YOYYOY

Trust

Privacy

This page explains how YOY.Group handles personal data. We keep this surface deliberately minimal. If anything here is unclear, contact us and we will clarify.

Last updated · 2025-12-21

Scope

This policy covers the YOY.Group website and related contact interactions. Commerce activity for SKIN by YOY (storefront, checkout, payments, shipping) is handled on separate surfaces and may have its own privacy disclosures.

Data controller

YOY.Group acts as the data controller for this site. If you need the legal entity details for a contract, compliance request, or data rights request, contact us and we will provide them.

Contact [email protected].

What we collect

  • Contact details (e.g., name, email) if you send us a message.
  • Message content you choose to provide (inquiries, proposals, notes).
  • Basic technical data that may be logged by hosting and security providers (e.g., IP address, user-agent, timestamps) for reliability and abuse prevention.

We do not intentionally collect special-category data (e.g., health, biometrics, political opinions). Please do not send it to us.

Why we process data

  • To respond to you (lawful basis: legitimate interests or steps prior to a contract).
  • To operate and secure the site (lawful basis: legitimate interests).
  • To meet legal obligations where applicable (lawful basis: legal obligation).

Cookies and analytics

We aim to keep tracking minimal. If we introduce analytics or marketing cookies that require consent under UK/EU law, we will add a consent mechanism and update this policy.

Sharing and processors

We may use service providers to host and protect this site and to handle email. These providers process data on our instructions and only as necessary to deliver their services.

International transfers

Some service providers may process data outside the UK/EEA. Where applicable, we rely on appropriate safeguards (such as standard contractual clauses) or adequacy mechanisms.

Retention

We keep personal data only as long as needed for the purposes above: inquiries are typically retained for operational continuity, and security logs are retained for limited periods. We delete or anonymize data when it is no longer required.

Your rights (UK/EU)

If you are in the UK or EU, you may have rights to access, correct, delete, restrict, object to processing, and receive a copy of your data (data portability). You may also withdraw consent where consent is the basis.

To exercise rights, email [email protected].

Complaints

You can contact us first and we will try to resolve concerns quickly. You may also have the right to complain to your local supervisory authority (in the UK: the ICO).