Privacy Statement

  1. WHO IS MECCA? is a site operated by Mecca Brands Pty Ltd, which is the controller and entity responsible for your personal data (“MECCA”, “we”, “us”, “our”).



MECCA is committed to protecting your personal information. This Privacy Notice sets out how we manage your personal information. You should read it carefully.

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this Privacy Notice.

When you engage with MECCA, including by purchasing any of our products you agree to this Privacy Notice.

You do not have to provide any personal information to MECCA if you do not agree with our use of your personal data as set out in this Privacy Notice. But, if you don’t provide the personal information that MECCA asks for, or if you wish to exercise your rights to prevent us using your data, you should be aware that it may not be possible for MECCA to engage with you. For example, if you purchase our great products online, we won’t be able to deliver these to you unless you provide a delivery address.



When we talk about personal information, we mean information (such as an address or phone number) or an opinion about an individual. That individual may either be identified, that is, we know who they are, or reasonably identifiable, which means that we can work out who they are from other information that we have. It doesn’t matter whether or not the information or opinion is actually true or whether or not it is in writing.

Remember, the basic idea is that, if an organisation such as MECCA collects information that is about you, and that organisation is able to link that information to you, then it will be your personal information.



MECCA will usually collect personal information directly from you when you provide it to us and through your use of our website. For example, when you purchase or order any of products on the MECCA website, sign up to our newsletter, or if you participate in one of our competitions.



The personal information we collect and hold about you will depend on how we engage with you.  

The sort of personal information MECCA may collect and hold about you includes:

  • Identity Data: your name, residential and delivery addresses, telephone numbers, email and other electronic addresses, your date of birth and gender;
  • Usage Data: information about the products and services you have purchased, ordered or asked about;
  • Financial Data: your credit or debit card details and other bank details;
  • Profile Data: information about your beauty profile;
  • Adverse Reaction Data: information you provide us in relation to any adverse reactions to our products (which may include special category data);
  • Feedback Data: your views and insights about our business, products and services that you share and information about any feedback you provide, complaints you make and details of any products returned, and refunds provided, to you;
  • Marketing and Communications Data: data in relation to your preferences in receiving marketing from us and your communication preferences; and
  • Technical Data: information collected if you access the MECCA website or any of our social media sites including for example your IP address. We may also collect other information from those sites via cookies. Please refer to our Cookie Policy for further information.



6.1 General uses of information

MECCA collects, holds, uses and discloses your personal information to help us carry on our business. In other words, we do this to help us provide the best products and services to you and all of our other customers. This means MECCA collects, holds, uses and discloses your personal information for the following purposes:

  • where MECCA needs it to perform the contract we are about to enter into or have entered into with you;
  • where it is necessary for MECCA’s legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
  • where MECCA needs to comply with a legal obligation; and/or
  • where you have given MECCA your consent to process the data for a particular purpose (for example to receive marketing communications (see section 6.3 below)).

6.2 Purposes for which MECCA uses your personal information

We have set out below a description of all the ways we may use your personal data, and which of the lawful bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.


Type of data


Lawful basis for processing

·     Identity Data

·     Contact Data

·     Financial Data

To manage our relationship with you and provide our products to you.

For the performance of a contract we have entered into with you.

To comply with a legal obligation.

For our legitimate interests in running our business and keeping our records updated.

·     Usage Data

·     Cookie Data

·     Technical Data

To administer, improve and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) 

For our legitimate interests in improving our business, keeping our website updated and relevant, and the administration of IT services and network security.

·     Cookie Data

·     Technical Data

·     Profile Data

·     Feedback Data

To improve our website or services or to customise the website according to your interests.

For our legitimate interests in keeping our website updated and relevant, to develop our business and to inform our marketing strategy.

·     Identity Data

·     Contact Data

·     Marketing and Communications Data

To provide advertising that might interest you, to send you promotional emails about products, competitions, events and other information which we think might be relevant to you or to contact you for market research purposes.

For our legitimate interests in developing our products and services and growing our business.

You having provided us with your consent to processing your data for this purpose.

·     Identity Data

·     Contact Data

·     Adverse Reaction Data

To provide any adverse reaction data and health data to the Office for Product Safety and Standards (and any equivalent government organisation).

For our legal obligations, including under the Cosmetics Products Regulation (EU 1223/2009) and on the grounds of public health.


6.3 Marketing communications

MECCA uses your information to identify products and events that we think may be of interest to you. 

MECCA will only send you marketing messages where you have consented to such contact, or in the case of products, where these are similar to those that we have already provided to you.

You have the right to ask us not to not send you marketing messages by post, telephone or e-mail or any combination of these at any time. You can also let us know at any time that you wish to change your mind and to start receiving such messages.

You can do this:

  • in case you wish to withdraw from all marketing communications, you can also unsubscribe from all marketing by clicking the appropriate link in any email you receive; or
  • at any time by contacting us (see section 11).



MECCA will not disclose your personal information to third parties except as disclosed in this Privacy Notice. In order to provide the best possible service to you, we do share your data with the following categories of organisations and people:

  • our related companies;
  • MECCA’s contractors and service providers on a confidential basis;
  • other organisations or people if we are required or authorised by law to do so, for example, if it is necessary to tell the police to help them do their work;
  • any person that is a party to an agreement with MECCA for the sale of all or part of MECCA’s business, and
  • any other person or organisation that we tell you about.

Some of these transfers will involve transferring your data outside the UK. Whenever we transfer your personal data out of the UK, we will do so in compliance with the applicable data protection laws in respect of such transfers and ensure that the transfer is to a country approved under the applicable data protection laws as providing adequate protection or the transfer is subject to a valid transfer mechanism in accordance with the applicable data protection laws.

The other organisations and people that we provide your personal information to may be located in Australia, New Zealand, the European Union, Canada, Singapore, the United States or Switzerland.

In some instances, our service providers may also act as independent data controllers in relation to your data.  We are not responsible for how they process such data.  Some of MECCA’s service providers include:

  • MaxMind Inc. (and its related entities) and you can find more information about their privacy practices here; and
  • Shopify International Ltd (and its related entities, including Shopify Inc. and Shopify Commerce Singapore Pte. Ltd) and you can find more information about their privacy practices here



MECCA has put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Your personal information is held by MECCA in electronic form and is protected by electronic and procedural safeguards. Your personal information will either be stored on MECCA’s IT systems or the IT systems of MECCA’s contractors or service providers. MECCA has put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

If your personal information is initially collected in paper form, we will destroy that paper when we record the personal information in electronic form. We will keep that information in a secure location until that occurs.

MECCA limits access to your personal data to those employees, agents, contractors and other third parties who have a need to know that data for business purposes. These personnel are required to treat this personal information as confidential and deal with it in accordance with this Privacy Notice. We impose obligations on our contractors and service providers to do the same thing.

MECCA will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for. When MECCA does not need your personal information any more, MECCA will securely destroy it, unless there is a legal reason why MECCA needs to continue to hold that personal information.

To determine the appropriate retention period for your personal data, MECCA considers the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.



You have the right to do the following regarding your personal information:

  • request information about how your personal data is being used;
  • access the personal information we hold about you;
  • have us correct or change inaccurate personal information we hold about you;
  • request that we delete your data or stop collecting your data, in some circumstances;
  • request that we transfer or port elements of your personal data to you or another service provider; and
  • ask us to stop direct marketing messages.

If you would like to action any of the above or have questions regarding your rights, please get in contact with us (see section 11).



Although our sites may contain links to or from external websites, those websites are not subject to our privacy standards, policies and procedures. We recommend that you review the privacy notices of these third parties. We are in no way responsible for the privacy practices of these third parties. This Privacy Notice applies only to the information we collect on our sites.



We are very happy to tell you about the personal information MECCA holds about you. If you want to know what we have, just reach out to MECCA’s Customer Service team on, You can also contact us here:

MECCA will get back to you as soon as we can after you ask us. Sometimes we might not be able to provide you with details about what we hold, but we will explain this to you if that happens.

If you think any of the personal information we have about you is wrong, for example, if you have changed your phone number or email address, please let us know. You can reach out to MECCA’s Customer Service team (see contact details above). MECCA will either update its records or, if there is some reason why we don’t think the information should be changed, we will let you know.

Generally, MECCA will not charge you for telling you about the personal information we hold or for making any amendments to that personal information (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we can refuse to comply with your request in these circumstances.



If you have any questions, or if you have any concerns or a complaint about how we deal with your personal information, please email (see contact details in section 11). Or you could write to us at the following address:

35-43 Wangaratta Street
Richmond VIC 312
Attention: Privacy Officer

MECCA will treat any request or complaint received from you confidentially. MECCA’s Privacy Officer will contact you within a reasonable time after receiving your request or complaint. If you have made a complaint, MECCA will let you know about ways we could resolve that complaint. MECCA aims to resolve all complaints promptly and, in any event, within 30 days of receiving the complaint.

You also have the right to make a complaint at any time to the Information Commissioner’s Office (‘ICO’), the UK regulator for data protection issues ( Their contact details are:

Information Commissioner’s Office
Wycliffe House
Water Lane
Helpline number: 0303 123 1113



We keep our Privacy Notice on the MECCA website, so it is easy for you to access.

We try not to change our Privacy Notice too often, but sometimes we need to, for example, if the law changes or if we change the way we collect or use your information. When we change our Privacy Notice, we will put the updated version on the MECCA website straight away. We will also put a notice on the MECCA website when we make significant updates, so you will know this has happened.

This Privacy Notice was last updated on 21 June 2023.