Skip to main content

PRIVACY NOTICE

L’ORÉAL AUSTRALIA PTY LTD

L’Oréal Australia Pty Ltd through its brand Aesop has collected your personal information for the purposes of developing our relationship with you and providing you with information about Aesop and its products. If you opt in, you consent to receiving marketing materials and promotional offers from us and other L’Oréal brands (including via email and SMS). Generally, we only disclose personal information to our related companies and to third parties which provide us with (or assist us to provide) products/services. This may involve transferring your information outside of Australia including to NZ, USA, UK, Singapore, Canada and the EU. Our privacy policy (available at [www.loreal.com.au](http://www.loreal.com.au/)) contains information about making a complaint and accessing or correcting the information we hold about you. You can contact us (and opt-out from marketing) at the L’Oréal Consumer Affairs Department at 564 St Kilda Road, Melbourne, Victoria 3004, telephone 1300 659 359 or by email [consumeraffairs@au.loreal.com] PRIVACY POLICY Version Date: 1 June 2025 ABOUT THIS POLICY This privacy policy sets out the principles that L’Oréal Australia Pty Ltd (ABN 40 004 191 673) including each of its businesses, brands and divisions (“L’Oréal” “we” “us”), will follow in the management of your personal information. Your “personal information” is any information or opinion about you, or from which you are reasonably identifiable. We may amend this privacy policy at any time and for any reason. The updated version will be available at [www.loreal.com.au](http://www.loreal.com.au/). We may highlight changes to this policy on our websites, but you should check this policy regularly for changes.

1. L’ORÉAL PRIVACY OBLIGATIONS

L’Oréal is committed to protecting the privacy of individuals and is bound by the Privacy Principles set out in the Privacy Act 1988 (Cth) (the “Act”). L’Oréal will only collect, use or disclose personal information in accordance with the Act and this privacy policy. A copy of the Act, the Privacy Principles and guidance from the Office of the Australian Information Commissioner are available from the website of the Office of the Australian Information Commissioner (at [www.oaic.gov.au](http://www.oaic.gov.au/)).

2. COLLECTION AND USE OF PERSONAL INFORMATION

L’Oréal will, from time to time, collect personal information in the course of its business. We may use your personal information for the following purposes: • the purpose for which it was collected (and related purposes which would be reasonably expected by you); • purposes to which you have consented; or • as otherwise authorised or required by law. Generally, we will only use the personal information that we collect about you for purposes connected with our business operations. These purposes may include: • verifying your identity; • contacting you (including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner); • providing goods or services to you or receiving goods or services from you; • addressing any issues, problems or complaints that we or you have regarding our relationship; and • developing and improving our products, services and business. The types of personal information L’Oréal collects and the purposes for which that personal information is used will depend on the circumstances. Some examples of the types of information that L’Oreal ordinarily collects in certain situations and how it is ordinarily used are set out below. Employees: L’Oréal may collect personal information from its employees in connection with their employment. Personal information includes an employee’s name, address, date of birth, photographs, bank account details and employee records. Any personal information obtained and held by L’Oréal directly related to an employee’s employment with L’Oréal will be exempt from compliance with the Act. L’Oréal may be required to disclose the personal information of its employees, from time to time, for the purposes of conducting its business or otherwise in accordance with this policy. L’Oréal may, from time to time, obtain sensitive information about its employees, either directly or indirectly. Where L’Oréal comes into possession of sensitive information relating to an employee, this information will only be used for the purposes for which it was obtained. In the ordinary course of its business, L’Oréal may be required, from time to time, to transfer the personal information of employees overseas in accordance with clause 4 of this privacy policy. Consumers: In general, L’Oréal collects the following types of personal information about consumers: name, contact information (including postal and e-mail address and telephone numbers), gender, age and date of birth, product preferences, purchasing histories, credit card details and other information relating to a consumers’ dealings with us. We generally use this personal information to assist in the supply of products and services, for promotional purposes and for our internal administrative purposes. L’Oréal collects personal information from consumers in a number of different ways including directly from a consumer when they provide it to us (or our agents or contractors) including when a consumer: • visits our websites or counters; • acquires or uses our products; • enters a competition or promotion; • responds to a survey; • joins one of our clubs or mailing lists; or • otherwise contacts us. We may also generate personal information about consumers from information that we have. For example, by analysing our records of a consumer’s use of our products or services or the consumer’s previous dealings with us. We may also collect personal information about consumers from publically available resources or (in circumstances where it is unreasonable or impractical to obtain it from the consumer directly) from third parties. Applicants for employment: L’Oréal collects a range of personal information about applicants for employment such as name, contact information (including postal and e-mail address and telephone numbers), employment and training history and any other information included as part of an application, resume or curriculum vitae. We may also obtain personal information from psychological or aptitude tests and from referees. We use all of that information only to assess a person’s suitability for available employment positions. This information is collected when you submit an application for employment. Applicants for employment agree to L’Oréal collecting, using and disclosing the information for the purposes for which it was disclosed and to the extent permitted by the Act. Where L’Oréal holds personal information from a previous employment application, the applicant can request to access the personal information in accordance with clause 7 of this policy. The request must be provided to L’Oréal within a reasonable timeframe and must particularise the information sought and the purpose for which the information is sought. L’Oréal will provide access unless an exception to access applies under the Act. L’Oréal will take reasonable steps to destroy all personal information it holds if the information is no longer required for the purpose for which it was obtained. Suppliers, Purchasers and Contractors: The personal information L’Oréal collects about suppliers, purchasers or contractors who are individuals generally includes name, contact information (including postal and e-mail addresses and telephone numbers), payment and banking details. We use that information for our transactions with such persons, our internal administrative purposes related to our relationship with that person as a supplier, purchaser or contractor and in building and managing our commercial relationships. This information is collected when a supplier, purchaser or contractor contacts us, responds to a request for services, or otherwise offers to supply us with goods or services. When you use our websites, L’Oréal may also collect “clickstream” information (such as which areas of our websites you have accessed, the time and date of access, the type of browser software used, your IP address and the previous website that the you linked to our website from). We may also collect “cookie” information (such as user preferences relating to your use of the web site). This information is used for a number of purposes including to customise and improve L’Oréal websites. You can adjust your internet setting to disable “cookies”, however certain aspects of our websites may require this information to function and may not be available or perform optimally if this information is not collected. Information that Meta collects and shares with us: All Meta features and services available on our website/app are governed by the Meta Data Policy, in which you can get more info about your privacy rights and settings options. By using this website/app, you may: • Sign-up with your Facebook, Instagram or other Meta service login. If you do so, you consent to share some of your public profile information with us; • Use the Meta social plug-ins, such as “like” or “share” our content on the Meta platforms; • Accept cookies from this website/app (also identified as “Facebook or Meta Pixel”) that will help us understand your activities, including information about your device, how you use our services, the purchase you make and the ads you see, whether or not you have a Facebook account or are logged into Meta platforms. When you are using those features, we collect data that help us to: • Show you ads you might be interested in on Facebook (or Instagram, Messenger or any other Facebook services); • Measure and analyze the effectiveness of our website/app and ads. We may also use the personal information you gave us on this website/app (such as your name and surname, email, address, gender and phone number) to identify you in Facebook (or Instagram, Messenger or any other Facebook services) in order to show you ads that are even more relevant for you. While doing this, Meta will not share your personal information and will delete the information promptly after the match process is complete. The Act defines some types of personal information as “sensitive information”. Personal information about a person’s racial or ethnic origin, political opinions or memberships, religious or philosophical beliefs or affiliations, professional or trade association or union memberships, sexual orientation or practices, criminal record or health (including genetic and biometric information) is considered sensitive information. L’Oréal does not generally collect sensitive information about individuals. If you provide sensitive information to us for any reason (for example if you provide us with health information such as information about allergies or skin conditions) you consent to us collecting, using and disclosing that information for the purpose for which you disclosed it and as permitted by the Act. We will handle any sensitive information that we receive in accordance with this

3. DISCLOSURE OF PERSONAL INFORMATION

We may disclose or provide access to your personal information to third parties in connection with the purposes described in section 2 of this policy. We may disclose your personal information: • to third party contractors appointed by L’Oréal to perform services for us or on our behalf (such as marketing agencies, customer service organisations, parties who provide credit card processing services and website and data hosting providers); • to our related companies; • to our professional advisors, accountants, insurers lawyers and auditors on a confidential basis; • in the unlikely event that we, or any of our assets, are or may be acquired by a third party, to that third party and its advisors; • in certain circumstances, to third parties that require information for law enforcement or to prevent a serious threat to public safety; • as required or authorised by law; or • otherwise with your consent. L’Oréal requires our contractors to keep personal information confidential and not to use or disclose it for any purpose other than performing services for us or on our behalf. You should be aware that some information that you upload to parts of our websites or to our social media pages may be available to be viewed by the public. You should use discretion in deciding what information to upload to such sites.

4. PROCESSING AND TRANSFER OF INFORMATION

As L’Oréal is an international business, some information (including personal information) may be transferred to countries outside of Australia in the ordinary course of our business including to parties located in: • New Zealand; • the USA; • Canada; • UK; • Singapore; • other countries in Asia; and • countries in the EU. When L’Oréal discloses personal information outside of Australia we will comply with this privacy policy and the requirements of the Act.

5. DIRECT MARKETING

Direct marketing involves communicating directly with you for the purpose of promoting the sale of goods and services to you. Direct marketing can be delivered by a range of methods including mail, telephone, email or SMS. We may use and disclose your personal information for the purpose of sending you direct marketing materials where: • you have consented to us doing so; or • it is otherwise permitted by law. You can unsubscribe from receiving direct marketing materials from us at any time by contacting us (see section 9 of this policy).

6. SECURITY

L’Oréal will take reasonable steps to keep any personal information we hold about you secure. However, except to the extent liability cannot be excluded due to the operation of statute, we exclude all liability (including in negligence) for the consequences of any unauthorised access to your personal information. Please notify us immediately if you become aware of any breach of security.

7. SEEKING ACCESS

You have the right to seek access to personal information which L’Oréal holds about you or to update or correct that information. There are a limited number of circumstances in which L’Oréal may decline to grant such access. These are set out in the Act. L’Oréal will grant access to information in accordance with the Act. To request to access, verify, correct, or update any personal information we hold about you, please contact us (see section 9 of this policy). L’Oréal will endeavour to acknowledge such requests as soon as practicable. If L’Oréal is required to or otherwise agrees to grant access to the personal information, we will give access within a reasonable period of time. L’Oréal will notify you of the method by which it will give you access to the information. Where permitted by law, L’Oréal may charge an administrative fee for granting access to information. If L’Oréal refuses to grant access to personal information, it will inform you of the grounds on which access is denied and advice you of your options to seek to have that decision reviewed.

8. COMPLAINTS ABOUT PRIVACY

If you are concerned that L’Oréal may have breached its privacy obligations, the Act or this privacy policy please contact us (see section 9 of this policy). When contacting us, please provide as much detail as possible in relation to your issue or complaint. All complaints will be taken seriously and will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information we may require. If you are not satisfied with our handling of your complaint, you may refer the issue to the Office of the Australian Information Commissioner (at [enquiries@oaic.gov.au]).

9. REQUESTING DELETION OF YOUR PERSONAL INFORMATION

In some cases, you have the right to have you personal information erased or deleted. Please note this is not an absolute right, as we may have legal and legitimate grounds for retaining your personal information. To request deletion of your personal information, you may send us a request at [consumeraffairs@au.loreal.com] or telephone us on 1300 659 359.

10. QUESTIONS ABOUT PRIVACY

If you have any questions or concerns about L’Oréal’s collection, use or disclosure of your personal information or if you would like to access, update or correct the information we hold about you please contact L’Oréal’s Privacy Officer via the L’Oreal Consumer Affairs Department at 564 St Kilda Road, Melbourne, Victoria 3004 or by telephone on 1300 659 359 or by email [consumeraffairs@au.loreal.com].

Privacy Policy (Effective until 31 May 2025) Contents 1. Who are we? 2. What information is covered by this Privacy Policy? 3. What personal information do we collect from you and how do we collect that information? 4. How do we use your personal information? 5. Matters specific to the internet 6. Do we use your personal information for direct marketing? 7. Sharing your data with third parties 8. Where do we transfer your personal information? 9. What are your rights in relation to your personal information? 10. Do we use CCTV? 11. How do we protect your personal information? 12. How long do we keep your personal information? 13. How do we deal with children's privacy? 14. How can you contact us? 15. Which version of this Privacy Policy applies? Aesop is committed to protecting your privacy. This Privacy Policy explains the types of personal information we collect, how we use that information, who we share it with, and how we protect that information.

Please read the following carefully to understand our views and practices regarding your personal information.

1. Who are we? This Privacy Policy applies to information that Emeis Cosmetics Pty Ltd, and its parent, subsidiaries and affiliate entities worldwide (individually and collectively referred to herein as "Aesop", "we", "us" or "our") collects from you. The personal information we collect is controlled by Aesop UK Limited, Hay's Galleria, 1 Hay's Lane, Hay's Lane House, 3rd Floor, London, SE1 2HD (registered number 05192303), Emeis Cosmetics Pty Ltd, 23 Waterloo Road, Collingwood VIC 3066, Australia, (ACN registration: 007 409 001) and the relevant local corporate affiliates. For the purposes of applicable data protection laws, the relevant Aesop entity as set out in section 14 below is a data controller of your personal information. 2. What information is covered by this Privacy Policy? This Privacy Policy covers all personal information that we collect, use and process which means information that (either in isolation or in combination with other information) enables you to be identified directly or indirectly. 3. What personal information do we collect from you and how do we collect that information? The types of personal information we may collect, and hold vary depending on the nature of our interaction with you and may include:

• identifying and contact information such as your name, postal and email address, telephone number, gender, date of birth and title;

• payment information;

• information ascertained about you from social media such as your profile picture, likes, location and friend list;

• geo-location details when using one of our mobile applications;

• health information such as skin concerns and adverse reactions to products; and

• product preferences and other information.

We may collect your personal information in a number of ways including when you:

• visit our website and register an account with us and/or purchase products through our website and/or undertake a live consultation;

• visit one of our Aesop retail stores or counters, including if you register an account with us in store; or

• correspond with us across any of our channels (e.g. messaging platforms such as text message, live chat and WhatsApp, social media and email).

We typically collect your personal information directly from you. On some occasions, we may collect your personal information from third parties such as payment platform providers. 4. How do we use your personal information? Why we process your information: To provide you with information about our products and services. How we use your information for this purpose: We process your order history to develop, market, sell or otherwise provide products, services or information to you. We also process your name and contact details to provide you with copies of our newsletter and information about our products, store launches, partnerships and in-store events, contact you regarding service related matters, and provide you with other marketing or promotional information where we are permitted to do so in accordance with applicable laws or if you have provided consent for us to do so. We also process this information to ensure that we do not contact you for direct marketing purposes if you have asked us not to. Based on the following justification: Using your personal information in this way is necessary for us to perform our contractual obligations to you. It is also in our legitimate interests to provide you with the best possible customer experience online and instore.

Why we process your information: To process your payments and protect you against fraudulent transactions. How we use your information for this purpose: We process your personal information including your payment details (credit card, debit card and/or other payment details) to fulfil your purchase orders for our products, services and/or gift cards. We also process this information to keep your payment details safe and protect you against fraudulent transactions. We process details of your device when you shop on our website to enable us to detect any fraudulent transactions or suspicious purchasing activity. Based on the following justification: It is in our legitimate interests to process personal information to keep payments secure and necessary for the performance of our contract with you. Providing us with certain personal information is voluntary but we may not be able to process your order and send you the required order acknowledgement and shipping confirmation e-mails if you do not provide us with certain requested information.

Why we process your information: To provide you with products and services that you have purchased from us. How we use your information for this purpose: We may need to use your name and contact details to perform our obligations under a contract with you (e.g. where you have purchased a product or service from us, like a hand cream or a facial treatment). Based on the following justification: It is necessary for us to process your personal information in this way for us to perform our statutory and/or contractual obligations to you.

Why we process your information: To learn more about why you use certain products and inform our product developers. How we use your information for this purpose: We process your personal or health information (e.g. skin type or where you suffer an adverse reaction to a product) to update your account with us. We also process this data to conduct internal administrative activities, research, analytics, planning and product development. If you have a customer account (whether created online or in-store), we may also collect information about the products you browse online or purchase, where you purchased the products from and other information relevant to your customer relationship with Aesop. We use this information for our internal demographic insights into our customers, to offer you an enhanced service according to your preferences, including by identifying relevant products, services and events which may be of interest to you, and to personalise your experience with Aesop. Together with non-personal information, we may also use this information for our internal marketing analysis and demographic studies, to analyse, profile and monitor customer patterns so we can consistently improve our products. This means that we can offer more personalised and integrated shopping and interactive experiences to our customers across all our channels. Based on the following justification: It is in our legitimate interests to develop our products and market the right products to you.

Why we process your information: To improve your experience on our website. How we use your information for this purpose: We process information such as your Aesop account username and password, IP address, information about your purchases and your other activity on our website to improve our website, including to modify it to your usage, history and preferences and troubleshoot problems. Based on the following justification: It is in our legitimate interests to ensure we provide you with a seamless online experience.

Why we process your information: To assess the online activities of our website users. How we use your information for this purpose: We process information collected by our websites automatically and through cookies and other technologies to assess the activities of our users, to measure the interest in and use of our website and communications, and to customise the website and our communications with you. We do this on both an individual basis and in the aggregate. Please see the section titled 'Matters specific to the Internet' for more detail. Based on the following justification: It is in our legitimate interests to process personal information using cookies and other technologies that we need to use to run our website. Where required by applicable law, we will ask for your consent to the use of cookies that aren't necessary to run our website.

Why we process your information: To understand and analyse our sales, your needs and preferences. How we use your information for this purpose: We may use your information such as your geographical location to help us conduct focused market research (such as surveys) based on trends and common factors so that we develop, enhance, market and provide products and services to meet your individual needs. Based on the following justification: It is in our legitimate interests to process personal information to develop, enhance, market and provide products and services to you.

Why we process your information: To understand your preferences based on information included in your Aesop profile (completed online, in-store or at one of our counters) or in other communications you send to Aesop. How we use your information for this purpose: We process your information in this way to better understand you, to maintain, update and service your account with us. This processing also allows us to conduct internal administrative activities, research, analytics, planning and project development. Based on the following justification: It is in our legitimate interests to process personal information so that we can better provide our products to you.

Why we process your information: To process exchanges or returns. How we use your information for this purpose: We process your personal information to perform our obligations under our contract with you. Based on the following justification: It is necessary for us to process your personal information to fulfil our statutory and/or contractual obligations to you.

Why we process your information: To respond to requests or complaints. How we use your information for this purpose: If you contact Aesop by live chat from our site, by email or phone, or in person at a store or counter, Aesop will collect your personal information and use this to identify you as a customer, help with your query, process your order, process payments, deliver products and services, update our records and to generally manage your account with us under our terms with you. Based on the following justification: It is necessary for us to process your personal information to fulfil our statutory and/or contractual obligations to you.

Why we process your information: To ensure the security and integrity of Aesop resources, including the website. How we use your information for this purpose: Aesop will process personal information to assess and enhance the security and reliability of our remote and electronic resources, including analysis of information collected during technological development, and program enhancements. Based on the following justification: We process your personal information in an effort to provide safe, reliable access to our goods and services.

Why we process your information: To assess or ensure compliance with applicable laws, regulations, and policies. How we use your information for this purpose: We may process your personal information to audit, confirm, and document compliance with legal, administrative, industry, and ethical standards, including Aesop’s policies and procedures, code of conduct, and corporate responsibility initiatives. We will also process your personal information to audit our affiliates’ and service providers’ compliance with contractual obligations as well as applicable privacy and other standards. Based on the following justification: We process your personal information to obey laws and regulations, to enforce internal policies, and to prevent and detect fraud and other practices that undermine Aesop’s commitment to fair and ethical conduct.

5. Matters specific to the internet Further information on how we use cookies can be found in our Cookie Policy. 6. Do we use your personal information for direct marketing? We will only use your personal information with your consent to send you marketing materials by email, text, WhatsApp or post, depending on your marketing preferences. Our marketing communications may include the products, services and other offers of Aesop or of third parties who have a relationship with us. You can opt out of receiving direct marketing from us at any time by contacting us as described below. When we send you direct marketing communications by email or other electronic means, we'll always give you the option to unsubscribe in the message itself. 7. With which third parties do we share your personal information? Your personal information is intended for Aesop but may be shared with third parties in certain circumstances: Aesop's group of companies: We may share your personal information among our group of companies to register your account with us, deliver our products, provide you with customer support, process your payments, understand your preferences, send you information about products that may be of interest to you and conduct the other activities described in this Privacy Policy. Some of the companies in our group may be located overseas as discussed in the section titled 'Where do we transfer your personal information?'. Our service providers: We use other companies, agents and contractors to perform services on our behalf or to assist us with the provision of the Aesop products to you. We may share personal information with such service providers including the following:

• infrastructure and IT service providers, including for email archiving, mailing, online messaging, payment/billing, booking/appointment systems, IT support desk and cloud-based services;

• advertising partners, including digital advertising partners such as social media sites and Google;

• marketing, advertising and communications agencies and information services companies; • transportation and logistics providers;

• external auditors and advisers; and

• other parties to whom we are authorised or required by law to disclose information.

While providing such services, these service providers may have access to your personal information. Third parties permitted by law: In certain circumstances, we may be required to disclose or share your personal information to comply with a legal or regulatory obligation (for example, we may be required to disclose personal information to the police, regulators, government agencies or to judicial or administrative authorities). We may also disclose your personal information to third parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, to enforce our contracts or protect your rights or those of the public. Third parties connected with business transfers: We may transfer your personal information to third parties relating to a reorganisation, restructuring, merger, acquisition or transfer of assets, provided that the receiving party agrees to treat your personal information in a manner consistent with this Privacy Policy. Aesop will not sell your personal information to third parties for monetary compensation but may share your information with affiliated companies and contractors to better serve you by, for instance, tailoring your online experiences and customizing the products and services you are offered. Please note our website may, from time to time, contain links to and from the websites of our partners or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we have no control over how they may use your personal information. This is the same for your use of social media sites. You should check the privacy policies of third-party websites before you submit any personal information to them. 8. Where do we transfer your personal information? Aesop is a global brand and we provide our products and services all over the world. Your personal information may be transferred to and processed in:

• the EEA;

• Switzerland;

• Australia;

• New Zealand;

• Japan;

• Hong Kong;

• Singapore;

• Malaysia;

• Macau;

• Taiwan;

• Korea;

• the United States of America;

• Canada; and

• Brazil, by our affiliates and our service providers.

9. What are your rights in relation to your personal information? You have the following rights available to you in respect of the personal information we hold about you:

• Access. You have the right to request a copy of the personal information we are processing about you. For your own privacy and security, at our discretion we may require you to prove your identity before providing the requested information. • Rectification. You have the right to request that incomplete or inaccurate personal information that we process about you be rectified. • Deletion. In some jurisdictions in which we operate, you have the right to request that we delete personal information that we process about you, except we are not obliged to do so if we need to retain such data to comply with a legal obligation or to establish, exercise or defend legal claims. • Restriction. In some jurisdictions in which we operate, you have the right to restrict our processing of your personal information where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it. • Portability. In some jurisdictions in which we operate, you have the right to obtain personal information we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal information which you have provided to us, and (b) if we are processing that data based on your consent or to perform a contract with you. • Objection. In some jurisdictions in which we operate, where the legal justification for our processing of your personal information is our legitimate interest, including the profiling we undertake to send you personalised offers, product recommendations and similar content, you have the right to object to such processing on grounds relating to your situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim. • Withdrawing Consent. If you have consented to our processing of your personal information, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us.

You can make a request to exercise any of these rights in relation to your personal information by sending the request to privacy@aesop.com.

Aesop will generally provide you with access to your personal information if practicable and will take reasonable steps to amend any of your personal information which is inaccurate or out of date. In some circumstances and in accordance with applicable privacy laws, we may not permit you access to your personal information, or may refuse to correct your personal information, in which case we will provide you reasons for this decision. Please note that where you have withdrawn your consent to our collection, use and disclosure of your personal information at any time (subject to contractual and legal restrictions and reasonable notice) or do not provide us with the personal information we request of you, we may be unable to provide you the products or services you have requested or contact you in the future.

You also have the right to lodge a complaint with us and the local data protection authority if you believe that we have not complied with applicable data protection laws. Please advise us of your concern or complaint in writing and send it to the relevant Aesop entity at the address set out below under the section titled "How can you contact us?". Your concern or complaint will be considered or investigated by us and we will respond to your complaint within a reasonable time. It is our intention to use our best endeavours to resolve any complaint to your satisfaction. However, if you are unhappy with our response, in Australia, you may contact the Office of the Australian Information Commissioner who may investigate your complaint further. If your complaint relates to the processing of your health information and you reside in Victoria, New South Wales or the Australian Capital Territory, you can lodge a complaint with the relevant State/Territory health complaints commissioner. Please click here for a list of local data protection authorities in EEA countries. 10. Do we use CCTV? Please note that where CCTV is in operation in our stores you may be captured on CCTV and your image stored. All CCTV footage is captured purely for your security and for the prevention and detection of crime. If you would like to know more about this, please contact us using the details provided below. 11. How do we protect your personal information? We do several things designed to keep our data secure, including administrative, technical and physical safeguards such as firewalls and encryption measures. While we endeavour to protect our systems, website, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be safe from intrusion by others, such as hackers.

Aesop takes reasonable steps to: a) make sure that the personal information we collect, use and disclose is accurate, complete and up-to-date; b) protect the personal information that we hold from misuse and loss and from unauthorised access, modification or disclosure; and c) where permitted by law, destroy or permanently anonymise personal information that is no longer needed by Aesop. Aesop's credit card transactions are fulfilled by an authorised banking institution. When collecting credit card information for online purchases, Aesop offers secured server transactions that encrypt your information in transit to help prevent others from accessing it. Personal information is stored on servers that are protected by appropriate safeguards and will be accessible by authorised employees and agents who require access relating to their responsibilities. Your credit card details are encrypted and then removed from our system once your order has been dispatched. We don't usually collect unsolicited personal information. In the event we receive unsolicited personal information, we will determine if it would have been permissible to collect that personal information if it had been solicited. If we determine that collection would not have been permissible, to the extent permitted by law, we will destroy or anonymise that personal information as soon as practicable. Aesop will generally provide individuals with the option of not identifying themselves when entering into transactions when it is lawful and practicable to do so. However, on many occasion, we will not be able to do this. For example, we will need your address to deliver any products purchased through our website. 12. How long do we keep your personal information? We will only retain your personal information to the extent permitted by applicable laws and regulations. When we no longer need to use personal information, including for any contractual, legal, or regulatory requirement, we will remove it from our systems and records and/or take steps to anonymise it so that you can no longer be identified from it. 13. How do we deal with children's privacy? We will never knowingly collect personal information from individuals under the age of sixteen (16) years. If we become aware that a person under 16 has provided personal information to us, we will remove such personal information from our files. 14. How can you contact us? If there are any questions or concerns regarding this Privacy Policy, please contact us at privacy@aesop.com.

If you live in Switzerland, you should contact Aesop Switzerland AG, Gasometerstrasse 16, 8005 Zürich. 

If you live in the UK, the data controller you should contact is Aesop UK Limited at Hay's Galleria, 1 Hay's Lane, Hay's Lane House, 3rd Floor, London, SE1 2HD If you live in the EEA you should contact, Aesop Germany, Pfeilstrasse 45, Cologne 50672, Germany.

If you live outside the EEA and UK, Emeis Cosmetics Pty Ltd is responsible for your personal information. You can contact Emeis Cosmetics Pty Ltd at 23 Waterloo Road, Collingwood VIC 3066, Australia. 15. Which version of this Privacy Policy applies? We reserve the right to change our Privacy Policy from time to time. To obtain a copy of the latest version of our Privacy Policy at any time, visit our website at http://www.aesop.com/ or contact us by email: privacy@aesop.com. This Privacy Policy was last updated on 30th November 2023.