Effective Date: November 13, 2023
You know us as COSMOSS, but our legal name is Cosmoss Group Limited ("we", "our", "us" or "COSMOSS"). This privacy policy also applies to our affiliated companies, Cosmoss, Inc. located in the United States and Cosmoss Europe Sp. z o.o., located in Poland (EU).
1. Our General Privacy Principles.
We are committed to protecting the privacy of all visitors to our website www.cosmossbykatemoss.com (the "Site") whether “you” are purchasing our products or are just checking us out.
We do not sell your personal information, and we only use personal information you agree to share with us for specific business purposes we describe in this privacy policy. We will send you information about products we think may be of interest to you based on your browsing and purchase history with us only if you consent to receiving these marketing emails.
2. Please Read This Privacy Policy; Your Acknowledgement; Opting-Out
Please read this privacy policy that explains how we use and protect your personal information when you visit our Site and when we provide services to you as our customer (“Services”). By visiting our Site and making purchases either with an account or as a guest, you agree to, acknowledge and consent to the personal information collection and use descriptions contained within this privacy policy. We make it easy for you to opt-out, unsubscribe or change your privacy preferences when interacting with our Site.
3. Basic Information.
In this privacy policy, we use the terms “personal data” and “personal information” interchangeably. Under the California Consumer Privacy Act (“CCPA”) as modified by the California Privacy Rights Act of 2020 and as further defined its accompanying Regulations, “personal information” means information that can identify, relate to, describe, be associated with, or be reasonably capable of being associated with a particular consumer or household. Under Article 4 of the European Union’s General Data Protection Regulation ((EU) 2016/679) (“GDPR”), “personal data” means any information relating to an identified or identifiable natural person. In any reference to CCPA requirements and practices, use of the term “personal data” shall be replaced by use of the term “personal information”.
This privacy policy is incorporated into and made part of our Terms of Use.
In general, we are the "processor" under GDPR or “service provider” under CCPA of the personal information you entrust to us and that we process on your behalf, and in some limited instances, we may be considered a “controller” or “business” for example when you consent to receive marketing advertisements from us based on your product preferences. We will then determine the purposes of the processing of your personal information (e.g., to use third party service providers to help us with our marketing campaigns), subject at all times to your opt-out rights.
4. Contact Details
If you have any queries or requests about this privacy policy or how we handle your personal information more generally (or if you wish to exercise of any your rights as a data subject or a consumer--see Section 14), you can get in touch with us by contacting our Privacy team at: [email protected].
You can send us a written correspondence at COSMOSS Group Limited, National House 60-66 Wardour Street, London W1F 0TA, ENGLAND; or you write us, in the United States, at COSMOSS Privacy, 1887 Whitney Mesa Dr #7556, Henderson, NV 89014 USA.
5. How We Collect Your Personal Information
5.1 We collect your personal information when you interact with us or use our Services, such as when you use our Site to place an order. We also look at how visitors use our Site, and we further use your personal information to help us improve our services and to optimise your customer experience.
5.2 We collect information:
(a) when you create an account with us or you change your account settings;
(b) when you place an order with us as a guest or as an account holder, and during the order process (including for payment processing and order delivery);
(c) through your interactions with us, such as when you request information or support or when you have agreed to receive marketing, information about our initiatives or other communications from us by email;
5.3 We also collect your personal information from third party sites with your prior consent, such as from advertising and social media platforms.
6. Personal Information We Collect From You
6.1 As part of our commitment to the privacy of our customers and visitors to our Site more generally, we want to be clear about the sorts of information we will collect from you.
6.2 When you visit the Site, set up an account or place an order through the Site, including any partner’s website we work with to provide delivery services, you are asked for information about yourself including your name, contact details, delivery address, order details, and payment information such as credit or debit card details. We will also collect information from you when you contact us on our Site (e.g., when you are contacting our Customer Service team). Please note that we do not store or retain your complete payment card information. Your payment card details are stored and managed by our trusted third party payments processors who maintain strong, industry required security safeguards to protect payment card information (referred to as “
PCI-DSS” standards).
6.3 We collect information about your use of the Site and information about you from any messages you post to the Site or when you contact us or provide us with feedback, including through email, post, or online reviews.
6.4 We collect information from your mobile device or computer, such as its operating system, the device and connection type from which you are accessing our Site. We also collect technical information about your use of our Site through a mobile device, for example, carrier identity, anonymized location data and performance data such as mobile payment methods, interaction with other retail technology. Unless you have elected to remain anonymous through your device and/or platform settings, this information may be collected and used by us automatically if you use the Site on your mobile device(s) through your mobile's browser or otherwise.
6.5 Where we need to collect personal information required by law, or under the terms of a contract we have with you, and you fail to provide that personal information, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our Services). In this case, we may have to cancel the Services we are offering you, but we will notify you directly if this is the case at the time.
7. How We Use Your Personal Information
7.1 We will only use and process your personal information if there is a reason for doing so (e.g., a recognized “business purpose” under CCPA), and if that reason is permitted by law (e.g., a lawful basis for processing your personal information under GDPR).
7.2 Where we need to provide you with the products you have ordered and/or to enter into a contract with you, we use your personal information to:
(a) enable us to provide you with access to the relevant parts of the Site (e.g., we collect necessary cookies from your device so that we recognize you and your device);
(b) supply the products you have ordered (e.g., we collect your name, contact details, delivery address and order details);
(c) enable us to collect payment from you (e.g., we collect your credit or debit card information, which we do not retain but which we immediately share with our payments processing service providers); and
(d) contact you, where necessary, concerning our Services, such as to resolve issues you may have with your order (e.g., we collect the personal information listed above and any additional information we may need to resolve your issue).
7.3 We also process your personal information where we have a legitimate interest for doing so, which are to:
(a) personalise our Site, including to make it easier and faster for you to place orders;
(b) improve the effectiveness and quality of the ordering and delivery process that our customers can expect from us in the future;
(c) tailor content that we or our partners display to you, for example so that we make sure you see the advertising which is most relevant to you (where you have not opted-out from receiving advertising and marketing messaging), based on characteristics determined by us;
(d) enable our Customer Service Team to help you with any enquiries or complaints in the most efficient way possible and to provide a positive customer experience;
(e) contact you for your views and feedback on our Site or our partners’ services and/or products and to notify you if there are any important changes or developments to the Site, including letting you know that we’ve updated this privacy policy or are operating our business in a new area, where you have asked us in advance to do so;
(f) send you information by post about our products, promotions and initiatives where you’ve consented to receiving these promotional materials (and if you do not want to receive these, you can opt-out and let us know by getting in touch (Please see Section 4 ‘Contact Details’));
(g) analyse your browsing activity on the Site so that we can administer, support, improve and develop our business including for statistical and analytical purposes; and
(h) detect, investigate, report and seek to prevent fraud or crime.
7.4 We also process your personal information to enforce our contractual terms with you and any other agreement, to ensure compliance with our internal policies and procedures and for the exercise or defence of legal claims and to protect the rights of COSMOSS, our partners, or other third parties with whom we conduct business.
7.5 If you submit comments and feedback regarding our products either directly to us or to our social media sites and you’ve agreed to allow us to post those comments publicly, we may use such comments and feedback on the Site and in any marketing or advertising materials including on our social media sites. We will only identify you for this purpose by your first name and last initial which you provide us with, and you agree that such comments and feedback may be displayed publicly on the Site including on our social media sites.
7.6 We will also analyse data about your use of the Site to create customer profiles relating to you and for you. This means that we may make certain assumptions about what you may be interested in and use this data based on your prior consent, for example, to send you more tailored marketing communications, to present you with partners that we think you will prefer, or to let you know about special offers or products which we think you may be interested in. This activity is referred to as profiling. You have certain rights in relation to this type of processing. Please see Section 14 ‘Your Rights’ for more details. We will not directly send you COSMOSS marketing communications or share your personal information with our partners unless you have consented to and given us permission to contact you or share your personal information with third parties. If you give us permission, you can always opt-out by changing your privacy preferences and settings by contacting us at: [email protected].
7.7 We may also use your information to comply with any legal obligation or regulatory requirement to which we are subject.
8. Cookies
8.1 You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies from the Site, please note that some parts of the Site may become inaccessible or may not function properly. For more information about the cookies we use, and how to set or amend your cookie preferences, please see our Cookie Policy.
9. Marketing
9.1 Where you have given your prior consent or where we have a legitimate interest for doing so (and are permitted to do so by law), we will use your personal information to let you know about our other products or services we offer, or initiatives that may be of interest to you and, if you have agreed, we may contact you to do so by email.
9.2 For more information on our use of advertising technologies and cookies, please see our
Cookie Policy.
9.3 You can ask us to stop sending you marketing messages at any time by changing your marketing preferences and cookie settings or by contacting us at
[email protected], and by following the opt-out links on any marketing message we send to you.
9.4 We may still contact you through email where you have opted out of direct marketing with Service-related communications, including, but not limited to, correspondence providing information about your order, Service interruption and delivery safety or status.
10. Retention of Your Personal Information
10.1 We will only retain your personal information for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
10.2 When determining the appropriate retention periods, we will take into account factors including:
(a) our contractual obligations and rights in relation to the personal information involved;
(b) legal obligation(s) under applicable law to retain personal information for a certain period of time;
(c) statute of limitations under applicable law(s);
(d) our legitimate interests for retaining the personal information (please see Section 7 "How We Use Your Personal Information");
(e) whether there is an actual or potential dispute; and
(f) guidelines issued by relevant data protection authorities.
10.3 Otherwise, we securely erase your personal information where we no longer require it for the purposes we collected it for.
10.4 You can also request that we delete and terminate your COSMOSS account in its entirety once we have completed all active orders associated with your account.
11. Sharing Your Personal Information
11.1 We are very careful and transparent about who else we share your personal information.
11.2 We share your personal information with our other affiliated COSMOSS Group companies only where necessary for the purposes set out in Section 7 – “How We Use Your Personal Information”.
11.3 We share your personal information with third party subprocessors and service providers that provide services to you on our behalf. The types of third party service providers and subprocessors with whom we share your information include for example:
(a) payment providers (including online payment providers and fraud detection providers);
(b) IT service providers (including cloud providers, web hosts and email providers);
(c) logistics providers (including address verification services and delivery providers);
(d) insurance companies;
(e) customer support providers (including, but not limited to, companies that assist us to provide customer or technical support); and
(f) professional advisers such as our accounting, legal or business advisory consultants.
11.4 You agree we may engage third party subprocessors and service providers to process personal information on your behalf. Some third party subprocessors and service providers will apply to you as default, and some third party subprocessors and service providers will apply only if you opt-in.
11.5 We have currently appointed, as third party subprocessors and service providers, specific third parties (which include COSOMOSS Group affiliates) a list of which are available upon written request to:
[email protected].
11.6 Where we engage third party subprocessors and service providers, we will impose data protection terms on the third party subprocessors and service providers that provide at least the same level of protection for personal information as those described in this privacy policy (including, where appropriate, the standard contractual clauses), to the extent applicable to the nature of the services provided by such third party subprocessors and service providers. We will remain responsible for each third party subprocessor and service provider’s compliance with the obligations of this privacy policy (and Terms of Use) and for any acts or omissions of such third party subprocessors and service providers that cause us to breach any of our data privacy obligations.
11.7 Where you have given us prior consent to use your personal information in connection with the delivery of marketing communications to you, we will share your personal information when we promote a programme or offer a service or product in conjunction with a third-party business partner. We will share your personal information with that partner to assist in marketing or to provide the associated product or service (and only for that limited purpose). In most of those cases, the programme or offer we are promoting will include the name of the third-party business partner, either alone or with ours. An example of such a business partner relationship would be a partner that we partner with for providing delivery services.
11.8 If you submit comments and feedback regarding the Site, our products, and our partners, we may share such comments and feedback with our partners for the partner’s internal use only.
11.9 We will take all steps reasonably necessary to ensure that your personal information is handled securely, in accordance with this privacy policy and all applicable laws when it is transferred to third parties. See our commitment above in Section 11.6.
11.10 If our business enters into a joint venture with, purchases or is sold to or merged with another business entity, your personal information may be disclosed or transferred to the target company, our new business partners or owners or their advisors.
11.11 We may also share your personal information:
(a) if we are under a duty to disclose or share your personal information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation or regulatory requirement;
(b) in order to enforce our contractual terms with you and any other agreement;
(c) to protect our rights or those of our partners or others, including to prevent fraud; and
(d) with such third parties as we reasonably consider necessary in order to prevent crime, e.g. the police or for health and safety purposes.
12. Security
12.1 We adopt robust technologies and policies to protect your information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
12.2 We will implement and maintain appropriate technical and organizational measures to protect personal information from personal information security incidents (such as a data breach), in accordance with applicable data protection laws. Notwithstanding any provision to the contrary, we may modify or update our security measures at our discretion provided that such modification or update does not result in a material degradation in the protection offered by the security measures.
12.3 We have implemented procedures to deal with any data breach and will notify you and any applicable regulator without undue delay of a breach where we are legally required to do so.
12.4 We have staff dedicated to maintaining this privacy policy and other privacy initiatives, periodically reviewing security, and making sure that every COSMOSS employee is aware of our security practices.
12.5 We will ensure that any personnel whom we authorize to process personal information on our behalf is subject to appropriate confidentiality obligations (whether a contractual or statutory duty) with respect to that personal information.
12.6 Unfortunately, the transmission of information via the internet is not completely secure. Although we do take steps to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Site or in connection with your use of our Services; any transmission of personal information over the internet is at your own risk. Once we have received your personal information, we will use strict procedures and security measures to try to prevent unauthorised access.
12.7 When you open an account you may create a password, or other secure login method. You must use a unique password and keep any password you create, or other secure login method, secret in order to help prevent others from accessing your account.
13. Data Transfers
13.1 You acknowledge and agree that we may access and process personal information on a global basis as necessary to provide you with our Services in accordance with this privacy policy and our
Terms of Use, and in particular that personal information may be transferred to and processed by Cosmoss, Inc. in the United States and to other jurisdictions where members of the Cosmoss Group and its subprocessors and service providers have operations. Wherever personal information is transferred outside its country of origin, Cosmoss and its subprocessors and service providers will ensure such transfers are made in compliance with the requirements of data protection laws including GDPR and CCPA.
13.2 In some cases the personal information we collect from you might be processed outside the United Kingdom or the European Economic Area (EEA), such as the United States and in other countries in which COSMOSS operates. These countries may not have the same protections for your personal information as the UK or EEA has. To the extent these countries have not been lawfully recognised as providing an adequate level of data protection, we will ensure that the personal information that is processed by us and our subprocessors and service providers outside of the UK or EEA is protected in the same way as it would be if it was processed within the UK or the EEA. We will use an appropriate data transfer mechanism, such as reliance on the protections set out in approved standard contractual clauses. See also Section 14 below.
13.3 Please contact us using the contact details above for further information on the specific mechanism used by us when transferring your information.
14. Your Rights Under GDPR and CCPA.
14.1 Under certain circumstances, you have rights under data protection law including GDPR and CCPA in relation to the personal information we process about you.
These rights include:
(a) The right of access. This is also known as a “data subject access request”. You have the right to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. You can initiate a data subject access request by sending us an email at
[email protected]. We will respond and manage your request in a way that complies with the relevant data protection and privacy laws that applies to you (if we are able to determine your place of residency). In all cases, we will respond as quickly as is commercially reasonable. We may need to verify your identity before we take the requested action.
(b) The right to rectification. You are entitled to have any incomplete or inaccurate personal information we hold about you corrected, though we may need to verify the accuracy of the new personal information you provide to us.
(c) The right to erasure. This is also known as “the right to be forgotten” which enables you to request the deletion or removal of certain of the personal information that we hold about you where there is no good reason for us continuing to process it. This right is not absolute and only applies in certain circumstances.
(d) The right to restrict processing. You have the right to block or suppress further use of your personal information in certain circumstances. When processing is restricted, we may still have a lawful reason to store your information, but we will not use it further.
(e) The right to data portability. You have the right to receive your personal information in a structured, commonly used and machine-readable format which you can transfer to another service provider or other third party. This right is not absolute and only applies in certain circumstances.
(f) The right to withdraw consent. Where we rely on consent to use your personal information, you have the right to withdraw that consent at any time. Withdrawing consent will not, however, make unlawful our use of your personal information before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain Services to you.
(g) The right to object to processing. You have the right to object to certain types of processing of your personal information, including processing for direct marketing purposes and profiling. You can object by changing your marketing preferences by disabling cookies as set out in our
Cookie Policy and Section 9 ‘Marketing’ or by contacting us at
[email protected].
14.3 You have the right not to be subject to a decision based solely on automated processing of your personal information.
14.4 To exercise any of these rights, please contact us in writing at
[email protected].
14.5 If you are unhappy with how we have handled your information under GDPR, you can contact your local data protection authority. In the UK, this is the Information Commissioner’s Office where you can issue a complaint here:
https://ico.org.uk/make-a-complaint/, or through the data protection authority of Poland (Personal Data Protection Office) which can be contacted here:
https://uodo.gov.pl/en/681/1404. We would, however, really appreciate the chance to deal with your concerns before you approach your local data protection authority and so we please ask that you contact us first. See Section 14.4 for the email address to use in order to contact us to exercise any of your rights under applicable data protection and privacy laws.
15. California Notice of Collection; Your Rights under Various U.S. State Privacy Laws.
Current State of U.S. Privacy Laws
As of the Effective Date of our privacy policy, a total of thirteen U.S. states have passed comprehensive data privacy laws in the United States: California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Texas, Florida, Montana, Oregon, and Delaware. Of those thirteen, California, Colorado, Connecticut, and Virginia's laws are currently effective. We expect this list to grow, and will endeavor to update our privacy policy when important, new legal developments occur.
If you are a California resident or a resident of a growing number of U.S. states, you may have additional rights that we summarize in our separate
California Notice of Collection and Summary of U.S. State Privacy Rights. This separate set of notices is an important part of our privacy policy and of our overall approach to transparency involving our personal information collection practices.
16. Third Party Sites
16.1 Our Site or our Services may provide links to a wide variety of third party websites. You should consult and review the respective privacy policies of these third-party websites. This privacy policy does not apply to, and we cannot control the activities of, such other websites. This privacy policy does not apply to the privacy practices of any companies we don't own or control, any persons we don't manage, or any third-party website, software, or services that we don't control.
16.2 If you choose to visit another website by clicking on a hyperlink or otherwise, you will be directed to that third party's website. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect your data, or solicit Personal Information from you. This privacy policy only addresses the use and disclosure of information that we collect from you through our Site and Services. Other websites may follow different rules regarding the use or disclosure of the information you submit to them. We encourage you to read the privacy policies or statements of other websites you visit, before providing your information to them.
17. Changes to our Privacy Policy
17.1 We may change this privacy policy from time to time. If we make changes, we will notify you by revising the date at the top of this privacy policy, adding a statement to our homepage, by sending you an email, and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of our Site and Services, and you are still responsible for reading and understanding them. If you use our Site and Services after any changes to the privacy policy have been posted, that means you agree to all of the changes. We encourage you to review this privacy policy periodically to stay informed about our practices.
17.2 Under CCPA, we are obligated to review and update our Privacy Policy annually, and we intend to comply with that requirement.
17.3 This privacy policy was last updated: November 13, 2023.