Privacy Policy

Privacy Policy (Effective from 11 June 2020)

Contents
1. Who are we?
2. What information is covered by this Privacy Policy?
3. What personal information do we collect from you and how do we collect that information?
4. How do we use your personal information?
5. Matters specific to the internet
6. Do we use your personal information for direct marketing?
7. Sharing your data with third parties
8. Where do we transfer your personal information?
9. What are your rights in relation to your personal information?
10. Do we use CCTV?
11. How do we protect your personal information?
12. How long do we keep your personal information?
13. How do we deal with children's privacy?
14. How can you contact us?
15. Which version of this Privacy Policy applies?

Aesop is committed to protecting your privacy. This Privacy Policy explains the types of personal information we collect, how we use that information, who we share it with, and how we protect that information.

Please read the following carefully to understand our views and practices regarding your personal information.

1. Who are we?
This Privacy Policy applies to information that Emeis Cosmetics Pty Ltd, and its parent, subsidiaries and affiliate entities worldwide (individually and collectively referred to herein as "Aesop", "we", "us" or "our") collects from you.
The personal information we collect is controlled by Emeis Cosmetics Pty Ltd, 25 Smith Street, Fitzroy VIC 3065 Australia (ACN registration: 007 409 001) and the relevant local corporate affiliates. For the purposes of applicable data protection laws, Aesop is a data controller of your personal information.


2. What information is covered by this Privacy Policy?
This Privacy Policy covers all personal information that we collect, use and process which means information that (either in isolation or in combination with other information) enables you to be identified directly or indirectly.


3. What personal information do we collect from you and how do we collect that information?
The types of personal information we may collect, and hold vary depending on the nature of our interaction with you and may include:

  • identifying and contact information such as your name, postal and email address, telephone number, gender, date of birth and title;

  • payment information;

  • information ascertained about you from social media such as your profile picture, likes, location and friend list;

  • geo-location details when using one of our mobile applications;

  • health information such as skin concerns and adverse reactions to products; and

  • product preferences and other information.

We may collect your personal information in a number of ways including when you:
  • visit our website and register an account with us and/or purchase products through our website and/or undertake a live consultation;

  • visit one of our Aesop retail stores or counters, including if you register an account with us in store; or

  • correspond with us across any of our channels (e.g. messaging platforms such as text message, live chat and WhatsApp, social media and email).

We typically collect your personal information directly from you. On some occasions, we may collect your personal information from third parties such as payment platform providers.


4. How do we use your personal information?
Why we process your information: To provide you with information about our products and services.
How we use your information for this purpose: We process your order history to develop, market, sell or otherwise provide products, services or information to you.
We also process your name and contact details to provide you with copies of our newsletter and information about our products, store launches, partnerships and in-store events, contact you regarding service related matters, and provide you with other marketing or promotional information where we are permitted to do so in accordance with applicable laws or if you have provided consent for us to do so. We also process this information to ensure that we do not contact you for direct marketing purposes if you have asked us not to.
Based on the following justification: Using your personal information in this way is necessary for us to perform our contractual obligations to you. It is also in our legitimate interests to provide you with the best possible customer experience online and instore.

Why we process your information: To process your payments and protect you against fraudulent transactions.
How we use your information for this purpose: We process your personal information including your payment details (credit card, debit card and/or other payment details) to fulfil your purchase orders for our products, services and/or gift cards.
We also process this information to keep your payment details safe and protect you against fraudulent transactions. We process details of your device when you shop on our website to enable us to detect any fraudulent transactions or suspicious purchasing activity.
Based on the following justification: It is in our legitimate interests to process personal information to keep payments secure and necessary for the performance of our contract with you. Providing us with certain personal information is voluntary but we may not be able to process your order and send you the required order acknowledgement and shipping confirmation e-mails if you do not provide us with certain requested information.

Why we process your information: To provide you with products and services that you have purchased from us.
How we use your information for this purpose: We may need to use your name and contact details to perform our obligations under a contract with you (e.g. where you have purchased a product or service from us, like a hand cream or a facial treatment).
Based on the following justification: It is necessary for us to process your personal information in this way for us to perform our statutory and/or contractual obligations to you.

Why we process your information: To learn more about why you use certain products and inform our product developers.
How we use your information for this purpose: We process your personal or health information (e.g. skin type or where you suffer an adverse reaction to a product) to update your account with us.
We also process this data to conduct internal administrative activities, research, analytics, planning and product development. If you have a customer account (whether created online or in-store), we may also collect information about the products you browse online or purchase, where you purchased the products from and other information relevant to your customer relationship with Aesop. We use this information for our internal demographic insights into our customers, to offer you an enhanced service according to your preferences, including by identifying relevant products, services and events which may be of interest to you, and to personalise your experience with Aesop.
Together with non-personal information, we may also use this information for our internal marketing analysis and demographic studies, to analyse, profile and monitor customer patterns so we can consistently improve our products. This means that we can offer more personalised and integrated shopping and interactive experiences to our customers across all our channels.
Based on the following justification: It is in our legitimate interests to develop our products and market the right products to you.

Why we process your information: To improve your experience on our website.
How we use your information for this purpose: We process information such as your Aesop account username and password, IP address, information about your purchases and your other activity on our website to improve our website, including to modify it to your usage, history and preferences and troubleshoot problems.
Based on the following justification: It is in our legitimate interests to ensure we provide you with a seamless online experience.

Why we process your information: To assess the online activities of our website users.
How we use your information for this purpose: We process information collected by our websites automatically and through cookies and other technologies to assess the activities of our users, to measure the interest in and use of our website and communications, and to customise the website and our communications with you. We do this on both an individual basis and in the aggregate. Please see the section titled 'Matters specific to the Internet' for more detail.
Based on the following justification: It is in our legitimate interests to process personal information using cookies and other technologies that we need to use to run our website. Where required by applicable law, we will ask for your consent to the use of cookies that aren't necessary to run our website.

Why we process your information: To understand and analyse our sales, your needs and preferences.
How we use your information for this purpose: We may use your information such as your geographical location to help us conduct focused market research (such as surveys) based on trends and common factors so that we develop, enhance, market and provide products and services to meet your individual needs.
Based on the following justification: It is in our legitimate interests to process personal information to develop, enhance, market and provide products and services to you.

Why we process your information: To understand your preferences based on information included in your Aesop profile (completed online, in-store or at one of our counters) or in other communications you send to Aesop.
How we use your information for this purpose: We process your information in this way to better understand you, to maintain, update and service your account with us.
This processing also allows us to conduct internal administrative activities, research, analytics, planning and project development.
Based on the following justification: It is in our legitimate interests to process personal information so that we can better provide our products to you.

Why we process your information: To process exchanges or returns.
How we use your information for this purpose: We process your personal information to perform our obligations under our contract with you.
Based on the following justification: It is necessary for us to process your personal information to fulfil our statutory and/or contractual obligations to you.

Why we process your information: To respond to requests or complaints.
How we use your information for this purpose: If you contact Aesop by live chat from our site, by email or phone, or in person at a store or counter, Aesop will collect your personal information and use this to identify you as a customer, help with your query, process your order, process payments, deliver products and services, update our records and to generally manage your account with us under our terms with you.
Based on the following justification: It is necessary for us to process your personal information to fulfil our statutory and/or contractual obligations to you.

Why we process your information: To ensure the security and integrity of Aesop resources, including the website.
How we use your information for this purpose: Aesop will process personal information to assess and enhance the security and reliability of our remote and electronic resources, including analysis of information collected during technological development, and program enhancements.
Based on the following justification: We process your personal information in an effort to provide safe, reliable access to our goods and services.

Why we process your information: To assess or ensure compliance with applicable laws, regulations, and policies.
How we use your information for this purpose: We may process your personal information to audit, confirm, and document compliance with legal, administrative, industry, and ethical standards, including Aesop’s policies and procedures, code of conduct, and corporate responsibility initiatives.
We will also process your personal information to audit our affiliates’ and service providers’ compliance with contractual obligations as well as applicable privacy and other standards.
Based on the following justification: We process your personal information to obey laws and regulations, to enforce internal policies, and to prevent and detect fraud and other practices that undermine Aesop’s commitment to fair and ethical conduct.


5. Matters specific to the internet
Cookies are small pieces of information which are issued to your device when you visit a website or some applications and which store and sometimes track information about your use of the website or application. If your browser is set up to accept cookies, when you visit our website, we may use cookies, pixel tags and other technologies to automatically collect the following information:
  • technical information, including your IP address (a number assigned to your computer when you register with an Internet Service Provider), your login information, browser type and version, domain name, details of any website which has referred you to our website, device identifier, your location and time zone setting, browser plug-in types and versions, operating system and platform, page response times, and errors;
  • information about your visit, including the websites you visit before and after our website and products you viewed, purchased or searched for; and
  • length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers) and methods used to browse away from the page.

Aesop uses cookies and similar technologies to track and collect information about which parts of Aesop's website and newsletter (including links to other websites) are visited by you. Cookies also allow Aesop to recognise your computer while you are on Aesop's website, and to send you to the country of origin and language you selected on your first visit to Aesop's site. This information is used to maintain the quality of our service and to provide tracking and statistics regarding the use of our website. We may also use this information to personalise our communications with you, tailor the information appearing on your site to personalise your experience with Aesop. We also use this information to maintain and improve the site, application and our services.

The types of cookies and similar technologies we use:
  • Strictly necessary cookies that are required for the operation of our website, such as cookies that enable you to log into your account or make purchases, or cookies that enable us to comply with the law (for example, to keep your information safe). We would not be able to operate our website without using "strictly necessary" cookies.

  • Performance cookies which recognise and count the number of users to our website and help us see how users move around our website. These cookies do not collect information that personally identifies a visitor. We only use such information to improve our website. This information helps us to find out how well the website is working and highlights where it can be improved.

  • Functionality cookies which are used to recognise when you return to our website and assist us to personalise your content and website experience by remembering your preferences. These cookies are also used to provide services you have asked for (such as watching a video). By using our website, you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings (please see below).

  • Targeting cookies and web beacons/tracking pixels which are used to record your visit to our website, the pages you have visited and the links you have followed. These cookies and tracking pixels are used by operators of third-party advertising networks such as Google and Facebook to advertise relevant products to you on the internet, based on the products and categories you looked at or purchased on our website. Our website currently uses tracking pixels with third parties such as Google and Facebook for marketing and remarketing purposes. This technology allows those third parties to collect information when you access our website, including the products on our website you have viewed, whether you have made a purchase and, if you make a purchase, the details of the transaction including products bought and amount of the sale. The third-party providers are able to identify specific users of their platforms through the ID number used in their tracking pixels. This information allows those providers to tailor what marketing material you are shown through those platforms and when browsing the internet. We also receive aggregated reports from those third parties in relation to our advertising campaigns, including de-identified information about the number of users who were shown our advertising campaigns and subsequently purchased our products. These reports use aggregated information and do not allow Aesop to identify specific individuals from those transactions. If you do not want to allow such information sharing between Aesop and those third party advertising networks by using targeting cookies and tracking pixels on your device, you can deactivate targeting cookies and tracking pixels through your user settings in your internet browser or in the respective third party platforms directly.

We also use third party cookies of suppliers who set their own cookies or similar technologies on our website with our permission to improve customer experience and offer additional functionality.
This website utilizes the online advertising programs from various third-party providers from time to time, such as “Google AdWords” and associated conversion tracking cookies may be set on the user’s browser. The information collected by the conversion cookies are used by such third-party providers to provide information such as conversion statistics to clients such as Aesop who have opted-in for conversion tracking. It is possible for Aesop to identify from this information when a particular individual website visitor completes an event (such as making a purchase) after interacting with our ads on those platforms. If you do not want to allow these cookies on your device, you may be able to deactivate them through your user settings in your internet browser, for example you can deactivate the Google conversion-tracking cookie through your user settings in your internet browser.

We also use Google AdWords remarketing codes to log when users view specific pages or take specific actions on a website. This allows us to provide targeted advertising in the future. If you do not wish to receive this type of advertising from us you can opt out using the DoubleClick opt-out page (http://www.google.com/settings/ads) or the Network Advertising Initiative opt-out page (http://www.networkadvertising.org/managing/opt_out.asp).

We also use Google Analytics to help analyse how you use our site. Google Analytics generates statistical and other information about website use by means of cookies. The information generated is used to create reports about the use of our site. Google will store this information. If you do not want your website visit data reported by Google Analytics, you can install the Google Analytics opt-out browser add-on. For more details on installing and uninstalling the add-on, please visit the Google Analytics opt-out page at https://tools.google.com/dlpage/gaoptout

Most web browsers are set-up to initially accept cookies. If you would rather not have any of this information stored on your computer, you can configure your browser, so it does not accept cookies. However, if you disable cookies, you may not be able to access all parts of this website, including the purchase section. For more information and to learn how to disable cookies, please visit https://www.allaboutcookies.org/ or www.youronlinechoices.com.
We inform you, where relevant, of our use of cookies and other device identifiers on arriving at our site. You acknowledge and agree by continuing to use our site without managing your cookie and device choices and preferences that you consent to our cookie and device identifier settings.


6. Do we use your personal information for direct marketing?
We will only use your personal information with your consent to send you marketing materials by email, text, WhatsApp or post, depending on your marketing preferences. Our marketing communications may include the products, services and other offers of Aesop or of third parties who have a relationship with us.
You can opt out of receiving direct marketing from us at any time by contacting us as described below. When we send you direct marketing communications by email or other electronic means, we'll always give you the option to unsubscribe in the message itself.


7. With which third parties do we share your personal information?
Your personal information is intended for Aesop but may be shared with third parties in certain circumstances:
Aesop's group of companies: We may share your personal information among our group of companies to register your account with us, deliver our products, provide you with customer support, process your payments, understand your preferences, send you information about products that may be of interest to you and conduct the other activities described in this Privacy Policy. Some of the companies in our group may be located overseas as discussed in the section titled 'Where do we transfer your personal information?'.
Our service providers: We use other companies, agents and contractors to perform services on our behalf or to assist us with the provision of the Aesop products to you. We may share personal information with such service providers including the following:
  • infrastructure and IT service providers, including for email archiving, mailing, online messaging, payment/billing, booking/appointment systems, IT support desk and cloud-based services;

  • advertising partners, including digital advertising partners such as social media sites and Google;

  • marketing, advertising and communications agencies and information services companies;
  • transportation and logistics providers;

  • external auditors and advisers; and

  • other parties to whom we are authorised or required by law to disclose information.

While providing such services, these service providers may have access to your personal information.
Third parties permitted by law: In certain circumstances, we may be required to disclose or share your personal information to comply with a legal or regulatory obligation (for example, we may be required to disclose personal information to the police, regulators, government agencies or to judicial or administrative authorities).
We may also disclose your personal information to third parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, to enforce our contracts or protect your rights or those of the public.
Third parties connected with business transfers: We may transfer your personal information to third parties relating to a reorganisation, restructuring, merger, acquisition or transfer of assets, provided that the receiving party agrees to treat your personal information in a manner consistent with this Privacy Policy.
Aesop will not sell your personal information to third parties for monetary compensation but may share your information with affiliated companies and contractors to better serve you by, for instance, tailoring your online experiences and customizing the products and services you are offered.
Please note our website may, from time to time, contain links to and from the websites of our partners or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we have no control over how they may use your personal information. This is the same for your use of social media sites. You should check the privacy policies of third-party websites before you submit any personal information to them.


8. Where do we transfer your personal information?
Aesop is a global brand and we provide our products and services all over the world. Your personal information may be transferred to and processed in:
  • the EEA;

  • Switzerland;

  • Australia;
  • New Zealand;

  • Japan;

  • Hong Kong;

  • Singapore;

  • Malaysia;

  • Macau;

  • Taiwan;

  • Korea;

  • the United States of America;

  • Canada; and

  • Brazil,

by our affiliates and our service providers.


9. What are your rights in relation to your personal information?
You have the following rights available to you in respect of the personal information we hold about you:
  • Access. You have the right to request a copy of the personal information we are processing about you. For your own privacy and security, at our discretion we may require you to prove your identity before providing the requested information.

  • Rectification. You have the right to request that incomplete or inaccurate personal information that we process about you be rectified.

  • Deletion. In some jurisdictions in which we operate, you have the right to request that we delete personal information that we process about you, except we are not obliged to do so if we need to retain such data to comply with a legal obligation or to establish, exercise or defend legal claims.

  • Restriction. In some jurisdictions in which we operate, you have the right to restrict our processing of your personal information where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.

  • Portability. In some jurisdictions in which we operate, you have the right to obtain personal information we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal information which you have provided to us, and (b) if we are processing that data based on your consent or to perform a contract with you.

  • Objection. In some jurisdictions in which we operate, where the legal justification for our processing of your personal information is our legitimate interest, including the profiling we undertake to send you personalised offers, product recommendations and similar content, you have the right to object to such processing on grounds relating to your situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.

  • Withdrawing Consent. If you have consented to our processing of your personal information, you have the right to withdraw your consent at any time, free of charge.
    This includes cases where you wish to opt out from marketing messages that you receive from us.

You can make a request to exercise any of these rights in relation to your personal information by sending the request to privacy@aesop.com.

Aesop will generally provide you with access to your personal information if practicable and will take reasonable steps to amend any of your personal information which is inaccurate or out of date. In some circumstances and in accordance with applicable privacy laws, we may not permit you access to your personal information, or may refuse to correct your personal information, in which case we will provide you reasons for this decision. Please note that where you have withdrawn your consent to our collection, use and disclosure of your personal information at any time (subject to contractual and legal restrictions and reasonable notice) or do not provide us with the personal information we request of you, we may be unable to provide you the products or services you have requested or contact you in the future.

You also have the right to lodge a complaint with us and the local data protection authority if you believe that we have not complied with applicable data protection laws. Please advise us of your concern or complaint in writing and send it to the relevant Aesop entity at the address set out below under the section titled "How can you contact us?". Your concern or complaint will be considered or investigated by us and we will respond to your complaint within a reasonable time. It is our intention to use our best endeavours to resolve any complaint to your satisfaction. However, if you are unhappy with our response, in Australia, you may contact the Office of the Australian Information Commissioner who may investigate your complaint further. If your complaint relates to the processing of your health information and you reside in Victoria, New South Wales or the Australian Capital Territory, you can lodge a complaint with the relevant State/Territory health complaints commissioner. Please click here for a list of local data protection authorities in EEA countries.


10. Do we use CCTV?
Please note that where CCTV is in operation in our stores you may be captured on CCTV and your image stored. All CCTV footage is captured purely for your security and for the prevention and detection of crime. If you would like to know more about this, please contact us using the details provided below.


11. How do we protect your personal information?
We do several things designed to keep our data secure, including administrative, technical and physical safeguards such as firewalls and encryption measures.
While we endeavour to protect our systems, website, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be safe from intrusion by others, such as hackers.

Aesop takes reasonable steps to:
a) make sure that the personal information we collect, use and disclose is accurate, complete and up-to-date;
b) protect the personal information that we hold from misuse and loss and from unauthorised access, modification or disclosure; and
c) where permitted by law, destroy or permanently anonymise personal information that is no longer needed by Aesop.
Aesop's credit card transactions are fulfilled by an authorised banking institution. When collecting credit card information for online purchases, Aesop offers secured server transactions that encrypt your information in transit to help prevent others from accessing it. Personal information is stored on servers that are protected by appropriate safeguards and will be accessible by authorised employees and agents who require access relating to their responsibilities. Your credit card details are encrypted and then removed from our system once your order has been dispatched.
We don't usually collect unsolicited personal information. In the event we receive unsolicited personal information, we will determine if it would have been permissible to collect that personal information if it had been solicited. If we determine that collection would not have been permissible, to the extent permitted by law, we will destroy or anonymise that personal information as soon as practicable.
Aesop will generally provide individuals with the option of not identifying themselves when entering into transactions when it is lawful and practicable to do so. However, on many occasion, we will not be able to do this. For example, we will need your address to deliver any products purchased through our website.


12. How long do we keep your personal information?
We will only retain your personal information to the extent permitted by applicable laws and regulations. When we no longer need to use personal information, including for any contractual, legal, or regulatory requirement, we will remove it from our systems and records and/or take steps to anonymise it so that you can no longer be identified from it.


13. How do we deal with children's privacy?
We will never knowingly collect personal information from individuals under the age of sixteen (16) years. If we become aware that a person under 16 has provided personal information to us, we will remove such personal information from our files.


14. How can you contact us?
If there are any questions or concerns regarding this Privacy Policy, please contact us at privacy@aesop.com.
If you live outside the EEA, Emeis Cosmetics Pty Ltd is responsible for your personal information. You can contact Emeis Cosmetics Pty Ltd at 25 Smith Street, Fitzroy VIC 3065, Australia.
If you live in the EEA, the data controller you should contact is Aesop UK Limited at 4-5 Long Yard, London, WC1N 3LU.


15. Which version of this Privacy Policy applies?
We reserve the right to change our Privacy Policy from time to time.
To obtain a copy of the latest version of our Privacy Policy at any time, visit our website at http://www.aesop.com/ or contact us by email: privacy@aesop.com.

This Privacy Policy was last updated on 2 June 2020.