At Cosmetista, we take privacy seriously.

The categories of personal data that we process depends on how you use our services. We use your personal data to provide our online services in alignment with your preferences, to process your requests, to contact you regarding products and services which may be of interest to you, to provide prize draws or competitions, or to carry out relevant administrative services. All personal data is processed in accordance with applicable data protection laws.

We only disclose your personal data to third parties that assist us with providing you with our services and, if you authorise us explicitly, to our affiliated companies for the purpose of customer relationship management, analytics and marketing.

With your consent we also use cookies for marketing, performance and statistical purposes.

As our valued customer, we also offer you various choices to control how your personal data is used. For example, if you would like to update your ‘cookie preferences’, click on the Cookie Consent Tool located at the bottom right of our website.

In addition, if you have an electronic account with us (on the website or mobile app), you can update your contact information and your marketing preferences under the ‘My Account’ section. Alternatively, you can contact our Customer Services Team.

OUR PRIVACY PRINCIPLES

At Cosmetista we have 5 Privacy Promises which explain how we use and look after your information.

We will:

  1. ALWAYS use your personal data in line with data protection law.
  2. ALWAYS tell you what information we collect, what we do with it, who we share it with and who to contact if you have any concerns.
  3. ALWAYS provide options to say ‘STOP’ if you don’t want marketing communications.
  4. ALWAYS take steps to protect your information and make sure no unauthorised person accesses it.
  5. ALWAYS respond to questions about your personal data without delay.

OUR PRIVACY POLICY

We are committed to safeguarding your privacy rights and ensuring that your personal data is protected.

This Privacy Policy explains the types of personal data we collect and how we process and protect that data in connection with the services we offer. This includes information collected offline in our stores or through our customer services, and online through our websites, applications (including mobile apps) and third party platforms (“Sites”).

This Privacy Policy also applies to our targeted content, including online offers and advertisements for products and services, which you may see on third party websites, platforms and applications (“Third Party Sites”) based on your online activity. These Third Party Sites may have their own privacy policies and terms and conditions. We encourage you to read them before using those Third Party Sites

WHO IS RESPONSIBLE FOR WHAT HAPPENS WITH YOUR DATA?

Cosmetista (“Alcor Brands” or “we”) are responsible for processing your personal data on our Sites. Alcor Brands is a member of The Alcor Brands Group (“TAB Group”), controlled by Brookings Capital.

HOW DO I CONTACT THE DATA PROTECTION OFFICER?

If you have a question in relation to how we process your personal data you can contact our Data Protection Officer via email.

WHAT IS PERSONAL DATA?

Personal Data means information that can directly or indirectly identify you (“Personal Data”). This typically includes information such as your name, address, email address, and telephone number, but can also include other information such as IP address, shopping habits, and information about your lifestyle or preferences such as your hobbies and interests.

WHAT HAPPENS WHEN YOU PROVIDE US WITH YOUR PERSONAL DATA OR WHEN WE OTHERWISE RECEIVE YOUR PERSONAL DATA?

We collect your Personal Data directly in a number of ways, for example when you provide us with your information to register as a customer for our Sites , register for prize draws or competitions, subscribe to our newsletter, receive information or mailings, use our applications, buy a product or service from us, complete a survey, make a comment or enquiry or contact our Customer Services Team.

When you provide us with your Personal Data, we will process it in accordance with this Privacy Policy. If you do not wish us to process your Personal Data in this way, please do not provide us with your personal information.

We may also receive your Personal Data from other sources, including information from commercially available sources, such as public databases and data aggregators, and information from third parties. If you do not want us to receive your Personal Data from other sources, please communicate your preferences directly with the relevant sources.

We process your Personal Data to provide you with our services as further explained below. In certain instances, we only process your Personal Data if you have given us permission to do so, for example in most cases where we process your Personal Data for marketing purposes, use cookies or location data or where we process your sensitive personal information. In other instances we may rely on other legal grounds for processing your personal data, such as performance of the contract with you or legitimate interests, like fraud prevention.

Where we process your Personal Data on the basis of your consent, we will ask for your consent explicitly and only for a particular purpose. We will also ask you to provide additional consent if we need to use your Personal Data for purposes not covered by this Privacy Policy.

FOR WHICH PURPOSES DO WE PROCESS YOUR PERSONAL DATA?

WE PROCESS THE FOLLOWING CATEGORIES OF PERSONAL DATA FOR THE FOLLOWING PURPOSES:

  1. Browsing on our Sites
  2. Purchase/Agreeing to a Service
  3. Customer Service
  4. Suggesting products & services which may interest you
  5. Competitions and prize draws
  6. Online Shopping
  7. Fraud prevention and other administrative services, such as registration.

We use cookies and similar technologies (“Cookies”) to improve our products and your experience on our Sites by collecting information on how you use our Sites. Some of the Cookies we use are required to enable core site functionality, for example to provide secure log-in or to remember how far you are through an order, but we also use Cookies that allow us to analyse site usage (so we can measure and improve performance), and advertisement Cookies which are used by advertising companies to serve ads that are relevant to your interests.

We may also tailor our Sites and our products to your interests and needs, by collecting information about your device and linking this to your Personal Data so as to ensure that our Sites present the best web experience for you.

Where we use Google Analytics, we have set up the service to anonymise your IP address as soon as data is received by the Analytics Collection Network: https://support.google.com/analytics/answer/2763052?hl=en , before any storage or processing takes place. To opt out of being tracked by Google Analytics across all websites please visit http://tools.google.com/dlpage/gaoptout.

You can view more information on the Cookies we use and adjust your preferences via the Cookie Consent Tool on our Sites. Please note, however, that without cookies you may not be able to use all of the features of our Sites or online services.

WHO WE SHARE YOUR PERSONAL DATA WITH?

OUR SERVICE PROVIDERS

We share your Personal Data with with the following data processors (i.e. service providers that help us to perform the above tasks):

Relevant companies of the TAB Group and subsidiaries of Brookings Capital for the purposes of Customer Relationship Management and analytics.

Trusted third parties to help us process and analyse your Personal Data for us, to support us when suggesting products & services which may interest you.

If you order a product or service from us, trusted third parties to allow payment and delivery of the products and services you have ordered. Unless you provided consent, any such trusted third parties are not authorised by us to use your Personal Data in any other way and will be required by us to implement adequate technical and organizational measures to protect your Personal Data.

These processors are bound by us to strict requirements as required under applicable data protection laws to only handle your Personal Data for us and to comply with high IT security standards.

OTHER RECIPIENTS

We share your Personal Data with the following third parties that process your Personal Data for their own purposes (i.e. these third parties are no processors; they rather use your Personal Data because they have their own interest or because you had consented):

Law enforcement or other agencies if we are required to do so by law, or by a warrant, subpoena or court order to disclose your Personal Data.

Please note that we never share your Personal Data with social media platforms. When we engage in audience building or customer matching activities with social media platforms like Facebook or Google, your Personal Data is always anonymised before the transfer. If there are any changes in the future and we have to share your Personal Data with a social media platform, we will ask for your consent.

SHARING YOUR SITE USAGE INFORMATION

With your consent, we will share Site usage information with trusted third parties (e.g. advertisers, advertising agencies, advertising networks, data exchanges, etc.) in order to offer you tailored content which may be of interest to you based on your prior activity on our Site. These trusted third parties may set and access their own Cookies, web beacons and similar tracking technologies on your device in order to help us deliver customised content and advertising to you when you visit our relevant Sites.

Please note that even if you opt out, you may still receive advertisements from us that are not customised based on your Site usage information.

TO WHICH COUNTRIES DO WE TRANSFER YOUR PERSONAL DATA?

Many of our trusted third parties, TAB Group and Brookings Capital companies are based in countries that provide an adequate level of data protection, such as the European Economic Area (“EEA”).

We also transfer your data to the United States (where our web development team sits).

When we need to transfer your Personal Data to a trusted third party based in a country where data protection laws are considered not to offer the same level of protection, we ensure adequate data protection safeguards by relying on other legitimate means, such as the Privacy Shield certification and/or Standard Contractual Clauses.

HOW LONG DO WE PROCESS YOUR PERSONAL DATA?

We will store your Personal Data only until the aforementioned purposes for which we have collected or received your Personal Data are fulfilled and once our statutory obligations to preserve records have expired.

WHAT ARE YOUR RIGHTS?

If certain requirements are fulfilled, you have the right to:

  • Obtain from us confirmation as to whether or not we process Personal Data from you and, where that is the case, access to your Personal Data;
  • Rectification of inaccurate Personal Data;
  • Erasure of Personal Data;
  • Objection to the processing of Personal Data;
  • Restriction of processing of Personal Data; and
  • Portability of Personal Data – receive the Personal Data you have provided to us in a structured, commonly used and machine-readable form and transmit it to another data controller.

You can learn more about these rights here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

To exercise your rights, please contact the Data Protection Officer or get in touch with our Customer Services Team on the details set out below.

Note that you do not need to contact our Data Protection Officer to excerise your rights to stop receiving marketing communications from us. You can opt out of receiving such communications by going to the Marketing Preferences of your ‘My Account’ if you have an account with us, directly from the communications we send you.

CAN YOU WITHDRAW YOUR CONSENT TO THE PROCESSING OF PERSONAL DATA?

  • Where your consent is the legal basis for the processing of your Personal Data, you can withdraw your consent for:
  • Marketing communications: by logging into your account under Marketing Preferences or using the unsubscribe link in any of our marketing communications.
  • Use of Cookies: via our Cookie Consent Tool at the bottom of our Sites.
  • Other purposes: by sending us an email.

Please note that withdrawing your consent will not affect the lawfulness of the processing before the withdrawal.

CAN YOU COMPLAIN WITH THE DATA PROTECTION AUTHORITIES?

If you think that the processing of Personal Data by us violates data protection laws, you can lodge a complaint with the Information Commissioner in the UK (www.ico.org.uk).

HOW DO WE PROTECT YOUR PERSONAL DATA?

We maintain appropriate technical and organisational measures to protect the Personal Data you provide to us against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to your Personal Data.

CAN WE CHANGE OUR PRIVACY POLICY?

We may change this Privacy Policy from time to time by posting the updated version of the Privacy Policy here. We encourage you to visit this area frequently to stay informed.

The Privacy Policy was last updated in 26 Feb 2020.