This privacy policy describes how we collect, use, disclose, and protect our customers’ personal information. It also tells you about the rights and choices you have with respect to your personal information, and how you can reach us to get answers to your questions. Please note, our privacy practices are subject to the applicable laws of the places in which we operate. You will see additional region-specific terms that only apply to customers located in those geographic regions, or as required by applicable laws.
1. What Our Privacy Policy Covers
This privacy policy covers our customer facing operations in the United States and Canada, and applies to the personal information we obtains in various contexts, both online and offline, including when you access or use our websites or any other applications or services that link to this privacy policy; visit us in our stores, communicate with us; shop with our third-party partners; engage with us on social media; or participate in any of our programs or events.
We may provide different or additional privacy notices in connection with certain activities, programs, and offerings. We may also provide additional “just-in-time” notices that may supplement or clarify our privacy practices or provide you with additional choices regarding your personal information.
Our websites may include links to websites and/or applications operated and maintained by third parties. Please note that we have no control over the privacy practices of websites or applications that we do not own. We encourage you to review the privacy practices of those third parties.
2. What Personal Information We Collect
The types of personal information we obtain about you depends on how you interact with us and our products and services. When we use the term “personal information,” we are referring to information that identifies, relates to, describes, or can be associated with you. The following are the categories and specific types of personal information that we collect:
Basic Identifying Information
Including your full name, alias, postal address, e-mail address, phone number, date of birth, account name, signature, username, social media handle, or other similar identifiers.
Government-Issued Identifiers
Including your driver’s license number or other similar government identifier.
Device Information and Other Unique Identifiers
Including device identifier, internet protocol (IP) address, cookies, beacons, pixel tags, mobile ad identifier, or similar unique identifiers.
Internet or Other Network Activity
Including browsing or search history and information regarding your interactions with our websites, mobile applications, emails, or advertisements.
Geolocation Data
Including information that permits us to determine your location, such as if you manually provide location information or enable your mobile device to send us precise location information.
Payment Information
Including credit or debit card numbers.
Commercial Information
Including products or services you have purchased, returned, exchanged, or considered; preferences; and rewards activity related to Beauty Insider membership.
Physical Characteristics
Including skin tone and type, hair color and type, eye color, and other beauty profile information you provide.
Health and Medical Information
Including information you choose to provide regarding skin conditions or medications in connection with a beauty service, in-store digital experience, or product recommendation.
Demographic Data
Including age, gender, race, ethnicity, estimated income, and household information, some of which may include characteristics of protected classifications under state or federal law.
User Content
Including your communications with us and any other content you provide (such as social media profiles, photographs, images, videos, survey responses, comments, product reviews, testimonials, and other content).
Audio and Visual Information
Including photographs, images, videos, and recordings of your voice (such as when we record customer service calls for quality assurance).
Inferences
Inferences drawn from or created based on any of the information identified above.
Job Applicant Information
Including professional or employment-related information (such as education and employment history) and any other information you provide in connection with applying and interviewing for employment with us. If we retain you as an employee, this may include, among other things, your Social Security number or taxpayer ID.
Sensitive Personal Information
We only collect sensitive personal information, as defined in the applicable U.S. state privacy laws, with your consent. We also do not use sensitive personal information for inferring characteristics about you.
3. How We Collect Your Personal Information
We collect personal information about you from various sources. For example, we collect and obtain information:
Directly from You
We collect personal information you provide, such as when you make a purchase; register for an account or create a profile; sign up for the Beauty Insider Program; contact us; respond to a survey; book a reservation; make an appointment for in-store or virtual services; RSVP for an event; interact with us in store (including in-store digital experiences); participate in a sweepstakes, contest, or other similar campaign or promotion; respond to a survey; apply for a job; or sign up to receive emails, text messages, and/or postal mailings.
Using Online Tracking Technologies and Other Automatic Data Collection Technologies
When you visit our websites, open or click on emails we send you, or interact with our advertisements, we or third parties we work with automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies. For more information, please see “Cookies and Similar Online Tracking Technologies” section below.
Through In-store and Other Offline Technologies
We record customer service calls and maintain a transcript of chats for quality assurance. We also use Closed Circuit Television or CCTV in our stores for safety, security, fraud, loss prevention, and operational purposes.
From Social Media Platforms and Networks
If you interact with us on social media or use features, such as plugins, widgets, or other tools made available by social media platforms or networks (including Instagram, Facebook, Twitter, Google, YouTube, and Pinterest) in connection with our websites, we collect information that you disclose to us, or that the social media platforms disclose to us. For more information about the privacy practices of those social media platforms, please review the privacy policies and settings of the social media platforms and networks that you use.
From Other Sources
For example, we may obtain information about you from other sources, such as data analytics providers, marketing or advertising service providers, fraud prevention service providers, vendors that provide services on our behalf, or publicly available sources. We also create information based on our analysis of the information we have collected from you.
4. Cookies and Similar Online Tracking Technologies
We and our third–party partners and service providers (such as advertising and analytics providers) use pixels, web beacons, software developer kits, third–party libraries, cookies, and other similar online tracking technologies (collectively, “online tracking technologies”) to gather information when you interact with our websites, and email communications. Some online tracking technologies help us maintain the security of our websites and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.
We also permit third parties and service providers to use online tracking technologies on our websites for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders (depending on your communication preferences). The third parties and service providers use their technology to provide advertising about products and services tailored to your interests which may appear either on our websites or on other websites.
To the extent these online tracking technologies are deemed to be a “sale” / “sharing” (which includes targeted advertising, as defined under the applicable laws) under applicable U.S. state laws, you can opt-out of these online tracking technologies by submitting a request via Your Privacy Choices, which is available at the bottom of our website. Please note, some features of our websites may not be available to you as a result.
5. How We Use Your Personal Information
We collect and use personal information for various purposes, including:
Providing Products and Services
We use your personal information to provide products and services, such as to fulfill your orders and/or complete the transactions you request; to process your payments; to provide you receipts and order updates; to send notifications to you related to your account, purchases, returns, exchanges, subscriptions, and reservations; to create, maintain, and otherwise manage your account, profile, or program membership, including offering functionalities such as easy checkout and the ability to save user preferences and transaction history; and to provide a forum for discussion, asking questions, posting photos and reviews, and sharing experiences.
Depending on the products and/or services you request, the categories of information used for these purposes may include Basic Identifying Information, Payment Information, and Commercial Information. If you attempt a return, you may be asked to provide a Government-Issued Identifier. For certain services, such as online, you may choose to provide Physical Characteristics and/or Health and Medical Information.
Communicating With You
We use your personal information to communicate with you, such as to respond to and/or follow-up on your requests, inquiries, issues, or feedback, and to provide customer service.
Marketing and Promotional Purposes
We use personal information for marketing and promotional purposes, such as to send marketing, advertising, and promotional communications by email, text message, or postal mail (such as trend alerts, promotions, new product launches, and event invitations); to show you advertisements for products and/or services tailored to your interests on social media and other websites; and to administer our sweepstakes, contests, and other similar promotions.
Analytics and Personalization
We use personal information to conduct research and analytics, including to improve our services and product offerings; to understand how you interact with our websites, advertisements, and communications with you; to determine which of our products or services are the most popular; to improve our websites, and marketing campaigns; to personalize your experience; to save you time when you visit our websites to customize the marketing and advertising that we show you; to create a more personalized experience for you when you visit our stores; to provide services; to better understand our customers’ needs; and to provide personalized recommendations about our products and services.
Security and Fraud Prevention
We use personal information to detect, investigate, prevent, or take action regarding possible malicious, deceptive, fraudulent, or illegal activity, including fraudulent transactions; attempts to manipulate or violate our policies, procedures, and terms and conditions; security incidents; and harm to the rights, property, or safety of our business and our users, customers, employees, or others.
Legal Obligations
We use personal information to comply with our legal or regulatory obligations, to establish or exercise our rights, and to defend against a legal claim.
Core Business Functions
We use personal information to support core business functions, including to maintain records related to business process management, loss and fraud prevention; to collect amounts owing to us; and to provide and maintain the functionality of our website, including identifying and repairing errors or problems.
Applicant
We use Job Applicant Information to make decisions about recruitment and in anticipation of a contract of employment. Providing this information is required for employment.
6. How We Disclose Your Personal Information
In addition to the specific situations discussed elsewhere in this privacy policy, we disclose personal information in the following circumstances:
Corporate Affiliates
We may disclose personal information with our corporate affiliates, including our parent company, sister companies, and subsidiaries. Such corporate affiliates process personal information on our behalf as our service providers, where necessary to provide a product or service that you have requested, including to administer the Beauty Insider program, or in other circumstances with your consent as permitted or required by law.
Service Providers
We disclose certain personal information to service providers that perform services to support our core business functions and internal operations including: fulfilling orders; delivering packages; complying with your request for the shipment of products to or the provision of services by an intermediary; sending postal mail, e-mails, and text messages; analyzing customer data; providing marketing assistance; administering our Ratings & Reviews; supporting beacons; processing credit card and debit card payments; investigating fraudulent activity; conducting customer surveys; and providing customer service.
Business Partners
We may disclose your personal information with businesses that we have partnered with to jointly create and offer a product, service, or joint promotion.
Social Media Platforms and Networks
Some of our websites have features such as, plugins, widgets, and/or other tools made available by social media platforms and networks that may result in information being collected or disclosed between us and such parties. Their use of your information is not governed by this privacy policy.
Public Forums
Some of our websites provide the opportunity to post content in a public forum. If you decide to submit information in these public forums, that information will be publicly available.
Legal Process
We may disclose personal information in response to subpoenas, warrants, court orders, government inquiries, or investigations; or to comply with relevant laws and regulations. We may also disclose information to establish, exercise, or protect the rights of our company, employees, agents, and affiliates; to defend against a legal claim; to protect the safety and security of our visitors; to detect and protect against fraud; and to take action regarding possible illegal activities or violations of our policies.
Transfer of Control
We may disclose personal information with another company that buys some, or all, of the assets or our business entity, and that company may use and disclose personal information for purposes similar to what is described in this policy. We may also disclose personal information with prospective purchasers to evaluate the proposed transaction.
Other Instances
We may ask if you would like us to disclose your information with other third parties who are not described elsewhere in this privacy policy.
7. How We Protect Your Personal Information
Personal information is maintained on our servers or those of our service providers, and is accessible by authorized employees, representatives, and agents as necessary for the purposes described in this privacy policy.
We realize that individuals trust us to protect their personal information. We maintain reasonable and appropriate physical, electronic, and procedural safeguards designed to help protect your personal information. While we attempt to protect your personal information in our possession, no method of transmission over the internet or security system is perfect, and we cannot promise that information about you will remain secure in all circumstances.
For your convenience, our websites include functionality that allows you to remain logged in so that you do not have to re-enter your password each time you want to access your account. If you choose to remain logged in, you should be aware that anyone with access to your device will be able to access and make changes to your account and may be able to make purchases through your account. For that reason, if you choose to remain logged in, we strongly recommend that you take appropriate steps (such as enabling the “Passcode Lock” security feature on your mobile device) to protect against unauthorized access to, and use, of your account. Please also notify us as soon as possible if you suspect any unauthorized use of your account or password.
8. Your Rights
Consistent with applicable law, you may exercise the rights described in this section. Please note that some of the rights may vary depending on your country, province, or state of residence.
The Right to Opt Out of Cookies and Sale/Sharing Using Online Tracking Technologies
Our use of online tracking technologies may be considered a “sale” / “sharing” under applicable law. Visitors to our US website can opt out of being tracked by these third parties by clicking the “Your Privacy Choices” link at the bottom of our website and selecting their preferences.
If you do not have an account or if you are not logged into your account, your request to opt out of “sale” / “sharing” will be linked to your browser identifier only and not linked to any account information because the connection between your browser and the account is not known to us.
California and Colorado residents may opt out by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.
If you would like us to make the connection between your browser and your account when you send the opt-out of “sale” / “sharing” of your personal information request or GPC signal, and you have not yet opted out of “sale” / “sharing” your personal information, we recommend you submit the Do Not Sell or Share Personal Information form that is in Your Privacy Choices. As stated above, the Your Privacy Choices link is available at the bottom of our website.
Residents of Colorado, Connecticut, and Virginia can opt out of targeted advertising by clicking the “Your Privacy Choices” link at the bottom of our website and selecting the appropriate preferences.
Categories of personal information disclosed that may be considered “sale” / “sharing”: Basic Identifying Information, Device Information and Other Unique Identifiers, Internet or Other Network Activity, Geolocation Data, and Commercial Data.
Categories of third parties to whom personal information was disclosed that may be considered “sale”/ “sharing” include advertisers and marketing partners, data analytics providers, and social media networks.
The Right to Limit the Use of Sensitive Personal Information
California residents have the right to limit the use of sensitive personal information. We only collect sensitive personal information, as defined by applicable California law, with your consent and only uses the sensitive personal information for the use disclosed at the time of collection. We do not use sensitive personal information for inferring characteristics about you.
The Right to Accessing, Correcting, and Deleting Personal Information
You may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. If you are a resident of California, Colorado, Connecticut, or Virginia you have the rights to access, correct, and delete personal information under the applicable law (when these laws become effective). If you are a resident of Canada, you have the right to access your personal information and withdraw your consent from processing. These rights may be limited in some circumstances by applicable law.
Access and Deletion
You can submit a request to access or delete your personal information, or withdraw consent, by:
Submitting a Request Form; or
Calling 1-833-899-2963.
If you are a Canadian resident and want to withdraw consent to processing, please submit a deletion request by submitting the form, or calling the number, above.
Typically, we retain your personal information for the period necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law. Please note that in many situations we must retain all, or a portion, of your personal information to comply with our legal obligations; resolve disputes; enforce our agreements; protect against fraudulent, deceptive, or illegal activity; or for another one of our business purposes.
Corrections
You can correct information related to your account by:
Logging into your account.
You may submit a request for a copy of the information collected about you by following the steps outlined in the “Your Rights” section above. California residents may do so for personal information collected in at least the last 12-months. California and Colorado residents may do so up to twice per year per customer.
Responding to Requests
Once you have submitted your request, we will respond within the time frame permitted by the applicable law. Please note that we may charge a reasonable fee for multiple requests in the same 12-month period, as permitted by law.
Appealing Requests
If you are a Colorado, Connecticut, or Virginia resident, you may appeal our decision to your request regarding your personal information. To do so, please contact us in any of the ways listed in the “Communicating With Us” section. We respond to all appeal requests as soon as we reasonably can, and no later than legally required.
Identity Verification
For us to process some requests, we will need to verify your identity to confirm that the request came from you. We may contact you by phone or e-mail to verify your request. Depending on your request, we will ask for information such as your name, an e-mail address that you have used on our site. For certain requests, we may also ask you to provide details about the most recent purchase you made online or in store.
Authorized Agent
Residents of California, Colorado, and Connecticut may designate an authorized agent to submit a request on your behalf to access or delete your personal information. To do so, you must: (1) provide that authorized agent written and signed permission to submit such request; and (2) verify your own identity directly with us. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.
If you have been designated as an authorized agent to submit a request on behalf of another customer, you must make the appropriate selection when you submit a Request Form.
Managing Communication Preferences
Email
You can stop receiving promotional e-mails at any time by:
Clicking on the “unsubscribe” link at the bottom of any promotional e-mail that you receive from us; or
Logging into your account, clicking on the “My Account” page, and managing your email preferences.
Text Messages
You can opt-out of receiving text messages from us by replying “STOP” to the text message you receive from us. Please note that this will only opt you out of the specific text messaging program associated with that number. For more information, please refer to our Text Messaging Terms & Conditions.
Removing Content from our Public Forums
You can request that we remove content or information that you have posted on a public page on some of our websites (such as part of a Ratings & Review, or your Beauty Insider Community activity) by e-mailing details to us. Please note that while we will endeavor to honor your request, our removal of your content or information does not ensure complete or comprehensive removal of that information from our website. For example, historical copies, or “caches,” may remain.
9. Transmission of Information to Other Countries
Our business is located in the United States.
If you submit personal information on our sie, your personal information may be processed in a foreign country, where privacy laws may be less stringent than the laws in your country. By submitting your personal information to us you agree to the transfer, storage, and processing of your personal information in a country other than your country of residence including, but not necessarily limited to, the United States.
10. Children’s Privacy
Our website is not intended for or directed to children under the age of 13. We do not knowingly collect personal information directly from children under the age of 13 without parental consent. If we become aware that a child under the age of 13 has provided us with personal information, we will delete the information from our records.
11. Communicating With Us
If you have any questions about our privacy or security practices, you can contact via e-mail.
If we need, or are required, to contact you concerning any event that involves your personal information we may do so by e-mail, telephone, or mail.
12. Changes To This Policy
We may revise this privacy policy from time to time and will post the date it was last updated at the top of this privacy policy. We will provide additional notice to you if we make any changes that materially affect your privacy rights.
13. Additional Information for California Residents
California law requires us to disclose the following additional information with respect to our privacy practices. If you are a California resident, this section applies to you in addition to the rest of the privacy policy.
California Shine the Light
Customers who are residents of California may request information concerning the categories of personal information (if any) we disclose to third parties or affiliates for their direct marketing purposes.
Categories of Personal Information We Collect and Our Purposes for Collection and Use
You can find a list of the categories of personal information that we collect in the “What Personal Information We Collect” section above. For details regarding the sources from which we obtain personal information, please see the “How We Collect Your Personal Information” section above. We collect and use personal information for the business or commercial purposes described in the “How We Use Your Personal Information” section above.
Categories of Personal Information Disclosed and Categories of Recipients
We disclose the following categories of personal information for business or commercial purposes to the categories of recipients listed below:
We disclose Basic Identifying Information with businesses, service providers, and third parties, such as advertising networks, analytics and social media networks.
We disclose Device Information and Other Unique Identifiers with businesses, service providers, and third parties, such as advertising networks, analytics, and social media networks.
We disclose Internet or Other Network Activity with businesses, service providers, and third parties, such as advertising networks, analytics, and social media networks.
We disclose Geolocation Data with businesses, service providers, and third parties such as advertising networks, analytics, and social media.
We disclose Payment Information with businesses and service providers who process payments.
We disclose Commercial Information with businesses, service providers, and third parties, such as advertising networks, analytics, and social media networks.
We disclose Physical Characteristics with business and service providers who help administer Community, Beauty Insider, or product recommendations.
We disclose Health and Medical Information you choose to provide regarding skin conditions or medications with businesses in connection with a beauty service and with service providers that help make product recommendations.
We disclose User Content with businesses and service providers who help administer our programs, such as Community, product reviews, and social media networks.
We disclose Audio and Visual Information with businesses and service providers who help administer customer service and fraud or loss prevention services.
We disclose Inferences with businesses and service providers who help administer marketing and personalization.
For more information on how your information is disclosed, please see the “How We Share Your Personal Information” section, which provides more detail on our business partners, service providers and third parties. We may also need to disclose any of the above categories of information pursuant to Legal Process or as a result of a “Transfer of Control” as described in the “How We Share Your Personal Information” section. As stated in the “Your Rights” section above, we typically retain your personal information for the period necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law.
14. Notice of Financial Incentive
We offer our customers a loyalty program (the Beauty Insider Program) that provides certain perks, such as rewards and exclusive offers. We may also provide other programs, such as sweepstakes, contest, or other similar promotional campaigns (collectively, the “Programs”). When you sign up for one of these Programs, we typically ask you to provide your name and contact information (such as email address and/or telephone number). Because our Programs involve the collection of personal information, they might be interpreted as a “financial incentive” program under California law. The value of your personal information to us is related to the value of the free or discounted products or services, or other benefits that you obtain or that are provided as part of the applicable Program, less the expense related to offering those products, services, and benefits to Program participants.
You may withdraw from participating in a Program at any time by contacting us using the designated method set forth in the applicable Program rules. Visit the terms and conditions page of each Program to view full details, including how to join.