Introduction

At Elyria Skincare, transparency isn’t just about ingredients — it extends to how we handle your personal information.

This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have. We believe you deserve to understand exactly how your information is treated.

If you have any questions after reading this policy, please contact us at elyriaskincare@gmail.com or WhatsApp: +92 331 6056888. We’re here to help.

1. WHO WE ARE

Company Name: Elyria Skincare
Business Type: E-commerce Skincare Brand
Location: Pakistan
Website: www.elyriaskincare.com
Contact Email: elyriaskincare@gmail.com
Contact Phone/WhatsApp: +92 331 6056888

Data Controller: Elyria Skincare is the data controller responsible for your personal information collected through our website, mobile applications, social media, and other channels.

2. WHAT INFORMATION WE COLLECT

We collect information you provide directly to us and information collected automatically when you use our services.

2.1 Information You Provide to Us:

Account Information:

• Full Name
• Email Address
• Phone Number
• Shipping Address
• Billing Address
• Password (encrypted)

Order Information:

• Products purchased
• Order amount
• Payment method (not card details — see Section 2.3)
• Delivery preferences
• Order history

Communication Information:

• Messages sent via contact forms
• WhatsApp conversations
• Email correspondence
• Customer service inquiries
• Product reviews and ratings
• Survey responses

Marketing Preferences:

• Newsletter subscription status
• Communication preferences
• Product interests

Optional Information:

• Date of birth (for birthday offers)
• Skin type and concerns (for product recommendations)
• Gender (optional)
• Referral source (“How did you hear about us?”)

2.2 Information Collected Automatically:

Device and Browser Information:

• IP address
• Browser type and version
• Device type (mobile, desktop, tablet)
• Operating system
• Screen resolution
• Referring website

Usage Data:

• Pages visited
• Products viewed
• Time spent on site
• Click behavior
• Search queries on our website
• Shopping cart activity (including abandoned carts)

Location Data:

• General location based on IP address (city/region level)
• Precise location (only if you grant permission for delivery estimation)

Cookies and Tracking Technologies:

• Session cookies (essential for shopping cart)
• Analytics cookies (Google Analytics)
• Marketing cookies (Facebook Pixel, if applicable)
• Preference cookies (language, currency)

2.3 Payment Information:

We do not store your complete credit/debit card information on our servers.

For Online Payments:

• Payment processing is handled by secure third-party payment gateways
• They collect: card number, expiry date, CVV, cardholder name
• We only receive: transaction confirmation, last 4 digits of card, transaction ID

For Cash on Delivery:

• No payment information is collected in advance
• Cash handling at delivery is between you and the courier

Payment Gateways We Use:

• [Your payment gateway names, e.g., JazzCash, EasyPaisa, Stripe, etc.]
• Each has their own Privacy Policy (links provided at checkout)

3. HOW WE USE YOUR INFORMATION

We use your personal information for the following purposes:

3.1 Order Processing and Fulfillment:

• Process and complete your orders
• Arrange shipping and delivery
• Send order confirmations and updates
• Handle returns and exchanges
• Process refunds
• Manage customer accounts

3.2 Customer Service:

• Respond to your inquiries and support requests
• Provide product information and recommendations
• Resolve complaints and disputes
• Follow up on incomplete orders or abandoned carts

3.3 Marketing and Communications:

• Send promotional emails (only if you’ve subscribed)
• Share new product launches and offers
• Send personalized product recommendations
• Conduct surveys and gather feedback
• Birthday wishes and special occasion offers (if you’ve provided your birth date)

You can opt out of marketing emails at any time by clicking “Unsubscribe” at the bottom of any email or contacting us.

3.4 Website Improvement and Analytics:

• Analyze website usage patterns
• Improve website functionality and user experience
• Test new features
• Troubleshoot technical issues
• Monitor website performance

3.5 Fraud Prevention and Security:

• Detect and prevent fraudulent transactions
• Verify customer identity
• Protect against unauthorized access
• Secure our systems and data
• Comply with legal obligations

3.6 Legal Compliance:

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Enforce our Terms and Conditions
• Protect our rights and property

4. LEGAL BASIS FOR PROCESSING (GDPR-Style Compliance)

We process your personal data based on the following legal grounds:

Contract Performance:

• Processing orders and delivering products (necessary to fulfill our contract with you)

Legitimate Interests:

• Improving our website and services
• Fraud prevention and security
• Marketing to existing customers (where permitted)
• Business analytics

Consent:

• Marketing emails (you can withdraw consent anytime)
• Non-essential cookies (you can manage via cookie settings)
• Optional data like birth date and skin concerns

Legal Obligation:

• Tax and accounting records
• Responding to legal requests
• Compliance with consumer protection laws

5. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information to third parties. We share your information only in the following circumstances:

5.1 Service Providers:

We share data with trusted third-party service providers who help us operate our business:

Courier and Delivery Services:

• TCS, Leopards, Trax, PostEx (or other courier partners)
• Shared Data: Name, phone number, delivery address, order details
• Purpose: Product delivery and shipment tracking

Payment Processors:

• [Your payment gateway names]
• Shared Data: Transaction amount, payment method, billing information
• Purpose: Processing payments securely

Email Service Providers:

• MailChimp, ConvertKit, or similar platforms
• Shared Data: Email address, name, purchase history
• Purpose: Sending order confirmations, newsletters, promotional emails

Analytics Providers:

• Google Analytics
• Shared Data: Device information, usage data, anonymized behavior
• Purpose: Website analytics and improvement

Social Media Platforms:

• Facebook, Instagram, TikTok (for ads and analytics)
• Shared Data: Email address (hashed), website activity
• Purpose: Targeted advertising and campaign measurement

Customer Support Tools:

• WhatsApp Business, Help desk software
• Shared Data: Contact information, conversation history
• Purpose: Customer service and support

All service providers are contractually obligated to:

• Protect your data
• Use it only for the specified purpose
• Not share it with others
• Delete or return it when no longer needed

5.2 Business Transfers:

If Elyria Skincare is acquired by or merged with another company, your personal information may be transferred to the new owner as part of the business assets. We will notify you via email and/or website notice before your information is transferred.

5.3 Legal Requirements:

We may disclose your information if required by law or in response to:

• Court orders or legal processes
• Government or regulatory requests
• Law enforcement investigations
• Protection of our legal rights or property
• Emergency situations involving safety or security

5.4 With Your Consent:

We may share your information with other parties if you give us explicit permission (e.g., sharing your review with your name on our website or social media).

6. COOKIES AND TRACKING TECHNOLOGIES

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us remember your preferences and improve your experience.

Types of Cookies We Use:

Essential Cookies (Always Active):

• Shopping cart functionality
• Login session management
• Security features
• Cannot be disabled (required for website to function)

Analytics Cookies (Optional):

• Google Analytics (website traffic and behavior)
• Helps us understand how visitors use our site
• Can be disabled via cookie settings

Marketing Cookies (Optional):

• Facebook Pixel, Google Ads (if applicable)
• Remarketing and targeted advertising
• Can be disabled via cookie settings or ad blockers

Preference Cookies (Optional):

• Language and currency preferences
• Display settings
• Can be disabled but may affect user experience

Managing Cookies:

Browser Settings: You can control cookies through your browser settings:

• Google Chrome: Settings → Privacy → Cookies
• Safari: Preferences → Privacy → Cookies
• Firefox: Options → Privacy → Cookies

Cookie Consent: On your first visit, you’ll see a cookie consent banner. You can:

• Accept all cookies
• Reject non-essential cookies
• Customize your preferences

Third-Party Tools:

• Google Analytics Opt-out: [Link]
• Facebook Ad Preferences: [Link]

7. DATA SECURITY

We take data security seriously and implement industry-standard measures to protect your information:

Technical Safeguards:

• SSL/TLS encryption for data transmission (HTTPS)
• Encrypted database storage
• Secure payment gateways (PCI-DSS compliant)
• Regular security audits and updates
• Firewall protection
• Access controls and authentication

Organizational Safeguards:

• Limited employee access (need-to-know basis)
• Confidentiality agreements with staff and partners
• Regular security training
• Incident response procedures

What We Don’t Store:

• Full credit/debit card numbers (only last 4 digits)
• Card CVV codes
• Unencrypted passwords

However, please note: No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for keeping your account password confidential.

8. DATA RETENTION

We retain your personal information only as long as necessary for the purposes outlined in this policy or as required by law.

Retention Periods:

Account Information:

• Active accounts: Retained while account is active
• Inactive accounts: Deleted after 3 years of inactivity (with prior notice)

Order Information:

• Retained for 5 years (for accounting, tax, and legal compliance)
• Transaction records: 7 years (as per financial regulations)

Marketing Data:

• Retained until you unsubscribe or request deletion
• Unsubscribed contacts: Retained in suppression list (to prevent re-subscription)

Website Analytics:

• Google Analytics: 26 months (default setting)
• Internal analytics: 2 years

Customer Service Records:

• Chat/email history: 3 years
• Complaint records: 5 years

After Retention Period:

• Data is securely deleted or anonymized
• Some aggregated, anonymized data may be kept for statistical purposes

9. YOUR RIGHTS

You have the following rights regarding your personal information:

9.1 Right to Access:

You can request a copy of all personal data we hold about you.

How to request:

• Email: elyriaskincare@gmail.com with subject “Data Access Request”
• Include: Full name, email address, phone number (for verification)
• We’ll respond within 30 days with a downloadable file

9.2 Right to Rectification:

You can update or correct inaccurate information.

How to update:

• Log into your account and edit your profile
• Contact us at elyriaskincare@gmail.com

9.3 Right to Erasure (“Right to be Forgotten”):

You can request deletion of your personal data.

Limitations:

• We may retain data required for legal compliance (e.g., tax records)
• Order history for 5 years (legal requirement)
• Data in backups (deleted during next backup cycle)

How to request:

• Email: elyriaskincare@gmail.com with subject “Delete My Data”
• We’ll confirm deletion within 30 days

9.4 Right to Restriction:

You can request that we stop processing your data in certain circumstances.

9.5 Right to Data Portability:

You can request a copy of your data in a machine-readable format (CSV/JSON).

9.6 Right to Object:

You can object to:

• Marketing communications (unsubscribe anytime)
• Automated decision-making
• Processing based on legitimate interests

9.7 Right to Withdraw Consent:

If we process data based on consent, you can withdraw it anytime (doesn’t affect past processing).

To Exercise Your Rights:

• Email: elyriaskincare@gmail.com
• WhatsApp: +92 331 6056888
• Subject: “Privacy Rights Request – [Your Name]”
• Include: Nature of request, account email, phone number (for verification)
• Response time: Within 30 days

10. CHILDREN’S PRIVACY

Elyria Skincare’s products and services are intended for adults aged 18 and above.

We do not knowingly collect personal information from children under 18.

If you are under 18:

• Please do not create an account or make purchases
• Do not submit any personal information
• Ask a parent or guardian to make purchases on your behalf

If we discover that we’ve collected information from a child under 18:

• We will delete it promptly
• We will not use or share the information

If you are a parent/guardian and believe your child has provided us with personal information, please contact us immediately at elyriaskincare@gmail.com and we will delete it.

11. INTERNATIONAL DATA TRANSFERS

Our Operations:

• Our servers and data storage are primarily located in Pakistan
• Some service providers may store data outside Pakistan (e.g., cloud hosting, email services)

Data Transferred to:

• Google (USA) — Analytics, Cloud Storage
• MailChimp (USA) — Email Marketing (if applicable)
• Payment Gateways — May process internationally

Protection Measures:

• Service providers comply with international data protection standards
• Contractual agreements require data protection
• Encryption during transmission

Your Rights: If your data is transferred internationally, you retain all the rights outlined in Section 9.

12. THIRD-PARTY LINKS

Our website may contain links to third-party websites, including:

• Social media platforms (Facebook, Instagram, TikTok)
• Payment gateways
• Courier tracking sites
• Partner websites

Please note:

• These third parties have their own privacy policies
• We are not responsible for their privacy practices
• We encourage you to read their policies before providing information

13. MARKETING COMMUNICATIONS

What You’ll Receive (if subscribed):

• New product launches
• Special offers and discounts
• Skincare tips and educational content
• Order updates (always sent, even if unsubscribed from marketing)

How We Personalize:

• Based on your purchase history
• Based on products you’ve viewed
• Based on your skin type/concerns (if provided)

How to Opt-Out:

• Click “Unsubscribe” at the bottom of any email
• Email us: elyriaskincare@gmail.com
• Update preferences in your account settings
• WhatsApp: Send “STOP” to +92 331 6056888

Note: Even if you unsubscribe from marketing emails, we will still send:

• Order confirmations
• Shipping notifications
• Account-related messages
• Customer service responses

14. AUTOMATED DECISION-MAKING

We may use automated systems for:

Product Recommendations:

• Based on browsing history and past purchases
• You can ignore recommendations; they don’t affect your access to products

Fraud Detection:

• Automated screening for suspicious transactions
• May result in order holds for verification
• You can contact us to resolve any issues

Pricing:

• Prices are set by us, not automated algorithms
• No dynamic pricing based on your profile

You have the right to:

• Request human review of automated decisions
• Contest decisions
• Express your point of view

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices
• New legal requirements
• New features or services
• Customer feedback

When we make changes:

• We’ll update the “Last Updated” date at the top
• For significant changes, we’ll notify you via:
  • Email to your registered address
  • Prominent notice on our website
  • Banner notification when you log in

Your continued use of our services after changes means you accept the updated policy.

We encourage you to review this policy periodically.

16. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information:

Email: elyriaskincare@gmail.com
WhatsApp: +92 331 6056888
Phone: +92 331 6056888
Address: [Your business address, if you have one]

Response Time: We aim to respond within 48 hours (business days).

For Data Protection Inquiries: Please use subject line: “Privacy Inquiry – [Your Name]”

For Rights Requests: Please use subject line: “Privacy Rights Request – [Type of Request]”

17. PAKISTAN-SPECIFIC INFORMATION

Data Protection Law in Pakistan:

• Pakistan does not currently have comprehensive data protection legislation similar to GDPR
• We voluntarily comply with international best practices
• We follow principles outlined in the Prevention of Electronic Crimes Act (PECA) 2016
• We comply with all applicable Pakistani laws regarding consumer rights and data handling

Local Authorities:

• Pakistan Telecommunication Authority (PTA)
• Federal Investigation Agency (FIA) Cybercrime Wing

Your Rights Under Pakistani Law:

• Right to file complaints with FIA Cybercrime for data misuse
• Consumer protection under relevant Pakistani consumer laws
• Right to legal recourse through Pakistani courts

18. GLOSSARY

Personal Information: Information that identifies you as an individual (name, email, phone, address).

Data Controller: The entity (Elyria Skincare) that determines how and why personal data is processed.

Data Processor: Third parties (like couriers, email providers) who process data on our behalf.

Cookies: Small text files stored on your device by websites.

IP Address: A unique numerical identifier assigned to your internet connection.

SSL/TLS: Security protocols that encrypt data transmitted between your browser and our website.

PCI-DSS: Payment Card Industry Data Security Standard — security standards for handling card payments.

GDPR: General Data Protection Regulation — European data protection law (we follow similar principles).

Anonymization: Removing identifying information from data so individuals cannot be identified.

📋 QUICK SUMMARY (Not Legally Binding — Full Policy Above Applies)

What we collect:

• Name, email, phone, address (when you order)
• Payment info (processed securely, not stored by us)
• Website usage data (to improve experience)

Why we collect it:

• Process and deliver your orders
• Communicate with you
• Improve our website
• Send marketing (only if you subscribe)

Who we share with:

• Couriers (to deliver orders)
• Payment processors (to process payments)
• Email service (to send updates)
• Analytics (to improve website)

Your rights:

• Access your data
• Correct inaccuracies
• Delete your account
• Opt-out of marketing
• Export your data

Contact us: elyriaskincare@gmail.com | +92 331 6056888

✅ ACKNOWLEDGMENT

By using Elyria Skincare’s website, products, or services, you acknowledge that you have read, understood, and agree to this Privacy Policy.

If you do not agree with this policy, please do not use our services.

Last Updated: May 11, 2026
Version: 1.0
Effective Date: May 11, 2026

🤍 OUR COMMITMENT

At Elyria, transparency isn’t optional — it’s foundational.

Just as we disclose every ingredient in our products, we’re transparent about how we handle your data.

Your trust matters. Your privacy matters.

If you ever have concerns, we’re here to listen and help.

— Team Elyria
Science That Feels Like Paradise. 🤍