The Science Ingredients Reviews Shop Now

Legal

Privacy Policy

Last updated: May 20, 2026

FINKO (“FINKO,” “we,” “us,” or “our”) is a sole-proprietorship skincare business based in the United Kingdom. We respect your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit thefinko.com (the “Site”) or purchase our products. For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, FINKO is the data controller for the personal information collected through the Site. By using the Site, you agree to the practices described below.

1. Information We Collect

We collect the following categories of information:

  • Contact information you provide directly — name, email address, shipping address, and phone number (if supplied) when you place an order or contact customer support.
  • Order and payment information — products purchased, order history, and billing details. Payment card data is processed directly by Stripe and is never stored on our servers.
  • Chat assistant conversations — messages you send to our AI-powered chat widget, which are processed to generate responses and may be reviewed to improve service quality.
  • Technical and usage data — IP address, browser type, device identifiers, pages viewed, referring URLs, and timestamps, collected automatically through cookies and server logs.

Lawful basis for processing (UK GDPR): we process your personal data to perform the contract when you place an order, on the basis of your consent for optional communications, and based on our legitimate interests in operating, securing, and improving the Site.

2. How We Use Your Information

We use the information we collect to:

  • Process, fulfil, and ship your orders, and communicate with you about your order status.
  • Respond to customer service inquiries submitted via email or the chat assistant.
  • Operate, secure, and improve the Site.
  • Prevent fraud, abuse, and unauthorized access.
  • Comply with applicable laws and respond to lawful legal requests.

3. Sharing Your Information

We do not sell your personal information. We share limited information with trusted service providers who help us operate our business, under contractual obligations to protect your data:

  • Stripe — our payment processor. Your payment details are entered directly with Stripe and processed under their privacy policy (stripe.com/privacy).
  • OpenAI — powers our AI chat assistant. Messages you send to the chat are transmitted to OpenAI to generate responses, subject to their privacy and data-handling policies.
  • Vercel — our website hosting provider. Vercel processes server logs and request metadata to deliver and secure the Site. Vercel Analytics collects anonymized page-view and performance data.
  • Google — we use Google Analytics 4 to understand how visitors interact with the Site (pages viewed, button clicks, scroll depth, traffic sources). Google may set cookies on your device and process data under its own privacy policy (policies.google.com/privacy). We have configured Google Analytics not to collect personally identifiable information.
  • Shipping carriers — to deliver your orders worldwide.
  • Legal and regulatory authorities — when required by law, court order, or to protect our rights, property, or safety.

Some of these providers (including Stripe, OpenAI, Google, and Vercel) are based in or transfer data to countries outside the United Kingdom, including the United States. Where we transfer your data outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision where one applies.

4. Cookies and Tracking

We use the following cookies and tracking technologies:

  • Essential cookies — small files stored by your browser that are required to make the Site work (for example, remembering your session and preferences).
  • Google Analytics 4 — sets cookies (including _ga and _ga_*) to distinguish unique visitors and track page views, button clicks, scroll depth, and traffic sources. Data is sent to Google and processed in accordance with Google’s privacy policy. You can opt out at any time using the Google Analytics opt-out browser add-on.
  • Vercel Analytics — collects anonymized, cookie-free page-view and performance data to help us monitor site speed and reliability.

We do not use advertising cookies or tracking pixels at this time. You can disable or delete cookies in your browser settings at any time, although doing so may affect Site functionality.

5. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, including to provide services, resolve disputes, and comply with legal obligations. Order records are typically retained for at least seven years for tax and accounting purposes.

6. Your Privacy Rights

Under the UK GDPR and applicable data protection laws, you have the following rights in relation to your personal data:

  • The right to access the personal information we hold about you.
  • The right to rectify inaccurate or incomplete information.
  • The right to erasure (“right to be forgotten”), subject to legal exceptions.
  • The right to restrict or object to processing of your personal data.
  • The right to data portability — to receive your data in a structured, commonly used format.
  • The right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
  • The right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk, or your local data protection authority if you are outside the UK.

To exercise any of these rights, email us at helpfinko@gmail.com. We will respond within one month, as required by UK GDPR.

7. Data Security

We use reasonable administrative, technical, and physical safeguards to protect your personal information. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

8. Children’s Privacy

The Site is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. International Users

FINKO is based in the United Kingdom and ships worldwide. If you access the Site or purchase from outside the United Kingdom, your personal data may be transferred to, stored, and processed in the UK and in other countries where our service providers (such as Stripe, OpenAI, and Vercel) operate. We take steps to ensure any such transfers are carried out with appropriate safeguards under the UK GDPR.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated “Last updated” date. Your continued use of the Site after changes are posted constitutes acceptance of the revised Policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

FINKO
Email: helpfinko@gmail.com
Website: thefinko.com