Contents
1. Who are we?
2. What information is covered by this Privacy Notice?
3. What information do we collect from you?
4. How do we use your personal information?
5. Do we use your personal information for direct marketing?
6. Sharing your data with third parties
7. Where do we transfer your personal information?
8. What are your rights (EEA residents only)?
9. Do we use CCTV?
10. How do we protect your personal information?
11. How long do we keep your personal information?
12. How do we deal with children's privacy?
13. How can you contact us?
14. Which version of this Privacy Notice applies?
Aesop is committed to protecting your privacy and ensuring the highest level of security for your personal information. This Privacy Notice explains the types of personal information we collect, how we use that information, who we share it with, and how we protect that information.
Please read the following carefully to understand our views and practices regarding your personal information.
1. Who are we?
This Privacy Notice applies to information that each of Emeis Cosmetics Pty Ltd, Aesop UK Limited and their parents, subsidiaries and affiliate entities worldwide (individually and collectively referred to herein as "Aesop", "we", "us" or "our") collects from you.
The personal information we collect is controlled by Aesop UK Limited, Hay's Galleria, 1 Hay's Lane, Hay's Lane House, 3rd Floor, London, SE1 2HD (registered number 05192303), Emeis Cosmetics Pty Ltd, 23 Waterloo Road, Collingwood VIC 3066, Australia, (ACN registration: 007 409 001) and the relevant local corporate affiliates. For the purposes of applicable data protection laws, the relevant Aesop entity as set out in section 14 below is a data controller of your personal information.
2. What information is covered by this Privacy Notice?
This Privacy Notice covers all personal information processed by Aesop which means information that (either in isolation or in combination with other information) enables you to be identified directly or indirectly.
3. What information do we collect from you?
We may collect information about you from the following sources:
3.1 Information we receive from you
We may collect personal information (such as your name, postal and email address, telephone number, date of birth, title, payment information, health and other information) that you provide to us when you:
• visit our website and register an account with us and/or purchase products through our website;
• fill out a profile card when visiting one of our Aesop retail stores or counters; and
• subsequently correspond with us.
3.2 Information we collect about you
When you visit our website, we may use cookies and other technologies to automatically collect the following information:
• technical information, including your IP address, your login information, browser type and version, details of any website which has referred you to our website, device identifier, location and time zone setting, browser plug-in types and versions, operating system and platform, page response times, and download errors;
• information about your visit, including the websites you visit before and after our website and products you viewed or searched for; and
• length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers) and methods used to browse away from the page.
If your web browser is set up to accept cookies, a cookie will be stored on your hard drive when you visit Aesop's website. Cookies allow Aesop to collect information about your computer, which may include your IP address (a number assigned to your computer when you register with an Internet Service Provider), type of browser, operating system, domain name, and the details of any website which has referred you to our website. Aesop uses cookies to track and collect information about which parts of Aesop's website and newsletter (including links to other websites) are visited by you.
Cookies also allow Aesop to recognise your computer while you are on Aesop's website, and to send you to the country of origin and language you selected on your first visit to Aesop's site. This information is used to maintain the quality of our service and to provide tracking and statistics regarding the use of our website.
The types of cookies we use:
• Strictly necessary cookies that are required for the operation of our website, such as cookies that enable you to log into your account or make purchases, or cookies that enable us to comply with the law (for example, to keep your information safe). We would not be able to operate our website without using "strictly necessary" cookies.
• Performance cookies which recognise and count the number of users to our website and help us see how users move around our website. These cookies do not collect information that identifies a visitor. [Any information collected by these cookies is anonymous.] We only use such information to improve our website. This information helps us to find out how well the website is working and highlights where it can be improved.
• Functionality cookies which are used to recognise when you return to our website and assist us to personalise your content and website experience by remembering your preferences. These cookies are also used to provide services you have asked for (such as watching a video). By using our website, you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings (please see below).
• Targeting cookies which are used to record your visit to our website, the pages you have visited and the links you have followed. These cookies are used to advertise relevant products to you on other websites, based on the products and categories you looked at on our website.
We also use third party cookies of suppliers who set their own cookies on our website with our permission to improve customer experience and offer additional functionality. This website utilizes the online advertising program “Google AdWords” and the associated conversion tracking cookie is set on the user’s browser. The information collected by the conversion cookies are used to provide aggregate conversion statistics to AdWords clients who have opted-in for conversion tracking. They are not used to acquire personal information. If you do not want to allow these cookies on your device, you can deactivate the Google conversion-tracking cookie through your user settings in your internet browser.
We also use Google AdWords remarketing codes to log when users view specific pages or take specific actions on a website. This allows us to provide targeted advertising in the future. If you do not wish to receive this type of advertising from us in you can opt out using the DoubleClick opt-out page (http://www.google.com/settings/ads) or the Network Advertising Initiative opt-out page (http://www.networkadvertising.org/managing/opt_out.asp).
We will not disclose personal information we collect from you to third parties without your permission except to the extent necessary:
• to fulfil your requests for services;
• to protect ourselves from liability; or
• to respond to legal process or comply with law, or because of a merger, acquisition, or liquidation of the company.
If you would rather not have any of this information stored on your computer, you can configure your browser so it does not accept cookies. However, if you disable cookies you may not be able to access all parts of this website, including the purchase section. For more information and to learn how to disable cookies, please visit www.allaboutcookies.org or www.youronlinechoices.com.
4. How do we use your personal information?
Why we process your information:
How we use your information for this purpose:
Based on the following justification:
To provide you with information about our products and services.
We process your order history to develop, market, sell or otherwise provide products, services or information to you.
We also process your name and contact details to provide you with copies of our newsletter (such as our Ledger publication) or information about our products, store launches, partnerships, in-store events or other marketing or promotional information. We also process this information to ensure that we do not contact you if you have asked us not to.
Using your personal information in this way is necessary for us to perform our statutory and/or contractual obligations to you. It is also in our legitimate interests to provide you with the best possible customer experience online and instore.
To process your payments and protect you against fraudulent transactions.
We process your personal information including your card details to fulfil your purchase orders for our products, services and/or gift cards.
We also process this information to keep your payment details safe and protect you against fraudulent transactions.
It is in our legitimate interests to process financial information to keep payments secure and necessary for the performance of our contract with you.
To provide you with products and services that you have purchased from us.
We may need to use your name and contact details to perform our obligations under a contract with you (e.g. where you have purchased a product or service from us, like a hand cream or a facial treatment).
It is necessary for us to process your personal information in this way for us to perform our statutory and/or contractual obligations to you.
To learn more about why you use certain products and inform our product developers.
We process your health information (e.g. where you suffer an adverse reaction to a product) to update your account with us.
We also process this data to conduct internal administrative activities, research, analytics, planning and product development.
It is in our legitimate interests to develop our products and market the right products to you.
To improve your experience on our website.
We process information such as your Aesop account username and password, IP address, information about your purchases and your other activity on our website to improve our website, including to modify it to your usage, history and preferences and troubleshoot problems.
It is in our legitimate interests to ensure we provide you with a seamless online experience.
To detect fraudulent or suspicious transactions.
We process the details of your device when you shop on our website to enable us to detect any fraudulent transactions or suspicious purchasing activity.
It is in our legitimate interests to process personal information in this way.
To assess the online activities of our website users.
We process information collected by our websites automatically and through cookies and other technologies to assess the activities of our users, to measure the interest in and use of our website and communications, and to customise the website and our communications with you. We do this on both on an individual basis and in the aggregate. Please see the section titled 'Information we collect about you' for more detail.
It is in our legitimate interests to process personal information using cookies and other technologies that we need to use to run our website. Where required by applicable law, we will ask for your consent to the use of cookies that aren't necessary to run our website.
To understand and analyse our sales, and your needs and preferences.
We may use your information such as your geographical location to help us conduct focused market research based on trends and common factors so that we develop, enhance, market and provide products and services to meet your individual needs.
It is in our legitimate interests to process personal information to develop, enhance, market and provide products and services to you.
To understand your preferences based on information included in your Aesop profile completed in-store or in other communications you send to Aesop.
We process your information in this way to better understand you to maintain, update and service your account with us.
This processing also allows us to conduct internal administrative activities, research, analytics, planning and project development.
It is in our legitimate interests to process personal information so that we can better provide our products to you.
To process exchanges or returns.
We process your personal information to perform our obligations under our contract with you.
It is necessary for us to process your personal information to fulfil our statutory and/or contractual obligations to you.
To respond to requests or complaints.
We will need to process your name and contact details to respond to requests or complaints.
It is necessary for us to process your personal information to fulfil our statutory and/or contractual obligations to you.