top of page
photo-1516975080664-ed2fc6a32937.avif

Privacy Policy

Last updated: 24-12-2025

Privacy Policy (core.and.more.essentials)

 

This Privacy Policy explains how core.and.more.essentials (“we”, “us”, “our”) collects, uses, shares, and protects personal data when you visit or make a purchase from our online store (the “Store”). We sell beauty essentials including skincare, haircare, and daily wellness products made with natural, effective ingredients, and we ship to customers in the United Kingdom (UK) using a dropshipping fulfilment model.

We aim to comply with the EU General Data Protection Regulation (GDPR) and applicable Dutch data protection laws. Where UK data protection laws apply (e.g., UK GDPR), we follow equivalent principles.

 

1) Data Controller and Contact Details

 

Data Controller: core.and.more.essentials
Business address: Edith Piafstraat 256, 6663 MA Lent, The Netherlands
Email: core.and.more.essentials@gmail.com

If you have questions about this policy or want to exercise your rights, contact us using the email above.

 

2) Personal Data We Collect

 

We may collect the following categories of personal data:

 

A. Identity and contact data

  • Name

  • Email address

  • Billing address and shipping address

  • Phone number (if provided)

 

B. Order and account data

  • Items purchased, order number, order history

  • Notes you add during checkout

  • Customer service messages and communications

 

C. Payment data

  • We do not store full card details ourselves.

  • Payments are processed by PayPal and/or card payment processors available through our checkout provider. These providers may collect payment identifiers and transaction details necessary to process your payment.

 

D. Technical and usage data

  • IP address, device type, browser type

  • Pages viewed, clicks, and browsing behaviour on our Store

  • Approximate location (derived from IP)

  • Cookie and similar technology identifiers

 

E. Marketing and preference data

  • Email marketing preferences

  • Consent choices for cookies/marketing (where applicable)

 

3) How We Collect Personal Data

 

We collect personal data when you:
 

  • Place an order or attempt to place an order

  • Contact us by email

  • Subscribe to updates (if offered)

  • Browse our Store (via cookies and similar technologies)

  • Interact with our customer support

 

4) Why We Use Your Data (Purposes and Legal Bases)

 

We only process personal data when we have a lawful basis under the GDPR. Depending on the situation, we rely on one or more of the following legal bases: performance of a contract, legal obligation, legitimate interests, and consent (where required). Below we explain the main purposes for which we use your data and the legal basis we rely on.

 

A. To operate our Store and provide core website functionality

 

We process technical and usage data to keep the Store running, maintain security, prevent fraud, and ensure a stable browsing and checkout experience.
Legal basis: Legitimate interests (running and securing our business and website). Where cookies are not strictly necessary, we rely on your consent (see Cookie Policy).

 

B. To process and fulfil your orders

 

We use your identity, contact, and order information to process purchases, confirm orders, arrange shipping, provide tracking (where available), and deliver your items via our fulfilment partners/suppliers.
Legal basis: Performance of a contract (we need this information to complete your purchase and deliver your order).

 

C. To provide customer support and manage returns or complaints

 

We process your contact details and communications to answer questions, resolve issues, handle complaints, and manage returns in line with our policies.
Legal basis: Performance of a contract and/or legitimate interests (providing effective customer service and improving our operations).

 

D. To process payments and prevent fraud

 

Payments are handled by third-party payment providers (e.g., PayPal and card payment processors). We process necessary transaction details and share required information with these providers to complete payments and reduce fraud risk.
Legal basis: Performance of a contract (processing payment for your order) and legitimate interests (fraud prevention). Payment providers may process certain data as independent controllers under their own privacy policies.

 

E. To comply with legal and accounting obligations

 

We may keep and process order and invoice data to meet tax, accounting, and regulatory requirements.
Legal basis: Legal obligation.

 

F. To send service-related communications

 

We send essential messages such as order confirmations, shipping updates, and changes to our terms or policies.
Legal basis: Performance of a contract and/or legitimate interests (keeping you informed about your purchase and our services).

 

G. Marketing communications (where applicable)

 

If you subscribe to marketing messages, we may send promotional emails and offers. You can unsubscribe at any time using the link in the email or by contacting us.
Legal basis: Consent (where required) and/or legitimate interests (where permitted by applicable law, for example for limited marketing to existing customers).

 

H. Analytics and improvements (where enabled)

 

We may use analytics to understand how visitors use the Store, improve performance, and optimize the customer experience.
Legal basis: Consent where required for analytics cookies and similar technologies; otherwise legitimate interests where applicable and permitted.

 

Withdrawing consent

 

Where we rely on your consent (for example for certain cookies or marketing), you can withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

 

5) Cookies and Similar Technologies

 

Our Store is built on Wix, which uses cookies and similar technologies to operate the website, provide security, remember preferences, and help us understand how visitors use the Store. Wix provides tools such as a cookie banner and recommends disclosing cookie usage in your privacy/cookie policy. 

 

Types of cookies we may use

  • Strictly necessary cookies: essential for site functionality, security, and checkout.

  • Preferences cookies: remember your settings (e.g., language or region).

  • Analytics cookies: help us understand traffic and usage.

  • Marketing cookies: used to personalize ads or measure ad performance (only if enabled and where consent is required).

 

Your choices

  • You can manage your cookie preferences via our cookie banner (if enabled) and/or through your browser settings.

  • If you disable certain cookies, parts of the Store may not function correctly.

 

6) Dropshipping, Suppliers, and Shipping Partners

 

Because we use a dropshipping model, we share only the information necessary to fulfil your order with third parties such as:

  • Suppliers/fulfilment partners (to pack and ship your order)

  • Shipping carriers (to deliver the parcel and provide tracking)

 

Typically, the shared data includes your name, shipping address, and order contents. Suppliers and carriers are required to process this data only for fulfilment purposes and to protect it appropriately.

 

7) Third-Party Service Providers (Processors)

 

We use service providers to run the Store and deliver services. These may include:

  • Wix (website hosting and Store platform): provides the website infrastructure and Store features.

  • Payment processors: PayPal and card payment processing providers connected to your checkout.

  • Email/communications providers: to send order confirmations and support replies.

  • Analytics and security providers: to understand performance and protect the Store (depending on your configuration).

 

These parties act as processors or independent controllers depending on their role, and they process personal data under their own privacy terms where applicable (for example, payment providers).

 

8) International Data Transfers

 

We are based in the Netherlands (EU/EEA). Some service providers (e.g., platform and payment providers) may process data outside the EEA, including in countries that may not offer the same level of data protection.

 

When personal data is transferred internationally, we use appropriate safeguards such as:

  • Transfers to countries with an adequacy decision (where applicable), and/or

  • Standard Contractual Clauses (SCCs) or equivalent contractual safeguards, and/or

  • Other lawful mechanisms under GDPR.

 

Because you sell to the UK, it’s also relevant that the EU has adopted adequacy decisions for the UK (and has taken steps regarding extensions/renewals of those decisions). 

 

9) Data Retention

 

We keep your data only as long as necessary for the purposes described above, including legal and accounting requirements.

 

Typical retention periods:
 

  • Order and invoice data: kept for the period required by tax/accounting laws (often up to 7 years in the Netherlands).

  • Customer support correspondence: kept as long as needed to resolve issues and maintain records (typically up to 24 months, unless legally required longer).

  • Marketing data: until you unsubscribe or withdraw consent.

  • Cookies: retained according to their function and duration (session or persistent), as described in cookie settings where available.

 

10) Your Rights Under GDPR

 

Subject to conditions and exceptions under the GDPR, you have the right to:
 

  • Access your personal data

  • Rectify inaccurate or incomplete data

  • Erase your data (“right to be forgotten”)

  • Restrict processing in certain circumstances

  • Data portability (receive certain data in a structured, commonly used format)

  • Object to processing based on legitimate interests and to direct marketing

  • Withdraw consent at any time where we rely on consent

  • Not be subject to solely automated decisions with legal or similarly significant effects (if applicable)

 

To exercise your rights, email core.and.more.essentials@gmail.com. We may ask for information to verify your identity.

 

11) Complaints to a Supervisory Authority

 

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with a supervisory authority.
 

  • Netherlands (our main supervisory authority): the Dutch Data Protection Authority, Autoriteit Persoonsgegevens (AP). 

  • United Kingdom: the Information Commissioner’s Office (ICO). 

 

We encourage you to contact us first so we can try to resolve your concern.

 

12) Security Measures

 

We use reasonable administrative, technical, and organizational measures to protect personal data against loss, misuse, unauthorized access, disclosure, alteration, or destruction. However, no method of transmission or storage is completely secure.

 

13) Children’s Privacy

 

Our Store is not intended for children, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us and we will take appropriate steps.

 

14) Changes to This Privacy Policy

 

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The “Last updated” date will be revised accordingly. If changes are material, we will take reasonable steps to notify users (e.g., via the Store).

bottom of page