Umia Beauty's Privacy Policy

Last modified: January 24, 2026

Introduction

This privacy notice describes how we will collect, use, share and otherwise process your personal data in connection with your use of:

  • UMIA mobile application software (App).
  • Any of our services that are accessible through the App (Services).

This App is not intended for those under 13 and we do not knowingly collect data relating to children.

Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

This notice is provided in a layered format so you can click through to the specific areas set out below:

[IMPORTANT INFORMATION AND WHO WE ARE] [THE DATA WE COLLECT ABOUT YOU] [HOW IS YOUR PERSONAL DATA COLLECTED?] [HOW WE USE YOUR PERSONAL DATA] [DISCLOSURES OF YOUR PERSONAL DATA] [INTERNATIONAL TRANSFERS] [DATA SECURITY] [DATA RETENTION] [YOUR LEGAL RIGHTS] [DESCRIPTION OF CATEGORIES OF PERSONAL DATA]

Important Information and Who We Are

Umia Technology Inc, trading as Umia Beauty, is the controller and is responsible for your personal data (Umia Beauty, we, us or our in this notice).

Contact Details

Our full details are:

  • Full name of legal entity: Umia Technology Inc
  • Email address: support@umia.beauty
  • Postal address: Cathedral Place Unit 1600, 925 West Georgia Street, Vancouver, V6C 2L1, Canada.

We are based outside of the UK, so we have appointed Umia Beauty Ltd as our UK representative under the UK GDPR. You can contact them on the details below.

Our UK representative's full details are:

  • Full name of legal entity: Umia Beauty Ltd
  • Name of contact person: Modi Liu
  • Email address: support@umia.beauty
  • Postal address: 128 City Road, London, United Kingdom, EC1V 2NX

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues.

Changes to the Privacy Notice and Your Duty to Inform Us of Changes

We keep our privacy notice under regular review.

This version was last updated on January 24th, 2026. It may change and, if it does, those changes will be posted on this page and notified to you by push notification, by email, when you next start the App and/or log onto your account. You may be required to read and acknowledge the changes to continue your use of the App or the Services.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you. Please visit the settings section of your Account to update your details.

Third Party Links and Sites

Our App and Services may, from time to time, contain links to and from the websites of third parties, including third party sites via which to book Services. Please note that these websites (and any services accessible through them) are controlled by those third parties and are not covered by this privacy notice. You should review their own privacy notices to understand how they use your personal data before you submit any personal data to these websites or use these services.

The Data We Collect About You

We collect, use, store and transfer different kinds of personal data about you. To make it easier for you to use this privacy notice, we group these into the following categories. Each of these categories is described in more detail [LINK TO Description of categories of personal data].

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).

We do not collect data relating to criminal offences.

How Is Your Personal Data Collected?

We collect your personal data in the following ways:

  • Registration. We collect your Identity Data and Contact Data when you register your account with us.
  • Communications. When you communicate with us via email or any other means we collect your Contact Data. If the communication relates to an error or problem you are having with the App or one of our Services, we will also collect Usage Data for diagnosis and improvement.
  • Information you generate when using our App and Services. Each time you access and use our App and Services we collect Content, Device, Cookies, Personalisation and Usage Data. We collect Device, Cookies, Personalisation and Usage Data using cookies and other similar technologies.
  • Information we collect through monitoring the use of our App and Services. Each time you access and use our App and Services we collect information about that access and use, being Device, Content, Cookies, and Usage Data.
  • Additional information we otherwise collect through our App and Services where we have your consent to do so. Where you provide your consent, we collect your Location Data to use the "Find Nearby Stores" or similar features.
  • Direct Marketing. We collect and record Direct Marketing Data when we add you to our marketing database, you request to change your direct marketing preferences, or you interact with our direct marketing communications.
  • Social Media Data. We collect Social Media Data when you choose to connect your social media account to your account.
  • Information we receive from third parties. We will receive personal data about you from the third parties set out below:
    • Device and Cookies Data;
    • Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Stripe; or
    • Identity and Contact Data from third party venues where our machines are located and via which you book services.

Cookies

We use cookies (small files placed on your device) and other tracking technologies on the App and in our direct marketing emails to improve your experience and our development of the App and our Services.

How We Use Your Personal Data

We will only use your personal data when we have a lawful basis to do so. Our lawful basis for each purpose for which we use your personal data is specified below. Most commonly we will use your personal data in the following circumstances:

  • Consent. Where you have freely consented before the processing in a specific, informed and unambiguous indication of what you want. You can withdraw your consent at any time by contacting us.
  • Performance of a contract. Where we need to process your personal data to perform a contract with you or where you ask us to take steps before we enter into a contract with you.
  • Legitimate interests. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Legal obligation. Where we need to use your personal data to comply with a legal or regulatory obligation.

1. Delivery and Improvement of Our App and Purchases

Purpose or Activity Type of Personal Data Lawful Basis for Processing
To permit you to install the App and register you as a new App user Identity
Contact
Financial
Device		 Performance of a contract
Legitimate interests (delivering our App to you)
To take steps towards providing you with services at your request, to process and fulfil in-App orders and deliver services to you, including managing payments and sending you service communications Identity
Contact
Transaction
Device
Location		 Performance of a contract
Enforce our terms and conditions, including to collect money owed to us Identity Legitimate interests (to recover debts due to us)

2. Account Management and Profiling

Purpose or Activity Type of Personal Data Lawful Basis for Processing
Combining the information we collect about you into a single customer account profile Contact
Direct marketing		 Legitimate Interests (to publicise and grow our business)

3. Direct Marketing

Purpose or Activity Type of Personal Data Lawful Basis for Processing
To send you direct marketing communications via email, text and/or push notification Contact
Device
Direct Marketing		 Consent

Unless we can rely on the soft opt-in and you have not opted out, in which case we rely on Legitimate Interest (to publicise and grow our business)

4. Troubleshooting, Improvement and Security

Purpose or Activity Type of Personal Data Lawful Basis for Processing
To administer, monitor and improve our business, Services and this App including troubleshooting, data analysis and system testing Identity
Contact
Device
Image		 Legitimate interests (for running our business, provision of administration and IT services, network security, maintaining the security of our App and Services, providing a secure service to users and preventing fraudulent and other misuse of our App)
Applying security measures to our processing of your personal data, including processing in connection with the App All personal data under this privacy notice Legal obligation (applying appropriate technical and organisational measures under Article 32 of the UK GDPR)
Otherwise monitoring use of the App and deploying appropriate security measures Contact
Security
Transaction		 Legitimate interests (running our business, provision of administration and IT services, network security, maintaining the security of our App and services, providing a secure service to users and preventing fraudulent and other misuse of our App)

5. Rights and Obligations

Purpose or Activity Type of Personal Data Lawful Basis for Processing
To comply with our other legal obligations, including compliance with tax legislation, judicial, law enforcement and government authorities' requests All personal data under this privacy notice Legal obligation

6. Cookies and Personalisation

Purpose or Activity Type of Personal Data Lawful Basis for Processing
To deploy and process personal data collected via Cookies that are strictly necessary Cookies Legitimate interests (delivering and securing the App and our Services)
To deploy and process personal data collected via Cookies that are not strictly necessary Cookies Consent
To deliver (personalised) recommendations and advertisements to you Personalisation Consent

7. Other Communications

Purpose or Activity Type of Personal Data Lawful Basis for Processing
To notify you of changes to the App, Services, your purchases and our terms and conditions for ongoing contracts Contact For ongoing or prospective contracts, Performance of a contract

Otherwise, Legitimate interests (in servicing our users and prospective users)
To notify you of updates to this privacy notice Contact
Transaction		 Legal obligation (to inform you of our processing under Articles 13 and 14 of the UK GDPR)
To respond to your requests to exercise your rights under this notice As relevant to your request Legal obligation (complying with data subject requests under Chapter 3 of the UK GDPR)
To ask you to complete a survey and process your response Contact Legitimate interests (to analyse how users use our products or Services and to develop them and grow our business)

Unless you have previously opted out, where we will rely on Consent
To otherwise respond to your enquiries, fulfil your requests and to contact you where necessary As relevant to your enquiry or request Legitimate interests (service our users and prospective users)

8. Personal Data Sharing

Purpose or Activity Type of Personal Data Lawful Basis for Processing
Share personal data with our third-party providers for purposes not otherwise set out above (see Disclosures of your personal data) Identity
Contact
Transaction		 Legitimate interests (for the purpose relevant to the recipient, as set out at "Disclosures of your personal data")

9. Business Contacts

Purpose or Activity Type of Personal Data Lawful Basis for Processing
Process personal data relating to staff members of our business contacts, including suppliers, customers and prospects Contact Legitimate interests (servicing and receiving products or services, to or from our business contacts and carry out our B2B business)

Automated Decision Making and Profiling

We do not make decisions based solely on automated processing or profiling that produce legal effects concerning you (or have similarly significant effects).

Disclosures of Your Personal Data

We may share your personal data with the following third parties:

  • External third parties:
    • Your Appstore Provider and mobile network operator to allow you to install the App.
    • Connected third parties: other Umia Beauty companies, connected to us (but not necessarily in the same group) and who are based in: the UK and China.
    • Third party venue providers where the services are to take place.
    • Service providers acting as processors who provide IT and system administration services, hosting services for our App, delivery and logistics services, payment processing, email delivery and administration, and data storage and analysis.
    • Our professional advisors acting as controllers including lawyers, auditors, insurers and consultants who provide legal, accounting, insurance and other professional services.
    • Your service providers that you have appointed and we need to contact to fulfil your requests, such as your banking or payment card provider to process your transactions.
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • HM Revenue and Customs, regulators, law enforcement, public authorities or other third parties acting as controllers based in the UK where necessary to exercise our rights or comply with a legal obligation.

International Transfers

Where we transfer your personal data between the UK and the EEA those transfers are made pursuant to the UK government's adequacy decision in favour of countries in the EEA and the European Commission's adequacy decision in favour of the UK.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
  • Where we use certain service providers located outside the EEA, we use specific contracts approved by the UK which give personal data the same protection it has in the UK and EEA.

Please contact us using the contact details above if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Data Security

All information you provide to us is located in the EEA or Hong Kong. Any payment transactions carried out by us or our chosen third-party provider of payment processing services, Stripe, will be encrypted using mutual transport layer security (mTLS) and dedicated PGP Keys. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our App or Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Once we have received your information, we will use strict procedures and security features to protect your personal data from loss, unauthorised use or access.

[We will collect and store personal data on your device using [application data caches and browser web storage (including HTML5) OR [ALTERNATIVE MECHANISMS]] and other technology.] Please see our cookies policy.

We have put in place procedures to detect and respond to personal data breaches and notify you and any applicable regulator when we are legally required to do so.

Data Retention

By law we have to keep basic information about our customers (including Contact, Identity, Security and Transaction Data) for six years after they cease being customers for tax purposes.

In some circumstances you can ask us to delete your data: see Your Legal Rights below for further information.

Once we no longer have a legal right to hold your personal data, we will delete or, in some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Description of Categories of Personal Data

  • Identity Data: first name, last name, title and Profile Data.
  • Contact Data: first name, last name, contact address, email address and telephone numbers, your communication preferences and copies of the communications between you and us.
  • Profile Data: your email address, username and password.
  • Image Data: photos and videos of hands and fingers on which the Services are provided.
  • Transaction Data: billing and delivery addresses, history of your payments, purchases, deliveries, returns and refunds and the applicable terms and conditions of your purchases.
  • Device Data: the type of device you use, your unique device identifier, mobile network information, your mobile operating system, the type of mobile browser you use, IP address, app crash logs and time zone setting.
  • Usage Data: logs and detail of your use of our Apps and Services, being the dates and times on which you download, access and update the App and our Services, any error or debugging information, and the resources that you access and the actions we and you take in relation to them and Cookies Data.
  • Security Data: information we collect about your use of the App, our Services and our Sites in order to ensure your and our other users' safety and security, being Usage Data, the Cookies Data and the information provided to us by our payment processing provider.
  • Cookies Data: the information collected through the cookies and similar technologies listed in our Cookies Notice.
  • Direct Marketing Data: your direct marketing preferences, consents for receiving direct marketing from us and/or our third parties and the history of the direct marketing communications we have sent to you.
  • Location Data: your current location as disclosed by GPS technology for the time period where you have permitted us to collect it.
  • Social Media Data: your social media account information.
  • Feedback Data: your feedback and survey responses.
  • Personalisation Data: Cookies Data, Device Data, Transaction Data, Social Media Data, Usage Data, Location Data, and the preferences we have inferred you have and use to personalise the App and Services.