Privacy Policy
Privacy Policy
Soleil Collective LLC and its affiliates and subsidiaries (“Soleil Collective”, “we”, “us”, “our”) are committed to safeguarding your privacy rights and ensuring that your personal data is protected. This Privacy Policy explains our use of your personal data when you use our websites (the “Sites”) and/or interact with us through social media or adverts and content on third party websites.
The relevant Soleil Collective entity that is responsible for your personal data will be the Soleil Collective entity that you provided your personal data to; however as we may share your personal data within our group, other Soleil Collective entities may also use your personal data in accordance with this Privacy Policy.
For further information about the Soleil Collective entities who act as controllers of your personal data, please see the Controller List section below.
Cookies / Tracking Technology / Logfiles
International Transfer of Information
Your California Privacy Rights
Changes To This Privacy Policy
Collection Of Information
We collect information from you via the Sites in several different ways including, for example, when you provide us with your information to register as a customer for our Sites, subscribe to our newsletter, receive information or mailings, buy a product or service from us, make a comment or enquiry or contact our Customer Services Team.
Site Visitors:
When you visit one of our Sites, we collect various types of information, such as browser type, IP address, date and time of visit, average time spent on the Site, cookie ID, hyperlinks that you have clicked, and websites you visited before arriving at our Site. We also collect information such as, your name and email address when you contact our Customer Services Team. We may let third parties place tracking technology on our websites (e.g., a cookie or a pixel). The third party might also collect data over time and across other websites. Among other things, they may use this data to serve ads tailored to your interests, which may include ads about our products or services.
Guest Checkout:
When you place an order for goods via one of our Sites as a guest, we collect your name, contact details, order details, and tokenized payment details.
Account Holders:
When you open an account with us and place an order for goods via one of our Sites as an account holder, we collect your name, contact details, passwords, transactional history, and tokenized payment details.
You may also provide us with personal data in other ways, such as if you communicate with us through social media or participate in our promotions.
Vendor Information:
When you interact with us as a vendor, we collect your name and contact information as well as the name and contact information for our vendors’ businesses and their employees with whom we may interact.
Use of Information
Depending on how you interact with the Sites (i.e., depending on the services, products or functionalities you choose to use), we will process your personal data for the following purposes:
When you visit our Site:
Purpose
To provide support and to respond to your requests and enquiries
Legal Basis
We have a legitimate interest to respond to your requests and enquiries for ongoing business administration
Purpose
To personalize your visit to our Sites and to assist you while you use the Sites.
To improve the Sites by helping us understand who uses the Sites
Legal Basis
We have a legitimate interest to properly manage and administer our relationship with you and to ensure that we are effective and efficient as we can be
Purpose
For fraud prevention and detection and to comply with applicable laws, regulations or codes of practice
Legal Basis
To comply with our legal or regulatory obligations
Purpose
To contact you to tell you about products and services offered by us as well as other promotions and competitions, which we believe may interest you unless you advise us that you do not wish to receive marketing or market research communications from us
Legal Basis
If applicable law requires that we receive your consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your consent.
If you wish to stop receiving marketing or market research communications from us you can unsubscribe via the link at the bottom of the relevant marketing e-mail or contact us using the contact details below.
We have a legitimate interest to carry out direct marketing
Purpose
For tailored advertising on third party sites either because of the website you are viewing, or based on your interests which we have inferred from your information.
Legal Basis
With your consent, if required by applicable law.
If you no longer wish to see tailored advertising, you can amend your cookie preferences (see section: COOKIES / TRACKING TECHNOLOGY / LOGFILES).
When you open an account with us and/or purchase goods online:
Purpose
To provide goods or services to you
To manage and maintain our relationships with you and for ongoing customer service
To enforce or defend our rights, ourselves or through third parties to whom we delegate such responsibilities
Legal Basis
To manage and perform our contract with you
We have a legitimate interest to properly manage and administer our relationship with you and to ensure that we are effective and efficient as we can be
Purpose
To share data with police, law enforcement, tax authorities or other government and fraud prevention agencies where we have a legal obligation, including screening transactions, reporting suspicious activity and complying with production and court orders
To report tax related information to tax authorities
To investigate and resolve complaints and manage regulatory matters, investigations and litigation
To monitor electronic communications for investigation and fraud prevention purposes, crime detection, prevention and investigation
To comply with any of our applicable legal, or regulatory obligations. For example, if you are a business customer we need to process your information to verify your identity and undertake necessary due diligence checks.
Legal Basis
To comply with our legal or regulatory obligations
Purpose
The day to day running and management of the business including to:
- monitor, maintain and improve the processes, information and data, technology and communications solutions and services we use;
- perform general, financial and regulatory accounting and reporting;
- compile or aggregate personal data in certain data analyses, or reports;
- monitor and record calls for quality, business analysis, training and related purposes in order to pursue our legitimate interests to improve our service delivery;
- protect our legal rights and interests; or
- share such personal data with third parties that acquire or are interested in acquiring all or part of our assets or shares, or that succeeds us in carrying on our business;
Legal Basis
We have a legitimate interest to manage our business including for legal, personnel, administrative and management purposes and for the prevention and detection of crime provided our interests are not overridden by your interests
To comply with our legal or regulatory obligations
When interact with us as a vendor:
Purpose
To run the day to day operations of our business, purchase goods, and provide services.
Legal Basis
We have a legitimate interest in contacting our vendors and communicating with them about business activities such as projects, services, and billing.
Your Right to Object - If you are located in the European Economic Area (“EEA”) or the UK and/or you are a customer of Soleil Collective (UK) Limited or Soleil Collective (Ireland) Limited, you have a right to object to the processing of your personal information where that processing is carried out for our legitimate interest or for direct marketing purposes.
Where we require your personal data to comply with legal requirements, failure to provide this information means we may not be able to accept you as a customer and/or may be unable to process your purchases. We will tell you when we ask for your information whether it is a statutory or contractual requirement to give us the information and the consequences of not providing the information.
If you are in Canada, our lawful basis for processing your data is generally consent.
Cookies / Tracking Technology / Logfiles
Like many websites, the Site employs cookies and web beacons (also known as clear GIF technology or “action tags”) to speed up your navigation of the Site, recognize you and your access privileges, and track your Site usage.
Cookies are small pieces of information that are stored as text files by your Internet browser on your computer’s hard drive. Most Internet browsers are initially set to accept cookies. You can set your browser to refuse cookies from web sites or to remove cookies from your hard drive, but if you do, you will not be able to access or use portions of the Site. We have to use cookies to enable you to select products, place them in an online shopping cart, and to purchase those products. If you do this, we keep a record of your browsing activity and purchases. THE SITE’S COOKIES DO NOT AND CANNOT INFILTRATE A USER’S HARD DRIVE TO GATHER A USER’S CONFIDENTIAL INFORMATION. Our cookies are not “spyware.”
Web beacons assist in delivering cookies and help us determine whether a web page on the Site has been viewed and, if so, how many times. For example, any electronic image on the Site, such as an ad banner, can function as a web beacon.
We may use third-party advertising companies to help tailor site content to users or to serve ads on our behalf. These companies may employ cookies and web beacons to measure advertising effectiveness (such as the web pages visited or products purchased and in what amount). Any information that these third parties collect via cookies and web beacons is not linked to any personal data collected by us.
As an example, Facebook collects certain information via cookies and web beacons to determine which web pages are visited or what products are purchased. Please note that any information collected by Facebook via cookies and web beacons is not linked to any customer's personal data collected by us.
Sharing Of Information
We may share your personal data within the Soleil Collective to allow us to provide our goods and services to you and to market products sold by other Soleil Collective entities, including to the entities on the Controller List.
We may use trusted third parties to provide us with services (e.g., technical support for the Sites, fulfilment of your order, payment processing, marketing, data analyses firms, web-hosting companies, and support services) who may have access to your personal data. All service providers are permitted to use data only for the purpose of performing services on our behalf.
We may share your personal data with competent authorities, courts and bodies in response to a court order, summons or subpoena, regulatory requests, or as permitted or required by law when we reasonably believe it is necessary or appropriate to investigate, prevent or take action against illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person.
We may share your Personal Information with our internal departments who have a business purpose for accessing the data (which will depend on the purpose for which you provided your information).
We may also disclose your personal data to any third party that acquires, or is interested in acquiring, all or part of our assets or shares, or that succeeds us in carrying on all or part of our business.
We may share your data with third parties when you consent or direct us to.
Some areas require us to disclose whether the following categories of personal data are collected, shared with third parties for a “business purpose,” or “sold,” or transferred for “valuable consideration.” The table below indicates the categories of personal data we collect and transfer in a variety of contexts. We do not “sell” your personal data for money.
|
Category of Personal Data |
Category of Recipients |
|
|
Disclosures for a |
Sharing for Targeted Advertising |
|
|
Identifiers – this may include things like name, alias, postal address, unique personal identifier, online identifier, email address, or account name. |
|
|
|
Financial Information – this may include bank account number, credit card number, debit card number, and other financial information. |
|
Not Shared. |
|
Commercial information – this may include information about products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
|
|
|
Internet or other electronic network activity information – this may include browsing history, search history, and information regarding an individual’s interaction with an internet website, app, or ad. |
|
|
|
Professional or employment-related information – this includes, for example, information submitted by job applicants. |
|
Not Shared. |
|
Non-public education information (as defined in the Family Educational Rights and Privacy Act) |
|
Not Shared. |
|
Inferences drawn from any of the information listed above |
|
|
|
Additional categories of personal data described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) – this may include signature, physical characteristics, or description, insurance policy number. |
|
Not Shared. |
International Transfer Of Information
If you are located in the EEA or the UK and/or you are a customer of Soleil Collective (UK) Limited or Soleil Collective (Ireland) Limited, please note that some of the recipients above to which we transfer your personal data are located in countries outside of the UK or EEA including in Singapore and the U.S., and which are not considered by the United Kingdom or the European Commission to provide an adequate level of data protection.
Where we transfer your personal data to such recipients, we will enter into an EU-style data transfer agreement with the recipient or seek assurances from the recipient that they are EU-U.S. Data Privacy Framework (DPF) certified or have Binding Corporate Rules in place.
More details on the transfer mechanisms can be obtained using the contact details at the end of this Privacy Policy.
Commitment To Data Security
We maintain internal governance policies designed to protect your personal data and other information. These governance policies include, but are not limited to, written information security protocols, incident response plans, data subject requests protocols, and record retention and destruction policies.
To protect your personal data, we take reasonable precautions and follow the industry’s best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. Your personally identifiable information is kept secure and encrypted during the type of transmission.
For payments we are using a certified payment gateway provider. All credit card details are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). All payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. We therefore do not see or keep your credit card information.
While we use industry-standard precautions to safeguard your personal data, we cannot guarantee complete security. 100% complete security does not presently exist anywhere online or offline. If we are required to inform you about a security incident, we will do so electronically, in writing, or by phone, as the law permits.
Retention Of Information
We will retain your personal data as necessary for the provision of the goods/services, internal analytical purposes, or to comply with our legal obligations, resolve disputes and enforce agreements (e.g. settlement). The criteria used to determine the retention periods include:
- how long the personal data is needed to provide the goods/services and operate the business;
- the type of personal data collected; and
- whether we are subject to a legal, contractual or similar obligation to retain the data (e.g., mandatory data retention laws, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation or disputes).
Your Rights
In some jurisdictions you have the right to:
- request access to personal data we hold about you;
- the correction of your personal data when incorrect, out of date or incomplete;
- request that we erase your personal data;
- opt-out of any marketing communications that we may send you and to object to us using / holding your personal data if we have no legitimate reason to do so;
- object to or request that we restrict the processing of your personal data – i.e., we would need to secure and retain the data for your benefit but not otherwise use it;
- Request a list of specific third parties to which we have disclosed personal information. Some areas also allow you to obtain a list of the categories of third parties to which we have disclosed personal information. You can find that information in the table above under the “Sharing of Information” section above;
- withdraw your consent at any time; and
- the portability of personal data – i.e., ask for a copy of your personal data to be provided to you, or a third party, in a digital format.
All such requests should be made using the contact details set out below. Please be advised that if you request that your personal data be deleted, you may no longer be able to access or use certain parts of the Sites. You may also, at any time, request for the modification or deletion of your account or personal details such as name, surname, address, country of residence, and payment card details. We will not discriminate against individuals who exercise a privacy right.
We will respond to your request in writing, or orally if requested, as soon as practicable and in any event not more than within one month after receipt of your request. In exceptional cases, we may extend this period by two months and we will tell you why. We may request proof of identification to verify your request. We may verify your identity by phone or email. Depending on your request, we will ask for information such as your name, the last item you purchased from us, or the date of your last purchase from us. We may also ask you to send us a signed declaration confirming your identity. For more details in relation to your rights, including how to exercise them, please contact us using the contact details below. If you disagree with our denial of a request, you may appeal our decision by contacting us with the subject line “Appeal.”
In some circumstances, you may designate an authorized agent to exercise rights on your behalf. If you are an authorized agent, you must shows that you may act on another’s behalf.
You also have the right to lodge a complaint about the processing of your personal data with the relevant data protection authority.
California Specific Disclosures
California law requires us to disclose the following information on our privacy practices. If you are a California resident, the following disclosures apply to you in addition to the rest of the Notice.
- California Shine the Light. If you would like more information on the categories of personal data (if any) we share with third parties or affiliates for those parties to use for direct marketing, submit a written request using the information in the Contact Information section.
- California Notice of Financial Incentive. We offer programs that give perks, like rewards, discounts, and exclusive offers ( “Loyalty Programs”). When you sign up for a Loyalty Program, we ask for- your name and email address. Under California law, our Loyalty Programs might be considered “financial incentive” programs as they involve collecting personal data. We do not assign a monetary value to the data we collect. Based on our reasonable estimate, the value of your personal data to us is related to the value of the free or discounted products or services you get when you redeem points. This value is based on the cost related to offering those free or discounted products or services. You may withdraw from the Loyalty Programs by contacting us at the address described in the program terms and conditions. Visit cocoandeve.com/pages/bali-beauty-club-terms-and-conditions for full program rules, including how to join.
- California Sensitive Information Disclosure. We collect the following categories of sensitive personal data (as defined under California law): consumer account login and credentials allowing access to an account. We collect this data to process transactions, comply with laws, manage our business, or provide services. Note that we do not use such data for any purposes that are not identified within Cal. Civ. Code § 1798.121. We do not “sell” or “share” sensitive personal data for cross-context behavioral advertising, although we may transfer it to third parties when you instruct us to do so. When that occurs, third parties will use it for the purposes indicated in their privacy notices.
Links To Other Websites
Our Sites may contain links to other websites that are not operated or controlled by us. We do not control such third-party websites or their privacy practices. Any personal data you choose to give to third-party websites is not covered by this Privacy Policy.
Changes To This Privacy Policy
We may change this Privacy Policy from time to time. We will notify you of any material changes via e-mail or through a notification on our Sites. Any changes to this Privacy Policy will become effective immediately after being posted. We encourage you to periodically review this Privacy Policy to stay informed of changes and on how we are protecting your personal data.
Minors
You must be aged 16 or over to use the Sites and our other digital offerings. We do not solicit or knowingly collect personal data from children aged 16 and under. If we are made aware that we have received such information, or any information in violation of our policy, we will use reasonable efforts to locate and remove that information from our records.
Contact Us
If you have questions in relation to this Privacy Policy or our use of your personal data, need to access this Privacy Policy in a different form due to a disability, or you would like to exercise your data subject rights please send your request to the Soleil Collective Data Protection Officer: [email protected]
Controller List
Soleil Collective (UK) Limited, Duo Level 6, 280 Bishopsgate, London, EC2M 4RB, United Kingdom
Soleil Collective (Ireland) Limited, 32 Molesworth Street, Dublin 2, Dublin, Ireland, D02 Y512
Soleil Collective (Sing) Pte. Ltd., 1 Raffles Place, #36-01, One Raffles Place, Singapore (048616)
Soleil Collective Pty Ltd, Unit 1, 37-39 Qantas Drive, Brisbane Airport QLD 4008
Soleil Collective LLC, 857 Post Rd, Suite 348, Fairfield, CT 06824, USA
Soleil Canada Inc., 199 Bay Street, Suite 4000, Toronto, Ontario, M5L 1A9, Canada
Effective Date: 27 October 2025
Last Updated Date: 21 October 2025
Didn’t find your answer?
No worries, you can email us here.
