Privacy Policy


This policy sets out the basis on which personal information about you may be collected and used when you use our website (whether browsing or making a purchase), (the “Site”)(regardless of where you visit it from), and on our mobile application, register an account with us, and interact with us on The Bombshell Boutique’s official Facebook, Instagram, Twitter, [and other social accounts] (“Social Media”). This policy also tells you about your privacy rights and how the law protects you.
By using the Site and applications, registering a Bombshell Boutique Account and interacting with our Social Media you are accepting and consenting to the terms of this policy.

The Bombshell Boutique is the owner and operator of the site and the relevant accounts on the Social Media and shall in these terms be referred to as “we”, “us”, “our” and “The Bombshell Boutique”.

We reserve the right to amend these Terms from time to time. The Terms were most recently updated on June 1, 2018.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Data We Collect About You and How We Use It

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • where we need to perform the contract we are about to enter into or have entered into with you;
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
  • where we need to comply with a legal or regulatory obligation; and
  • to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling.


Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
During your use of the sites (including for browsing and purchasing), your registration and use of your account registered with us, your interaction on Social Media, when you participate in any promotions on or linked to the Site and/or on the Social Media, and when corresponding with us, we may collect, use, store, transfer and process the following personal data about you:
Name and contact details (includes billing address, delivery address, email address and telephone numbers):

How We Use The Information

Legal Basis of Processing

To register you as a new customer.

We need this information to perform our contract with you.

To carry out obligations arising from the contract between us, i.e. to process and deliver your order (including managing payments, fees and charges and collecting and recovering money owed to us), enter you into a prize draw, competition or other promotion.

a)    We need this information to perform our contract with you

b)    Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you which will include:

a)    Notifying you about changes to our terms or privacy policy

b)    Asking you to leave a review or take a survey

a)    Performance of a contract with you

b)    Necessary to comply with a legal obligation

c)    Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

Send you information about new products that may be of interest to you.

Necessary for our legitimate interests (to develop our products/services and grow our business).

Fraud prevention and detection.

To prevent and detect fraud against you or us (Legitimate Interest).

To deliver relevant website content and how you adverts as you browse the internet and measure or understand the effectiveness of the advertising we service to you.

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) 

a)    Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise).

b)    Necessary to comply with a legal obligation.

Date of Birth

How We Use The Information

Legal Basis of Processing

Fraud prevention and detection

To prevent and detect fraud against you or us (Legitimate Interest).

Financial information (includes bank account and payment card details)

How We Use The Information

Legal Basis of Processing

To process and deliver your order including:

(a) Manage payments, fees and charges

(b) Collect and recover money owed   to us

a)    Performance of a contract with you.

b)    Necessary for our legitimate interests (to recover debts due to us).

Your Contact History With Us
Historical calls, emails, instant chat or on social media

How We Use The Information

Legal Basis of Processing

To provide customer service and support.

We need this information to perform our contract with you.

Train our staff.

To improve our service to you (Legitimate Interest).

Purchase History and Usage (including details about payments to and from you and other details of products you have purchased from us and information about how you use our Site, Social Media and products and services)

How We Use The Information

Legal Basis of Processing

To provide customer service and support.

We need this information to perform our contract with you.

To find out what you and other customers like to deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.

To improve our offering (Legitimate Interest)

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).

To make suggestions and recommendations to you about goods or services that may be of interest to you.

Necessary for our legitimate interests (to develop our products/services and grow our business).

Information about your phone/laptop and how you use the website/app

How We Use The Information

Legal Basis of Processing

To improve the website user experience.

To give you the best possible shopping experience (Legitimate Interest).

To protect our website.

To prevent and detect fraud against you or us (Legitimate Interest).

To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.

To improve our offering (Legitimate Interest).

Your responses to surveys, competitions and promotions

How We Use The Information

Legal Basis of Processing

To run a survey, competition or promotion.

Necessary for our legitimate interest (to manage the survey, competition or promotion).

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table above.
You don’t have to give us any of this personal information but if you don’t, you may not be able to buy from the Site or receive the optimal user experience.

How is Your Personal Data Collected?
We use different methods to collect data from and about you including through;

  • Direct interactions. You may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you;
  • Place an order for our products;
  • Create an account on our website;
  • Subscribe to our newsletters;
  • Request marketing to be sent to you; or
  • Give us some feedback. 
  • Automated technologies or interactions. As you interact with our website, we may automatically collect data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies. Please see below for further details on cookies.
  • Third parties or publicly available sources. We may receive personal data about you from various third parties as set out below:
  • Technical data (including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website) from the following parties:
  • Analytics providers such as Google based outside the EU.
  • Advertising networks such as AdSense based inside and outside the EU.
  • Contact, financial and transaction data from providers of technical, payment and delivery services based inside or outside the EU.


We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
You will receive marketing communications from us if you have requested information from us or purchased goods from us and, in each case, you have not opted out of receiving that marketing.
Third-Party Marketing

We will get your express opt-in consent before we share your personal data with any company outside The Bombshell Boutique for marketing purposes.

Opting Out

You can ask us or third parties to stop sending you marketing messages at any time by contacting us.


Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product purchase, warranty registration, product experience or other transactions.

Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosure of Your Information

We do not sell any of your information to any third party.
We may share your information with selected third parties including:

  • Internal third parties such as our employees or officers.
  • Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you for example our carriers that deliver the products purchased on our Site to you, our card and payment processing companies that process your payments for the purchased items and suppliers of items and prizes for our promotions and other carefully selected third parties whom we consider may be of interest to you.
  • Market research and promotions management agencies to help improve the Sites and Social Media, and the services we offer to you.
  • Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.
  • Analytics and search engine providers that assist us in the improvement and optimization of the Sites and the Social Media.

In all circumstances we work closely with these third parties to ensure your privacy is respected and protected.
We may also disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If The Bombshell Boutique or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use or Terms of Sale and other agreements; or to protect the rights, property, or safety of The Bombshell Boutique, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.


Links to 3rd Party Websites

The Site and Social Media may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that this may allow third parties to collect or share personal data about you and these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. This Privacy Policy only covers the Sites and our content on the Social Media, and does not cover any other website or application.


The data that we collect from you may be transferred to, and stored at, destinations outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfillment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
The transmission of information via the internet is not completely secure. We will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via our Site and Social Media; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We use a trusted third-party payment processing service to process your payment to us and we do not store your credit/debit card information.
We use secure socket layer software (SSL) to encrypt personal information that you provide via your registered account on our Website (including your payment details). This technology prevents you from inadvertently revealing personal information using an unsecure connection. Our Website is certified with an SSL certificate, which verifies that our Website is secure.
We keep your information confidential and store user personal data on a secure server which is password protected and hidden behind a firewall.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

The Sites are not intended for use by anyone under the age of 16. We do not knowingly collect personal information relating to anyone under the age of 16. If you are under 16 you should not use the Site, Social Media or provide any information about yourself including without limitation your name, address, email address or any screen name or user name you may use. If we learn that we have collected or received personal information from a person under 16 without verification of parental consent, we will delete that information. If you believe that we may have any information from or about a person under 16, please contact us by email at



The site uses cookies to distinguish you from other users of the Site. These cookies help us to provide you with a good experience when you browse the Site and also allows us to improve the Site.


How Long We Will Keep Your Information For

We will only keep your information for as long as you have your account or as long as is needed to provide a service to you and to fulfill the purposes we collected it for.
If reasonably necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep hold of some of your information as required even after you have closed your account or it is no longer needed to provide the services to you.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your personal data will be stored for no longer than 18 months of you ceasing to be registered with us as a customer of the site.
If you have registered to receive communications from us as part of our mailing list, then we will keep your personal data for 12 months, at which time we will seek to obtain consent from you to continue storing your data and contacting you. If this is not received, we will automatically delete your personal data at that time.
In some circumstances you can ask us to delete your data: see ‘request erasure’ below for further information.

In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Your Legal Rights

You may choose to restrict the collection or use of your personal information in the following ways:

Access to information:

You may request details of personal information which we hold about you under the data protection laws. If you would like a copy of the information held about you please email


  • Any access request will usually be free of charge. We will endeavor to provide information in a format requested but this cannot be guaranteed, but we may charge you a reasonable fee for additional copies.

Correction of information:

If you believe that any information we are holding on you is incorrect or incomplete, please email


  • We will correct any information found to be incorrect.

Deletion of information:

  • You have the right to request that your personal data be deleted; including if we no longer need it for the purpose we collected it, or you withdraw your consent.
  • Following such a request we will erase your personal data without undue delay unless continued retention is necessary and permitted by law. If we made the personal data public, we will take reasonable steps to inform other data controllers processing about your erasure request.

Consequences of Deletion

  • You may no longer be able to receive, or query historic receipt of, marketing from The Bombshell Boutique or its marketing partners
  • The Bombshell Boutique may no longer be able to provide information on historical purchases, including the fulfillment of orders, processing of returned products and refunds, or the support of payment queries and fraudulent claims
  • Deletion is irreversible. Please consider the above consequences before requesting the deletion of any data


Object to processing:

  • You have the right to object to us processing your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.


Restriction on processing:

  • You have the right to request that we suspend processing your personal data, but hold it for you, in the event the personal data we hold is inaccurate, the processing is unlawful or we no longer need the personal data. Once the processing is restricted, we will only continue to process your personal data if you consent or we have another legal basis for doing so.

Data portability:

  • You have the right to receive a copy of your personal data which you gave to us. The copy will be provided in a commonly used and machine-readable format.  You can also have it transmitted directly from us to another data controller, where technically possible.


How to Exercise Your Rights

If you wish to exercise any of the rights set out above, please contact us.

No fee usually required:

  • You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.


Withdraw consent at any time:

  • You may withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.


What we may need from you:

  • We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.



  • We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen. If requested, we will transfer all, or elements of, your data to other service providers (where applicable).


Time limit to respond:

  • We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.