Free shipping in the UK with orders over £60
Shopping Cart

Privacy Policy



1. About this Privacy Policy

1.1  Welcome to IPSUM Skin. The IPSUM Skin website (the ‘​Site’​​) is located at <> and is operated by IPSUM Skin Pty Ltd (ACN 628 603 814) (‘​IPSUM Skin​​’).


1.2  IPSUM Skin is a supplier of COSMOS-certified face and body oils. IPSUM Skin also supplies other skin care products which are non-COSMOS certified, wholly natural and comprised of organic ingredients.


1.3  COSMOS-certified products are produced to the highest standards for organic and natural cosmetics.


1.4  We are committed to maintaining the security of the personal information (‘​Personal Information​​’) that we process and to providing a compliant approach to data protection.


1.5  Please read this Privacy Policy carefully as it explains how IPSUM Skin collects, stores and uses your Personal Information or Personal Data in accordance with the applicable Privacy Laws.


1.6  By using our Site, you consent to the collection, processing, and management of Personal Information or Personal Data as described in this Privacy Policy.


1.7  For the purposes of this Privacy Policy, any reference to “IPSUM Skin”, “we”, “our”, or “us” means IPSUM Skin Pty Ltd (ACN 628 603 814) and any reference to “you” or “your” means a user of our Site.


2. Definitions

2.1 “Controller”, “Personal Data”​​, and ​“Processor” ​​have the same meaning as in the

EU General Data Protection Regulation (GDPR).


2.2 “European Union’s Standard Contractual Clauses” ​​means standard contractual clauses regulating the transfer of Personal Data to third countries that have been adopted by the EU Commission.


2.3  “GDPR” ​​means the EU General Data Protection Regulation 2016/679.


2.4  “NDB”​​ means the ​Privacy Amendments (Notifiable Data Breaches) Act 2017​ (Cth).

2.5 “Personal Information” ​​means information about an individual whose identity is apparent or can reasonably be ascertained from that information.

2.6 “Privacy Laws” means the ​Privacy Act 1988 (Cth), ​Privacy Amendment (Notifiable DataBreaches) Act2017 (Cth), and the E​ General Data Protection Regulation​.


2.7 “Privacy Shield Certified” ​​means the certification mechanism that complies with the GDPR requirements for the transfer of Personal Data from the European Economic Area (EEA) to the United States.

2.8 “Services” ​​means the products and services offered by IPSUM Skin on our Site. (g)
2.9 “Site” ​​means the IPSUM Skin website located at <>.


3. Purpose of this Privacy Policy

3.1 This Privacy Policy details how we safeguard your Personal Information and our privacy obligations to you in compliance with the Privacy Laws. It will give you an understanding of:


(a)  the types of Personal Information IPSUM Skin collect and holds;


(b)  how and when IPSUM Skin collects, discloses, uses, stores and otherwise  handles Personal Information;


(c)  the purposes for which IPSUM Skin collects, holds, uses and discloses Personal Information;


(d)  how you may access your Personal Information, and seek correction of your Personal Information;


(e)  how we store your Personal Information and keep it secure;


(f)  how you can make a complaint, and how IPSUM Skin will deal with any such complaint.


4. The types of Personal Information we collect

4.1  We collect Personal Information that you provide to use when we provide you with our Services. This may include Personal Information such as your:

(a)  name;


(b)  business or company name;


(c)  billing and shipping address;


(d)  phone number;


(e)  email address;


(f)  date of birth; and


(g)  payment details such as your credit or debit card details.


4.2  We collect Personal Information from you, including but not limited to, when you provide us with feedback, when you provide us with data about your purchase preferences, a password when you register with us, when you change your email preferences, when you respond to our surveys or offers, when you communicate with our customer support, and any other types of Personal Information you provide to us while interacting with us through your use of our Site.


4.3  We do not knowingly collect any Personal Information from you that is considered a “Special Category” under the GDPR such as ​Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.


4.4  We do not knowingly collect or process Personal Information of persons 13 years or younger. If you are under the age of 16, we request that you obtain and provide parental consent as required by the Privacy Laws.


5. Marketing and Advertising Communications

5.1  We collect your Personal Information including your email address for the primary purpose of providing our Services to you and also for secondary purposes relating to marketing and advertising communications, in circumstances where you would reasonably expect such use or disclosure.


5.2  We process Personal Information about your preferences in receiving advertising and marketing data from us and third parties. This marketing data may include your browsing and purchase history.


5.3  Where we collect your Personal Information for marketing and personalisation services, we use this marketing data to:


(a)  deliver relevant Site content and advertisements to you;


(b)  market our Services to you and from which you can unsubscribe from at any time;


(c) customise your experience of the Site according to your browsing preferences and user history.


5.4  You can ask us to stop sending you marketing messages by contacting us or following the opt-out links of any marketing messages sent to you.


5.5  We will obtain your express consent before we share your Personal Information with any third party for their own marketing purposes.

6. How we collect Personal Information

6.1  We collect Personal Information from you in a variety of ways, including when you interact with us electronically or in person, when you access our Site and when we provide our Services to you.


6.2  Personal Information may be provided by you directly or may be sent to us automatically when you visit our Site.


6.3  We may also receive Personal Information from third parties. If we do, we will protect that Personal Information in accordance with this Privacy Policy.

7. How we use your Personal Information

7.1 We use your Personal Information and you consent to us using your Personal Information to:

(a)  provide you with our Site and Services;


(b)  administer our business activities and internal record keeping;


(c)  process transactions involving our business and through our Site where you have purchased our Services;


(d) manage, research and develop our Services including through data analytics;


(e)  provide you with information about our Site and Services;


(f)  communicate with you by a variety of measures including, but not limited to, by telephone, email, SMS or mail;


(g)  meet legal, regulatory and compliance obligations; and


(h)  investigate any complaints.


7.2 If you choose to withhold your Personal Information, it may not be possible for us to provide you with our Services or for you to access certain parts of our Site or for us to respond to your query.

8. Disclosing your Personal Information to third-parties

8.1  We will only disclose your Personal Information to third-parties for the purposes described in this Privacy Policy.


8.2  We may disclose your Personal Information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this Privacy Policy or otherwise to government bodies that require us to report data processing activities.


8.3  We may share your Personal Information with third-party service providers to help us provide our Services and to provide you with a payment platform.


8.4  When we disclose your Personal Information to third parties, we do so on the basis that it is treated with confidence, and only is used for the limited purpose of providing support for our Services and in a manner consistent with this Privacy Policy.


8.5  If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our databases, together with any Personal Information and non-Personal Information contained in those databases.


9. Legal basis in the European Union (EU) for the collection and processing of your Personal Data

9.1  The legal basis for collecting and processing your Personal Data will depend on how your Personal Data is being used and how it was collected.


9.2  When you engage our Services, we process Personal Data on your behalf as a data Controller.


9.3  The legal basis for which we collect and process your Personal Data is based on the following:


(a) Contractual basis​​. This legal basis applies to the collection or processing of Personal Data in order to fulfil or perform a contract with you, or to which you are a party.


(b)  Consensual basis​​. This applies where you have provided your consent to the collection or processing of Personal Data for a specific purpose (for example, to provide you with marketing updates). You can withdraw your consent at any time by updating your email preferences, opting-out, or by contacting us directly.


(c)  Legitimate interests​​. This applies where we have a legitimate interest to collect or process your Personal Data. For example, it may be to respond to an enquiry about our Services, or to improve our Services.


(d)  Legal obligations​​. This applies where it is necessary to disclose your Personal Data to comply with a legal obligation.


9.4  Unless otherwise required by contractual obligation or any other legal basis, we only store your Personal Data while it remains necessary to fulfil the purpose for which it was collected, or if the purpose of the processing could not reasonably be fulfilled by other means. Periods of data retention will apply differently for each specific category of data.


9.5  When we use third-parties to process your Personal Data on our behalf, we ensure that the such Personal Data is pursuant to our documented instructions and in accordance with the legal basis for the processing.


9.6  We only employ third-party data processors that are compliant with the GDPR requirements and that have sufficient security measures in place to protect and safeguard your data.


10. International Data Transfers

10.1  As part of our obligations under the GDPR, we only transfer the data of individuals residing in the EU to countries outside of the EU with adequate privacy data laws or to a third party where we have approved transfer mechanisms in place to protect your Personal Data by entering into the European Commission’s Standard Contractual Clauses for data protection for data that is transferred internationally or ensuring the entity is Privacy Shield Certified for data transfer to third parties based in the United States.


10.2  If the above safeguards do not apply, we will request your explicit consent to any transfers and you will have the right to withdraw this consent at any time.


11. How we secure your Personal Information and Data Breach

11.1  We are committed to ensuring that the Personal Information you provide to us is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data and to protect this data from misuse, interference, loss and unauthorised access, modification and disclosure.


11.2  A reportable “Data Breach” is a security incident where the integrity of Personal Information or Personal Data is compromised through being destroyed, lost, altered, corrupted, disclosed or accessed by an unauthorised person where it is likely to result in serious harm to any individual affected.


11.3  We have procedures and systems in place including a data breach incident response plan, specific data breach policies and procedures and personnel to deal with an actual or suspected “Data Breach” and will notify you and the applicable regulator in accordance with our obligations under the applicable Privacy Laws.


11.4  Please report any actual or suspected data breaches for investigation to IPSUM Skin by using the ​Contact Us​​ ​section provided on our Site.


12. Data Access Request under the GDPR (Right of Access and Correction)

12.1  If you are an individual residing in the EU, you have certain rights as to how your Personal Data is being controlled and used.


12.2  We comply with your rights under the GDPR (subject to the grounds set out in the GDPR and applicable law) that permit you:

(a)  to be informed as to how your Personal Data is being used;


(b)  to access your Personal Data and to know specifically what information is held about you and how it is processed, where and for what purpose (we will provide you a copy of your Personal Data in electronic format free of charge if requested);


(c)  to rectify your Personal Data if it is inaccurate or incomplete;


(d)  to erase your Personal Data (also known as 'the right to be forgotten') if you wish  to delete or remove your Personal Data;

(e)  to restrict processing of your Personal Data;


(f)  to retain and reuse your Personal Data for your own purposes (“Personal Data portability”);


(g)  to object to your Personal Data being used; and


(h)  to object against automated decision making and profiling.


12.3  You can contact us any time to exercise your rights under the GDPR including as to:

(a)  request access to Personal Data that we hold about you (“Data Access Request”);


(b)  to correct any Personal Data that we hold about you;


(c)  delete Personal Data that we hold about you; or


(d)  opt out of emails, marketing, and any other notifications that you receive from us.


12.4  We may ask you to verify your identity before acting on any of your requests. All Data Access Requests will be processed within one (1) month and will be provided in a digital format free of charge.


12.5  If you have any questions about how we collect and store data, please contact us using the contact details provided below.

13. Cookies

13.1  We use cookies on our Site. Cookies are small files that are stored on your computer or mobile device when you visit our Site to keep track of your actions and preferences.


13.2  The types of cookies that we may use are:

(a)  Functionality cookies.​ These are cookies which are essential for us to enable you to use our Site effectively. An example of this would be when you make a purchase on our Site or when you log into your account on our Site.


(b)  Analytics cookies​. We use these cookies to measure and analyse how customers use our Site. These cookies help us to monitor and improve the performance of our Site including through the use of data analytics for the number of visits to our Site and traffic sources.


(c)  Customer preference cookies.​ These cookies allow our Site to record your choices and provide you with enhanced features such as news and updates relevant to your preferences.


13.3  We use cookies and similar technologies:

(a)  to bring you relevant content and improve user experience;


(b)  to collect information such as your IP address and browser type, device information, and language;


(c)  to analyse data about webpage traffic;


(d)  for advertising and marketing purposes; and


(e)  to perform data analytics and improve our Site.


13.4  You can configure your Internet browser to accept all cookies, reject all cookies or notify you when a cookie is set​. If you disable cookies from being stored in your computer or on your device, you may not be able to use the full functionality of the Site.


14. Third-Party Analytics Tools and Third-Party Remarketing Tools

14.1  We use technologies and third-party services that may use Google Analytics, pixels, tags and web beacons (code snippets) on our Site to customise content and advertising, to provide social media features and to analyse traffic to our Site, including about how you use and interact with our Site.


14.2  We may also share information about your use of the Site with our trusted social media, advertising and analytics partners.


14.3  AnalyticsTools.​Weusethird-partyanalyticstoolsto:

(a)  analyse usage trends on the Site including the tracking and reporting of website traffic, ad conversion tracking, traffic analysis and marketing optimisation;


(b)  collect this data in aggregate form so that it cannot identify any individual user.


14.4  Third-party analytics tools collect non-Personal Information such as how often you visit our Site, the web pages you visit, add-ons, and other analytics data that assists us in improving our products and services.


14.5  Remarketing Tools. W​ e use third-party remarketing tools to position targeted ads to visitors that have already visited our Site​. We use our email database to create custom audiences on social media and online platforms such as Facebook, LinkedIn, Instagram to promote our Site and Services.


14.6  Thesethird-partyremarketingtoolsmightincludebutarenotlimitedto:

(a)  AdWords Remarketing (Google Inc.);


(b)  Facebook Custom Audience (Facebook, Inc.);


(c)  Facebook Remarketing (Facebook, Inc.).


14.7  We reserve our rights to change, modify, add or remove any third-party analytics tools and third-party remarketing tools. By using our Site, you consent to the processing of any information these tools will collect in the way and for the purposes described above.


15. Links

15.1  Our Site may provide links to other websites that may be of relevance and interest to you. Links to other websites do not constitute sponsorship or endorsement or approval of other websites.


15.2  We have no control over and are not responsible for the privacy practices or the content of any linked websites.


16. Access to and how you can control your Personal Information

16.1  You may request details of Personal Information that we hold about you in accordance with the provisions of the ​Privacy Act 1988​ (Cth).


16.2  If you would like a copy of your data or believe that your data is in accurate, out of date, incomplete, irrelevant, please ​Contact us​​ ​​using the contact details provided below.


17. Complaints About Privacy

17.1  Please contact us using the contact details below if you have any questions or concerns about our collection, use or disclosure of Personal Information. We will aim to resolve your complaint within 30 days.


17.2  If you remain dissatisfied, you may refer your complaint in writing to the Office of the Australian Information Commissioner.

18. Changes to this Privacy Policy

We may need to update this Privacy Policy from time to time to accurately reflect our own data collection and processing practices or any changes to Privacy Laws. Amendments to this Privacy Policy are effective when they are posted on our Site.


19. Our contact details

You can contact us:

(a) using the support section provided on our website located at <>;


(b) by email at


Privacy Policy last updated 1 October 2018.