Last Update: 28 Jun 2023
The Estée Lauder Companies respects your privacy and values the relationship we have with you.
TABLE OF CONTENTS
- Information we process
- How we collect information
- How we use information
- Our legal basis for processing information
- How we share information
- How you control your information
- How we use information to advertise
- International transfers
- How we protect information
- How long we retain information
- How we treat children’s information
- Your data controllers
- How to contact us
INFORMATION WE PROCESS
We may collect or process the following types of information about you. The specific information we collect about you will vary depending on how you interact with us.
- Contact information and personal identifiers, such as your name, address, email address, telephone number, and username or social media handle.
- Device identifiers, such as information about your device like your MAC address, IP address, or other online identifiers.
- Demographic information, such as your age, date of birth, sex, and gender.
- Physical characteristics, such as your hair type and color, skin type, and eye color.
- Biometric information, such as facial geometry if you use certain of our virtual try-on applications.
- Commercial information, such as the products or services you have purchased, returned or considered, and your product preferences.
- Payment information, such as your method of payment and payment card information (including payment card number, delivery address and billing address).
- Identity verification information, such as photo identification for in-store pick-ups at one of our retail stores, loyalty member ID, and authentication information (like passwords).
- Online or network activity information, such as information regarding your interaction with our websites, mobile applications, digital properties, and advertisements, information about your browsing and search history on our websites or mobile applications, and log file information like your browser type and webpages you visit.
- Geolocation information, such as information that can help identify your physical location (like your GPS coordinates or the approximate location of your device).
- Audio and visual information, such as recordings of your voice when you call our customer service and images we record through video surveillance in our retail stores.
- Professional or employment-related information, such as professional licenses or certifications in connection with our professional programs.
- Health and medical information, such as skincare concerns, diagnoses, medical reports and history.
- User Content, such as your communications with us and any other content you provide (including photographs and images, videos, reviews, articles, survey responses, and comments).
- Inferences drawn from or created based on any of the information identified above.
HOW WE COLLECT INFORMATION
We may collect personal information about you from various sources. For example:
- Directly from you, such as when you make a purchase on one of our websites or in one of our retail stores, contact us with a question or complaint, use one of our mobile applications or virtual try on experiences, create an account on one of our websites, register for one of our brand loyalty programs or marketing lists, respond to a survey, participate in a contest or other promotion, make an appointment or sign-up to attend an event.
- From your friends or family members, such as when your friend or family member sends you a gift or makes a referral.
- When you interact with our websites or emails, such as when you visit our websites, or when you open or click on emails we send you, we (and third parties we work with) may automatically collect information from your browser or device, such as device identifiers and online and other network activity information using technologies such as cookies, pixel tags, and similar technologies. Cookies are small text files that websites place on your Internet-connected device to uniquely identify your browser or to store information or settings in your browser. Pixel tags are small images which are embedded into our websites or emails. We use pixel tags to collect information about your browser or device, how you interact with our websites, or whether you open or click on the emails we send you. Pixel tags also enable us (and third parties we work with) to place cookies on your browser.
- Through in-store and other offline technologies, such as video surveillance, traffic counting devices, and WiFi technology in and around our retail stores, and call recording technology when you speak to customer service.
- From our business partners and service providers, such as demographic companies, analytics providers, advertising companies and networks, third-party retailers or distributors, and other third parties that we choose to collaborate or work with.
- From social media platforms and networks, such as Facebook, Instagram, Twitter, Pinterest, and Google. For example, we may obtain your information from a social media platform or network if you interact with us on social media or choose to log-in to our websites using your social media credentials.
- From other ELC Brands that you have interacted with.
We may combine the information we obtain from the above sources. For example, we may combine information we collect in our stores with information we collect online.
Where it is necessary for us to collect your personal information from other sources as mentioned above, we will ensure that your personal information will be collected and protected in accordance with the applicable data protection law.
HOW WE USE INFORMATION
We may use the information we have about you as follows:
- To provide products and services to you, such as fulfilling orders and processing payments, creating, servicing and/or maintaining your account or loyalty program membership or professional membership, identifying concerns and assisting with product recommendations, and managing current or past purchases.
- To communicate with you, including to respond to your inquiries or complaints, and to help you place an order.
- To administer your participation in special events, contests, sweepstakes, surveys or promotions.
- For marketing and advertising, such as to send you postal mail, text messages, email, push notifications or other messages, show you advertisements for products and/or services tailored to your interests on social media and other websites.
- To operate and understand your use of our websites and mobile applications, such as to remember your information so you do not have to re-enter it, understand your preferred method of purchasing with us; determine what browser and devices you use to visit our websites or mobile applications; and to evaluate and improve our services, advertisements, websites and mobile applications. For example, we use Google Analytics on our websites. For specific details on how Google collects and uses your personal information when we use its services, please visit: How Google Uses Information From Sites Or Apps That Use Our Services .
- To operate and improve our business, including to conduct analytics, provide quality assurance and process adverse event or product related claims, conduct research and development, and perform accounting, auditing and other internal business functions.
- For legal and security purposes, such as to detect, prevent, and prosecute harmful, fraudulent, or illegal activity, loss prevention, identify and repair bugs on our websites or mobile applications, and to comply with applicable legal requirements, relevant industry standards and our policies.
OUR LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION
Where required by law, we will use the information you provide for the above purposes if:
- it is necessary to proceed with your request to enter into a contract with us (e.g., to proceed with your request to register for an account or membership with us) and/or to perform a contract to which you are party (e.g., to process your payment and fulfil your order).
- we have obtained your consent (e.g., for marketing communications); we have a legitimate interest in doing so (including a legitimate interest in performing marketing activities, video surveillance, research activities, data analytics, internal administration functions, and conducting our business in compliance with relevant industry standards and our policies); or
- we need to comply with a legal obligation under applicable laws.
HOW WE SHARE INFORMATION
We may share your personal information with:
- Service providers. We may transfer personal information to service providers who perform services on our behalf based on our instructions. We do not authorize these service providers to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements. Examples of these service providers include entities that process credit card payments, fulfill orders, and that provide website and application functionality, hosting, analytics, advertising and marketing services.
- Parties to a corporate transaction. We also reserve the right to transfer personal information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution, or liquidation).
- Advertising Companies. We work with third party advertising companies (such as advertising networks) to serve advertisements on our behalf. For additional information, see the How We Use Information to Advertise section.
- Other third parties. In addition, we may disclose personal information about you (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials, (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity, (iv) when disclosure of your personal information is otherwise required or permitted by law, or (v) with your consent (such as third-party salons and spas).
HOW YOU CONTROL YOUR INFORMATION
You have rights and choices in connection with the personal information we have about you.
- Data Subject Rights: Depending on local laws, you may have rights with respect to your personal information. For example:
- You have the right to withdraw your consent. However, the withdrawal of your consent will not affect the lawfulness of the processing of your personal information based on your consent prior to such withdrawal;
- you may be able to request that we confirm to you whether we have in possession any personal information that is related to you, and to access or to obtain a copy of any such information, or to request information about how we have processed or are processing your personal information, and to request that we disclose the source(s) of your personal information which has been obtained without your consent;
- You may request us to update and correct inaccuracies in your personal information, and have the personal information deleted, de-identified, or transmitted to a third-party in a format which is generally readable or usable by automatic device or tool;
- In certain circumstances, you may request to object to the processing of your personal information, and to request suspension of the processing of your personal information.
- You may request to access, change, destroy, delete, de-identify, and transmit your personal information as well as request to object and suspend the processing of your personal information by emailing us at email@example.com.
- Marketing & Advertising Preferences: Your online account may offer you the ability to edit your marketing preferences. You can also opt-out of receiving marketing communications (such as email, postal mail or text messages) by following the unsubscribe instructions sent within those communications or you can make a request by emailing us at firstname.lastname@example.org. When you unsubscribe from our marketing communications, we will no longer use the related personal information (such as your email address or phone number) for targeted advertising purposes.
- Mobile Device & Browser Preferences: Depending on your mobile device or web browser, we may request your location or request to send you push notifications. You can edit your preferences using the settings on your device.
We may take reasonable steps to verify your identity when you make a request. You may also have the right to lodge a complaint with the data protection authority.
Cookies are small text files that websites place on your Internet-connected device to uniquely identify your browser or to store information or settings in your browser which allows us to remember you when you come back to our websites and provide you with personalized experiences and advertisements. We use different types of cookies on our websites, including strictly necessary cookies, performance cookies, functional cookies and targeting cookies.
You can view the types of cookies used on our websites and edit your preferences by accessing the “Manage Cookies” link at the bottom of our Brand websites. You can also edit your cookie preferences through your browser settings. When editing your cookie preferences, please note that your settings only apply to the browser you use to submit your opt-out request, so if you use multiple browsers or devices, you must opt-out on each browser, on each device. Your opt-out is enabled using cookies so once you opt-out, if you delete your browser’s saved cookies on a device, you will need to opt-out again on that browser on that device.
Our websites are not designed to respond to “do not track” signals from browsers.
HOW WE USE INFORMATION TO ADVERTISE
HOW WE PROTECT INFORMATION
We maintain administrative, technical, and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure, or use. We restrict access to personal information on a need-to-know basis to employees and authorized service providers who require access to fulfil their job requirements.
HOW LONG WE RETAIN INFORMATION
- the purposes for which the personal information was collected, including to provide our products and services;
- your marketing preferences and how you engage with our Brands;
- any legal or regulatory requirements that apply to the personal information; and
- whether the personal information may be relevant to us in protecting our own rights (e.g. applicable limitation periods).
For additional information about data retention policies, please submit a request by emailing us at email@example.com.
HOW WE TREAT CHILDREN’S INFORMATION
Our products and services are designed for a general audience and are not intended for or directed to children.
YOUR DATA CONTROLLERS
A data controller is the entity or entities responsible for establishing the purposes for the processing of your personal information. The data controllers in Thailand are as follows:
|Controller for All Brands||ELCA (THAILAND) LIMITED|
990 Rama IV Road, Kwaeng Silom, Khet Bangrak, Bangkok 10500, Thailand
|Controller for Travel Retail||Estée Lauder Travel Retailing Inc.|
7 Corporate Center Drive Melville, NY 11747
HOW TO CONTACT US
If we need, or are required, to contact you concerning any event that involves your personal information, we may do so by postal mail, telephone, email or through a notice on our websites.