We are committed to protecting our customers’ privacy. Please take a moment to review this notice, which explains what personal data we collect about you, how we use it and your rights.
1.What Personal Data We Collect and How
Personal data, or personal information, means any information about an individual from which that person can be identified.
Personal data we collect directly.We collect personal data from you when you provide it to us directly and through your use of the Site, including:
- Registration and profile information, such as information you provide to us when you use our Site e.g. your name, contact details, gender, and any information which you add to your account profile. For example, we may allow you to provide additional (voluntary) information, such as your body type, skin type, hair type, hair condition, training regime, performance goals, height and weight.
- Transaction and billing information, if you make any purchases from us or using our Site e.g. credit/debit card details and delivery and shipping information.
- Records of your communications and interactions with us, such as whenyou email, call, or otherwisecontact us, we collect and maintain a record of your contact details, communications and our responses. We also maintain records of communications and information that you post in chat sessions, forums and in other areas of the Site, and on our social media channels.
- Sweepstakes, contest and promotions information, such as information you provide us when you participate in a competition or promotion.
- Surveys and product reviews, e.g. if you participate in one of our surveys or provide information to us as part of product or service reviews.
- Events e.g. if you register for or attend an event that we host or sponsor, we may collect information related to your registration for and participation in such event.
- Marketing and communications data e.g. records of your preferences about receiving marketing and communications from us.
- Foundation Finder tool – if you choose to use this, we’ll ask you to upload a photograph and answer a few questions so that we can recommend a make-up foundation that matches your skin tone and the style you’re after.
- If you shop in one of our stores we may combine any information you provide to us in-store (e.g. when you make a purchase or join our mailing list in-store) with the information we otherwise collect about you.
Personal data collected automatically. We automatically collect personal data related to your use of our Site and interactions with us and others, e.g. using cookies and pixel tags, as well as information we derive about you and your use of the Site. This includes:
- Activities and usage information related to your use of the Site, such as links clicked, searches, features used, items viewed, time spent within the Site, files uploaded, products and items you view and items you add to your basket.
- Location information.We may collect or derive location information about you, such as through your IP address. With your permission, we may also collect geolocation information from your device. You may turn off location data sharing through your device settings.
Personal data we receive from other sources. In some circumstances, we may receive personal data from third parties, including:
- Verification data: e.g. data collected from third party service providers used to verify your identity and prevent fraudulent activity.
- Social media monitoring: If you visit our pages on social media sites, we collect information such as what you click on and view, your comments, likes and reactions, your location (country/region), details of your device and internet connection, your social media profile details and user ID.
- Operators of other websites:We may receive product reviews from operators of other websites and display such reviews on our own Site.
- Demographic information: We may receive demographic information from third party advertising partners to help us better personalise ads. See section 4 “Cookies and Personalisation” for more information.
2.How We Use Personal Data
Depending on how you use our Site, your interactions with us, and the permissions you give us, the purposes for which we use your personal data include:
- Online accounts. To register you as a customer and maintain your online account.
- Fulfil orders. To fulfil your order, including managing payments, charges, refunds and returns.
- Respond to your requests. To manage and respond to any queries or complaints to our customer service team.
- Provide recommendations. If you use our product finder tools , we use the information you provide to recommend products for you. We’ll also use the image, details of recommended products and any feedback to further improve the functioning of the tool and related services, or to develop similar tools and services.
- Personalise content and experiences. To personalise the Site and show you content we think you will be most interested in, based on your account information, your purchase history and your browsing activity.
- Operate and improve the Site and our business.To display the Site and its fonts (which may include Google Fonts), improve and maintain the Site, and monitor its usage, to better understand how users access and use the Site, and our other products and offerings, and for other research and analytical purposes, such as to evaluate and improve our business operations, to develop services and features, and for internal quality control and training purposes.
- Events.If we run or sponsor events we may collect personal data in connection with your attendance.
- Research and customer satisfaction. For market research and surveys, e.g. we may contact you for feedback about our products or for customer satisfaction purposes.
- Marketing and advertising. To send you marketing messages and show you targeted advertising, where we have your consent or are otherwise permitted to do so.
- Security and protection of rights. For security purposes, to prevent, detect, and investigate fraud and other unauthorised activities and access, and where necessary to protect ourselves, our business and third parties.
- Compliance with law and legal process. To comply with the law and our legal and regulatory obligations, to respond to legal process and in relation to legal proceedings.
- Internal business operations. For general business and operational support, e.g. to consider and implement mergers, acquisitions, reorganisations, bankruptcies, and other business transactions such as financings, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions.
Legal bases under EU/UK data protection laws. We rely on the following legal bases under data protection law to process your personal data:
- Because the processing is necessary to perform a contract with you, or take steps prior to entering into a contract with you (e.g. where you have made a purchase with us, we use your personal data to process the payment and fulfil your order).
- Because we have obtained your consent(e.g. if you consent to receive marketing from us or agree to the use of non-essential cookies). If you have consented to a processing activity, you can withdraw your consent at any time. We explain how to do this in the Cookies and Personalisation section (section 4) and Marketing section (section 5) of this policy.
- Because it is in our legitimate interests as an e-commerce provider to maintain, promote and protect our business and services. We are always seeking to understand more about our customers in order to offer the best products and customer experience. We use information about you to tailor your view of the Site, to make it more interesting and relevant in respect of the products and offers on view.
- In very limited cases, because it is necessary to comply with a legal obligation which we are subject to.
3.Who Do We Share Personal Data With?
We may share your personal data with third parties, for the purposes described above, in the following circumstances:
- With other companies in our group of companies.
- With our suppliers and service providers who process the data on our behalf, e.g., payment processors and delivery companies.
- With our professional and legal advisors.
- With third parties engaged in fraud prevention and detection.
- With third party platforms, providers and networks. We may disclose or make available personal data to third party platforms and providers that we use to provide our Site and its features. We may also make personal data available to third parties in support of our marketing, analytics, advertising and campaign management. See Section 4 “Cookies and Personalisation” for more information.
- With operators of other websites.We share product reviews submitted to our Site with other website operators who display these reviews on their own websites.
- With law enforcement or other governmental authorities, e.g., to report a fraud or in response to a lawful request.
- In relation to mergers, acquisitions, investments and asset transfers,personal data will be transferred to the other party to the transaction. We may also share certain personal data as part of the preparation for the transaction with lenders, auditors, and third-party advisors, including lawyers and consultants.
- To comply with legal obligations. We may share personal data with third parties to comply with our legal and compliance obligations and to respond to legal process e.g. in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement and government bodies. This may include responding to national security or law enforcement disclosure requirements and disclosures that we are required to make under applicable laws, such as the names of sweepstakes and contest winners.
- Otherwise where we have your consent or are legally permitted to do so.
4.Cookies and Personalisation
We use this information to provide functionality on the Site, to understand and measure Site performance, to understand how users access, use and interact with others, and to deliver targeted advertising and content on our Site and third party sites.
We also use it to identify and resolve bugs and errors in our Site and to assess, secure, protect, optimise and improve the performance of our Site.
Personalised advertising. We work with third parties, such as ad networks, social media platforms, analytics and measurement services and others to personalise content and display advertising within our Site, and to manage our advertising on third party sites, mobile apps and online services.
For example, you may see ads for our Site on third party websites, including on social media. These ads may be tailored to you using cookies and similar technologies which track your web activity on our Site and across other websites and online services, to enable us to serve ads to customers who have visited our Site.
We may also engage third parties, including social networks to show ads to our customers, or users who match the demographic profile of our customers. This may involve sharing information, such as your name, email address, and other contact and purchase information with these third parties so that we can better target ads and content to you across third party sites, platforms and services. These third parties may also help us to enhance our customer lists with additional demographic or other information, so we can better target our advertising and marketing campaigns.
If you do not want to see personalised ads you can change your cookie preferences using the tool available on our Site, as explained below, and by adjusting your privacy settings on third party websites and platforms.
Manage your preferences. You can manage your preferences for cookies and personalisation used by us as explained below.
- Cookie preference tool. You can review and update your cookiepreferences for our Site and opt out of most cookies and trackers on our Site (other than those that are strictly necessary) within our Cookie Preference Tool accessible via the cookie icon at the bottom left hand corner of the webpage. Your preferences are browser and device specific so you need to set the preference for each browser and device you use to access our Site. If you delete or block cookies, you may need to reapply these preferences.
- Industry ad choice programs. You can get more information about personalised advertising and opt out of personalised advertising by participating third party ad companies through industry ad choices programs, including:
Please note that opting out of cookies and trackers on our Site does not mean that you will no longer see ads from us. You may continue to see generic or “contextual” ads.
We love to communicate with our customers. Depending on your marketing preferences, we may use your personal data to send you marketing messages by email, SMS, phone and post. Some of these messages may be tailored to you, based on your previous browsing or purchase activity, and other information we hold about you.
If you no longer want to receive marketing communications from us (or would like to opt back in!), you can change your preferences at any time by contacting us (details below), clicking on the ‘unsubscribe’ link in any email, or updating your settings in your account. If you unsubscribe from marketing, please note we may still contact you with service messages from time to time (e.g. order and delivery confirmations, and information about your legal rights).
6.Transfers of Personal Data to Other Countries
We use service providers, and have group companies, in countries around the world. Your personal data may therefore be processed in countries outside of Europe, including in countries where you may have fewer legal rights in respect of your data than you do under local law. If we transfer personal data outside the UK/European Economic Area we will ensure that your privacy rights are adequately protected by appropriate safeguards, which may include the European Union’s standard contractual clauses and UK equivalent. Please contact us if you would like more information about these safeguards.
We will keep your personal data in line with our data retention policy, for as long as we need it for the purposes set out above, so this period will vary depending on your interactions with us. For example, where you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing, tax and warranty purposes. We may also keep a record of correspondence with you (for example if you have made a complaint about a product) for as long as is necessary in connection with any legal claim.
We implement appropriate technical and organisational security safeguards to protect your data from loss, misuse, and unauthorised access, disclosure, alteration and destruction. We also maintain ISO 27001 and PCI DSS (Payment Card Industry – Data Security Standard) security certifications.
However, please be aware that it is impossible for any company to guarantee the absolute security and integrity of the information that has been transmitted to its website.
Our Site is not intended for, and should not be used by, children under the age of 18. We do not knowingly collect personal data from children under 18.
You have choices regarding our processing of your personal data as described in this section.
Your rights under data protection laws:You have the right to:
- Ask for a copy of your personal data, make corrections to your personal data, and in some cases e.g. where our purposes for processing have come to an end, ask us to deleteit.
- Object to our use of your personal data in certain situations, including where we use your personal data for direct marketing. See section 5 “Marketing” for details of how to opt out of direct marketing.
- Transfer your personal data, in certain circumstances, to another provider, in a commonly used format.
- Complain to the data protection regulator in your country. In the UK this is the Information Commissioner’s Office .
We will comply with any requests to exercise your rights in accordance with applicable law. Please be aware, however, that there are several limitations to these rights, and there may be circumstances where we are not able to comply with your request.
You can exercise your rights by contacting email@example.com .
US residents. If you are a California resident, please review our California Privacy Supplement (section 13) below, for specific information about your rights under California privacy laws and how to exercise them. Residents of certain other US states including Virginia have additional rights under applicable privacy laws, subject to certain limitations, which may include:
- The right to correct inaccuracies in your personal information, taking into account the nature and purposes of the processing of the personal information.
- The right to delete your personal information provided to or obtained by us.
- The right to confirm whether we are processing your personal information and to obtain a copyof your personal information in a portable and, to the extent technically feasible, readily usable format.
- The right to opt outof (as applicable) the “sale” of your personal data, targeted advertising, and any processing of personal information for the purposes of making decisions that produce legal or similarly significant effects.
- The right to submit an appeal if we deny your request.
You can opt out of targeted advertising on our Site as set out in Section 4 “Cookies and Personalisation”, and opt out of direct marketing as set out in Section 5 “Marketing”. To exercise your other rights please contact customer . firstname.lastname@example.org .
11.Changes to this Notice
This Notice is current as of the Effective Date stated above. We may change this Notice from time to time, so please be sure to check back periodically. If we make material changes we will alert you e.g. by posting a prominent notice on the Site or via email.
If you have any queries on any aspect of our Privacy Notice, please contact us on the details below:
13.California Privacy Supplement
Consumers residing in California have additional rights in relation to their personal information under California privacy law, including the California Consumer Privacy Act (“CCPA”). If you are a California resident, this section applies to you. This section does not address or apply to our handling of publicly available information or other personal information that is exempt under the CCPA.
Categories of personal information collected and disclosed. Whilst our processing of personal information varies based upon our relationship and interactions with you, the table below identifies, generally, the categories of personal information (as defined by the CCPA) that we may collect, and have in the past twelve months collected, about California residents, as well as the categories of third parties to whom we may disclose this information for a business or commercial purpose.