PRIVACY NOTICE

  1. Introduction
    • 1.1 We take your privacy very seriously. Please read this Privacy Notice carefully as it sets out who we are and how and why we collect, store, use and share any personal data we collect from you, or that you provide to us, and how such personal data will be processed by us or by our service providers. It also explains your rights in relation to your personal data and how to contact us or a relevant regulator if you have a complaint.
    • 1.2 References to:
      • 1.2.1 our “Services” means the products or the services that we make available to you via the Website, including, without limitation, sending you product samples from brands;
      • 1.2.2 our “Website” means our website available from productsamples.com; and
      • 1.2.3 ”you” or ”your” means the person accessing and using the Website and/or our Services.
    • 1.3 In this Privacy Notice where we use the words “personal data” or “personal information” we use these words to describe information that is about you and that identifies you.
  2. Who We Are
    • 2.1 com is a division of SoPost Limited.
    • 2.2 SoPost Limited is a company registered in England and Wales (company number 08216668) and our registered office is at The Core, Bath Lane, Newcastle upon Tyne, NE4 5TF, United Kingdom. Our U.S. entity is SoPost Inc., and is based at 110 Greene St, Suite 9C, New York, NY 10012 (collectively, “SoPost”, ”we”, ”our”, ”us”).
    • 2.3 SoPost Limited is registered with the Information Commissioner’s Office under registration number Z343508X.
    • 2.4 As Data Controller, we use and are responsible for certain personal data we collect from you through the Website and when using our Services. When we do so we are subject to the UK General Data Protection Regulation (“UK GDPR”) and any other applicable data protection legislation.
  3. Information we collect from you
    • 3.1 The personal data we collect about you depends on the particular activities carried out through our Website. We may collect, use and process the following information about you (please note, some of this is optional).
    • 3.2 Personal information you give us – this is information about you that you give us by filling in forms on our Website or by corresponding with us by phone, email or otherwise. It includes information you provide when you request a sample through our Website.
    • 3.3 When signing up to our Services we will ask for your name, date of birth, postal address and email address.
    • 3.4 We will ask you to complete your ‘Beauty Profile’ which will involve the collection of:
      • General Profile: information about your household and employment;
      • Skin Profile: your skin type, skin tone and any concerns you may have (special category personal data);
      • Hair Profile: your hair type, hair colour, how it is coloured and any concerns you may have (some of this may be special category personal data);
      • Makeup Profile: the makeup looks you prefer and how often you wear makeup;
      • Fragrance Profile: the type of fragrances you like to wear and how often you wear them.;
      • Food & Drink Profile: your food and drink preference and purchase habits;
      • Health & Fitness Profile: information about your exercise habits and vitamin and supplement consumption (special category personal data);
      • Lifestyle Profile: your hobbies and views on certain product categories;
      • Household Profile: information about products that you use around your home;
      • Family Profile: your family set up and allergy concerns of your children (some of this may be special category personal data);
      • Pets Profile: information about your pets and what products you purchase to care for them;
      • Travel & Holidays Profile: the frequency and type of holidays that you take;
      • Media & Technology Profile: the media platforms which you use; and
      • 18+ Profile: information about your use of alcohol, tobacco and CBD products.
    • 3.5 Your Beauty Profile is an essential part of the service that we deliver. We use it to select samples that we think you will like, based on the recommendations made by our brand partners (who never see your Beauty Profile themselves). We use this information to deliver products suitable to the responses that you have provided within your skin tone and other preferences.
    • 3.6 Whenever you visit our Website we will automatically collect the following information:
      • Technical Information: including the Internet protocol (IP) address used to connect your computer or other device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
      • Information about your visit: this includes the full Uniform Resource Locators (URL), clickstream to, through and from our Website (including date and time), pages you have visited, page response times, download errors, length of visits to certain page and page interaction information (such as scrolling, clicks, and mouse-overs);
      • Information we receive from other sources: this is information we receive about you if you use any of the other websites we operate or the other services we provide. Additionally, if you interact with us via our social media pages, then you may provide us with your personal information. We collect this particular information for the purposes described in this Privacy Notice. In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this Website. We will also have told you for what purpose we will share and combine your data. We are working closely with third parties (including, for example, business partners, sub-contractors in technical and delivery services, advertising networks, analytics providers and search information providers). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
    • Special Categories of Personal Data
    • 3.7 Certain personal data we collect is treated as a special category to which additional protections apply under data protection law. We have referenced which data collected above may fall into this category and such data includes:
      • personal data revealing racial or ethnic origin; and
      • data concerning health and sex life.
    • 3.8 Where we process such special category personal data, we will also ensure we are permitted to do so under data protection laws whether that is by asking for your specific consent or otherwise.
  4. What we do with your information
    • 4.1 We collect and use the above personal data for the purposes described in this section. We will use your personal data to:
      • deliver any products to your nominated address;
      • provide any services requested by you;
      • to recognise you when you return to the Website;
      • to ensure that content from the Website is presented in the most effective manner for you and for your computer, mobile or tablet;
      • to provide you with information, products, services, promotions or advertisements that we feel may interest you, where you have consented to be contacted for such purposes;
      • to allow you to participate in interactive features of the Website and/or the Services, when you choose to do so;
      • to enable retailers and our brand partners to provide you and/or your recipient(s) or friend(s) with products and/or services;
      • to notify you about changes to the Website and/or the Services;
      • collect feedback from you on behalf of SoPost and our brand partners related to a product that we have delivered;
      • audit and monitor usage of the Website;
      • improve the Website and the Services;
      • manage complaints, feedback and respond to questions;
      • comply with any legal or regulatory obligations (including in connection with a court order);
      • verify your compliance with, our Terms of Use and Terms of Service; and
      • for our internal business operations.
  5. How and why we use your personal data
    • 5.1 under data protection law, we can only use your personal data if we have a proper reason, eg:
    • 5.2 where you have given consent;
      • to comply with our legal and regulatory obligations;
      • for the performance of a contract with you or to take steps at your request before entering into a contract; or
      • for our legitimate interests or those of a third party.
    • 5.3 A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
    • 5.4 The table below explains what we use your personal data for and why.
    What we use your personal data for Our reasons
    Create and manage your account with us To perform our contract with you or to take steps at your request before entering into a contract
    Providing our Services to you To perform our contract with you or to take steps at your request before entering into a contract
    Conducting checks verify your identity to prevent misuse of your account or to help prevent and detect fraud against you or us For our legitimate interests, ie to minimise fraud that could be damaging for you and/or us
    To enforce legal rights or defend or undertake legal proceedings Depending on the circumstances:
    • to comply with our legal and regulatory obligations
    • in other cases, for our legitimate interests, ie to protect our business, interests and rights
    Customise our Website and its content to your particular preferences based on a record of your selected preferences or on your use of our Website Depending on the circumstances:
    • your consent as gathered by the separate cookies tool on our Website – please see the Cookies Policy set out below
    • where we are not required to obtain your consent and do not do so, for our legitimate interests, ie to be as efficient as we can so we can deliver the best service to you
    • if you have provided such a consent you may withdraw it at any time by eg changing the setting on the cookies tool or in your account (this will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn)
    Retaining and evaluating information on your recent visits to our Website and how you move around different sections of our Website for analytics purposes to understand how people use our Website so that we can make it more intuitive or to check our Website is working as intended Depending on the circumstances:
    • your consent as gathered eg by the separate cookies tool on our Website
    • where we are not required to obtain your consent and do not do so, for our legitimate interests, ie to be as efficient as we can so we can deliver the best service to you
    • if you have provided such a consent you may withdraw it at any time by eg changing the setting on the cookies tool or in your account (this will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn)
    Communications with you not related to marketing, including about changes to our terms or policies or changes to the Services or other important notices Depending on the circumstances:
    • to comply with our legal and regulatory obligations
    • in other cases, for our legitimate interests, ie to be as efficient as we can so we can deliver the best service to you
    Protecting the security of systems and data used to provide the Services To comply with our legal and regulatory obligations We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, ie to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us
    Statistical analysis to help us understand our customer base For our legitimate interests, ie to be as efficient as we can so we can deliver the best service to you
    Updating and enhancing customer records Depending on the circumstances:
    • to perform our contract with you or to take steps at your request before entering into a contract
    • to comply with our legal and regulatory obligations
    • where neither of the above apply, for our legitimate interests, eg making sure that we can keep in touch with our customers about existing sample orders and new products
    Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business, eg to record and demonstrate evidence of your consents To comply with our legal and regulatory obligations
    Marketing our Services to existing and former customers For our legitimate interests, ie to promote our business to existing and former customers
    To share your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency In such cases information will be anonymised where possible and only shared where necessary Depending on the circumstances:
    • to comply with our legal and regulatory obligations
    • in other cases, for our legitimate interests, ie to protect, realise or grow the value in our business and assets
  6. Where and how we hold your information and how we share your information
    • 6.1 The information and content held on our Website is deployed geographically to maximise user experience. We will never share your user information with third parties for their promotional purposes without your consent.
    • 6.2 We may work with our service providers, suppliers and sub-contractors who help us provide the Website and Services. For example, Google Cloud is our host provider and our production databases are stored in Google Cloud which is contracted by use for the provision of technical services. To know more about how we interact with Google Cloud you can view their privacy notice, amongst their other policies here.
    • 6.3 We may share information with our shipping and other distributors and fulfilment service providers.
    • 6.4 We use Postmark to send emails from our platform. In order to do this, we have to supply Postmark with your email address and a body for the email. If you want to know more about how we interact with Postmark you can view their privacy notice, amongst other policies here.
    • 6.5 If you contact us for customer service then your message will be routed through Zendesk, which we use to help us manage our customer service queries. To do this, Zendesk will retain a copy of all communication between you and us. If you would like to know more about how we interact with Zendesk you can view their privacy policy here.
    • 6.6 With your consent during the sign-up process or at other times, we will share your name and contact details with selected advertisers so they can send you newsletters, special offers and other information. You can unsubscribe from those mailings by clicking on the “unsubscribe” link at the bottom of the e-mail correspondence or by contacting the advertiser directly.
    • 6.7 We reserve the right to disclose and/or transfer your personal information to external agencies and organisations (including police agencies and the relevant local authority) for the purpose of complying with applicable legal and regulatory obligations.
    • 6.8 We may also disclose your information to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this Privacy Notice.
  7. Transfers
    • 7.1 The EEA, UK and other countries outside the EEA and the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.
    • 7.2 It is sometimes necessary for us to transfer your personal data to countries outside the UK and EEA. In those cases, we will comply with applicable laws designed to ensure the privacy of your personal data.
    • 7.3 We may transfer your personal data to our service providers with data centres located outside the UK and the EEA. We may also transfer your personal data from the EEA to the UK.
    • 7.4 Under data protection laws, we can only transfer your personal data to a country outside the UK/EEA where:
      • in the case of transfers subject to UK data protection law, the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR; or
      • in the case of transfers subject to EEA data protection laws, the European Commission has decided that the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy decision’) further to Article 45 of the EU GDPR; or
      • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or
      • a specific exception applies under relevant data protection law.
    • 7.5 Where we transfer your personal data outside the UK, we do so on the basis of an adequacy regulation or (where this is not available), we will rely on other methods such as legally-approved standard data protection clauses recognised or issued further to Article 46(2) of the UK GDPR. If we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law and reflected in an update to this policy.
    • 7.6 Where we transfer your personal data outside the EEA, we do so on the basis of an adequacy decision or (where this is not available) we will rely on other methods such as legally-approved standard data protection clauses issued further to Article 46(2) of the EU GDPR. If we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your personal data outside the EEA unless we can do so on the basis of an alternative mechanism or exception provided by applicable data protection law and reflected in an update to this policy.
    • 7.7 Any changes to the destinations to which we send personal data or in the transfer mechanisms we rely on to transfer personal data internationally will be notified to you in accordance with the section on ‘Changes to this Privacy Notice’ below.
    • 7.8 If you would like further information about this section, please contact us (see ‘How to Contact Us’ below).
  8. What we do to maintain the security of your personal information
    • 8.1 Our approach to information security is constantly evolving and continually reviewed. We implement a variety of technical and organisational measures to help protect your personal information from unauthorised access, use, disclosure and transfer. This includes, by way of example, training and adequate procedures put in place for any staff that handle or have access to your personal information.
    • 8.2 We have taken reasonable steps to help protect the personal information we collect. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Website and any transmission is at your own risk. Once we have received your personal information, we will use procedures and security features to try to prevent unauthorised access.
  9. Your rights regarding your personal information
    • 9.1 You generally have the following rights, which you can usually exercise free of charge:
    Access to a copy of your personal data The right to be provided with a copy of your personal data
    Correction (also known as rectification) The right to require us to correct any mistakes in your personal data
    Erasure (also known as the right to be forgotten) The right to require us to delete your personal data – in certain situations
    Restriction of use The right to require us to restrict use of your personal data in certain circumstances, eg if you contest the accuracy of the data
    Data portability The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations
    To object to use The right to object:
    • at any time to your personal data being used for direct marketing (including profiling)
    • in certain other situations to our continued use of your personal data, eg where we use your personal data for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims
    Not to be subject to decisions without human involvement The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
    The right to withdraw consents If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time You may withdraw consents by logging on to your account and changing your consent settings. Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn
    • 9.1 We may contact you via email with updates about the Services that we offer or any changes that we have made to our Website, subject to your preferences. You can update your preferences and opt in or out at any time by clicking the ‘Unsubscribe’ link in our emails, by replying ‘Stop’ to our text messages or by updating your consent preferences in your account. Your option not to receive promotional and marketing material will not preclude us from corresponding with you, by email or otherwise, regarding your existing or past business relationships with us, and will not preclude us from accessing and viewing your personal information in the course of maintaining and improving our Website and our Services.
    • 9.3 You may delete your profile and all personal data from the Website from within your account.
    • 9.4 If you would also like to delete or access your personal data from the Website you can do so by visiting the SoPost Privacy portal.
  10. Third-Party Links and Social Media
    Our Website may, from time to time, contain links to social media platforms. Use of third-party social media platforms, such as Twitter and Facebook, are governed by the privacy policies and practices of those platforms.
  11. How long we hold your information for
    We will retain your information for as long as is necessary for the purposes for which it was collected. The precise period will depend on the reason why it was collected. Those periods are also based on the requirements of applicable data protection laws, applicable legal and regulatory requirements, and periods related to the commencement of legal actions. If you have not interacted with us or accessed our Services for an extended period then we may delete your personal data from our systems, but will send you an email first informing you of our intention to do so.
  12. No Service to Minors
    We do not knowingly collect information from individuals under the age of 18. If you are under the age of 18, please do not give us personal information. We will use commercially reasonable efforts to delete information associated with an individual under 18 as soon as practicable if we learn that we have collected such information.
  13. California Residents
    Pursuant to Section 1798.83 of the California Civil Code (the “Shine the Light Law”), residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information, if any, the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information in the immediately preceding calendar year. To access this information, write to SoPost Ltd, The Core, Bath Lane, Newcastle upon Tyne, NE4 5TF, United Kingdom, Attention: CA Privacy Requests, or email dpo@sopost.com with the subject line “CA Privacy Requests”. We will endeavor to respond to such requests within a reasonable time by providing a report that includes the information required by applicable law. Please be advised that we are not required to respond to requests from any individual resident under the Shine the Light Law more frequently than once per calendar year. If any other state enacts a similar law as the California law, then this provision will also apply to such state.
  14. Do-Not-Track Requests; Third-Party Tracking
    • 14.1 Certain mechanisms may allow you to send web browser signals, known as “Do Not Track” (“DNT”) signals, indicating your choice to disable tracking on the Website. We do respond to certain browser do not track signals at this time. When we detect a DNT signal, we will not include the Google Analytics code and track beyond our own logging as described in the Cookie Policy. We may not be aware of or able to honour and respond to every such mechanism. More information about “Do Not Track” is available at allaboutdnt.orgconcerning such information.
    • 14.2 Third parties, other than our service providers (such as our website analytics provider), do not have our permission to track which websites you visited prior to and after visiting the Website. That said, we cannot control third-party tracking and there may be some third-party tracking that occurs without our knowledge or consent.
  15. Changes to this Privacy Notice
    Any changes we may make to our Privacy Notice in the future will be posted on this page and we may send you an email. The new terms may be displayed on-screen and you will be required to read and accept them to continue your use of our Services.
  16. Our Cookie Policy
    We want you to be informed about how cookies are used when using our Website, so here’s how we use cookies. If you’re unsure about what a cookie is and how it works, Google have a nice video that explains this in plain English.
  17. Our Cookies
    • 17.1 We use cookies on our Website to allow us to provide a persistent state as you move from a page to another page. It is our commitment to you that no cookies that we set will ever contain any personal data. Cookies aid us in providing you with a secure and safe experience.
    • 17.2 We only allow cookies over https and all information inside our cookies is encrypted.
  18. What Information Do You Store in Cookies?
    We never store any personal data in our cookies, instead we store randomly generated strings (we call them “IDs”). We use these IDs to lookup in our secure databases so that we can personalise and tailor the pages that we serve to you.
  19. Refusing and Disabling Cookies
    • 19.1 You can choose to refuse or disable cookies that we send to you by configuring your browser to do so. Please consult the documentation for your browser for information on how to do this.
    • 19.2 If you’re using our Website and disable some (or maybe all) of the cookies that we require, you may have difficulty using parts of our Website. We may rely on certain cookies to provide a complete user experience.
  20. Third-Party Cookies

    Google Analytics

    • 20.1 We use Google Analytics on our Website to assess the performance and analytics of our content and traffic sources. For instance, where users come from, which pages are most popular, which sites provide most traffic, or how our marketing efforts impact the number of visits we receive.
    • 20.2 No personal data is passed to Google Analytics. Instead, meta information (such as the pages you visited, type of device you’re using or which browser you’re using) is used to understand how people are using our Website.
    • 20.3 To disable Google Analytics, you can decline the third-party cookie notice on our Website.
    • 20.4 We respect “Do Not Track” and we will never use the Facebook Pixel if you have this setting enabled.

    Facebook Pixel

    • 20.5 We use the Facebook Pixel on our Website to measure the effectiveness of their advertising and to allow them to build audiences based on the actions people take on our Website. For instance, we can stop showing you Facebook adverts to signup to our Website if you’ve already completed the signup process. Or, our Website could show you ads on Facebook that they think will be relevant to you because you’ve got an account on our Website.
    • 20.6 The Facebook Pixel also allows Facebook’s ad system to better understand your interests so it can show you ads from advertisers that are relevant and useful. For instance, you may see more ads for beauty products if you have an account on our Website.
    • 20.7 Facebook’s ad system prioritises what ad to show you without us or any other advertisers knowing who you are. Facebook doesn’t sell any individual data that could identify you, such as your name.

    How do I disable the Facebook Pixel?

    • 20.8 To disable the Facebook Pixel, you can decline the third-party cookie notice on our Website.
    • 20.9 We respect “Do Not Track” and we will never use the Facebook Pixel if you have this setting enabled.
    • 20.10 You can control how Facebook uses data from partners in your.
  21. Do Not Track If you set your browser to enable it’s “Do Not Track” feature then we will respect your choice and will not include any third-party cookies.
  22. How to Contact us
    • 22.1 If you have a question relating to our Privacy Notice or our Cookies Policy, please contact us by post or email.
    • 22.2 Our contact details are shown below:
    Contact Details
    Data Protection Officer
    SoPost Limited
    The Core, Bath Lane
    Newcastle upon Tyne
    NE4 5TF, UNITED KINGDOM
    dpo@sopost.com
  23. How to Complain
    Please contact us if you have any queries or concerns about our use of your personal data (see above ‘How to Contact us’). We hope we will be able to resolve any issues you may have.
  24. Contact the Information Commissioner if there is a problem
    If you consider we have not addressed your complaint, you can contact the UK Information Commissioner’s Office for assistance. Further information can be found here.
Home For Brands PS Insiders About Us Blog
Close Icon

JOIN THE GREATEST SAMPLING SITE

Get access to our exclusive boxes from brands you love and access to all our great benefits!

Mail illustration
Close Icon

THANKS FOR SIGNING UP!

We're still getting things ready, but should be launching soon! Keep an eye on your email!

CLOSE

Congrats illustration
Close icon

Let's connect.

Enter your details below and one of our sampling consultants will be in touch.

Mail illustration
Close icon

Thanks for getting IN TOUCH!

We've recieved your enquiry and will reply as soon as possible.

CLOSE

Congratulations illustration