Privacy Policy

Contents

1. Who are we?

2. What information is covered by this Privacy Notice?

3. What information do we collect from you?

4. How do we use your personal information?

5. Do we use your personal information for direct marketing?

6. Sharing your data with third parties

7. Where do we transfer your personal information?

8. What are your rights (EEA residents only)?

9. Do we use CCTV?

10. How do we protect your personal information?

11. How long do we keep your personal information?

12. How do we deal with children's privacy?

13. How can you contact us?

14. Which version of this Privacy Notice applies?

 

Aesop is committed to protecting your privacy and ensuring the highest level of security for your personal information. This Privacy Notice explains the types of personal information we collect, how we use that information, who we share it with, and how we protect that information.

Please read the following carefully to understand our views and practices regarding your personal information.

1. Who are we?

This Privacy Notice applies to information that each of Emeis Cosmetics Pty Ltd, Aesop UK Limited and their parents, subsidiaries and affiliate entities worldwide (individually and collectively referred to herein as "Aesop", "we", "us" or "our") collects from you.

The personal information we collect is controlled by Aesop UK Limited, Hay's Galleria, 1 Hay's Lane, Hay's Lane House, 3rd Floor, London, SE1 2HD (registered number 05192303), Emeis Cosmetics Pty Ltd, 23 Waterloo Road, Collingwood VIC 3066, Australia, (ACN registration: 007 409 001) and the relevant local corporate affiliates. For the purposes of applicable data protection laws, the relevant Aesop entity as set out in section 14 below is a data controller of your personal information.

2. What information is covered by this Privacy Notice?

This Privacy Notice covers all personal information processed by Aesop which means information that (either in isolation or in combination with other information) enables you to be identified directly or indirectly.

3. What information do we collect from you?

We may collect information about you from the following sources:

3.1 Information we receive from you

We may collect personal information (such as your name, postal and email address, telephone number, date of birth, title, payment information, health and other information) that you provide to us when you:

• visit our website and register an account with us and/or purchase products through our website;

• fill out a profile card when visiting one of our Aesop retail stores or counters; and

• subsequently correspond with us.

3.2 Information we collect about you

When you visit our website, we may use cookies and other technologies to automatically collect the following information:

• technical information, including your IP address, your login information, browser type and version, details of any website which has referred you to our website, device identifier, location and time zone setting, browser plug-in types and versions, operating system and platform, page response times, and download errors;

• information about your visit, including the websites you visit before and after our website and products you viewed or searched for; and

• length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers) and methods used to browse away from the page.

If your web browser is set up to accept cookies, a cookie will be stored on your hard drive when you visit Aesop's website. Cookies allow Aesop to collect information about your computer, which may include your IP address (a number assigned to your computer when you register with an Internet Service Provider), type of browser, operating system, domain name, and the details of any website which has referred you to our website. Aesop uses cookies to track and collect information about which parts of Aesop's website and newsletter (including links to other websites) are visited by you.

Cookies also allow Aesop to recognise your computer while you are on Aesop's website, and to send you to the country of origin and language you selected on your first visit to Aesop's site. This information is used to maintain the quality of our service and to provide tracking and statistics regarding the use of our website.

The types of cookies we use:

• Strictly necessary cookies that are required for the operation of our website, such as cookies that enable you to log into your account or make purchases, or cookies that enable us to comply with the law (for example, to keep your information safe). We would not be able to operate our website without using "strictly necessary" cookies.

• Performance cookies which recognise and count the number of users to our website and help us see how users move around our website. These cookies do not collect information that identifies a visitor. [Any information collected by these cookies is anonymous.] We only use such information to improve our website. This information helps us to find out how well the website is working and highlights where it can be improved.

• Functionality cookies which are used to recognise when you return to our website and assist us to personalise your content and website experience by remembering your preferences. These cookies are also used to provide services you have asked for (such as watching a video). By using our website, you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings (please see below).

• Targeting cookies which are used to record your visit to our website, the pages you have visited and the links you have followed. These cookies are used to advertise relevant products to you on other websites, based on the products and categories you looked at on our website.

We also use third party cookies of suppliers who set their own cookies on our website with our permission to improve customer experience and offer additional functionality. This website utilizes the online advertising program “Google AdWords” and the associated conversion tracking cookie is set on the user’s browser. The information collected by the conversion cookies are used to provide aggregate conversion statistics to AdWords clients who have opted-in for conversion tracking. They are not used to acquire personal information. If you do not want to allow these cookies on your device, you can deactivate the Google conversion-tracking cookie through your user settings in your internet browser.

We also use Google AdWords remarketing codes to log when users view specific pages or take specific actions on a website. This allows us to provide targeted advertising in the future. If you do not wish to receive this type of advertising from us in you can opt out using the DoubleClick opt-out page (http://www.google.com/settings/ads) or the Network Advertising Initiative opt-out page (http://www.networkadvertising.org/managing/opt_out.asp).

We will not disclose personal information we collect from you to third parties without your permission except to the extent necessary:

• to fulfil your requests for services;

• to protect ourselves from liability; or

• to respond to legal process or comply with law, or because of a merger, acquisition, or liquidation of the company.

If you would rather not have any of this information stored on your computer, you can configure your browser so it does not accept cookies. However, if you disable cookies you may not be able to access all parts of this website, including the purchase section. For more information and to learn how to disable cookies, please visit www.allaboutcookies.org or www.youronlinechoices.com.

4. How do we use your personal information?

Why we process your information:

How we use your information for this purpose:

Based on the following justification:

To provide you with information about our products and services.

We process your order history to develop, market, sell or otherwise provide products, services or information to you.

We also process your name and contact details to provide you with copies of our newsletter (such as our Ledger publication) or information about our products, store launches, partnerships, in-store events or other marketing or promotional information. We also process this information to ensure that we do not contact you if you have asked us not to.

Using your personal information in this way is necessary for us to perform our statutory and/or contractual obligations to you. It is also in our legitimate interests to provide you with the best possible customer experience online and instore.

To process your payments and protect you against fraudulent transactions.

We process your personal information including your card details to fulfil your purchase orders for our products, services and/or gift cards.

We also process this information to keep your payment details safe and protect you against fraudulent transactions.

It is in our legitimate interests to process financial information to keep payments secure and necessary for the performance of our contract with you.

To provide you with products and services that you have purchased from us.

We may need to use your name and contact details to perform our obligations under a contract with you (e.g. where you have purchased a product or service from us, like a hand cream or a facial treatment).

It is necessary for us to process your personal information in this way for us to perform our statutory and/or contractual obligations to you.

To learn more about why you use certain products and inform our product developers.

We process your health information (e.g. where you suffer an adverse reaction to a product) to update your account with us.

We also process this data to conduct internal administrative activities, research, analytics, planning and product development.

It is in our legitimate interests to develop our products and market the right products to you.

To improve your experience on our website.

We process information such as your Aesop account username and password, IP address, information about your purchases and your other activity on our website to improve our website, including to modify it to your usage, history and preferences and troubleshoot problems.

It is in our legitimate interests to ensure we provide you with a seamless online experience.

To detect fraudulent or suspicious transactions.

We process the details of your device when you shop on our website to enable us to detect any fraudulent transactions or suspicious purchasing activity.

It is in our legitimate interests to process personal information in this way.

To assess the online activities of our website users.

We process information collected by our websites automatically and through cookies and other technologies to assess the activities of our users, to measure the interest in and use of our website and communications, and to customise the website and our communications with you. We do this on both on an individual basis and in the aggregate. Please see the section titled 'Information we collect about you' for more detail.

It is in our legitimate interests to process personal information using cookies and other technologies that we need to use to run our website. Where required by applicable law, we will ask for your consent to the use of cookies that aren't necessary to run our website.

To understand and analyse our sales, and your needs and preferences.

We may use your information such as your geographical location to help us conduct focused market research based on trends and common factors so that we develop, enhance, market and provide products and services to meet your individual needs.

It is in our legitimate interests to process personal information to develop, enhance, market and provide products and services to you.

To understand your preferences based on information included in your Aesop profile completed in-store or in other communications you send to Aesop.

We process your information in this way to better understand you to maintain, update and service your account with us.

This processing also allows us to conduct internal administrative activities, research, analytics, planning and project development.

It is in our legitimate interests to process personal information so that we can better provide our products to you.

To process exchanges or returns.

We process your personal information to perform our obligations under our contract with you.

It is necessary for us to process your personal information to fulfil our statutory and/or contractual obligations to you.

To respond to requests or complaints.

We will need to process your name and contact details to respond to requests or complaints.

It is necessary for us to process your personal information to fulfil our statutory and/or contractual obligations to you.

5. Do we use your personal information for direct marketing?

We will only use your information with your consent when we send you marketing materials by email, text or post, depending on your marketing preferences. You can opt out at any time by contacting us as described below. When we send you communications by email or other electronic means, we'll always give you the option to unsubscribe in the message itself.

6. With which third parties do we share your personal information?

Your personal information is intended for Aesop but may be shared with third parties in certain circumstances:

Aesop's group of companies: We may share your personal information among our group of companies to register your account with us, deliver our products, provide you with customer support, process your payments, understand your preferences, send you information about products that may be of interest to you and conduct the other activities described in this Privacy Notice.

Our service providers: We use other companies, agents or contractors to perform services on our behalf or to assist us with the provision of the Aesop products to you. We may share personal information with the following categories of service provider:

• infrastructure and IT service providers, including for email archiving, mailing, billing and cloud-based services;

• marketing, advertising and communications agencies;

• external auditors and advisers; or

• other parties to whom we are authorised or required by law to disclose information.

While providing such services, these service providers may have access to your personal information. However, we will only provide our service providers with personal information which is necessary for them to perform their services, and we require them not to use your information for any other purpose. We will use our best efforts to ensure that all our service providers keep your personal information secure.

Third parties permitted by law: In certain circumstances, we may be required to disclose or share your personal information to comply with a legal or regulatory obligation (for example, we may be required to disclose personal information to the police, regulators, government agencies or to judicial or administrative authorities).

We may also disclose your personal information to third parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, to enforce our contracts or protect your rights or those of the public.

Third parties connected with business transfers: We may transfer your personal information to third parties relating to a reorganisation, restructuring, merger, acquisition or transfer of assets, provided that the receiving party agrees to treat your personal information in a manner consistent with this Privacy Notice.

We will not sell your personal information to third parties.

Please note our website may, from time to time, contain links to and from the websites of our partners or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we have no control over how they may use your personal information. You should check the privacy policies of third party websites before you submit any personal information to them.

7. Where do we transfer your personal information?

Aesop is a global brand and we provide our products and services all over the world. Your personal information may be transferred to and processed in:

• the EEA;

• Switzerland;

• Australia;

• New Zealand;

• Japan;

• Hong Kong;

• Singapore;

• Malaysia;

• Macau;

• Taiwan;

• Korea;

• the Unites States of America;

• Canada; and

• Brazil,

by our affiliates and our service providers. We will take all steps that are reasonably necessary to ensure that your personal information is treated securely and in accordance with this Privacy Notice as well as applicable data protection laws, including, where we transfer personal information from the EEA, by entering EU standard contractual clauses (or equivalent measures) with parties outside the EEA (where relevant).

8. What are your rights?

You have the following rights available to you in respect of the personal information we hold about you:

• Access. You have the right to request a copy of the personal information we are processing about you. For your own privacy and security, at our discretion we may require you to prove your identity before providing the requested information.

• Rectification. You have the right to have incomplete or inaccurate personal information that we process about you rectified.

• Deletion. You have the right to request that we delete personal information that we process about you, except we are not obliged to do so if we need to retain such data to comply with a legal obligation or to establish, exercise or defend legal claims.

• Restriction. You have the right to restrict our processing of your personal information where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.

• Portability. You have the right to obtain personal information we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal information which you have provided to us, and (b) if we are processing that data based on your consent or to perform a contract with you.

• Objection. Where the legal justification for our processing of your personal information is our legitimate interest, including the profiling we undertake to send you personalised offers, product recommendations and similar content, you have the right to object to such processing on grounds relating to your situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.

• Withdrawing Consent. If you have consented to our processing of your personal information, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us.

You can make a request to exercise any of these rights in relation to your personal information by sending the request to privacy@aesop.com.

Aesop will generally provide you with access to your personal information if practicable and will take reasonable steps to amend any of your personal information which is inaccurate or out of date.

Please note that where you have withdrawn your consent to our collection, use and disclosure of your personal information at any time (subject to contractual and legal restrictions and reasonable notice), we may be unable to provide you the products or services you have requested or contact you in the future.

You also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. Please click here for a list of local data protection authorities in EEA countries.

9. Do we use CCTV?

Please note that where CCTV is in operation in our stores you may be captured on CCTV and your image stored. All CCTV footage is captured purely for your security and for the prevention and detection of crime. If you would like to know more about this, please contact us using the details provided below.

10. How do we protect your personal information?

We do several things to keep our data secure, which are considered best practice in the IT security industry. Such measures include, for example, limiting access to personal information only to employees and authorised service providers who need to know such information for the purposes described in this Privacy Notice, as well as other administrative, technical and physical safeguards, including firewalls and encryption measures.

While we endeavour to protect our systems, website, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be safe from intrusion by others, such as hackers.

Aesop takes reasonable steps to:

a) make sure that the personal information we collect, use and disclose is accurate, complete and up-to-date;

b) protect the personal information that we hold from misuse and loss and from unauthorised access, modification or disclosure; and

c) where permitted by law, destroy or permanently anonymise personal information that is no longer needed for purposes for which it was collected.

Aesop's credit card transactions are fulfilled by an authorised banking institution. When collecting credit card information for online purchases, Aesop offers secured server transactions that encrypt your information in transit to help prevent others from accessing it. Personal information is stored on servers that are protected by appropriate safeguards, and will be accessible by authorised employees and agents who require access relating to their responsibilities. Your credit card details are encrypted and then removed from our system once your order has been dispatched.

We don't usually collect unsolicited personal information. In the event we receive unsolicited personal information, we'll determine if it would have been permissible to collect that personal information if it had been solicited. If we determine that collection would not have been permissible, to the extent permitted by law, we'll destroy or anonymise that personal information as soon as practicable.

Aesop will generally provide individuals with the option of not identifying themselves when entering into transactions when it is lawful and practicable to do so. However, on many occasion, we will not be able to do this. For example, we will need your address to deliver any products purchased through our website.

11. How long do we keep your personal information?

We will only retain your personal information for as long as necessary for the purpose for which that data was collected and to the extent permitted by applicable laws. When we no longer need to use personal information, we will remove it from our systems and records and/or take steps to anonymise it so that you can no longer be identified from it.

12. How do we deal with children's privacy?

We will never knowingly collect personal information from individuals under the age of sixteen (16) years without first obtaining verifiable parental consent. If you are under the age of 16 you should not provide information to us. If we become aware that a person under 16 has provided personal information to us without verifiable parental consent, we will remove such personal information from our files.

13. How can you contact us?

If there are any questions or concerns regarding this Privacy Policy, please contact us at privacy@aesop.com.

If you live in Switzerland, you should contact Aesop Switzerland AG, Gasometerstrasse 16, 8005 Zürich. 

If you live in the UK, the data controller you should contact is Aesop UK Limited at Hay's Galleria, 1 Hay's Lane, Hay's Lane House, 3rd Floor, London, SE1 2HD If you live in the EEA you should contact, Aesop Germany, Pfeilstrasse 45, Cologne 50672, Germany.

If you live outside the EEA and UK, Emeis Cosmetics Pty Ltd is responsible for your personal information. You can contact Emeis Cosmetics Pty Ltd at 23 Waterloo Road, Collingwood VIC 3066, Australia.

14. Which version of this Privacy Notice applies?

This Privacy Notice is written in English and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this notice, the English version shall prevail.

We reserve the right to change our Privacy Notice from time to time. To obtain a copy of the latest version at any time, visit our website at http://www.aesop.com/ or contact us by email: privacy@aesop.com. If we decide to change our Privacy Notice we post an alert on the home page of our global website.

30th November, 2023