Last updated and effective date: 5th August 2022
Sephora Hong Kong Ltd. BRN 69943770-000-10-18-8
You have no obligation to provide any of the Personal Data requested by us. However, depending on circumstances, it may be the case that if you do not provide the requested Personal Data, we may not be able to transact with you or otherwise provide you with certain products and services.
The following are examples of the various ways in which we may interact with you, and some of the types of Personal Data that we will/may collect, use, disclose and/or process in connection with that interaction. The column ‘Examples of Some of the Personal Data or Data Collected’ does not purport to exhaustively state the types of Personal Data that may be collected from you corresponding to the specified activity/interaction.
Examples of Some of the Personal Data or Data Collected
When you create an account, we collect your name, phone number, e-mail address and date of birth. We may also collect your address if you choose to provide it.
You can choose to save certain information in your account to use for future purchases, such as your shipping addresses and payment information (“Card On File”). When you add a Card On File to your account, we collect your payment information details, billing address, phone number, and zip code.
Beauty Pass Programme
When you join the Beauty Pass Programme, we collect your name, your date of birth, phone number, e-mail address and mailing address. When you use your Beauty Pass Programme, we collect information about your purchase history.
Browsing Activity and Website Usage
When you visit or use our Sites, we collect certain information about how you use and navigate our Sites, such as which links you click on, which pages or content you view, and other similar information or statistics. We also collect technical information about your device, operating systems, and web browser type.
Communications with us
When you communicate with us, including contacting us for support, to provide feedback or comments, to participate in a survey, or to make a request or other inquiry, we collect your name and contact information (such as e-mail address or phone number), as well as any other information that you choose to provide to us. In some cases, we record customer service calls for quality assurance.
Happening at Sephora
When you book a reservation for one of our services, classes, or when you RSVP for one of our events, we collect your name, contact number, e-mail and other information you provide in your booking or RSVP.
Use of Beauty Profile
If you have created a Beauty Profile with us, we collect your name, skin type/ concerns, eye colour, hair colour and type and other information which you provide in order to build your Beauty Profile.
Posting in Public Forums and Spaces Within the Sites
If you choose to submit or post information in a public space on our Sites or on our social media pages, such as creating a public profile, using our Ratings and Reviews feature to share product reviews, or leaving a testimonial about a Sephora influencer, we collect the information you share.
When you sign up to receive or otherwise consent to receiving marketing communications from us, such as e-mail communications, mobile message (including via text message and/or push notifications), and postal mailings, we collect your contact information. We may also collect certain information about how you interact with the marketing communications we send you.
Purchasing (Online and In Stores)
When you place an order in our retail stores or by using the services offered on our Sites, we collect your name, shipping address, payment information and billing address.
Sweepstakes, Contests, and Promotions
When you participate in a sweepstake, contest, or other similar campaign or promotion, we may collect your name, contact information, and in some cases limited demographic information and content generated by participants. Some campaigns and promotions have a social networking component, and if you choose to submit additional information such as social media profiles and handles, photographs, and other content, we will collect such information as well.
In addition to the Personal Data we collect from you directly, we may also obtain information about you from other sources, including third parties business partners, our affiliates, or publicly available sources. For example, if you have given Sephora permission to store your credit card information (e.g. by adding a Card on File) and your credit card issuer provides an account updater service, we may receive updated credit card information (including credit card number and expiration date) from the credit card issuer.
3. How We Collect, Use, Disclose Your Personal Data
We will/may collect, use, disclose and/or process your Personal Data for one or more of the following purposes:
(a)administering, facilitating, processing and/or dealing in any matters relating to your use or access of the Sites. Without limiting the generality of the foregoing, if you:
(i) gain access to or sign in to the Sites, using your login credentials of a Social Networking Site, or
(ii) use any features of a Social Networking Site such as its widgets, plug-ins and browser push notifications, made available to you on our Sites,
it may result in information or your Personal Data being collected or shared between us and the third party operating the Social Networking Site. For example, if you use Facebook’s “Like” feature, Facebook may register the fact that you “liked” a product and may post that information on Facebook. “Social Networking Site” refers to an online or digital platform owned or operated by a third party, that is used by people to build social networks or social relations, or to interact, with other people, such as but not limited to Facebook, Instagram, Twitter. By your proceeding pursuant to (i) or (ii) above, you consent to such collection, use or disclosure of your Personal Data;
(b)monitoring, processing and/or tracking your use of the Sites in order to provide you with a seamless experience, facilitating or administering your use of the Sites, and/or to assist us in improving your experience in using the Sites;
(c)assessing and processing your request for the purchase of and/or subscription to our products and/or services;
(d)registering you as a customer of Sephora and/or to deal with, process and/or administer the account that you may open with us, including to facilitate your transactions or activities on the Sites, or your transactions or activities with us;
(e)administering, facilitating, processing and/or dealing with your relationship with us, any transactions or activities carried out by you on the Sites, App or at our retail stores. This includes processing your application, orders and payment transactions; implementing transactions and the supply of products and/or services to you that you have requested. Without limiting the generality of the foregoing, should you make a purchase to be delivered to a third party recipient, you consent to us disclosing Personal Data that identifies you, to the said third party recipient (such as but not limited to your name). Further, you acknowledge and agree that delivery of your purchase could involve disclosure of certain Personal Data about you to bring about delivery of the same such as your name and contact details, which may be disclosed on the cover of the parcel, on an envelope or a delivery related document, as the case may be, which could be seen by third parties who view such parcel, envelope or said document;
(f) carrying out your instructions or responding to any enquiry given by (or purported to be given by) you or on your behalf including responding to your customer service enquiries and complaints; or responding to or dealing with your interactions with us;
(g)contacting you or communicating with you via phone/voice call, text message and/or fax message, email and/or postal mail for the purposes of administering and/or managing your use of the Sites, your Beauty Pass membership and/or account with us, your relationship with us or any transactions made by you with us. You acknowledge and agree that such communication by us could be by way of the mailing of correspondence, documents or notices to you, which could involve disclosure of certain Personal Data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages;
(h)providing services to you as our account holder, as our customer, as a member of our loyalty program(s) or when requested by you; dealing with or administering your participation in contests, gamification, social events organized by us;
(i) sharing or disclosing (at our discretion) your suggestions, comments, feedback or content (including audio, video etc.) (collectively “Feedback” ) that you provide through Social Networking Sites, to the Sites, or to us (including in person at the retail stores), with other users of the Sites or with the public, for publicity and/or promotion purposes with a view to marketing or showcasing the business of Sephora, and/or to acquiring customers, and/or for the purpose of providing the public with your Feedback which may be useful for the public’s purchasing decision or for the public’s information or otherwise. This includes us disclosing your name together with your Feedback. Without limiting the generality of the foregoing, in the above regard, your Feedback and name may/will be published or shared by us on public media platforms such as the newspaper, the Internet, in our (including our affiliates’) annual reports (if any) etc., and/or incorporated as part of Sephora’s marketing collaterals/materials or corporate video to be disclosed to the public, and you hereby consent to the same. Please do not provide us with Feedback if you do not wish for such Feedback to be disclosed to the public. If you wish to give us your Feedback without it being disclosed to the public, please separately email our Customer Department at email@example.com and head the subject of your email with the word “Confidential”;
(j) where you have provided your consent to us, whether such consent was obtained through the Sites, the retail store(s) or otherwise, sharing your Beauty Profile Personal Data with or disclosing your Beauty Profile Personal Data to other users of the Site or with/to the public, through the Site or any other media (whether print, online or otherwise) or communication platform as we so choose, at our discretion, such as but not limited to as part of Sephora’s marketing collaterals/materials or corporate video. “Beauty Profile Personal Data” includes your name, skin type/ concerns, eye colour, hair colour and type, and other information related to your beauty profile, which you provide;
(k)carrying out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations (in any Country/Region) applicable to us or our affiliates/associated companies, the requirements or guidelines of governmental authorities (in any Country/Region) which we determine are applicable to us or our affiliates/associated companies, and/or our risk management procedures that may be required by law (in any Country/Region) or that may have been put in place by us or our affiliates/associated companies;
(l) to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned; dealing with and/or investigating complaints;
(m) complying with or as required by any applicable law, court order, order of a regulatory body, governmental or regulatory requirements of any jurisdiction applicable to us or our affiliates/associated companies, including meeting the requirements to make disclosure under the requirements of any law binding on us or our affiliates/associated companies, and/or for the purposes of any guidelines issued by regulatory or other authorities (in any Country/Region), with which we or our affiliates/associated companies are expected to comply;
(n)complying with or as required by any request or direction of any governmental authority (in any Country/Region) which we are expected to comply with; or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities (including but not limited to Hong Kong Customs and Excise Department and Department of Health) (in any Country/Region). For the avoidance of doubt, this means that we may/will disclose your Personal Data to such parties upon their request or direction;
(o)conducting research (including customer research), surveys, market surveys, analysis and/or development activities (including but not limited to data analytics, surveys and/or profiling) to improve our services and facilities, or to improve our understanding of your interests, concerns and preferences, in order to enhance any continued interaction between yourself and us connected or in relation to the Sites or improve any of our products or services. Without limiting the generality of the foregoing, we may/will in this regard send you surveys or request a face-to-face interview survey, by way of email or postal mail;
(p)storing, hosting, backing up (whether for disaster recovery or otherwise) of your Personal Data, anywhere in the world;
(q)facilitating, dealing with and/or administering external audit(s) or internal audit(s) of the business of Sephora or that of its affiliates/related corporations;
(r) for marketing purposes where you have provided your consent to us for the same, and with such consent, we (and/or our related corporations and affiliates) may/would be providing you with marketing, advertising and promotional information, materials and/or documents relating to products, services and/or events (including products, services and/or events of third party organisations with which we may collaborate with), that we (and/or our related corporations and affiliates) or such third party organisations may be selling, marketing, offering, organizing, involved in or promoting, whether such products, services and/or events exist now or are created in the future;
(s)dealing with and/or facilitating a business asset transaction or a potential business asset transaction, where such transaction involves Sephora as a participant or involves only a related corporation or affiliated company of Sephora as a participant or involves Sephora and/or any one or more of Sephora’s related corporations or affiliated companies as participant(s), and there may be other third party organisations who are participants in such transaction. “business asset transaction” includes the purchase, sale, lease, merger or amalgamation or any other acquisition, disposal or financing of an organisation or a portion of an organisation or of any of the business or assets of an organisation;
(t) to implement and maintain our information technology systems, including to store and process Personal Data in computer databases and servers located anywhere in the world;
(u)anonymization of your Personal Data. In this regard, you acknowledge that Personal Data that has been anonymized is no longer Personal Data;
(v)record-keeping purposes and producing statistics and research for internal and/or statutory reporting and/or record-keeping requirements, of Sephora or of its affiliates/related corporations; and
(w)Sephora, Sephora Group Companies’ or Sephora’s parent corporation’s reporting purposes including but not limited to reporting on Sephora’s business performance (“Sephora Group Companies” means Sephora, its affiliates, related corporations and associated companies globally);
(the purposes set out above shall be collectively referred to as the “Purposes”).
4. How We Share Your Personal Data
Without limiting the generality of the foregoing, Sephora may share or disclose your Personal Data to the following third parties or in the following circumstances for one or more of the Purposes or other purposes stated herein:
(a) Corporate affiliates. We may share your Personal Data with our corporate affiliates, including our parent company, sister companies and subsidiaries anywhere in the world;
(b)Service Providers. We may share your Personal Data with third parties that perform services to support our core business functions and internal operations, including fulfilling orders, delivering packages, complying with your request for the shipment of products or the provision of services by a third party, sending postal mail and e-mails, analysing customer data, providing marketing assistance or carrying out marketing activities, administering our Ratings & Reviews, supporting beacons, processing credit card and debit card payments, investigating fraudulent activity, conducting customer surveys and research, providing customer services, information technology service providers and data centre service providers including those who store and process Personal Data in computer databases and servers located anywhere in the world, and with any other third parties to whom disclosure by Sephora is for one or more of the Purposes and such third parties would in turn be collecting and processing your Personal Data for one or more of the Purposes.
(c) Third Party Partners. We may share your Personal Data with third parties that we have partnered with to jointly create and offer a product, service or joint promotion. Such sharing by us will only be carried out if:
- the purpose for such sharing falls within one of the Purposes above;
- an exception to the requirement of consent under applicable data protection law applies;
- if we have obtained your consent for the same otherwise.
(e) Public Forums. Some of our Sites provide the opportunity to post content in a public forum. For example, Sephora’s Site allows you to provide Ratings & Reviews, and to receive product recommendations. If you decide to submit Personal Data in these public forums, that Personal Data will be publicly visible to anyone who visits Sephora’s Site.
(f) Legal Process. We may disclose Personal Data as required by any applicable rules, law or regulation, regulatory policies, industry codes of practice or guidelines, judgements, court orders, orders, directions or requests issued by any court, legal or regulatory body in any jurisdiction applicable to us, or our corporate affiliates, including complying with disclosure requirements of any law binding on us or our corporate affiliates, and/or for the purposes of any guidelines issued by regulatory or other authorities (in any Country/Region), with which we or our corporate affiliates are expected to comply, government inquiries or investigations. We may also disclose Personal Data to establish, exercise, or protect the rights of our company, employees, agents, and affiliates; to defend against a legal claim; to protect the safety and security of our visitors; to detect, prevent and protect against fraud; and to take action regarding possible illegal activities or violations of our policies.
For the avoidance of doubt, you acknowledge and consent to Sephora sharing anonymised information such as but not limited to in the following circumstances:
· Aggregate information. We may share anonymised aggregate information about our customers with advertisers and marketing partners; and
· Behavioural-based advertising. A third party may use technology to collect anonymised information about your use of the Site so that they can provide advertising about products and services tailored to your interest. That advertising may appear either when you are using the Sites or using the Internet or your mobile device to visit other websites.
5. Mobile Technology
How They Operate
Not all cookies collect Personal Data and you may configure your browser to reject cookies. However, this may mean you may not be able to take full advantage of the services or features on the Site.
"Flash Cookies" (also called Local Shared Objects or "LSOs") are data files similar to cookies, except that they can store more complex data. Flash Cookies are used to remember settings, preferences, and usage, particularly for video, interactive gaming, and other similar services.
Web beacons are small graphic images on a web page or in an e-mail that can be used for such things as recording the pages and advertisements clicked on by users, or tracking the performance of e-mail marketing campaigns.
We use analytical tags to analyse what our users/customers like to do and the effectiveness of our features and advertising. They can also help us customize your browsing and shopping experience. We may use information collected through analytical tags or tracked links in combination with your Personal Data. We may also combine Personal Data you provide to us with other Personal Data already within our possession (such as purchase history and demographic information). We often work with other companies such as, for example, AppsFlyer Ltd., to help us track, collect and analyse this information but they are prohibited from using this information for any other purpose.
Web Server Logs
Web server logs are records of activity created by the mobile device or computer that delivers the webpages you request to your browser. For example, a web server log may record the search term you entered or the link you clicked to bring you the webpage. The Web server log also may record information about your browser, such as your IP address and the cookies set on your browser by the server.
6. How We Protect and Manage Your Personal Data
We realise that you trust us to protect your Personal Data. We take all reasonable steps to ensure your Personal Data is kept confidential and secure, and to take appropriate technical and organizational measures to prevent unlawful or accidental destruction, accidental loss, unauthorized collection, disclosure, use, copying, modification, leakage, loss, damage, alteration or access or other unlawful forms of processing. While we take all reasonable steps to keep your Personal Data in our possession confidential and secure, no method of transmission over the internet or security system is perfect, and we cannot promise that Personal Data about you will remain secure in all circumstances.
We will take reasonable efforts to ensure that your Personal Data is accurate and complete, if your Personal Data is likely to be used by us to make a decision that affects you, or disclosed to another organisation. However, this means that you must also update us of any changes in your Personal Data that you had initially provided us with.
We will also put in place measures such that your Personal Data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (i) the purpose for which that Personal Data was collected is no longer being served by the retention of such Personal Data; and (ii) retention is no longer necessary for any other legal or business purposes.
For your convenience, the Sites include functionality that allows you to remain logged in so that you do not have to re-enter your password each time you want to access your account. If you choose to remain logged in, you should be aware that anyone with access to your device may be able to access and make unauthorised changes to your account or place unauthorised orders through your account. For that reason, if you choose to remain logged in, we strongly recommend that you take appropriate steps (such as enabling the “Passcode Lock” security feature on your mobile device) to protect against unauthorized access to and use of your account. Please also notify us as soon as possible if you suspect any unauthorized use of your account or password.
7. Your Rights
In addition to any rights you may have under applicable laws, you have the following rights regarding your Personal Data:
What you need to do
Accessing Your Personal Data
You may request to access your Personal Data currently in our possession or control by submitting a written request to us. Please note that we may request for further information from you in order to ascertain your identity and the nature of your request, as well as to process, fulfil or otherwise deal with your request.
In order to exercise your right to access your Personal Data, please submit your written request to: firstname.lastname@example.org.
Unless otherwise required or permitted by law, we will provide you with the relevant Personal Data within the timeline specified by applicable law. Where permitted by applicable law and where we are unable to respond to you within the said timeline, we will notify you of the soonest possible time within which we can provide you with the information requested.
To the extent permitted by applicable law, we may also charge you a reasonable fee for the handling and processing of your requests to access your Personal Data. If so, we will provide you with a written estimate of the fee. To the extent permitted by applicable law, please note that we are not required to respond to or deal with your access request unless you have agreed to pay the fee.
Correcting Your Personal Data
You may request to correct your Personal Data currently in our possession or control by submitting a written request to us. Please note that we may request for further information from you in order to ascertain your identity and the nature of your request, as well as to process, fulfil or otherwise deal with your request.
In order to exercise your right to correct your Personal Data, please submit your written request to: email@example.com.
Unless otherwise required or permitted by law, we will deal with your request, including correct your Personal Data within the timeline specified by applicable law. Where permitted by applicable law and where we are unable to do so within the said timeline, we will notify you of the soonest practicable time within which we can make the correction.
You may withdraw your consent for the collection, use and/or disclosure of your Personal Data in our possession or under our control by submitting your written request to: firstname.lastname@example.org. Please note that we may request for further information from you in order to ascertain your identity and the nature of your request, as well as to process, fulfil or otherwise deal with your request.
We will process your request within a reasonable time from such a request for withdrawal of consent being made, and will subsequently not collect, use and/or disclose your Personal Data in the manner stated in your request, unless otherwise required and/or permitted by law.
However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your Personal Data, it may mean, without limitation, that we may not be able to fulfil the transaction you have entered into with us or continue with your relationship with us, or send you information that you have requested.
Removing Content from Sephora Public Forums
You can request that we remove content or information that you have posted on a public page on some of our Sites (such as part of a Ratings & Review). To do so, please submit a written request to Customer Services at email@example.com. Please note that we may request for further information from you in order to ascertain your identity and the nature of your request, as well as to process, fulfil or otherwise deal with your request.
Please note that while we will endeavour to honour your request, our removal of your content or information does not ensure complete or comprehensive removal of that information from our Sites. For example, historical copies, or “caches” may remain.
8. Transmission of Personal Data to Other Countries
9. Provision of Third Party Personal Data By You
Should you provide Sephora with Personal Data of individual(s) other than yourself, you represent and warrant to Sephora and you hereby confirm that:
· prior to disclosing such Personal Data to us, you would have and had obtained consent from the individuals whose Personal Data are being disclosed to us, to:
· any Personal Data of individuals that you disclose to us is accurate; and
· you are validly acting on behalf of such individuals and that you have the authority of such individuals to provide their Personal Data to Sephora and for Sephora to collect, use, disclose and process such Personal Data for the Purposes.
We do not, and do not intend to, transact directly with anyone we know to be under the age of 18. By providing any Personal Data to us, you declare that you are over the age of 18. If you are under the age of 18, you should use the Site or otherwise transact with us only with the consent of a parent or guardian and should not submit any Personal Data to us.