privacy policy - australia
Date: 26 May 2021
At Charlotte Tilbury Beauty Limited, we are committed to protecting your personal information and respecting your privacy. It is your personal data and we respect that.
We have obligations concerning the collection, use, disclosure and storage of personal information. These obligations are set out in the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act), and other applicable State and Territory privacy laws.
This Privacy Policy tells you about how and why we collect and use the personal information which you provide to us or which we collect about you when you interact with us, for example, when you use our website or visit our stores. We want you to be fully informed about how we use your data, how we keep it secure and your rights.
We trust this Privacy Policy will answer any questions you have, but if not, please do get in touch with us directly at legal@charlottetilbury.com or using the contact details provided at the end of this Privacy Policy.
It is likely that we will need to update this Privacy Policy from time to time by updating this page. We will notify you of any significant changes, but would encourage you to come back and review it from time to time.
About Us - Who is the Charlotte Tilbury Group?
This Privacy Policy is provided by Charlotte Tilbury Beauty Limited (referred to as “we”, “us” or “our” in this Privacy Policy). We are the data controller of any personal information we collect about you in Australia, and we are responsible for the Charlotte Tilbury Australia Website (www.charlottetilbury.com/au) and any orders placed by customers on the Website.
When you place an order on the Website, you are contracting with Charlotte Tilbury Beauty Limited, but we are part of a wider group of Charlotte Tilbury companies that run and operate the Charlotte Tilbury business elsewhere across the globe. This includes in the US, Canada, Hong Kong and European Countries. When we refer to the ‘Charlotte Tilbury Group’ we are referring to the wider global group of Charlotte Tilbury companies.
If you want to know more about the Charlotte Tilbury Group, please get in touch with us using the contact details provided at the end of this Privacy Policy.
Retail Partners
You can purchase Charlotte Tilbury products and services via our retail partners across the UK. For example in Selfridges & Co., Harrods, The John Lewis Partnership, House of Fraser etc (we refer to these as our ‘Retail Partners’). Please note that when you are purchasing Charlotte Tilbury products and/or services through a Retail Partner, either online or in one of their stores, you are contracting directly with that Retail Partner and not with us or the wider Charlotte Tilbury Group.
Any personal information which you provide to a Retail Partner will be controlled by the Retail Partner and you should visit the Retail Partner’s website or contact them directly if you have any questions about how they process, handle and use your personal information.
Ensuring the lawful use of your data
We will only use your personal information where we have a lawful basis to use it. We will only use your data where it is necessary for us to perform our contract with you (for example, to fulfil your order), or in a way which might reasonably be expected as part of running our business and which does not materially impact your interests, rights or freedoms. For example, we might use your purchase history to send you personalised offers or combine your shopping history to identify trends and ensure we can keep up with demand and develop the right new products for our customers. Please get in touch with us using the contact details provided at the end of this Privacy Policy if you would like further information about this.
We may sometimes need to use data to comply with our legal obligations (for example to pass on details related to fraud). In other instances, we will ask for your consent to use your data, for example, where you sign-up to receive our email newsletters.
Further details of how we use your personal information are provided below.
What information we collect from you and how we use it
The information we collect about you and how we will use it, depends on how you interact with us, for example, if you place an order on our Website, contact us with a query by email or phone, make a purchase, or book an appointment in one of our stores. The table below provides some examples of the information we collect about you and how we will use it.
The personal information we collect from you | How we use it | Lawful Basis |
---|---|---|
We will collect the personal information needed to identify you, such as your name, username, password and date of birth. We will also collect your contact details, such as your email address, telephone number, mobile phone number and billing/delivery address. | To fulfil your order, for example, by delivering your products to you or to contact you about your order where necessary. For example, Royal Mail, DPD. | To fulfil our contract with you. |
To allow you to create an account with us. | Legitimate business purposes. | |
To send you email newsletters to keep you up-to-date about our products and services which we think will interest you and our latest offers, and where you opt to participate in our loyalty and VIP programmes. | Where you consent. | |
To send you SMS messages to keep you up-to-date about our products, services and our latest offers which we think will interest you. | Where you consent. | |
To send you information with your Order to keep you up to date about our products, services and our latest offers which we think will interest you. | Legitimate business purposes. | |
To allow you to book an appointment with us or to attend an event. | Legitimate business purposes. | |
So that you can enter competitions, events or prize draws run by us. | Legitimate business purposes. | |
To communicate with you in relation to your order or booking, or if you raise an enquiry or complaint with us. | Legitimate business purposes. | |
To allow you to complete any surveys we send you (if you wish to) or to comment on or review our products or service, to help us to improve them. | Legitimate business purposes. | |
Fraud prevention and detection. | Legitimate business purposes. | |
To email you to inform you when a product you want to order is back in stock. | Legitimate business purposes | |
Where we are required to by law or government regulation, such as for COVID-19 contact tracing. We may be required by law or regulation to share this information in specified circumstances, for example where COVID-19 contact tracing is required where our premises are identified as a location of a COVID-19 outbreak. | Legal obligation/legitimate business purposes. | |
Payment details and details of your transactions. | To take payment of your order and, if required, to give refunds. We do not store any payment card numbers once the transaction has been completed. We will share this data with credit card companies and other payment providers. | To fulfil our contract with you. |
Fraud prevention and detection. | Legal obligation/legitimate business purposes. | |
Details of your transactions including purchase history and activity. | To assess whether you are eligible for a loyalty programme | Legitimate business purposes |
Information you provide to us when you contact us by telephone, by email, by post or on social media, via our Website, via LiveChat or via VideoChat, including your phone number, email address, social media profile/handle and image, as applicable. | Provide you with the support and customer service you have requested. | Legitimate business purposes or where you consent when required. |
CCTV footage in our stores. | To record images for security purposes. Read our CCTV Policy here. | Legitimate business purposes. |
Technical information about your equipment, browsing actions and patterns. Information about how you use the Website and pages on the Website, such as the pages and links you access, the time you access them and the duration, and choices you make when using the Website. We collect this personal information by using cookies, server logs and other similar technologies such as web beacons or pixels on our website, apps and emails, and full details as to how we process and use cookies can be found on our Cookies Policy. | To administer and to improve our Website, to ensure it is presented in the most effective manner for you and to give you the best Website experience and to allow you to participate in interactive features of our Website if you choose to do so. | Where you consent. |
For data analysis, testing, research and statistical statistics to help us to improve our products and services. | Where you consent. | |
To keep our Website safe and secure. | Legal obligations. Legitimate business purposes. | |
To make suggestions and recommendations to you and other users of our Website about products or services that may interest you or them. To provide you with information about and remind you about the products and services that you have looked at on our Website. | Where you consent. | |
To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you. | Where you consent. | |
To identify behavioural flows (e.g. click-through-rate) from emails we send to you, so that we are able to monitor and analyse the effectiveness of those emails. | Where you consent. | |
Additional information you choose to provide us, including your birthday, hair colour, eye colour, make-up tone, skin tone and beauty preferences. We may collect this information in different ways, including via your Charlotte Tilbury account, via bookings you make, consultations or appointments you have with us, via games you play on our Website or via emails we send you or via marketing campaigns to collect additional optional data. | To assist us to provide you with a more personalised beauty experience. | Legitimate business purposes. |
Photographs of you, where you choose to provide them to us. | For use on the Charlotte Tilbury Website, social media channels and other Charlotte Tilbury channels and promotional materials for marketing purposes and product recommendations. | Where you consent. Legitimate business purposes. |
Personal information provided in audio or video recordings, such as when you call us, customer care calls or online consultation services. | To improve and monitor our services and for learning and development, training and quality purposes. | Legal obligation. Legitimate business purposes. |
Social media handles. | Where you have provided us with your social media handle to participate in a Charlotte Tilbury programme or similar, to enable us to identify and view your social media account(s). | Legitimate business purposes. |
When we send email marketing to you, our email marketing provider, Emarsys, may collect data about the locations from which you access and interact with those emails and the website pages you visit through links embedded in those emails. Emarsys shares that information with us, which can help us to tailor our marketing to you, for example, by telling you about an event or promotion available at a location which is near to where you frequently interact with our emails and linked website pages.
We use analytics tools to measure the effectiveness of our marketing, understand how customers interact with us on our website and online, and to build a clearer picture of our customers and their motivations. One of our analytics suppliers, Sprinklr, provides us with data about how you interact with Charlotte Tilbury Beauty online. Depending on your privacy settings on certain third-party websites, Sprinklr may collect information about your social media profile, including your follower count thresholds.
Zendesk, our third-party customer service and experience platform, underpins our customer care systems, including the system you use to contact our customer care representatives. Zendesk technology analyses the content of those communications including identifying what language is used, the reason for the communication, and providing our customer care representatives with customer context to communications to ensure your enquiry is handled in an efficient and appropriate manner by our customer care teams.
You don’t have to give us any of the personal information set out above but, if you don’t provide us with certain information, we may not be able to provide you with the goods and services you have requested from us. The forms you fill in on our Website and in our stores will make it clear what information we need in order to provide the product or service you are requesting and what information you can choose to provide if you wish.
To help us form a better, overall understanding of you as a customer, we combine your personal information gathered across the Charlotte Tilbury Group, for example, your shopping history.
1) Can I remain anonymous?
You can always choose to deal with us anonymously or by using a pseudonym.
However, please note that if you choose to remain anonymous, this may affect your ability to access or use certain functions of our Website or services.
If you wish to remain anonymous when dealing with us via a telephone call, please advise the call operator assisting you. Providing your personal details enables us to provide you with a contact record reference number which allows you, and other authorised persons, to retrieve information about that call at a later date.
Automated decision making
We may use profiling, which is a type of automated decision making, to analyse our customers’ purchase history and activity. This may be, for example, to create a list of customers that are eligible for a loyalty programme, based on their purchases and amounts they have spent, or to identify the types of advertising or marketing you might be interested in. You have the right to request that we don’t use your personal information in this way by contacting us in the ways set out at the bottom of this privacy policy.
Sharing your data
1) SHARING YOUR DATA WITHIN THE CHARLOTTE TILBURY GROUP
We may share your personal information with other companies within the Charlotte Tilbury Group to enable us to run data analysis, develop new products, for other business development purposes and/or to allow another Charlotte Tilbury Group company to perform services on our behalf. Where we do this, we have written contracts in place between the companies within the Charlotte Tilbury Group to ensure your privacy is secure and respected.
2) SHARING YOUR DATA WITH TRUSTED THIRD PARTIES
We share your personal information with trusted third parties to allow us to provide our services to you. When we do share your data with these third parties we only provide the information they need to perform the service. We have written contracts in place with them to ensure they only use your data for the purpose we specify to them and that your privacy is secure and respected. These trusted third parties include the following:
DESCRIPTION | EXAMPLES |
---|---|
Companies that help us fulfil your orders and, where required, get your purchases to you, such as delivery couriers and payment providers | Examples, Royal Mail, DPD, Klarna, Stripe, PayPal |
Professional service providers such as website hosting providers, system providers, website and social media analytics providers, advertisers and appointment booking providers, who help us run our business | Examples, Booking Bug, Google Analytics, Doubleclick, Magento, Traackr. |
Direct marketing companies who help us manage our electronic communications with you | Examples, Dotmailer, Ometria, Moveable ink. |
Social Media or Web platforms to show you products that might interest you while you’re browsing the internet | Examples, Facebook, Instagram, YouTube |
Companies who send segmented, personalised marketing communications on our behalf | Examples, Qubit, Revel, Implicit Design |
Credit reference agencies, law enforcement and fraud prevention agencies, so that we can help tackle fraud | Examples, Stripe, PayPal |
We will only share your personal information with third parties (including our group companies) for them to: (i) perform services for us or on our behalf; or (ii) use for their own direct marketing purposes when you have given your consent for us to do so.
When we disclose personal information to third parties, we make reasonable efforts to ensure that we disclose only relevant information and that it is accurate, complete and up to date and that the third party will comply with the Privacy Act in relation to that information.
We may disclose personal information in other circumstances, where the person concerned has consented to the disclosure, or where we are expressly permitted to do so by law.
These other disclosures may include where:
• You would reasonably expect the disclosure to occur (for example, quality assurance purposes or training); • We are authorised or compelled by law to disclose; • it will prevent or lessen a serious threat to someone's life, health or safety or a threat to public health or safety; • it is necessary as part of the establishment or defence of a legal claim; • it is in connection with a business transition (such as a merger, acquisition by another company, or a sale of all of or portion of our assets). In these circumstances, we may need to share your personal information with a prospective buyer and external professional advisors such as accountants, insurers, lawyers or financial institutions; • it is requested by an enforcement, regulatory or Government agency such as the Office of the Australian Information Commissioner ("OAIC") or police; or • it is a necessary part of an investigation following a complaint or incident (such as a potential data breach).
Information we receive from third parties
We may receive information about you from third parties, such as partners we run competitions and events with, for example, our Retail Partners and trade shows or from other organisations we work with, or from publicly available sources, such as Companies House, or information which is published in the media or where you have written a review about us.
Depending on your settings or the privacy policies of social media or messaging services, such as Facebook, Twitter or WhatsApp, we may collect information about you from these sources, with your permission.
We may combine the information you have given us, with information obtained from other sources, but we will only do this when we have a lawful basis to do so.
SEEING ADVERTISEMENTS FOR OUR WEBSITE ONLINE
We may collaborate with third parties to provide us with analytics services and serve Charlotte Tilbury ads and banners when you are browsing on apps and other websites. We do this by way of various ad exchanges and digital marketing networks. We and our advertising partners use various advertising technologies, for instance, ad tag, cookies, pixels, identifiers and web beacons. This information may be used by Charlotte Tilbury and others to, among other things, analyse and track data, determine the popularity of certain content, deliver advertising and content targeted to our understanding of your interests on our Website and other websites, and better understand your online activity. For more information about interest-based ads, or to opt out of having your web browsing activity used for behavioural advertising purposes, please visit our cookie policy and our cookie management tool.
The ads and banners you see are based on information that we hold about you, or on your prior use of our Website, for example, products you have browsed previously, content you have read on our Website, or on Charlotte Tilbury banners or ads that you have engaged with in the past.
We may also work with and use services offered by other third parties to serve ads to you as part of a customised campaign on third-party sites and platforms (such as Facebook or Instagram). As part of these ad campaigns, we or the third parties may convert information about you, such as your email address and phone number, into a unique value that can be matched with a user account on these platforms to allow us to learn about your interests and to serve you advertising that is customised to your interests. For more information about this advertising, or to opt out of seeing these types of customised ads on those third-party platforms, please visit these third-party sites and platforms, which may offer you choices about this type of customised advertising.
MARKETING SERVICE PROVIDERS
Your personal data, which includes but is not limited to demographic information, transaction history, and online behaviour, may be shared with selected marketing service providers for the purposes of the following and is typically known as data profiling:
• helping us better understand the likely characteristics of our customers;
• creating predictive models that can offer suggestions and recommendations to you and other users about products or services that may interest you or them;
• improving the relevancy and appropriateness of our marketing to customers (e.g. offers, its products and services); and
• helping us to communicate with our customers more effectively offline and online. This may mean that you receive tailored advertising via direct mail or when you visit a website.
To ensure the security and protection of your data, all information shared with any marketing service providers will be transformed into a non-readable format. This means that your identifiable information will be removed and replaced with pseudonymous identifiers or encrypted tokens. The marketing service providers may have the capability to match the data we share with them with data from their or other third party sources. For example, combining the non-readable data received from us with data collected from various reputable sources to gain more comprehensive insights into consumer behaviour and preferences.
International transfer of your personal data
We are a global business and some of our group companies and service providers are located in countries outside of Australia.
As a result, it may be necessary for the personal information that we collect from you to be transferred to or accessed from outside of Australia in order for us to provide our services.
Some of the third parties to whom we may disclose personal information may be located overseas. The countries in which those third parties may be located are:
• the United Kingdom; • the United States; and • Europe.
Where we disclose information outside of Australia, we will take reasonable steps to ensure that any such person to whom personal information is disclosed will deal with that information in a way that is consistent with the APPs.
How long will we keep your personal data?
We will only keep your personal data for as long as we need to for the reason we We will only keep your personal information for as long as we need to for the reason we collected it, as set out in this Privacy Policy. For example, for as long as needed to allow us to fulfil your order or to provide any customer services support you have requested, or for as long as you hold an account with us.
We may also keep hold of some of your personal information if we are required to do so for legal purposes, for example, to meet our legal or regulatory requirements or to prevent fraud and abuse. For example, we will keep your order data for five years after you place an order with us to allow us to comply with our legal obligations.
When we are no longer required to keep your personal information, your data will either be deleted or completely anonymised. For example, by aggregation with other data so that it can be used in a non-identifiable way for business planning and analysis purposes.
Ensuring your personal data is up to date and correct
It is important that the personal data we hold about you is accurate and current. If you have an account with us, please keep your details up-to-date.
Security
We are committed to ensuring that your personal information is secure and we have put in place suitable physical, electronic, contractual and managerial procedures, including our Information Security Management System and Secure Sockets Layer (SSL) encryption, to protect your personal information. Our employees who have access to and process your personal information are obliged to respect the confidentiality and security of your personal information.
However, we advise that there are inherent risks in transmitting information across the internet, including the risk that information sent to or from a website may be intercepted, corrupted or modified by third parties. If you have security concerns, or wish to provide personal information by other means (e.g. by telephone or paper), you may contact us using the contact details set out at the end of this Privacy Policy.
The personal information of our employees, systems and most of the third parties we share information with are located in the EU and UK, with some of this personal information stored in secure cloud systems.
Third Party Links
Our Website may contain links to other websites of interest. However, we do not have any control over third party websites and they will be governed by their own privacy policies, not this Privacy Policy.
How can I unsubscribe from marketing communications?
We love keeping you up-to-date by email and by SMS about our latest products, services, offers and events, but if you decide that you don’t want to receive these communications at any point, you can unsubscribe as follows:
To unsubscribe from emails, email us at: customercare@charlottetilbury.com or click on the unsubscribe button on the bottom of any email we send you. If you have an account with us, you can also unsubscribe by going to the Account Information page on the Charlotte Tilbury website, clicking on Newsletters, and unsubscribing to general subscription.
To unsubscribe from SMS, follow the link at the end of any SMS we send you. You can also email us at customercareaustralia@charlottetilbury.com. We may also send you details of products, services, offers and events we think you may be interested in when we send you your Order. If you decide that you don’t want to receive these communications let us know by email at customercareaustralia@charlottetilbury.com.
Your rights
to request:
• Access to the personal information we hold about you (commonly known as a "data subject access request") including a copy of it. • The correction of the personal information that we hold about you if it is incomplete or inaccurate (although if you hold an account with us, you may be able to do this in certain cases yourself by visiting the Account Information page on the Charlotte Tilbury website); • The deletion or removal of personal information we hold about you where there is no good reason for us continuing to process it or where you have exercised your right to object to processing (see below); • For our processing of your personal information to be restricted in certain circumstances, for example if you want to establish its accuracy or the reason for processing it; and • To obtain a copy of the personal information you’ve provided us with and to reuse it elsewhere or to ask us to transfer it to a third party of your choice.
We may ask you for proof of your identity before dealing with your request, as a security measure to protect your data.
1) Right to Object
Where we are processing your personal information on the basis of our legitimate interests, you can ask us to stop processing it and we must do so unless we believe we have an overriding legitimate reason to continue processing your personal information.
If you are dissatisfied with how we have handled your personal information, you have the right to make a complaint to your data protection regulator. In Australia, this is the OAIC. See www.oaic.gov.au for how to make a complaint.
We would, however, appreciate the chance to deal with your concerns before you approach the OAIC or, (if you’re based outside of Australia, your data protection regulator), so please do contact us in the first instance.
Children
Customers need to be over 18 to create an account with us or to sign up for our newsletter or to contact us or to liaise with us via LiveChat or VideoChat. We will not knowingly collect data about under 18s and if you are under 18, please do not provide us with your personal information. We would ask parents to please ensure that their children that are under 18 do not provide us with any personal information without their permission. If you believe that a child who is under 18 has provided personal information to us, please contact us, using the details below and we will seek to delete that data from our systems.
Lookalike Audiences
For advertising purposes, we occasionally use information about our customers to generate a "lookalike audience" or similar audience of prospective customers through the Facebook, Google, Snapchat, Pinterest or TikTok advertising platforms. This allows us to target advertisements on their networks to potential customers who appear to have shared interests or similar demographics to our existing customers, based on the platforms' own data. We typically do this by uploading a list of email addresses. These third parties’ policy is to irreversibly hash (encrypt) such lists prior to uploading, match the hashed data against their own customers, generate the lookalike audience, then delete the uploaded list and use it for no other purpose. We do not have access to the identity of anybody in the lookalike audience, unless they choose to click on the ads. Based on this, we believe that generating lookalike audiences poses little or no threat to the privacy of our customers. If you wish to opt out of "similar audiences" in Google, you can do so through your Ads Settings. Many of the companies that display interest-based advertising are members of the Network Advertising Initiative ("NAI") and/or Digital Advertising Alliance ("DAA"). To learn more about interest-based advertising and how you may be able to opt-out of interest-based advertising, tracking, and/or sharing of tracking data by their members, visit their online resources at www.networkadvertising.org/choices and www.aboutads.info/choices, respectively. Other resources (not affiliated with NAI or DAA) include http://preferences-mgr.truste.com/, or for EU residents, www.youronlinechoices.eu.
CONTACTING US
If you have any queries, comments or requests regarding this Privacy Policy, you have a complaint or you would like to exercise any of your rights set out above, you can contact us in the following ways:
• By email at legal@charlottetilbury.com; or
• By post at General Counsel, Charlotte Tilbury Beauty Limited, 8 Surrey Street, London, United Kingdom WC2R 2ND.