Privacy Policy Update
PRIVACY POLICY
About this Policy
Cult Beauty is committed to protecting our customer's privacy. Please take the time to review this notice which explains what information we collect about you, how we use it, and your rights. Cult Beauty Limited (“Cult Beauty”, “we” or “us”) is the data controller of the personal data collected via or in connection with Cult Beauty and any associated App (the “Site”).
What Personal Data is Collected?
We collect personal data from you when you provide it to us directly and through your use of the Site. This information may include:
Information you provide to us when you use our Site (e.g. your name, contact details, gender, product reviews, and any information which you add to your account profile);
Transaction and billing information, if you make any purchases from us or using our Site (e.g. credit/debit card details and delivery information);
Records of your interactions with us (e.g. if you contact our customer service team, interact with us on social media);
Information you provide us when you enter a competition or participate in a survey;
Information collected automatically, using cookies and other tracking technologies (e.g. which pages you viewed and whether you clicked on a link in one of our email updates). We may also collect information about the device you use to access our Site; and
Other information necessary to provide the Site, for example we may access your location if you give us your consent.
If you also shop in one of our stores, we may combine information you give us in-store (e.g. if you make a purchase or join our mailing list in-store) with the information above.
How is Your Personal Data Used?
Depending on how you use our Site, your interactions with us, and the permissions you give us, the purposes for which we use your personal data include:
To fulfil your order and maintain your online account.
To manage and respond to any queries or complaints to our customer service team.
To personalise the Site to you and show you content we think you will be most interested in, based on your account information, your purchase history and your browsing activity.
To improve and maintain the Site, and monitor its usage.
For market research, e.g. we may contact you for feedback about our products.
To send you marketing messages and show you targeted advertising, where we have your consent or are otherwise permitted to do so.
For security purposes, to investigate fraud and where necessary to protect ourselves and third parties.
To comply with our legal and regulatory obligations.
We rely on the following legal basis, under data protection law, to process your personal data:
Because the processing is necessary to perform a contract with you, or take steps prior to entering into a contract with you (e.g. where you have made a purchase with us, we use your personal data to process the payment and fulfil your order).
Because we have obtained your consent (e.g. where you contact us with a query, where you add optional information to your account profile, or if you consent to receive marketing from us).
Because it is in our legitimate interests as an e-commerce provider to maintain and promote our services. We are always seeking to understand more about our customers in order to offer the best products and customer experience. We use information about you to tailor your view of the Site, to make it more interesting and relevant in respect of the products and offers on view.
Our Site may allow you the option of adding additional information to your account profile, such as information about your skin type, skin tone, skin concern, make up focus and hair concerns. We treat this information with particular sensitivity, as we understand it can reveal information about your health or ethnicity, for example. You do not have to provide this information to us, and can delete it or update it at any time.
Marketing
Marketing and advertising. To send you marketing messages and show you targeted advertising, where we have your consent or are otherwise permitted to do so. In some cases, we may also make personal data available to third parties for advertising purposes – see “Collaboration Partners” in section 3 below for more information. You have the right to opt-out of your data being processed for direct marketing purposes , including the disclosure of your data to third parties for such purposes. Some of the data disclosed to third parties is collected
through the use of non-essential cookies – you can choose to reject the use of cookies (and therefore prevent the sharing of this data) at any time. See section 4 for more information.
You may also see ads for our Site on third party websites, including on social media. These ads may be tailored to you using cookies (which track your web activity, so enable us to serve ads to customers who have visited our Site). Where you see an ad on social media, this may because we have engaged the social network to show ads to our customers, or users who match the demographic profile of our customers. In some cases, this may involve sharing your email address with the social network. If you no longer want to see tailored ads you can change your cookie and privacy settings on your browser and these third party websites.
Who is Your Information Shared With?
3. Who do we share personal data with?
We may share your personal data with third parties, for the purposes described above, in the following circumstances:
• With other companies in our group of companies.
• With our suppliers and service providers who process the data on our behalf, e.g., payment processors and delivery companies.
• With our collaboration partners . We may exercise our legitimate interest to disclose your personal data to our collaboration partners, who are other retailers or consumer goods manufacturers. These partners will not have direct access to your personal data, but your data may be used to produce reports into consumer activity for these partners (those reports would not contain personal data) or for our partners and their vendors to target you as part of an online advertising campaign. The conduct of any such advertising campaign is the responsibility of our collaboration partner.
With our professional and legal advisors.
With third parties engaged in fraud prevention and detection.
With law enforcement or other governmental authorities, e.g. to report a fraud or in response to a lawful request.
In the event that we sell any business assets, the personal data of our customers may be disclosed to a potential buyer. In this event, we will make reasonable attempts to ensure the buyer will be bound by the terms of this Privacy Policy.
Otherwise where we have your consent or are otherwise legally permitted to do so.
Storage and Retention
We use service providers based around the world. Consequently, your personal data may be processed in countries outside of Europe, including in countries where you may have fewer legal rights in respect of your data than you do under local law. If we transfer personal data outside the European Economic Area we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate safeguards, in particular the EU’s standard contractual clauses. Please contact us if you would like more information about these safeguards.
We will keep your personal data for as long as we need it for the purposes set out above, and so this period will vary depending on your interactions with us. For example, where you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing, tax and warranty purposes. We may also keep a record of correspondence with you (for example if you have made a complaint about a product) for as long as is necessary to protect us from a legal claim. Where we no longer have a need to keep your information, we will delete it. Please note that where you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing emails in future.
Security
This Site ensures that data is encrypted when leaving the Site. This process involves the converting of information or data into a code to prevent unauthorised access. This Site follows this process and employs secure methods to ensure the protection of all credit and debit card transactions. Encryption methods such as SSL are utilised to protect customer data when in transit to and from this Site over a secure communications channel.
Whilst we do everything within our power to ensure that personal data is protected at all times from our Site, we cannot guarantee the security and integrity of the information that has been transmitted to our Site.
Children
Our Site is not intended for, and should not be used by, children under the age of 18. We do not knowingly collect personal data from children under 18.
Cookies
Our Sites uses cookies and similar technologies to provide certain functionality to the Site, to understand and measure its performance, and to deliver targeted advertising. Please see our Cookie Policy here for further information about the cookies we use and how to amend your cookie settings.
Your Rights
You have choices regarding our processing of your personal data as described in this section. Your rights under data protection laws: You have the right to:
- Ask for a copy of your personal data, make corrections to your personal data, and in some cases e.g. where our purposes for processing have come to an end, ask us to delete it.
- Object to our use of your personal data in certain situations, including where we use your personal data for direct marketing. See section 5 “Marketing” for details of how to opt out of direct marketing.
- Transfer your personal data, in certain circumstances, to another provider, in a commonly used format.
- Complain to the data protection regulator in your country. In the UK this is the Information Commissioner’s Office (www.ico.org.uk).
We will comply with any requests to exercise your rights in accordance with applicable law. Please be aware, however, that there are several limitations to these rights, and there may be circumstances where we are not able to comply with your request.
You can exercise your rights by contacting customer.experience@thehutgroup.com.
US residents. If you are a California resident, please review our California Privacy Supplement (section 13) below, for specific information about your rights under California privacy laws and how to exercise them. Residents of certain other US states including Virginia have additional rights under applicable privacy laws, subject to certain limitations, which may include:
- The right to correct inaccuracies in your personal information, taking into account the nature and purposes of the processing of the personal information.
- The right to delete your personal information provided to or obtained by us.
- The right to confirm whether we are processing your personal information and to obtain a copy of your personal information in a portable and, to the extent technically feasible, readily usable format.
- The right to opt out of (as applicable) the “sale” of your personal data, targeted advertising, and any processing of personal information for the purposes of making decisions that produce legal or similarly significant effects.
- The right to submit an appeal if we deny your request.
You can opt out of targeted advertising on our Site as set out in Section 4 “Cookies and Personalisation”, and opt out of direct marketing as set out in Section 5 “Marketing”. To exercise your other rights please contact customer.experience@thehutgroup.com.
You can exercise your rights (including the right to delete your data) by contacting customer.experience@thehutgroup.com
Last updated 3/5/2024.
Contact Us
If you have any queries on any aspect of our Privacy Policy, please contact us via the message centre in your online account or use on the details below:
Address: Customer Services, The Stables, Gadbrook Park, Rudheath, Northwich, CW9 7RA, UK
Last updated 14/5/18
Your California Privacy Rights
Consumers residing in California are afforded certain additional rights with respect to their personal data under the California Consumer Privacy Act (“CCPA”). If you are a California resident, this section applies to you.
Collection and Use of Personal Data: In the preceding 12 months, we have collected the following categories of personal data: identifiers (such as name and contact information), commercial information (such as products purchased or returned), internet or other electronic network activity information (such as browsing behavior), geolocation data, audio information (such as customer support call recordings), and inferences we make based on the personal data we collect about you. For more details about the personal data we collect and the sources of such collection, please see “What personal data do we collect about you?” in the privacy policy above. We use the personal data we collect for the business and commercial purposes described in “What do we use this personal data for?” in the privacy policy above.
Disclosure of Personal Data: In the preceding 12 months, we have disclosed the categories of personal data listed above to third parties for business or commercial purposes. Please see “Who do we share this personal data with?” in the privacy policy above, for details.
Sales and sharing. California privacy laws define a "sale" as disclosing or making available to a third-party personal information in exchange for monetary or other valuable consideration, and “sharing” broadly includes disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising. , THG may “sell” personal information to third parties for monetary compensation or “share” identifiers and internet and electronic network activity information to/with third-party advertising networks, analytics providers, and social networks. We do so in order to:
· improve and evaluate our advertising campaigns and better reach customers and prospective customers with more relevant ads and content; and
· provide data to our collaboration partners, who are other retailers or consumer goods manufacturers. These partners will not have direct access to your personal information, but your information may be used to produce reports into consumer activity for these partners (those reports would not contain personal information) or for our partners and their vendors to target you as part of an online advertising campaign. The conduct of any such advertising campaign is the responsibility of our collaboration partner. We do not sell or share sensitive personal information, nor do we sell or share any personal information about individuals who we know are under sixteen (16) years old.
Your Rights: Subject to certain limitations, you have the right to request: more information about the categories and specific pieces of personal data we have collected and disclosed for a business purpose in the last 12 months; deletion of your personal data; and that we stop selling your personal data. You may make these requests by emailing customer.experience@thehutgroup.com or visiting this page. Once we receive your request, we will verify it by asking you to provide information related to your account or your recent interactions with us, such as information regarding a recent purchase. If you would like to use an authorized agent to exercise your rights, we may request evidence that you have provided such agent with power of attorney or that the agent otherwise has valid written authority to submit requests on your behalf. We will not discriminate against you if you exercise your rights under the CCPA.
Last Revised: 28th June 2024