Privacy Policy

Updated April 14, 2026

Your privacy matters to us. We are committed to protecting and respecting your personal data. This Privacy Policy explains how CASCATA Hair collects, uses, shares, and protects your personal information in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Irish Data Protection Acts 1988–2018.

1. Who We Are (Data Controller)

The data controller responsible for your personal data is:

CASCATA Hair Limited

30 Main Street,

Carrickmacross,

Co. Monaghan,

A81 RK33,

Ireland

Company Registration Number: 733054

Email: info@cascatahair.ie

Data Protection Contact: info@cascatahair.ie

2. What Personal Data We Collect

2.1 Data You Provide to Us Directly

When you use our website or purchase from us, we may collect:

Identity data: first name, last name
Contact data: email address, phone number, delivery address, billing address
Payment data: payment card details (processed securely via our payment provider — we do not store full card numbers on our servers), billing address
Account data: username, password (if you create an account), purchase history
Communication data: messages you send us via email, contact forms, or social media
Marketing preferences: whether you have opted in to receive marketing communications from us

2.2 Data We Collect Automatically

When you visit our website, we automatically collect certain technical data, including:

Device and browser information (type, operating system, browser version)
IP address and approximate location (country/region level)
Pages visited, time spent on pages, links clicked
Referring website or search terms used to find us
Cookie and tracking data (see Section 9 on Cookies)

2.3 Data from Third Parties

We may receive personal data about you from third parties, including:

Payment processors (e.g. Stripe) — confirmation of payment status
Delivery couriers — delivery status and address confirmation
Social media platforms — if you interact with us via social media or use social login features

3. How We Use Your Personal Data

We use your personal data for the following purposes and on the following legal bases:

3.1 To Process and Fulfil Your Order (Contractual Necessity — Art. 6(1)(b) GDPR)

Process your payment
Fulfil and dispatch your order
Send order confirmation and dispatch notifications
Manage returns, refunds, and after-sales queries

3.2 To Manage Our Relationship With You (Contractual Necessity / Legitimate Interests)

Respond to your enquiries and complaints
Send transactional service messages (e.g. password reset, account notifications)
Maintain records of your purchases and interactions

3.3 To Send Marketing Communications (Consent — Art. 6(1)(a) GDPR)

Where you have opted in, we may send you:

Email newsletters, promotions, and exclusive offers
Updates on new products, restocks, and brand news

You can withdraw your consent and unsubscribe from marketing communications at any time by clicking the 'unsubscribe' link in any marketing email or by contacting us at info@cascatahair.ie withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

3.4 To Comply With Legal Obligations (Legal Obligation — Art. 6(1)(c) GDPR)

Maintain records for tax, accounting, and regulatory purposes
Comply with court orders or requests from regulatory authorities

3.5 For Our Legitimate Business Interests (Legitimate Interests — Art. 6(1)(f) GDPR)

Improving our website and product offerings
Detecting and preventing fraud or security breaches
Analysing purchasing trends and website usage (in aggregated or anonymised form)
Administering and protecting our business and website

4. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes set out in this policy, or as required by law. Our standard retention periods are:

Order and transaction records: 7 years (as required by Irish Revenue / tax legislation)
Customer account data: for the duration your account is active, plus 2 years after your last interaction
Marketing consent records: until you withdraw consent, plus 1 year thereafter
Website analytics data: up to 26 months
Correspondence and complaints: 3 years

When your data is no longer required, we will securely delete or anonymise it.

5. Who We Share Your Data With

We do not sell your personal data to third parties. We may share your data with the following trusted third parties, strictly for the purposes described in this policy:

Payment processors: Stripe — to process your payment securely
Delivery couriers: An Post — to fulfil and track your delivery
Email marketing platform: Klaviyo — to send marketing emails (where you have consented)
Website platform and hosting: Shopify — to operate our website
Analytics providers: Google Analytics — to understand website usage (anonymised/aggregated where possible)
Accountants and legal advisers — where necessary for our legal and financial obligations
Law enforcement or regulatory authorities — where required by law

All third-party processors are required to handle your data in compliance with GDPR and are bound by data processing agreements.

6. International Data Transfers

Some of our third-party service providers are based outside the European Economic Area (EEA) — for example, servers located in the USA. Whenever we transfer personal data outside the EEA, we ensure an adequate level of protection is in place, including:

The European Commission's Standard Contractual Clauses (SCCs);
The EU-U.S. Data Privacy Framework (where applicable);
Adequacy decisions made by the European Commission.

You may request further details about our international transfer safeguards by contacting us at info@cascatahair.ie

7. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right of access: You have the right to request a copy of the personal data we hold about you (Subject Access Request).
Right to rectification: You have the right to request correction of inaccurate or incomplete data.
Right to erasure ('right to be forgotten'): You have the right to request deletion of your personal data, subject to certain legal exceptions (e.g. where we must retain records for tax purposes).
Right to restriction of processing: You have the right to request that we restrict the processing of your data in certain circumstances.
Right to data portability: You have the right to receive your data in a structured, machine-readable format and to transmit it to another controller, where processing is based on consent or contract.
Right to object: You have the right to object to processing based on legitimate interests, including direct marketing.
Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Rights relating to automated decision-making: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

To exercise any of these rights, please contact us at info@cascatahair.ie. We will respond within one calendar month. We may need to verify your identity before processing your request.

8. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Data Protection Commission (DPC), Ireland's supervisory authority:

Data Protection Commission

21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Website: www.dataprotection.ie

Phone: +353 (0)1 765 0100

We would, however, appreciate the chance to address your concerns before you contact the DPC, so please reach out to us in the first instance.

9. Cookies

9.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They allow us to recognise your device and improve your browsing experience.

9.2 Types of Cookies We Use

Strictly necessary cookies: Essential for the website to function (e.g. shopping cart, login session). These cannot be turned off.
Performance / analytics cookies: Help us understand how visitors interact with our website (e.g. Google Analytics). These are only placed with your consent.
Functional cookies: Remember your preferences (e.g. language, currency). These are only placed with your consent.
Marketing / targeting cookies: Used to deliver relevant advertisements and track campaign effectiveness. These are only placed with your consent.

9.3 Managing Cookies

When you first visit our website, you will be presented with a cookie consent banner. You may accept all cookies, reject non-essential cookies, or manage your preferences in detail.

You can also manage cookies at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For more information on managing cookies, visit www.aboutcookies.org or www.allaboutcookies.org.

Our full Cookie Policy is available at www.cascatahair.com/cookie-policy

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, disclosure, alteration, or destruction. These measures include:

SSL/TLS encryption for data transmitted via our website
Secure, access-controlled servers
Regular security assessments and software updates
Staff training on data protection obligations

While we take all reasonable steps to protect your data, no internet transmission is completely secure. We cannot guarantee the security of data transmitted to our website; any transmission is at your own risk.

11. Children's Privacy

Our website and services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child under 16, please contact us immediately at info@cascatahair.ie and we will delete such data without delay.

12. Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and recommend that you review their respective privacy policies before providing any personal data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The updated policy will be posted on this page with a revised 'Last updated' date.

We encourage you to review this policy periodically. Where changes are significant, we will notify you by email (if you have an account with us) or by a prominent notice on our website.

14. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:

Address