Privacy Policy

Effective Date: 5th March 2026

1. Who We Are

This Privacy Policy describes how frank body entities collect, use, disclose and protect personal information in connection with our websites and online stores.

Depending on the website or regional store you interact with, your personal information will be controlled by the relevant frank body entity in your region:

Australia & New Zealand
Frank Body Pty Ltd
Level 1, 569 Church Street
Richmond VIC 3121
Australia

United States
Frank Body LLC
Frank Body c/o Aprio
2002 Summit Boulevard, Suite #120
Atlanta, GA 30319
United States

United Kingdom
Frank Body Ltd
53 Lough Road, 13 St David’s Apartments
N7 8BZ, London
United Kingdom

Canada
Frank Body Cosmetics Ltd
c/o Stikeman Elliott
Suite 1700, 666 Burrard Street
Vancouver, BC V6C 2X8
Canada

European Union
Frank Body Coöperatief U.A.
Harmoniestraat 15
1951AV Velsen-Noord
The Netherlands

Each entity acts as the data controller for customers contracting with its respective regional store.

For privacy enquiries or to exercise your rights, please contact:
privacy@frankbody.com

2. Scope of This Policy

This Policy applies to personal information collected:

  • Through our websites and online stores
  • Through purchases and transactions
  • Through marketing communications
  • Through loyalty program participation
  • Through customer support interactions
  • Through cookies and similar tracking technologies

It does not apply to third-party websites that may be linked from our websites.

3. What Personal Information We Collect

We may collect the following categories of personal information:

Identifiers

  • Name
  • Email address
  • Postal address
  • Phone number
  • IP address
  • Online identifiers

Transaction Information

  • Order details
  • Purchase history
  • Payment confirmation information

Payment card details are processed securely by our payment providers and are not stored by frank body.

Device & Usage Data

  • Browser type
  • Device information
  • IP-based location
  • Site interactions
  • Cookie identifiers

Marketing & Communications Data

  • Email subscription status
  • SMS opt-in status
  • Campaign engagement

Loyalty Program Data

  • Points earned and redeemed
  • Referral data
  • Account activity

Customer Support Data

  • Enquiries
  • Complaint records
  • Communications history

We do not intentionally collect sensitive personal information.

4. How We Collect Personal Information

We collect personal information:

  • Directly from you (for example, when placing an order or contacting us)
  • Automatically through cookies and tracking technologies
  • From service providers involved in processing transactions
  • From advertising or analytics partners, where permitted by law

5. How We Use Personal Information

We use personal information to:

  • Process and fulfil orders
  • Provide customer support
  • Administer loyalty programs
  • Improve our website and services
  • Detect fraud and prevent misuse
  • Comply with legal obligations
  • Send marketing communications where permitted

6. Lawful Bases for Processing (EU & UK)

Where EU or UK data protection laws apply, we rely on:

  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate interests
  • Consent (for marketing and certain cookies)

7. Sharing of Personal Information

We may share personal information with:

Service Providers

  • Ecommerce platform providers (such as Shopify)
  • Payment processors and buy now, pay later providers
  • Logistics and fulfilment providers
  • Marketing and CRM platforms (such as Klaviyo)
  • Loyalty and reviews platforms (such as Yotpo)
  • Analytics providers (such as Google Analytics)
  • Advertising platforms (such as Google, Meta and TikTok)
  • Affiliate and performance marketing platforms (such as Impact)
  • Interactive engagement platforms (such as Tolstoy)
  • Customer support platforms (such as Freshdesk)
  • Enterprise resource planning and integration providers (such as NetSuite and Celigo)
  • Fraud detection and prevention providers
  • Professional advisors and auditors

These providers may process personal information on our behalf and are required to implement appropriate safeguards.

Advertising & Cross-Context Behavioural Advertising

We may share certain personal information (such as online identifiers and browsing activity) with advertising partners to deliver relevant advertising across websites and platforms.

We do not sell personal information for monetary consideration.

However, certain sharing activities may be considered “sharing” under applicable privacy laws.

US residents may opt out by selecting “Your Privacy Choices” in the footer of the relevant website.

Intra-Group Transfers

Personal information may be shared between frank body entities for operational, administrative, marketing coordination, customer support, fraud prevention and compliance purposes, subject to appropriate safeguards.

Legal Disclosures

We may disclose personal information to comply with legal obligations or in connection with business restructuring.

8. International Transfers

Personal information may be transferred to and processed in countries outside your country of residence, including the United States and Australia.

Where required by law, we implement appropriate safeguards such as:

  • Standard Contractual Clauses
  • UK International Data Transfer Addendum
  • Contractual protections with service providers

You may request further information about these safeguards by contacting us.

9. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes described in this Policy and to comply with legal obligations.

Retention periods vary by data type:

  • Transaction records may be retained for 5–7 years to meet financial and tax obligations.
  • Account data is retained while accounts remain active.
  • Marketing data is retained until you unsubscribe; suppression data may be retained to honour opt-outs.
  • Loyalty data is retained while accounts remain active and for a reasonable period thereafter.
  • Customer service records are retained as reasonably necessary to manage enquiries and disputes.

Backups and archived copies of personal information may be retained for a limited period in secure environments as part of our disaster recovery and business continuity processes.

When personal information is no longer required, we take reasonable steps to securely delete, anonymise or de-identify it.

10. Your Privacy Rights

EU & UK

You may request access, correction, erasure, restriction, objection or portability of your personal information.

United States

Residents of certain US states, including California, may request:

  • Access
  • Deletion
  • Correction
  • Opt-out of sale or sharing
  • Limitation of sensitive personal information (where applicable)
  • Non-discrimination for exercising rights

Australia & New Zealand

You may request access to and correction of your personal information.

Canada

You may request access to and correction of your personal information.

To exercise your rights, contact:
privacy@frankbody.com

11. Cookies & Tracking Technologies

We use cookies and similar technologies for functionality, analytics and advertising purposes.

You may manage cookie preferences via our Cookie Settings tool.

For more information, please see our Cookie Policy.

12. Security

We implement appropriate technical and organisational measures to protect personal information.

13. Children

Our websites are not directed to children under 16 years of age.

You must be at least 18 years old to place an order on our websites.

We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child in violation of applicable law, we will take steps to delete such information.

If you believe a child has provided personal information to us, please contact us at privacy@frankbody.com.

14. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be posted with a revised effective date.