UNITED KINGDOM AND REPUBLIC OF IRELAND CONSUMER PRIVACY POLICY

Last Update: 21^st September, 2023

The Estée Lauder Companies respects your privacy and values the relationship we have with you.

The Estée Lauder Companies has a diverse portfolio of prestige brands, including The Cosmetics Company Store. You can find a list of these brands on ELCompanies.co.uk, each referred to in this Privacy Policy as a “Brand”.

This Privacy Policy describes how our Brands in the United Kingdom and Republic of Ireland collect, use, disclose and safeguard your personal information. Unless otherwise indicated, all Brands in the United Kingdom and Republic of Ireland follow this Privacy Policy.

References in this Privacy Policy to “we”, “us”, “our”, “ELC” are references to the entity or entities in the United Kingdom responsible for establishing the purposes for the processing of your personal information. See the Data Controller section below for details.

Information we process
How we collect information
How we use information
Our legal basis for processing personal information
How we share information
How you control your information
How we use cookies
How we use information to advertise
International transfers
How we protect information
How long we retain information
How we treat children’s information
Updates to our privacy policy
Your data controller
How to contact us

INFORMATION WE PROCESS

We may collect or process the following types of information about you. The specific information we collect about you will vary depending on how you interact with us.

Personal identifiers and contact information, such as your name, address, email address, telephone number, and username or social media handle.
Device identifiers, such as information about your device like your MAC address, IP address, or other online identifiers.
Demographic information, such as your age or date of birth, sex, and gender.
Physical characteristics, such as your hair type and colour, skin type, eye colour, and facial geometry if you use certain of our virtual try-on applications.
Commercial and transactional information, such as the products or services you have purchased and the location of purchase, products returned or considered and your product preferences.
Payment information, such as your method of payment and payment card information (including payment card number, delivery address and billing address).
Identity verification information, such as photo identification for in-store pick-ups at one of our retail stores, loyalty member ID, and authentication information (like passwords).
Online or network activity information, such as information regarding your interaction with our websites, mobile applications, digital properties and advertisements, information about your browsing and search history on our websites or mobile applications and log file information like your browser type and webpages you visit.
Geolocation information, such as information that can help identify your physical location (like your GPS coordinates or the approximate location of your device).
Audio and visual information, such as recordings of your voice when you call our customer service and images we record through video surveillance in our retail stores.
Professional or employment-related information, such as professional licenses or certifications in connection with our professional programs.
Health and medical information, such as skincare concerns or condition, diagnoses, medical reports and history.
User Content, such as your communications with us and any other content you provide (including photographs and images, videos, reviews, articles, survey responses and comments).
Inferences drawn from or created based on any of the information identified above, such as derived ethnicity and household income range.

HOW WE COLLECT INFORMATION

We may collect personal information about you from various sources. For example:

Directly from you, such as when you make a purchase on one of our websites or in one of our retail stores, contact us with a question or complaint, use one of our mobile applications or virtual try on experiences, create an account on one of our websites, register for one of our brand loyalty programs or marketing lists, respond to a survey, participate in a contest or other promotion, make an appointment or sign-up to attend an event.
From your friends or family members, such as when your friend or family member sends you a gift or makes a referral. If you are submitting contact information of others, please ensure that you only submit information of individuals with whom you have a personal or family relationship and who have consented to such sharing.
When you interact with our websites or emails. When you visit our websites, or when you open or click on emails we send you, we (and third parties we work with) may automatically collect information from your browser or device, such as device identifiers and online and other network activity information using technologies such as cookies, pixel tags, and similar technologies. Cookies are small text files that websites place on your Internet-connected device to uniquely identify your browser or to store information or settings in your browser. Pixel tags are small images which are embedded into our websites or emails. We use pixel tags to collect information about your browser or device, how you interact with our websites, or whether you open or click on the emails we send you. Pixel tags also enable us (and third parties we work with) to place cookies on your browser.
Through in-store and other offline technologies, such as video surveillance, traffic counting devices and Wi-Fi technology in and around our retail stores, and call recording technology when you speak to customer service.
From our business partners and service providers, such as demographic companies, analytics providers, advertising companies and networks, third-party retailers or distributors, loss prevention services and other third parties that we choose to collaborate or work with.
From social media platforms and networks, such as Facebook, Instagram, Twitter, Pinterest, and Google. For example, we may obtain your information from a social media platform or network if you interact with us on social media or choose to log-in to our websites using your social media credentials.
From other ELC Brands that you have interacted with.

We may combine the information we obtain from the above sources. For example, we may combine information we collect in our stores with information we collect online.

HOW WE USE INFORMATION

We may use the information we have about you:

To provide products and services to you, such as fulfilling orders and processing payments; creating, servicing and/or maintaining your account or loyalty program membership; identifying concerns and assisting with product recommendations; and facilitating product reviews. To communicate with you, including to respond to your inquiries or complaints, and to help you place an order.
To administer your participation in special events, contests, sweepstakes, surveys or promotions.
For marketing and advertising, such as to send you postal mail, text messages, email, push notifications or other messages, show you advertisements for products and/or services tailored to your interests or profile on social media and other websites.
To operate and understand your use of our websites and mobile applications, such as to remember your information so you do not have to re-enter it, understand your preferred method of purchasing with us; determine what browser and devices you use to visit our websites or mobile applications; and to evaluate and improve our services, advertisements, websites, and mobile applications. For example, we use Google Analytics on our websites. For specific details on how Google collects and uses your personal information when we use its services, please visit: How Google Uses Information From Sites Or Apps That Use Our Services.
To operate and improve our business, including to conduct analytics, provide quality assurance and process adverse event or product-related claims, conduct research and development, and perform accounting, auditing and other internal business functions.
For legal and security purposes, such as to detect, prevent, and prosecute harmful, fraudulent, or illegal activity or activity that violates our policies, terms and conditions; loss prevention; identify and repair bugs on our websites or mobile applications; and to comply with applicable legal requirements, relevant industry standards and our policies.

We also may use your information in other ways for which we provide specific notice at the time of collection.

OUR LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION

Where required by law, we will use the information you provide for the above purposes if:

it is necessary to perform a contract to which you are party (e.g., to process your payment and fulfil your order);
we have obtained your consent (e.g., for marketing communications);
we have a legitimate interest in doing so (including a legitimate interest in performing marketing activities, video surveillance, research activities, data analytics, internal administration functions, or for fraud prevention purposes, enforcement of adherence to our policies, terms and conditions, and conducting our business in compliance with relevant industry standards and our policies); or
we need to comply with a legal obligation under applicable laws.

HOW WE SHARE INFORMATION

We may share your personal information with:

Our Brands. When you interact with a Brand, we may share your personal information with other Brands. Those other Brands may use your personal information for marketing and advertising and other purposes identified in this Privacy Policy.
Our Subsidiaries and Affiliates. We may transfer your personal information to our subsidiaries and affiliates on a need-to-know basis for the purposes identified in this Privacy Policy.
Service providers. We may transfer personal information to service providers who perform services on our behalf based on our instructions. We do not authorise these service providers to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements. Examples of these service providers include entities that process credit card payments, fulfil orders, track and investigate contraventions of our policies, terms and conditions, and that provide website and application functionality, hosting, analytics, advertising and marketing services.
Parties to a corporate transaction. We also reserve the right to transfer personal information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganisation, divestiture, dissolution, or liquidation).
Advertising Companies. We work with third party advertising companies (such as advertising networks) to serve advertisements on our behalf. For additional information, see the How We Use Information to Advertise section.
Other third parties. In addition, we may disclose personal information about you (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials, (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity, (iv) when disclosure of your personal information is otherwise required or permitted by law, or (v) with your consent (such as third-party salons and spas).

HOW YOU CONTROL YOUR INFORMATION

You have rights and choices in connection with the personal information we have about you.

Data Subject Rights: Depending on applicable laws, you have rights with respect to your personal information. For example, you can request access to the personal information we maintain about you, update and correct inaccuracies in your personal information, and have the personal information deleted or transmitted to a third-party. You can also request to withdraw your consent you previously provided to us, to restrict or to object to the processing of your personal information, or to provide us with general or specific guidelines relating to the storage, deletion and sharing of your personal information after your death. You can make such requests through our Privacy Request Portal. We may take reasonable steps to verify your identity when you make a request. We'd like the chance to resolve directly any complaints you have concerning the way we have responded to your request, but you have the right at all times to raise a complaint with the Information Commissioner’s Office (ICO). Go to: https://ico.org.uk/ for further information.
Marketing & Advertising Preferences: Your online account may offer you the ability to edit your marketing preferences. You can also opt-out of receiving marketing communications (such as email, postal mail or text messages) by following the unsubscribe instructions sent within those communications or you can make a request through our Privacy Request Portal. When you unsubscribe from our marketing communications, we will no longer use the related personal information (such as your email address or phone number) for targeted advertising purposes.
Mobile Device & Browser Preferences: Depending on your mobile device or web browser, we may request your location or request to send you push notifications. You can edit your preferences using the settings on your device.
Cookie Preferences: You can choose how certain cookies are used in connection with our websites. You can edit your cookie preferences at any time by editing your browser settings or, in some countries, selecting the “Manage Cookies” link at the bottom of each of our Brand websites. For additional details see the HOW WE USE COOKIES Section.

HOW WE USE COOKIES

Cookies are small text files that websites place on your Internet-connected device to uniquely identify your browser or to store information or settings in your browser which allows us to remember you when you come back to our websites and provide you with personalised experiences and advertisements. We use different types of cookies on our websites, including strictly necessary cookies, performance cookies, functional cookies and targeting cookies.

You can edit your cookie preferences at any time by using the tool available on the Brand website (if available) or by editing your browser settings. In countries where the tool is available, you can find a list of cookies used in connection with any of our websites and edit your preferences by accessing the “Manage Cookies” link at the bottom of each of our Brand websites. When editing your cookie preferences, please note that your settings only apply to the browser you use to submit your opt-out request, so if you use multiple browsers or devices, you must opt-out on each browser, on each device. Your opt-out is enabled using cookies, so once you opt-out, if you delete your browser’s saved cookies on a device, you will need to opt-out again on that browser on that device.

Our websites are not designed to respond to “do not track” signals from browsers.

HOW WE USE INFORMATION TO ADVERTISE

We may use, disclose or otherwise process your personal information to advertise our products and services in different ways, including targeted advertising. We work with third party advertising companies (such as advertising networks) to serve advertisements on our behalf. These advertising companies may use cookies, pixel tags and similar technologies to collect device identifiers, online or network activity information, commercial information, or inferences, such as information about the websites you visit over time and the advertisements you click on to deliver advertisements that are targeted to you or your profile. You can opt-out of cookie-based advertising based on your visits to our sites by editing your cookie preferences as described in the HOW WE USE COOKIES Section. Please note that even if you opt-out, you may still see ads from us, but the ads will not be targeted based on the websites you visit over time and the advertisements you click on and may therefore be less relevant to you and your interests.

We also work with third-party platforms, including platforms operated by social networks, to show you advertisements or measure the effectiveness of our advertisements. We may convert your email address, telephone number, or other information into a unique value and have these third-party platforms match this unique value with a user on their platform or with other data they may have. This matching enables us to deliver advertisements to you and others on these platforms. You also can request that we refrain from using your personal information in this way by contacting us through our Privacy Request Portal.

INTERNATIONAL TRANSFERS

In offering and providing our products and services, your personal information may be transferred, stored or processed in countries other than the United Kingdom and Republic of Ireland in which the information was originally collected (such as the United States). Those countries may not have the same data protection laws as your country of residence, and your personal information will be subject to applicable foreign laws. When we transfer your personal information to other countries, we will protect that information in the manner described in this Privacy Policy. We will also comply with applicable legal requirements providing adequate protection for the transfer of personal information, such as the conclusion of data transfer agreements, E.U. Standard Contractual Clauses, the UK’s International Data Transfer Agreement or other applicable data transfer mechanisms. If you have questions about our data transfers or would like to receive a copy of any applicable data transfer agreements (where required by law), you can submit a request through our Privacy Request Portal.

HOW WE PROTECT INFORMATION

We maintain administrative, technical, and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure, or use. We restrict access to personal information on a need-to-know basis to employees and authorised service providers who require access to fulfil their job requirements.

HOW LONG WE RETAIN INFORMATION

In general, we retain personal information as long as reasonably needed to achieve the purposes outlined in this Privacy Policy. There are many factors that we use to determine how long personal information is retained, such as:

the purposes for which the personal information was collected, including to provide our products and services;
your marketing preferences and how you engage with our Brands;
any legal or regulatory requirements that apply to the personal information; and
whether the personal information may be relevant to us in protecting our own rights (e.g. applicable limitation periods).

For additional information about data retention policies, please submit a request through our Privacy Request Portal.

HOW WE TREAT CHILDREN’S INFORMATION

Our products and services are designed for a general audience and are not intended for or directed to children.

UPDATES TO OUR PRIVACY POLICY

This Privacy Policy may be updated periodically and without prior notice to you to reflect changes in our personal information practices. We will post a notice on our websites to notify you of any significant changes to our privacy practices and indicate at the top of the Privacy Policy when it was most recently updated.

YOUR DATA CONTROLLER

A data controller is the entity or entities responsible for establishing the purposes and means for the processing of your personal information.

The data controller in the United Kingdom and Republic of Ireland for all our brands, including The Cosmetics Company Store is: Estée Lauder Cosmetics Limited, a company registered in England and Wales with company number 659213 and having its registered office at One Fitzroy, 6 Mortimer Street, London W1T 3JJ.

You can find a list of the Brands in the UK and Ireland on ELCompanies.co.uk.

HOW TO CONTACT US

If you have any questions or comments about this Privacy Policy or if you would like to exercise your rights, you can contact our Data Protection Officer by submitting a request through our Privacy Request Portal.

If we need, or are required, to contact you concerning any event that involves your personal information, we may do so by postal mail, telephone, email or through a notice on our websites.