Privacy policy

We are Harry's, and when you access or use this website (www.harrys.com/en/gb), or our mobile application, our blog, our branded pages on social media services, or any of the other sites, services, features, content or applications we offer in the United Kingdom (collectively, the "Services"), or register an account with us, purchase our products or contact us from anywhere in the United Kingdom, this Privacy Policy will tell you how Harry's, Inc. and its subsidiaries, including, without limitation, Harry's Grooming Limited and Harry's USA, Inc. (as applicable, "Harry's", "we", "us" or "our"), collect, use and share the personally identifiable information ("Personal Data") we collect about you.

Personal Data you provide us Other Personal Data we receive about you Who we share your Personal Data with How we protect your Personal Data International transfers of your Personal Data and Privacy Shield What your rights are to your Personal Data, and how you can exercise them Our Personal Data retention policy Any questions or concerns? We urge you to read this Privacy Policy in full, but wanted to mention a few things upfront:

• When you use the Services, even if you don't have an account with us or purchase our products, we may receive some Personal Data from you through your web browser, including your IP address, the type of device you're using and other similar information, and use it to understand where and how our Services are being used, among other purposes described in this Privacy Policy. If you do set up an account with us or purchase our products, we'll collect other Personal Data from you, and use it to verify your identity, fulfill your orders, market to you and for other purposes.

• In this Privacy Policy, we describe the various purposes for which we use your Personal Data, as well as the legal bases supporting those purposes. As you'll read below, the legal basis on which we rely for a given use of your Personal Data may be contractual necessity (i.e., where we need to use your Personal Data to complete a contract with you), consent freely given to us (which you can withdraw at any time) and/or certain legitimate business of ours or of others, but only where we have determined that those interests are not overridden by your own interests, rights and freedoms.

• You have certain rights regarding the Personal Data we collect from you, which you can learn about below.

• As noted in our Terms of Service, we do not knowingly collect or solicit Personal Data from anyone under the age of 18. If you are under the age of 18, please do not access or use the Services, or attempt to send us any Personal Data. If we learn that we have collected Personal Data from an individual under the age of 18, we will delete that information as quickly as possible.

• If you are based in the United Kingdom, Harry's Grooming Limited, our subsidiary based in the United Kingdom, is the primary data controller of your information and, accordingly, is registered with the Information Commissioner's Office. Harry's Grooming Limited has a registered office at 5th Floor 101 St Martins Lane, London, United Kingdom, WC2N 4AZ. You can contact us there or at ukhelp@harrys.com, or contact our Data Protection Officer directly at security-council@harrys.com, if you have any questions or concerns about our collection and/or use of your Personal Data. If you are using the Services outside of the areas listed in this paragraph, a different privacy policy may apply to you instead.

• The Services are hosted and operated in the United States through Harry's, Inc. and certain of our service providers. By using the Services, you acknowledge that any Personal Data you provide to us will be hosted on United States servers. Harry's, Inc. and Harry's USA, Inc., both located at 75 Varick Street, New York, New York 10013, are registered under the EU-U.S. Privacy Shield Framework. Please see below for more details.

• This Privacy Policy does not apply to the practices of third parties that we do not own or control, including, but not limited to, any third party websites, services, products or applications (each a "Third Party Service") that you elect to access and may interact with during your use of the Services, or to individuals that we do not manage or employ. We take steps to ensure that we only work with Third Party Services that share our respect for your privacy, but we cannot take responsibility for the content, products, services or privacy policies of those Third Party Services. We encourage you to carefully review the privacy policies of any Third Party Services you access.

PERSONAL DATA YOU PROVIDE US

REGISTRATION INFORMATION We collect your email address and the password you enter when you register for an account with us, and we use them to verify your identity, based on our legitimate business interests in keeping your account secure and preventing fraudulent transactions.

We also use your email address:

• to send you confirmations, notifications and other information regarding your account, your shave plans and your purchases, as may be necessary to complete our contractual obligations to you. Without your email address, we wouldn't be able to provide you this information in a timely and effective manner;

• to send you information and materials about us, our products and our services that we think may be of interest to you, based on our legitimate business interest in marketing to individuals who have indicated an interest in our products and services. You can choose not to receive such information when you register an account with us, and you can decide to stop receiving this information at any time by emailing us at ukhelp@harrys.com or calling us at 0808-164-8618; and

• to send you information and materials about third parties with whom we partner or do business and their products and services, but only where you have given us your consent to do so. You can opt in to receive such messages when you register an account with us and you can always decide to stop receiving these emails at any time by emailing us at ukhelp@harrys.com or calling us at 0808-164-8618.

You may be able to register for or access the Services using Third Party Services, such as Facebook. If you've registered for an account with us through Facebook or another Third Party Service, we will collect and receive your login credentials for such Third Party Service in connection with providing you with the Services if you expressly provide us with such information. We will only use such login information for the purposes described above. In any case, we urge you to review your privacy settings on any Third Party Service and their associated privacy policies to understand more about disclosures of information from your applicable Third Party Services.

SHIPPING AND PAYMENT INFORMATION When you subscribe to a shave plan or purchase products through the Services or over the phone with one of our customer service representatives, we collect and store your first and last name, your shipping address and your telephone number (collectively, "Shipping Information"), as well as certain payment information, including your billing address and your credit or debit card type, number, security code and expiration date (collectively, "Payment Information"), and we use this information in order to process, fulfill, confirm, or notify or inform you about your shave plans and purchase orders, as may be necessary to complete a contract with you. Without this information, we would be unable to complete your transaction with us and/or deliver your purchases to you.

All Payment Information regularly collected through the Services is encrypted and maintained using industry standard methods designed to ensure its security against loss or theft, including during transmission to our third party payment processing company ("Payment Processor"), which is currently Stripe who processes your Payment Information on our behalf. Please note that your Payment Information is stored by our Payment Processor, not by us, and use and storage of that information by the Payment Processor is governed by the Payment Processor's applicable terms of service and privacy policy (available at: https://stripe.com/gb/legal and https://stripe.com/gb/privacy).

We also use your Payment Information to verify your identity when you manage your account, your shave plan or your orders, or make a new purchase, based on our legitimate business interests in keeping your account secure and preventing fraudulent transactions. As stated above, we do not store your Payment Information – our Payment Processor does, and we must collect your Payment Information from our Payment Processor and/or from you in order to use it to verify your identity or to process and fulfill your shave plans.

We use and store your Shipping Information to make it easier for you to make a purchase, or to sign up for a shave plan if you do not have one, based on our legitimate business interest in making the Services more convenient for your continued use.

We may also use your name and shipping address to mail you information and materials about us and our products and services that we think may be of interest to you, based on our legitimate business interest in marketing to individuals who have indicated an interest in our products and services. You can always choose not to receive such communications when you register an account with us, and you can stop receiving these communications at any time by emailing us at ukhelp@harrys.com or calling us at 0808-164-8618.

If you indicate that you would like us to do so, we will share your name and shipping address, along with certain information regarding your transactions with us (including transaction date, value, amount, type, and order ID) with Epsilon Abacus, a provider of data cooperative and marketing services to a members-only group of retailers (such group the "Abacus Alliance" and such members the "Abacus Alliance Members"). Through Epsilon Abacus, this information will be shared with the Abacus Alliance Members, with any transactional information being aggregated so details of individual transactions are not shared. More specifically, we share this information with Epsilon Abacus so that it can analyze your buying patterns and determine what sort of products are likely to appeal to you, and Epsilon Abacus shares your name and shipping address with Abacus Alliance Members who may offer such products.

By agreeing to share such information with Epsilon Abacus and the Abacus Alliance, you agree to receive information and materials in the post regarding products offered by other Abacus Alliance Members. The list of retailers in the Abacus Alliance changes frequently, but it is limited to retailers in the clothing, collectables, food and wine, gardening, gadgets and entertainment, health and beauty, household goods and/or home interiors categories. You can opt in to share the above-described information with Epsilon Abacus and the Abacus Alliance and receive such materials in the mail when you register an account with us.

If you decide you would like to stop sharing this information and receiving materials in the post, you can email us at ukhelp@harrys.com or call us at 0808-164-8618. Additionally, if you would like to stop all unsolicited postal communications, we suggest that you register with the Mailing Preference Service (MPS), a free service funded by the direct mail industry that enables consumers to have their names and home addresses in the UK removed from lists used by the industry. For more information or if you wish to register with the MPS please visit their website www.mpsonline.org.uk.

INFORMATION YOU SHARE WITH US IN COMMUNICATIONS OR INTERACTIONS When you communicate with us or our customer service representatives, including when you call us, email us or interact with us through the Services, we automatically record that communication, and use that record and the information you provide us in those communications, to address your questions and complaints about us, our products and our services, and to train our customer service representatives, based on our legitimate business interest in providing quality customer service. We also use the information you provide us to address your requests regarding your account, shave plans and purchase orders, as may be necessary to complete a contract with you. Without this information, we may not be able to address these requests.

When you respond to a survey we provide you, or leave a written comment or review on the Services about us, our products or the Services, we record that survey response, comment or review, and use the information you provide us in them, in order to assess and/or address your responses, comments or reviews regarding us, our products or our services, based on our legitimate business interest in providing quality products and customer service.

OTHER PERSONAL DATA WE RECEIVE ABOUT YOU In addition to the information you directly provide us, we automatically receive and record certain information about you when you access or use the Services, or otherwise communicate or interact with us (including through other websites or mobile applications). Additionally, like many e-retailers, we collect certain information about you from third parties, including advertising and analytics companies.

LOCATION INFORMATION When you access or use the Services, we collect information from your web browser, including your IP address and your device's settings and unique identifiers, and use that information to determine your general location, based on our legitimate business interests in reliably and accurately providing you with Services and information that apply to you, and in learning more about where the Services are being accessed or used.

COOKIE INFORMATION When you access or use the Services, and with your consent, we and certain of our third party service providers automatically receive and record information from your web browser and your device using cookies and similar technologies such as pixel tags or web beacons (for the purposes of this Privacy Policy, we refer to these technologies individually and collectively as "Cookies"). Cookies are small files – usually consisting of letters and numbers – placed on your computer, tablet, phone or similar device, when you use that device to visit a website. Cookies can either be "session Cookies" or "persistent Cookies." Session Cookies are temporary Cookies that are stored on your device while you are accessing or using our Services, whereas "persistent Cookies" are stored on your device for a period of time after you leave our Services. The length of time a persistent Cookie stays on your device varies from Cookie to Cookie.

We use Cookies to collect information regarding your internet usage, including your IP address, internet service provider, browser type and version, the pages you visit and links you click on the Services, and the page referring you to the Services and/or the page you visit when you exit the Services, as well as device-specific information if you access the Services using a mobile device, such as unique device identifiers, network information and hardware model (collectively, "Cookie Information")

ESSENTIAL COOKIES Essential Cookies enable you to access and use our website and other features or content on the Services that you request or seek to use - based on our legitimate business interest in providing you with the Services. For example, Cookies that enable you to log into your account or use the "shopping cart" functionality on the Services are Essential Cookies. You can disable Essential Cookies but doing so will encumber the performance of the Services and may make certain of its features and services unavailable to you. Our Essential Cookies include:

• h_cart: notes the contents of your cart before checkout so that if you navigate away from your basket and return to us, we will remember what was in your cart;

• h_sess: identifies you to our servers after you log in to your account; and

• flash: temporarily stores messages and alerts that we display on-screen to you;

FUNCTIONALITY COOKIES Functionality Cookies determine whether you have previously visited or otherwise used the Services, and if so, whether you indicated any preferences during your previous visits or use, based on your consent and our legitimate business interest in personalizing the Services for repeat visitors.These are persistent Cookies and can be disabled, but doing so will impair our ability to personalize the Services for you. Our Functionality Cookies include:

• h_personalization: identifies your relationship with us (e.g., whether you have previously made a purchase from us or signed up for a shave plan);

• followed_incentive_code: this Cookie is delivered by us to verify that a referral link is genuine so that we can credit your account accordingly. Without this Cookie, we cannot authenticate the code and the credit cannot be applied;

• h_geoip: determines from which country you are accessing the site so that we can present a country-specific experience (e.g., currency, language, products, shipping options);

• h_public: stores your public user ID which helps us serve a personalized site experience;

• h_mobile: determines if you are on a mobile device to serve a mobile optimized site experience;

• h_signed_once: remembers if you have logged in before to default your login option to login instead of create account;

• h_user: identifies you as being logged-in;

• h_dc: remembers if you applied a discount code to apply that discount at checkout;

• referrer, utm_source, h_p_utm_source, utm_medium, h_p_utm_medium, utm_campaign, h_p_utm_campaign, h_p_utm_term, h_p_utm_content and h_p_eid: identify from which campaigns visitors to our website originated;

• h_gdpr_cookie_agree: remembers if you agree to being tracked via Cookies; and

• multi_step_builder_state: remembers your progress in completing the checkout experience for a subscription;

• h_membership_seen: remembers if you have seen the Core Membership program; and

• h_churn_redirected: remembers if you have already been redirected to profile page upon visiting Harrys.com within the last 30 days.

RETARGETING AND ADVERTISING COOKIES Retargeting and Advertising Cookies learn about the pages on our website and on Third Party Services that you visit, and thus enhance our understanding of your interests and preferences, so that we can serve you with advertisements for our products or services that we believe may be of interest to you (on the Services and elsewhere), based on your consent and our legitimate business interest in marketing to individuals we believe may be interested in our products and services. Retargeting and Advertising are persistent Cookies, through which we collect information about your online activity after you leave our Services. We use a number of third parties to help deliver these Services, including, for example, Google. Please see the section below titled "Additional information about interest-based advertisements" for more information.

PERFORMANCE / ANALYTICAL COOKIES Performance / Analytical Cookies understand how visitors use the Services by collecting information about the number of visitors to our website, what pages visitors view on our website and how long visitors are viewing pages on the website, based on your consent and our legitimate business interest in improving and maintaining the accessibility and functionality of our Services. Performance / Analytical Cookies are persistent Cookies, through which we may collect information about your online activity after you leave our Services. We also use these Cookies to help us measure the performance of our advertising campaigns, based on your consent and our legitimate business interest in improving our advertising campaigns and the content on the Services to better market to individuals who we think may be interested in our products and services. We use a number of third parties, as described below, to help deliver these Services. Our Performance / Analytical cookies include, for example:

• h_eph_sess: a short-lived unique identifier that we use to see if you arrive to our website and whether this could be linked to any offline advertising like TV or radio advertisements;

• h_custype: lets us know if you have purchased from us in the past, so that we can show you relevant information on our website;

• ga: Google Analytics session information, a third party Cookie served by Google; and

• gid: Google Analytics user identifier, a third party Cookie served by Google.

THIRD PARTY COOKIES Some Cookies are placed by a third party on your device and may provide Cookie Information to that third party as well as to us, that indicate your browsing habits (such as your visits to our website or other Services, the pages you have visited and the links and advertisements you have clicked). These Cookies can be used to determine whether you have visited or used certain Third Party Services, to identify your interests, to retarget advertisements to you and to serve advertisements to you that we or others believe are relevant to you. For example, as indicated above, we use certain Google services including Google Analytics, which uses Cookies to analyze how users use our Services. Following a request by us, Google will use this information for the purpose of measuring your activity on our Services, compiling statistical reports on overall website activity for us and providing other services relating to such activity and internet usage. You can learn more about Google Analytics and their cookies here. If you are on the web, you can also opt out of Google Analytics by installing Google's opt-out browser add-on. We do not control third party Cookies.

Other third party websites that access and use Cookies on our website include: www.googletagmanager.com, cdn.heapanalytics.com, a3129410271.cdn.optimizely.com, logx.optimizely.com, static.hotjar.com, d.impactradius-event.com, data.adxcel-ec2.com, script.hotjar.com, sessions.bugsnag.com, www.googleadservices.com, static.criteo.net, static.ads-twitter.com, connect.facebook.net, storage.googleapis.com, bat.bing.com, b-code.liadm.com, collector-1778.tvsquared.com, s.pinimg.com, www.redditstatic.com, sc-static.net, cdn.taboola.com, cdn.pdst.fm, go.affec.tv, t.teads.tv, q.quora.com, ad.doubleclick.net, heapanalytics.com, vars.hotjar.com, t.co, sslwidget.criteo.com, gum.criteo.com, stats.g.doubleclick.net, www.facebook.com, alb.reddit.com, trc.taboola.com, us-central1-adaptive-growth.cloudfunctions.net, rp.liadm.com, tr.snapchat.com, www.google.com, www.google.co.uk, googleads.g.doubleclick.net, adservice.google.com, ct.pinterest.com, secure.adnxs.com, www.snapengage.com, adservice.google.co.uk, trc-events.taboola.com, fonts.googleapis.com, fonts.gstatic.com, cdn.siftscience.com, analytics.twitter.com and hexagon-analytics.com.

To the extent permissible under applicable laws, we disclaim any liability with regards to any third party’s compliance with its legal obligations.

Your browser may offer you a "Do Not Track" or "DNT" option, which allows you to signal to operators of Third Party Services that you do not wish such operators to track certain of your online activities over time and across different websites. However, because we collect browsing and persistent identifier data, our Services do not support DNT requests at this time, which means that we may collect information about your online activity both while you are using the Services and after you leave them. You should also know that certain Third Party Services may not support DNT requests either – you should check their respective privacy policies for more information.

You can decide whether or not to accept most Cookies. Most browsers allow you to delete Cookies and have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allowing you to decide whether to accept each new Cookie in a variety of ways. To explore what Cookie settings are available to you, look in the "preferences" or "options" section of your browser's menu. You can always choose to stop us from collecting your Cookie Information by turning off the Cookie feature on your browser or by ceasing to use the Services. However, if you do prevent us from collecting your Cookie Information, you should know that some of the Services may not work properly.

If you'd like to know more about Cookies, including information about how to manage, disable and delete them, you can visit http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm, https://ico.org.uk/for-the-public/online/cookies/, http://www.youronlinechoices.com/uk/ or http://www.allaboutcookies.org/.

ADDITIONAL INFORMATION ABOUT INTEREST-BASED ADVERTISEMENTS We serve advertisements, and also allow third party ad networks, including third party ad servers, ad agencies, ad technology vendors and research firms, to serve advertisements through the Services. These advertisements are sometimes targeted to users who fit certain general profile categories or display certain preferences or behaviors (such advertisements, "Interest-Based Ads"). Information for Interest-Based Ads (including Personal Data) may be provided to us by you, as outlined above, as well as derived from the usage patterns of particular users on the Services and/or Third Party Services over time. Such information may be gathered by us or our third party service providers through Cookies, which may include a file known as a "web beacon" from an ad network to you through the Services. Web beacons allow ad networks to view, edit or set their own Cookies on your browser, just as if you had requested a web page from their website, allow them to serve Interest-Based Ads to you when you visit other websites, and also allow them to provide us and our advertisers with anonymized, aggregated auditing, research and reporting about advertisements.

Remember, you can always choose to stop us from collecting your Cookie Information by turning off the Cookie feature on your browser or by ceasing to use the Services. Also, you can opt out of Interest-Based Ads sourced by Google using Google's Ads Settings. For more information on how to make choices about Interest-Based Ads from participating third parties, and to learn how to opt out of receiving them from participating organizations, please visit the European Interactive Digital Advertising Alliance's user information website at http://www.youronlinechoices.eu/.

LINKS AND CONFIRMATIONS When you open an email or an SMS, MMS or other text message, or a push notification (each, a "Message") sent by us, or click on any links in that Message, we receive a confirmation that you did so (and when), as well as Cookie Information. We also receive confirmation and Cookie Information when you click on any links elsewhere throughout the Services, including on our website and our branded pages on social media. We use the information described in this paragraph to assess the effectiveness of our Messages and associated marketing campaigns, to learn more about the audience for our Messages, and to better understand your preferences, all based on our legitimate business interest in marketing to individuals who may be interested in our services and products. You can stop receiving Messages from us at any time by emailing us at ukhelp@harrys.com or calling us at 0808-164-8618.

Additionally, you should know that when you click on an advertisement for, or link to, a Third Party Service that appears anywhere on the Services, the Third Party Service or its advertiser may receive a confirmation and certain Cookie Information from you for the same purposes listed in the preceding paragraph, based on their own legitimate business interest in marketing to individuals who may be interested in their products and services. Remember, this Privacy Policy does not apply to your access or use of any Third Party Services, and we're not responsible for the content, products, services or privacy policies of those Third Party Services. We encourage you to carefully review the privacy policies of any Third Party Services you access.

INFORMATION FROM ADVERTISING AND ANALYTICS PARTNERS We work with advertising and analytics companies that provide us with certain information about you, your interactions with us and the Services, and your usage of both the Services and Third Party Services, including your age or birthday, demographic or interest data, Cookie Information, hashed email addresses, unique identifiers assigned to you by our Advertising Partners, as well as pages or content you've viewed, links you've clicked or other actions you've taken on both the Services and on Third Party Services. We use this information in order to enhance our understanding of your interests and preferences, so that we can serve you with Interest-Based Ads and measure their effectiveness, based on our legitimate business interest in marketing to individuals who we think may be interested in our services and products. We sometimes attempt to direct Interest-Based Ads to individuals who fit a certain general category, and as a result of the information our advertising and analytics partners provide us, Interest-Based Ads or other advertisements or recommendations may appear on Third Party Services that you visit.

To collect the information described above, as well as to serve targeted advertisements to you, our advertising and analytics partners sometimes integrate their own Cookies, including web beacons, into the Services and/or into Third Party Services that you visit, as mentioned above. Remember, you can elect not to have these Cookies collect your information on the Services. Also, your browser or device may offer you a "Do Not Track" or "DNT" option, which allows you to signal to operators of Third Party Services (including, without limitation, behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites; however, we cannot and do not make any promises about how such Third Party Services will react when you set this signal on your browser.

You may also consider changing your settings to block third party Cookies generally, where possible. Again, if you'd like to know more about Cookies, including information about how to manage, disable and delete them, you can visit http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm, https://ico.org.uk/for-the-public/online/cookies/, http://www.youronlinechoices.com/uk/ or http://www.allaboutcookies.org/.

INFORMATION FROM OTHER SERVICE PROVIDERS In addition to our advertising and analytics partners, we contract with various third party entities in order to operate our business and provide you with the Services and our products. These third parties provide us with various services described throughout this policy, including shipping and logistics, name and address verification, email distribution, market research, fraud prevention, promotions management and payment processing, and may share with us information about you that they have independently developed or acquired (in accordance with their own privacy policies and practices) for those purposes, as may be necessary for us to complete a contract with you or in furtherance of our legitimate business interests.

TRANSACTION DATA We sometimes request and receive information about your transaction history from our Payment Processor in order to process your purchase orders and shave plans, or to enroll you in discount, rebate and other programs in which you have elected to participate and use it to verify your identity by combining it with information you provide us, based on our legitimate business interest in protecting against fraudulent transactions.

WHO WE SHARE YOUR PERSONAL DATA WITH We share your Personal Data within our corporate family, including with our United States subsidiary, Harry's USA, Inc. We also share your Personal Data with third party vendors, service providers and agents, for the purposes and on the legal bases discussed herein, including:

• with shipping and logistics companies, our Payment Processor and others that we rely on to provide you with the Services or process and fulfill your shave plans and purchase orders, in each case, as may be necessary to complete a contract with you under our Terms of Service or your purchase orders or shave plans; and

• with advertising companies, analytics companies, marketing service providers, Epsilon Abacus and the Abacus Alliance Members (but only if you have indicated that you want us to do so), fraud detection and prevention service providers, name and address verification service providers, email providers, email verification and suppression service providers, hosting and database service providers, data security service providers, customer relationship management service providers and staff augmentation and contract personnel, in each case, based on various legitimate interests described in this Privacy Policy.

We seek to provide these third party vendors, service providers and agents with only the Personal Data they need to perform their services, and we work with them to help ensure that your privacy is respected and protected. Unless set forth in this Privacy Policy or otherwise communicated to you, these third parties do not have any rights to use your Personal Data beyond what is necessary to provide those services requested by us.

We also share your Personal Data with other third parties where you have given us your consent to do so, including for marketing purposes, based on your consent, which you may withdraw at any time, by emailing us at ukhelp@harrys.com or calling us at 0808-164-8618. As stated above, you can always choose to stop receiving these messages from us by emailing us at ukhelp@harrys.com or calling us at 0808-164-8618. Additionally, we share certain Cookie Information with Third Party Services where you have chosen to interact with them through the Services, such as by clicking on a link or advertisement on the Services.

PUBLIC INFORMATION If you post information or content publicly on or through the Services (including when you submit comments or reviews of our shave plans, products or Services), or post content publicly elsewhere, including on your social media accounts, that relates to us or the Services, we may receive and share that public information with third parties, based on our legitimate business interest in marketing our products and services.

CHANGE OF OWNERSHIP OR CONTROL If we are acquired by or merge with another company, go out of business or enter bankruptcy, or sell some or all of our assets, your Personal Data may be sold or transferred in connection with the transaction in question. If such events do take place, this Privacy Policy will continue to apply to your Personal Data.

LAWS AND SAFETY We also reserve the right to access, read, preserve and disclose your Personal Data as we reasonably believe is necessary to:

• satisfy any applicable law, regulation, legal process or governmental request;

• enforce this Privacy Policy and our Terms of Service, including investigation of potential violations hereof or thereof; or

• protect our rights, property or safety, and those of our users, customers and the public.

However, nothing in this Privacy Policy is intended to limit your rights and remedies regarding your Personal Data, including your right to register a complaint with your local data protection authority.

HOW WE PROTECT YOUR PERSONAL DATA We seek to protect your Personal Data using appropriate technical and organizational measures, taking into account the nature of the applicable Personal Data and processing activity. For example, all Payment Information regularly collected through the Services is encrypted and maintained using industry standard methods designed to ensure its security against loss or theft, including during transmission to our Payment Processor. However, we cannot and do not guarantee or warrant that such techniques will prevent unauthorized access to Personal Data or other information about you that we collect and store. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of such information at any time.

You can help us prevent unauthorized access to your account with us and your Personal Data by selecting and protecting your password appropriately and limiting access to your device and browser by signing off after you have finished accessing your account.

INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA AND PRIVACY SHIELD We sometimes transfer your Personal Data outside of the United Kingdom to our authorized third party agents, vendors and service providers. When we do so, it is our practice to use contracts with standard provisions approved by the European Commission that give Personal Data the same protection it has in Europe, or, where we use third party agents, vendors and service providers based in the United States, we may transfer data to them if they are part of the Privacy Shield (more on this below), which requires them to provide similar protection to Personal Data shared between Europe and the United States.

The Services are hosted and operated in the United States ("U.S.") through us and our service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any of your Personal Data, regardless of whether provided by you or obtained from a third party, is being provided to us in the U.S. and will be hosted on U.S. servers, and you authorize us to transfer, store and process your information to and in the U.S., and possibly other countries. You hereby consent to the transfer of your data to the U.S. pursuant to the EU-U.S. Privacy Shield Framework, the details of which are further set forth below.

Harry's, Inc. and our U.S. subsidiary, Harry's USA, Inc., have certified to the EU-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection and use of Personal Data transferred from the European Union.

Although Harry’s, Inc. and Harry’s USA, Inc. do not rely on the Privacy Shield Framework as a legal basis for transfers of Data in light of changes in law, both are still self-certified to the Privacy Shield Principles and adhere to them. To view Harry's, Inc.’s and Harry's USA, Inc.’s certification, please visit privacyshield.gov/ .The Privacy Shield Principles require that we remain potentially liable if any third party processing Personal Data on our behalf fails to comply with these Privacy Shield Principles (except to the extent we are not responsible for the event giving rise to any alleged damage). Our compliance with the Privacy Shield is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. UK and EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at security-council@harrys.com. If you do not receive timely acknowledgment of your Privacy Shield-related complaint from us, or if we have not resolved your complaint, you may also resolve a Privacy Shield-related complaint through JAMS, an alternative dispute resolution provider located in the United States. You can visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint, at no cost to you. Under certain conditions, you may also be entitled to invoke binding arbitration for complaints not resolved by other means. We are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and the possibility, under certain conditions, of your invoking binding arbitration. For the avoidance of doubt, and as previously stated, we do not rely on the Privacy Shield Framework as a legal basis for transfers of Data.

Except in the cases set out in this Privacy Policy, Harry’s only transfers personal data to third parties without the User’s consent if so obliged by law or by administrative or judicial directive.

WHAT YOUR RIGHTS ARE TO YOUR PERSONAL DATA, AND HOW YOU CAN EXERCISE THEM You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request with respect to these rights, you can email ukhelp@harrys.com. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous, inaccurate or extremely impractical, if it jeopardizes the rights of others or if it is not required by law, but in those circumstances we will still respond to notify you of such a decision. In some cases, we may need you to provide us with additional information, which may include Personal Data, as necessary to verify your identity and the nature of your request.

RIGHT OF ACCESS • Where permissible, you can request more information about the Personal Data we hold about you and you can request a copy of your Personal Data. If you have an active account with us, you can also access your Personal Data by visiting your account settings on our website.

RIGHT OF RECTIFICATION • If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such Personal Data. You can also correct some of this Personal Data directly by visiting your account settings on our website.

RIGHT OF ERASURE • Where permissible, you can request that we erase some or all of your Personal Data from our systems. You can also delete your account with us at any time by emailing us at ukhelp@harrys.com or calling us at 0808-164-8618.

RIGHT TO WITHDRAW CONSENT • If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent to this processing at any time, which you can do by emailing us at ukhelp@harrys.com or calling us at 0808-164-8618. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.

RIGHT TO OBJECT TO PROCESSING AND TO RESTRICT PROCESSING • Where permissible, you can let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as marketing to you (to name one example), and you can also ask us to restrict further processing of your Personal Data.

RIGHT OF PORTABILITY • Where permissible, you can ask for a copy of your Personal Data in a machine-readable format, and you can also request that we transmit the data to another controller where technically feasible.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY • You have the right to lodge a complaint about our practices with respect to your Personal Data with the Information Commissioner's Office. Please visit https://ico.org.uk/global/contact-us or call 0303 123 1113 for more information.

OUR PERSONAL DATA RETENTION POLICY We retain your Personal Data for as long as you have a working account with us, or as otherwise necessary to provide you with the Services. In some cases we retain Personal Data for longer, if doing so is necessary to pursue our legitimate business interests (but only if those interests are not overridden by your own interests, rights and freedoms), comply with our legal obligations, resolve disputes or collect fees owed, conduct audits, or if doing so is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we dispose of your Personal Data securely, but may retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.

As stated above, you can request us to erase some or all of your Personal Data from our systems, and you can delete your account with us at any time, by emailing us at ukhelp@harrys.com or calling us at 0808-164-8618.

ANY QUESTIONS OR CONCERNS? If you have any questions or concerns regarding how we collect, use, protect or share your Personal Data, including, for example, about our legitimate business interests or the legitimate business interests of others that we describe above, please send a detailed message to ukhelp@harrys.com or to our Data Protection Officer directly at security-council@harrys.com. You can also reach out to Harry's Grooming Limited at its registered office located at 5th Floor 101 St Martins Lane, London, United Kingdom, WC2N 4AZ. We will make every effort to resolve your concerns.

EFFECTIVE DATE: May 2023