This site has limited support for your browser. We recommend switching to Edge, Chrome, Safari, or Firefox.

4.4/5 average rating

FREE SUPER SAVER DELIVERY ON ORDERS OVER £45

SAVE 15% WITH BESTSELLING COLLECTIONS

SUGAR PUMPKIN NOW LIVE

SUGARPLUM PASSION NOW LIVE

Your Bag 0items

You've unlocked FREE Shipping!

You're £45 away from free shipping
£0.00 £45.00
Maximum quantity reached

Earn up to 0 points with Love Your Body™ Club.
Login to your account or opt-in at checkout.

We think you might like
Subtotal Free
Keep shopping

Your bag is empty

Bestsellers
Bath & Body
Face & Skincare
Haircare
Makeup
Fragrance
Gifts
Offers
Archive

Privacy policy

1. KEY TERMS

1.1 In this Privacy Policy:

  1. "we", "us", "our" or "The Body Shop" means The Body Shop International Limited, a company registered in England and Wales (company no 15859787);
  2. "Group" means collectively The Body Shop, The Body Shop's owner, their affiliates and subsidiaries;
  3. "you", "your" or "customer" means any individual who visits our Website or retail stores or counters;
  4. "personal information" means information that is about you and other individuals you may tell us about and which identifies you or those individuals; and
  5. references to our "Website" means the website at www.thebodyshop.com, other websites which are operated by us and our branded mobile applications made available via third-party platforms.

2. INTRODUCTION

2.1 This Privacy Policy sets out the basis on which we collect and use personal information collected from or provided by you when you:

  1. visit our Website;
  2. visit our retail stores or counters, including if you register for an account with us in-store;
  3. correspond with us across any of our channels, including via email, live chat, social media and text message;
  4. submit a review regarding our products either in person or on our Website; and/or
  5. sign up to our direct marketing campaigns, free prize draws and competitions.

2.2 This Privacy Policy tells you about your privacy rights and how the law protects you. This Privacy Policy describes:

  1. who is responsible for the personal information that we collect about you;
  2. the personal information we collect about you;
  3. how we will use it;
  4. who we may disclose it to; and
  5. your rights and choices in relation to your personal information.

This is to make sure you have a full picture of how we collect and use your personal information. This Privacy Policy may be supplemented by other notices and privacy policies and is not intended to override them.

2.3 You have the right to object to our use of your personal information in certain circumstances. A summary of your right to object (along with other rights under data protection law) and the details of who to contact if you want to exercise them can be found at paragraphs 13 and 14 below.

3. OUR APPROACH TO CHILDREN'S PRIVACY

3.1 We are sometimes given information about children while dealing with customer complaints and concerns regarding children. The information in the relevant parts of this Privacy Policy applies to children as well as adults.

3.2 Our Website is not intended or designed for anyone under the age of 16 and we do not knowingly collect personal information relating to individuals who are under this age. If you learn that an individual under the age of 16 has registered for email newsletters, or otherwise provided their personal information to The Body Shop, please let us know using the contact information provided in paragraph 14 below. If we become aware that an underage user has provided personal information without parental permission, we will take such action as we deem appropriate. Such action may include terminating the relevant account and deleting all personal information provided by that user to the extent feasible and as soon as practicable. Depending on the country in which you are based, we may use personal information to carry out age verification checks and enforce any such age restrictions.

4. THIRD PARTY LINKS

4.1 The Website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal information about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every website you visit.

5. WHO IS RESPONSIBLE FOR THE PERSONAL INFORMATION THAT WE COLLECT?

5.1 We are the data controller for the purpose of data protection law in respect of your personal information collected and used in connection with your use of the Website or instore sales.

5.2 The Body Shop franchisees or other authorised retailers or distributors (collectively "Authorised Sellers") are independently owned and operated businesses that are licensed by The Body Shop or one of its Group to operate retail stores or e-commerce platforms under The Body Shop brand (franchisees) or to sell or distribute The Body Shop products (Authorised Sellers). These Authorised Sellers are separate legal entities that collect, use, or disclose personal information in accordance with their own privacy policies as separate data controllers. This Privacy Policy does not apply to the processing of personal information by Authorised Sellers.

6. WHAT PERSONAL INFORMATION DO WE HOLD ABOUT YOU?

6.1 We collect and use personal information about you in the course of you using the Website and visiting our stores. The personal information we hold includes:

(a) Information that you provide to us / we collect from you, which may include the following:

Types of personal information Examples
General/Basic
Contact information Title, name, address (including contact, billing and shipping), email address and telephone number.
CCTV footage and digital images CCTV footage and digital images captured when you visit our stores.
Account details and profile information
Account details
  • Login credentials including email address and any one-time passcodes where you have registered for an account with us (noting that we do not have visibility or access to any one-time passcodes)
  • Order history and purchase details (such as products, colour, quantity and price).
  • Method of payment including information relating to saved or used cards.
  • Fraud checks or flags raised about your transactions, payment card refusals, suspected crimes, complaints and / or claims
Profile information
  • Gender and date of birth (where you have provided this information).
  • Beauty profile information.
  • Details of your preferences based on your purchase history (including product details), wish lists and other areas where inferences can be drawn in relation to your preferences.
  • Personal information you share when you engage in activities in connection with the Love Your Body Club, including your email address, referral activity, purchase history and engagement with The Body Shop.
  • Any skin conditions you have told us about.
Marketing
Marketing preferences (including details of subscriptions to our newsletters or participation in our sweepstakes and competitions). Details of any marketing preferences that you express including any opt outs you provide.
Other
Surveys, competitions and questionnaires Your views and opinions about our services.
Location data General geolocation data when you access our Website.
Online activity information (to the extent that it constitutes personal information)
  • Technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, or other unique identifier information for the computer, mobile device, technology or other device, domain name, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
  • Information about your visit to the Website, including the full Uniform Resource Locators (URL) clickstream to, through and from the Website (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

(b) Information we receive / collect from other sources:

  1. We may collect personal information about you from third parties such as individuals who purchase products or services to be delivered to you (such as gifts or gift cards).
  2. We may use a data analytics provider to draw inferences directly from the personal information that you provide us.
  3. We may collect data from other companies within our Group or legally obtained from other third parties, which may be combined with other information that we collect for the purposes described in this section, including information on your communications with us (e.g. your emails, letters, calls, posts and messages on our social media). This may include communications with The Body Shop's or other Group companies' Sales Managers, Regional Managers, and/or Beauty Entrepreneurs if they share such communications with us.

7. HOW DO WE USE YOUR PERSONAL INFORMATION? (PURPOSE & LEGAL BASES)

7.1 We use your personal information for a variety of different purposes in connection with your use of the Website and visit to our stores. The main purposes for which we use your personal information are set out below. Under data protection law, we can only use your personal information if we have a legal basis to do so. Examples of where we have a legal basis to process your personal information, includes when:

  1. we have your consent;
  2. it is necessary to enter into or perform a contract we have with you (or to take steps at your request prior to entering into that contract);
  3. it is necessary to comply with a legal obligation;
  4. it is necessary in order to protect your vital interests; or
  5. it is in our legitimate interests to process your personal information.

7.2 We have set out the main purposes for using your personal information in the table below together with our legal basis for doing so. Where we rely on our legitimate interests as a legal basis, we have set out those interests in the table below.

Purpose Legal basis
To communicate with you and other individuals. Legitimate interests: We require your personal information in order to enable us to supply our products and services.

Performance of a contract we have with you.
To carry out our obligations arising from any contracts entered into between you and us or in preparation of entering into a contract with you. Legitimate interests: It is in our legitimate interest to comply with the terms of a contract we have in place with you, such as an order you have placed with us.

Performance of a contract we have with you.
To ensure our product recommendations align with your preferences, including any skin conditions and other beauty information you have shared with us. Legitimate interests: We require your personal information in order to enable us to provide product recommendations.

Performance of a contract we have with you.

Consent: In some circumstances, we may rely on your consent.

Explicit consent: Where we process special category personal data about you, in some circumstances, we may rely on your explicit consent.

Legal claims: Where we process special category personal data about you, we may do so for the establishment, exercise or defence of legal claims.
To send you direct marketing communications about our products/services (including offers and our newsletter) and to share your personal information with other members of the group of companies so that they can send you direct marketing communications about their products/services. Legitimate interests: It is in our legitimate interest to contact you about the products or services that we offer.

Consent: In some circumstances, we may rely on your consent to send direct marketing communications to you.
To offer you financial incentives and / or price or service differences when you consent to participating in our Love Your Body Club incentives. Consent: We obtain your consent to participate in our Love Your Body Club incentives.
To manage any complaints, feedback, product reviews and queries you may have in relation to our supply of products and / or services. Legitimate interests: We require your personal information in order to ensure the services we supply are fit for purpose.

Performance of a contract we have with you.
To improve the quality and performance of our products and services. Legitimate interests: We require your personal information in order to improve the services we provide.
To comply with any legal or regulatory obligations (including in connection with a court order). Necessary for compliance with a legal obligation to which we are subject.
To administer, manage and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). Legitimate interests: We require your personal information because it is necessary for us in relation to running our business, the provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise.

Necessary to comply with a legal obligation.
To deliver relevant and personalised Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. Legitimate interests: We require your personal information in order to provide you with a personalised experience when using our Website.

Consent: We may also rely on your consent to personalise Website content and advertisements.
To use data analytics to improve our Website, apps, products / services, marketing, customer relationships and experiences. Legitimate interests: We require your personal information so that we can study how visitors to the Website use our services, to develop our services, to grow our business and to inform our marketing strategy.
To administer any competitions and prize draws. Performance of a contract under the competition / prize draw terms.

Consent: We may rely on consent.

Necessary for compliance with a legal obligation to which we are subject.
To enable you to join our clubs, loyalty programmes or reward scheme. Legitimate interests: We require your personal information so that we can run our clubs, loyalty programmes and reward schemes.

Consent: We may rely on consent.
To control access to our stores and ensure the security of our stores, staff and visitors. Legitimate interests: We require your personal information so that we can ensure our stores remain secure and safe.

Necessary for compliance with a legal obligation to which we are subject.

7.3 We may be required to obtain your personal information to comply with our legal requirements, to enable us to fulfil the terms of our contract with you or your employer (as applicable) or in preparation of us entering into a contract with you or your employer (as applicable). If you do not provide the relevant personal information to us, we may not be able to perform our obligations pursuant to your contract with us.

8. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?

8.1 We may share your personal information with:

  1. Sales Leaders and/or Authorised Sellers of The Body Shop, if you have indicated a desire to purchase products this way;
  2. Google and Meta, where you have provided your consent to us placing the relevant cookies/pixels which enable Google and/or Meta to better understand on an anonymised basis the traffic on our Website in order to assess the effectiveness of their advertising;
  3. third parties such as our business partners, service providers and sub-contractors for the performance of any contract we enter into with you or to help us improve our services (for example, our IT providers, marketing service providers, security service providers, insurance providers and document storage providers);
  4. our professional advisors (including accountants, lawyers and auditors) that assist us in carrying out our business activities; and
  5. other companies and entities within the Group (which we are a member of). For any queries concerning our Group please contact us using the details at paragraph 14 below.

8.2 We will also share your personal information with other third parties, for example:

  1. in the event that we sell or buy any business or assets, we will disclose your personal information to the prospective seller or buyer of such business or assets;
  2. if we or substantially all of our assets are acquired by a third party, personal information held by us will be one of the transferred assets; and
  3. if we are under a duty to disclose or share your personal information in order to comply with any legal obligation.

8.3 For a full list of the third parties with whom your particular personal information may be shared, please contact us using the details at paragraph 14 below.

9. WHERE WILL WE TRANSFER YOUR PERSONAL INFORMATION?

9.1 Due to the international nature of our business, we may process your personal information both nationally and internationally. If we need to share your personal information with any recipient outside the UK, e.g. with any of those third parties listed above, we will ensure we do so in compliance with data protection laws. This will include:

  1. for international data transfers subject to UK, EU and Swiss law, we primarily use European Commission's standard contractual clauses and the UK's Addendum;
  2. in relation to sharing of personal information internationally within our Group, we have executed an intra-group agreement with our relevant Group companies; and
  3. where appropriate, we carry out an assessment of the level of protection in light of the circumstances relating to the transfer, including the relevant risks presented by the transfer.

10. HOW LONG WILL WE KEEP YOUR PERSONAL INFORMATION

10.1 We will retain your personal information for no longer than is necessary for the purposes for which the personal information is processed. The length of time we hold on to your personal information will vary according to what that information is and the purpose for which it is being processed.

10.2 To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

11. DATA SECURITY

11.1 We have put in place appropriate security measures to guard against your personal information being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. For further information about these measures, please contact us using the details at paragraph 14 below.

11.2 We have also put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

12. COOKIES

12.1 You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy (also accessible through a link at the footer of our Website).

13. YOUR RIGHTS

13.1 You have certain rights with respect to your personal information. The rights will only apply in certain circumstances and are subject to certain exemptions. Please see the table below for a summary of your rights. Details of who to contact if you wish to exercise any of the rights set out below can be found in paragraph 14 below.

  Summary of your rights
Right of access to your personal information You have the right to receive a copy of your personal information that we hold about you and information about how we use it, subject to certain exemptions.
Right to rectify your personal information You have the right to ask us to correct your personal information that we hold where it is incorrect or incomplete.
Right to erasure of your personal information You have the right to ask that your personal information be deleted in certain circumstances. For example:

  • where your personal information is no longer necessary in relation to the purposes for which it was collected or otherwise used;
  • if you withdraw your consent and there is no other legal ground for which we rely on for the continued use of your personal information;
  • if you object to the use of your personal information (as set out below);
  • if we have used your personal information unlawfully; or
  • if your personal information needs to be erased to comply with a legal obligation.
If you have previously consented to sharing precise geolocation information with our digital services, you can choose to stop the collection of this information at any time by changing the preferences on your browser or mobile device settings.

If you have permitted one of our mobile applications to send you push notifications or alerts, you can deactivate these messages at any time in the notification settings on your mobile device
Right to restrict the use of your personal information You have the right to suspend our use of your personal information in certain circumstances. For example:

  • where you think your personal information is inaccurate but only for so long as is required for us to verify the accuracy of your personal information;
  • the use of your personal information is unlawful and you oppose the erasure of your personal information and request that it is suspended instead;
  • we no longer need your personal information, but your personal information is required by you for the establishment, exercise or defence of legal claims; or
  • you have objected to the use of your personal information and we are verifying whether our grounds for the use of your personal information override your objection.
Right to data portability You have the right to obtain your personal information in a structured, commonly used and machine-readable format and for it to be transferred to another organisation, where it is technically feasible.

The right only applies:

  • to personal information you provided to us;
  • where we rely on the following legal bases:
  • consent; or
  • for the performance of a contract; and
  • when the use of your personal information is carried out by automated (i.e. electronic) means.
Right to object to the use of your personal information You have the right to object to the use of your personal information in certain circumstances and subject to certain exemptions. For example:

  • where you have grounds relating to your particular situation and we use your personal information for our legitimate interests (or those of a third party); and
  • if you object to the use of your personal information for direct marketing purposes.
Right to withdraw consent You have the right to withdraw your consent at any time where we rely on consent to use your personal information.
Right to complain to the relevant data protection authority If you think that we have processed your personal information in a manner that is not in accordance with data protection law, you can make a complaint to the relevant data protection regulator. In the UK this is the Information Commissioner's Office (ICO) and they can be contacted on 0303 123 1113 or please see www.ico.org.uk. If you live or work in an EEA member state, you may complain to the regulator in that state.

13.2 In order to exercise your rights, including the withdrawal of your consent, please contact the Data Protection Officer ("DPO") team by email at privacy@thebodyshop.com

14. QUERIES

14.1 If you have any questions regarding this Privacy Policy or the way we use your personal information, please contact the DPO team by email at privacy@thebodyshop.com

14.2 It is important that any personal information that we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

15. UPDATES TO OUR PRIVACY POLICY

15.1 We keep our privacy policy under regular review. Any changes we make to this Privacy Policy in the future will be posted on this page and, where appropriate, we will give you reasonable notice of any changes.

15.2 This Privacy Policy was last updated October 2025

319_UKPN.1.DAT.UK.pol.TBS_17.10.2025