Free delivery on all orders over £150

logo
moonlit.londonmoonlit.londonmoonlit.london

Privacy Policy

MOONLIT (“we”) are committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

This Privacy Policy outlines how we gather, use, disclose and save your personal information, as well as any other rules, website conditions of use and agreements between you and us.

By using our website or providing us with your personal information, you agree to the processing of your data as described in this policy.

Who are we?

Moonlit, operating under the domain moonlit.london, is an online lingerie store that sells via the website. We are the data controller for the purposes of UK data protection law.

Data Controller:

4 Charterhouse Bldgs, Goswell Rd., London EC1M 7AN

Email: info@moonlit.london

When do we collect your information?
  • We may collect or receive information about you in the following situation:
  • When you visit our website, whether you browse, complete forms or interact with our content
  • When you register for an account or sign in
  • When you place an order as a guest or registered user
  • When you choose to participate in other marketing channels or sign up for our email newsletter
  • When you get in touch with customer service (via chat, email, or a contact form)
  • When you leave reviews or participate in surveys, giveaways, or referral programmes
  • When you engage with our social media advertisements or content
  • When you give us permission to share your information with third parties (such Klarna, payment systems, or analytics companies)
  • When we get data from open sources (such as address databases and registries),
  • When we use technologies like cookies, pixels, or others to automatically gather data
What information do we collect about you?

We may collect and use personal information you give us directly when you use our website or interact with us, as well as  data received from third-party partners or automatically collected through our tracking technologies.

Personal data you provide may include your full name, email address, phone number, residential or shipping address and date of birth.

We also save your login, encrypted password, chosen delivery addresses, marketing choices, profile settings (such language or currency, and any goods you add to your wishlist if you register for an account on our website. If we implement a loyalty program, we could also save your member ID and your bonus history.

When placing an order, we process information about the selected products, their quantity and price, any promotional codes and also your payment and contact details, including billing and shipping addresses. We do not save payment information on our website, since all payments are processed by approved third-party gateways in compliance with PCI DSS guidelines. Only the encrypted or anonymised data required for transaction verification or confirmation is kept on file. Additionally, we keep track of all of your transactions, returns and correspondence with our customer service representatives.

We keep track of engagement information, including when you opened our emails, clicked on links or unsubscribed (in case you have signed up for our email marketing or taken part in marketing campaigns). If you take part in promotions or referral programmes, we may store the relevant information (e.g., invite codes, names of referred users).

We keep track of your interactions with our support staff when you reach out to them by chat, email or the site form so that we can reply efficiently and enhance the quality of our services. If you submit reviews or product comments, that content is also stored. We could save your username and the content of your messages if you communicate with our brand on social media platforms like Facebook, Instagram or other.

We automatically gather information about your online activities when you visit our website. This includes all pages that you see, the duration of your visit, any actions that you take during this period, such as adding items to your basket or leaving the checkout process and the method you used to find our website (search engine, social media or an advertisement link). In order to enhance the website, customize content and evaluate ad performance, we gather this data using cookies, pixels and other tracking technologies. You can read more about this in our Cookie Policy.

From a technical perspective, we may also collect information about your device — such as its type, operating system, browser version, IP address, approximate geolocation, language settings and time zone.  We can secure the platform, modify your device’s display settings and shield your experience from fraud or interruptions with the use of this information.

In certain cases, we may also receive your data from third-party sources. For example, we could get the identifying and transactional information required to validate your order if you decide to pay using Klarna or another platform. If you engage with our Google, Facebook or Instagram advertising, we could get compiled data from analytics tools. All third-party services we work with are legally bound to comply with GDPR and UK data protection law.

We do not collect special categories of personal data (e.g., racial or ethnic origin, political or religious beliefs, health status, sexual orientation, genetic or biometric data) or data relating to criminal records. We only keep and handle information, such as in a user survey or job application, to the degree necessary for monitoring, legal compliance or workplace safety. We never give this type of your information to third parties without a valid reason.

Why We Use This Information and How We Process It

We process your personal data for only the purpose of giving you perfect service, completing your orders, keeping in touch, enhancing your online experience and meeting legal requirements. Depending on how you interact with us, we may use your data for the following purposes:

We use your information to handle payments and refunds, process orders, distribute goods, provide you order status updates and also get in touch with you about any problem pertaining to your purchase. We keep your addresses, order history and preferences if you have made an account to make future purchases quicker and easier.

If you have signed up for our newsletter we may use your information to give you updates, tailored offers, promotions, details about new arrivals and brand events. But you have the option to unsubscribe from our mailings whenever you want.

We analyse your interaction with our website to understand how to improve usability, page performance and content relevance. This includes analysing page views, abandoned carts, popular products and banner clicks.

Additionally, we may use your information to personalize content, such as by reminding you of goods in your basket or suggesting products you might find interesting.

When you communicate with our support staff, we can use your information to identify you, handle your question, and appropriate reply or help you.

If you have signed up for our newsletter we may use your information to give you updates, tailored offers, promotions, details about new arrivals and brand events. You have the option to unsubscribe from these mailings when you want.

We analyse your interaction with the website to understand how to improve usability, page performance and content relevance on pages. This includes analysing page views, abandoned carts, popular products, every click on a banner.

We may use your information to order legal requirements, such as accounting, transaction record-keeping or assisting law enforcement with investigations, as this is mandated by law.

We may also process your information to detect and prevent fraud or abuse. This may involve analysing unusual behaviour, suspicious transactions or any other attempted security breaches.

Legal Grounds for Processing Your Data

Only when there is a legitimate legal basis under the GDPR do we process your personal data. We could rely on one or more of the following justifications, depending on the situation:

Contract performance: The processing is required to complete the sales agreement between you and us, such as placing, processing, and delivering your order or controlling your account access.

Legal obligation: In order to abide with accounting, tax, or consumer protection regulations, we must handle specific data.

Legitimate interest: According to their rights and expectations, we can use your data for goals such as website security, internal analytics, user experience enhancement, fraud prevention, customer service, legal protection or offer personalization.

Consent: If you have provided explicit consent, such as to receive marketing emails, participate in a giveaway or allow behavioural analytics, we process your data on that basis. Withdrawing consent at any moment has no negative effect on you.

Vital interests: In rare situations, we could handle your data to safeguard your vital interests (for instance, in reaction to a significant security or safety concern with a product).

Legal obligation: In order to abide with accounting, tax, or consumer protection regulations, we must handle specific data.

Who We Share Your Data With and Why

Your personal information is never traded or sold to outside parties for their immediate financial gain. However, to guarantee the proper functioning of our shop, fulfilling purchases, and provision of services, we share your data with trusted partners who operate as data processors on our behalf. All third parties are expected to comply with GDPR and confidentiality rules.

These trusted partners may include:

  • Payment providers (e.g., Stripe, Klarna, PayPal)—for processing transactions and authorizing payments.
  • For delivering your orders, use delivery partners like Royal Mail and DPD.
  • Email marketing platforms (e.g., Klaviyo) —  to give you offers, updates, and emails about cart recovery.
  • Analytics and advertising services (like Google Analytics and Meta Pixel)—for monitoring the effectiveness of ads and websites.
  • Providers of referral or rewards programs (like Mention Me)—for handling incentives and prizes for referrals.

If mandated by law or if it is essential to protect our rights, our clients, or our staff (for instance, in the investigation of fraud or security issues), we may also divulge personal information to government agencies, courts, or law enforcement.

How We Protect Your Information

Protecting your personal data is our priority. We have put in place the proper organizational and technical measures to protect your data from being lost, accessed without authorization, altered, disclosed, or destroyed.

We use modern encryption standards, firewalls, regular software updates, and restricted access to personal data — limited only to authorised personnel and service providers. Every payment transaction is made using systems that have been certified and meet PCI DSS regulations.

We provide privacy and data protection training to our employees. Confidentiality and data protection duties are contractually imposed on all partners that have access to personal data, including marketing or support companies.

Despite these efforts, please note that no transmission over the internet is ever completely secure. Although we cannot promise complete security, we are dedicated to doing all in our power to protect your data.

How Long We Store Your Information

We only keep your personal information for as long as is reasonably needed to accomplish the goals specified in this privacy statement or as long as is necessary to comply with regulatory requirements (such as keeping track of invoices for tax reporting).

The nature of data and its intended usage determine how long it must be kept on file. Order data, for instance, is kept for a minimum of six years in order to comply with accounting regulations. Until you request or cancel your account, account data is kept on file. Marketing preferences are retained until you withdraw your consent.

We safely erase or anonymize your data to make it unidentifiable at the conclusion of the retention term.

Your Rights

You are in complete control of your personal information. You are entitled to the following under the UK GDPR and any applicable data protection laws:

  • Right of access: to obtain a copy of your data and to find out if we process it (subject access request).
  • Right to rectification — to update or correct any inaccuracies in your personal data.
  • Right to erasure: In some circumstances, you have the option to ask for your data to be erased (also known as the “right to be forgotten”).
  • Right to restrict processing: the ability to control how your data is used under certain conditions.
  • Right to object — to the processing of your data if based on legitimate interests or used for direct marketing.
  • Right to data portability — to move your data to another provider in a machine-readable, structured format.
  • The ability to revoke permission at any moment when processing is predicated on your consent.
  • Right not to be subject to automated decision-making that has significant consequences for you.

You can contact us by email at info@moonlit.london to exercise any of these rights. Before we can complete your request, we might need identification verification.

If you think that your freedoms have been infringed, you can also make a complaint with the UK’s Information Commissioner’s Office (ICO) at www.ico.org.uk.

How We Use Cookies

Cookies and related technologies are used by our website to identify you from other users, analyze your behavior, and present tailored information.

Cookies are small text files stored on your device. Some are necessary for the site to work (like remembering your basket), while others are used for marketing or analytics (like showing pertinent information or tracking ad success).

A banner letting you modify your cookie choices will appear when you first visit our website. Certain categories are yours to accept or reject. Learn more in our [Cookie Policy].

Links to Other Websites

Links to third-party websites or services (like Instagram, Klarna, and YouTube) may be found on our website. Please be aware that neither their privacy policies nor content are within our control.

We have no control over how your information is used on these websites. We advise you to read over their privacy policies before disclosing any personal data.

Changes to This Policy

This Privacy Policy may be updated periodically to take into account modifications to the legislation, technology, or our business procedures.

Every update will have a revised “last updated” date and be displayed on this page. We will send you an email or use another suitable method to let you know if there are any substantial changes.

Contact Us

Please get in touch with us if you have any queries, suggestions, or requests about this privacy statement or your personal information:

Email: info@moonlit.london

Address: Moonlit, 4 Charterhouse Bldgs, Goswell Rd., London, England EC1M 7AN

No products in the cart.