  

• Billing and shipping address
  
  

• Phone number
  
  

• Payment information (processed through Shopify or external gateways; we do not store card details)
  
  

• Account credentials
  
  

• Customer service correspondence
  
  

• Responses to forms, surveys, or marketing sign-ups
  
  

4.2. Data collected automatically

Using cookies, pixels, and similar technologies:

• IP address
  
  

• Device information (browser, OS, model)
  
  

• Site behaviour (pages viewed, time on site, interactions)
  
  

• Shopping cart activity
  
  

• Referrer URLs
  
  

• Performance and analytics data
  
  

4.3. Data from third parties

• Shopify (store platform, fraud prevention, order processing)
  
  

• Klaviyo (email/SMS subscription information)
  
  

• Meta (interaction with ads, only if consent is given)
  
  

• Google Analytics (aggregated website usage)
  
  

• Judge.me (reviews submitted by customers)
  
  

• Payment processors and logistics partners
  
  

 

---

 

5. Legal Basis for Processing

We process your personal data under the following legal grounds:

5.1. Contract performance (Art. 6(1)(b))

For:

• Processing and delivering orders
  
  

• Managing payments
  
  

• Providing customer support
  
  

• Managing your account
  
  

5.2. Consent (Art. 6(1)(a))

For:

• Email and SMS marketing via Klaviyo
  
  

• Analytics cookies (Google Analytics)
  
  

• Marketing cookies (Meta Pixel)
  
  

• Optional surveys and forms
  
  

Consent can be withdrawn at any time.

5.3. Legitimate interests (Art. 6(1)(f))

For:

• Ensuring website security and fraud prevention
  
  

• Improving website performance and user experience
  
  

• Operating Judge.me review functionality
  
  

We always balance these interests with your rights.

5.4. Legal obligations (Art. 6(1)(c))

For:

• Tax and accounting requirements
  
  

• Proof of transactions
  
  

• Compliance with consumer protection regulations
  
  

 

---

 

6. How We Use Your Personal Data

We use your personal data to:

• Process and fulfill orders
  
  

• Provide customer support
  
  

• Manage your account
  
  

• Send order confirmations, shipping updates, and transactional notifications
  
  

• Send marketing communications if you have given consent
  
  

• Improve and optimize our website
  
  

• Prevent fraud and unauthorized activity
  
  

• Comply with legal obligations
  
  

 

---

 

7. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the site and, when legally required, to obtain your consent before enabling analytics or marketing tracking.

The cookies and technologies we use:

1. Strictly Necessary Cookies (always active)
   
   

2. Analytics Cookies (Google Analytics GA4) – require explicit consent
   
   

3. Marketing Cookies (Meta Pixel) – require explicit consent
   
   

4. Functional Cookies (e.g., Judge.me review widget)
   
   

Your preferences are managed through our GDPR-compliant Cookie Banner, where you can accept, reject, or set preferences.

Non-essential cookies are not triggered until consent is given.

 

---

 

8. Sharing Your Personal Data

We do not sell your personal data.

We only share your personal data with:

8.1. Service providers acting as processors

• Shopify (store platform, hosting, payments, fraud prevention)
  
  

• Klaviyo (email/SMS marketing management)
  
  

• Google Analytics (only with cookie consent)
  
  

• Meta (only with marketing consent)
  
  

• Judge.me (reviews management)
  
  

• Payment gateways
  
  

• Shipping and logistics providers
  
  

• IT, hosting, and security partners
  
  

All providers operate under GDPR-compliant Data Processing Agreements.

8.2. Legal authorities

Where required by law or regulatory obligation.

8.3. Business transfers

In case of a merger, acquisition, or reorganization, your personal data may be transferred securely.

 

---

 

9. International Data Transfers

Some service providers (Shopify, Klaviyo, Google, Meta, Judge.me) are located outside the EEA, including in the United States.

When transferring data internationally, we rely on:

• Standard Contractual Clauses (SCCs)
  
  

• Adequacy decisions
  
  

• The EU–US Data Privacy Framework for certified providers
  
  

• Additional contractual and organizational safeguards
  
  

Transfers comply with GDPR requirements.

 

---

 

10. Data Retention

We retain your personal data only as long as necessary:

• Order records: 7–10 years (legal obligation)
  
  

• Customer accounts: until deleted or after 3 years of inactivity
  
  

• Marketing data: until consent is withdrawn
  
  

• Cookie data: based on cookie expiration or until preferences are changed
  
  

• Customer support communications: approximately 3 years
  
  

When data is no longer required, it is deleted or anonymized.

 

---

 

11. Your GDPR Rights

You have the right to:

• Access your personal data
  
  

• Request correction of inaccurate data
  
  

• Request deletion of your data (“right to be forgotten”)
  
  

• Restrict processing
  
  

• Object to processing based on legitimate interests
  
  

• Withdraw consent at any time
  
  

• Request data portability
  
  

• Not be subject to automated decision-making
  
  

• Submit a complaint to a Data Protection Authority
  
  

For the Netherlands: Autoriteit Persoonsgegevens
https://autoriteitpersoonsgegevens.nl/

You may exercise your rights by contacting: EUCustomer-Info@isp-beauty.com

 

---

 

12. Security

We implement technical and organisational measures such as encryption, secure hosting, access restrictions, and monitoring. However, no system can guarantee absolute security.

 

---

 

13. Children’s Privacy

We do not knowingly collect data from individuals under 16 years of age.
If you believe a minor has provided data, please contact us so we can delete it.

 

---

 

14. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices or content. Please refer to their own privacy policies.

 

---

 

15. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date.

 

Last updated: October, 2025