Privacy Policy
1. General Information
Hey, You Cosmeticos Ltda, registered under Tax ID No. 644.378.249/0001-00, headquartered at R. Renato Polatti, 3537 - Apt T-601, 5th Floor, Campo Comprido, Curitiba - PR, ZIP 81230-170, is committed to protecting the personal data of its customers and website visitors, in compliance with the Brazilian General Data Protection Law (LGPD - Law No. 13.709/2018).
This Privacy Policy describes how we collect, use, store, and protect your personal information in the context of cosmetics and personal care retail services.
2. Data Collected
We may collect the following information:
- Identification data: Full name, Tax ID (CPF), date of birth
- Contact data: Email, phone number, address
- Purchase data: Product orders, purchase history, preferences
- Beauty profile data: Skin type, product preferences (when voluntarily provided)
- Payment data: Information necessary for transaction processing
- Browsing data: IP address, browser type, pages visited
- Loyalty program data: Membership information (if applicable)
3. Purpose of Data Processing
The collected data is used to:
- Provide cosmetics and personal care retail services
- Process product sales and orders
- Manage inventory and product availability
- Provide personalized product recommendations
- Process payments
- Issue invoices and receipts
- Provide customer service
- Send product updates, beauty tips, and promotions (with consent)
- Manage loyalty programs (if applicable)
- Comply with legal and fiscal obligations
- Improve our products and services
4. Legal Basis for Processing
Data processing is performed based on:
- Consent: When you expressly authorize the use of your data
- Contract execution: To fulfill product sales
- Legal obligation: To comply with fiscal and consumer protection obligations
- Legitimate interest: For purchase history and customer relationship management
5. Data Sharing
Hey, You does not sell or commercialize personal data. We may share data only with:
- Suppliers: For product procurement coordination
- Payment processors: For transaction processing
- Service providers: Retail management systems, accounting
- ANVISA: To comply with cosmetic regulatory obligations (when applicable)
- Tax authorities: To comply with tax obligations
- Consumer protection agencies: To comply with CDC obligations (when applicable)
- Legal authorities: When required by law or court order
6. Data Security
We implement technical and organizational measures to protect your data:
- Encryption of payment and personal data
- Access controls to customer information
- Secure retail management systems
- Security system monitoring
- Regular backups and secure storage
- Employee training on data protection
- Periodic security audits
7. Your Rights as Data Subject
Under LGPD, you have the following rights:
- Confirmation and access: Confirm the existence of processing and access your data
- Correction: Request correction of incomplete, inaccurate, or outdated data
- Anonymization, blocking, or deletion: Request removal of unnecessary data
- Portability: Request data portability
- Deletion: Request deletion of data processed with consent
- Information: Obtain information about data sharing
- Revocation: Revoke consent at any time
- Opposition: Object to the processing performed
8. Cookies and Similar Technologies
We use cookies to improve your browsing experience. You can configure your browser to refuse cookies.
9. Data Retention
We retain your data for the time necessary to:
- Fulfill the purposes described in this policy
- Duration of customer relationship
- Purchase records: for warranty and fiscal purposes
- Legal prescription periods (generally 5 years for fiscal purposes)
- Consumer protection obligations (CDC)
- Exercise of legal rights
After these periods, data will be securely deleted or anonymized.
10. International Data Transfer
Your data is stored and processed in Brazil. We do not perform international data transfers.
11. Minors
Our services are intended for individuals over 18 years of age. We do not intentionally collect data from minors without parental consent.
12. Changes to This Policy
This Policy may be updated periodically. Significant changes will be communicated by email or website notice.
13. Data Protection Officer (DPO)
We have appointed a Data Protection Officer responsible for ensuring LGPD compliance.
14. Contact
To exercise your rights or clarify questions:
Hey, You Cosmeticos Ltda
Tax ID: 644.378.249/0001-00
Address: R. Renato Polatti, 3537
Apt T-601, 5th Floor
Campo Comprido
Curitiba - PR
ZIP: 81230-170
Privacy Email: privacy@heyyoucosmetics.com.br
DPO Email: dpo@heyyoucosmetics.com.br
Phone: (41) 0000-0000
We will respond to your requests within 15 calendar days, extendable by another 15 days with justification.
15. Applicable Law and Jurisdiction
This Policy is governed by the laws of the Federative Republic of Brazil, especially Law No. 13.709/2018 (LGPD) and Consumer Protection Code (CDC). The jurisdiction of Curitiba/PR is elected to resolve any disputes.
Last updated: December 2025