Jump to content
-15 % + la livraison gratuite sur votre première commande avec le code DARLING15. Connectez-vous pour en profiter, darling ! Offre soumise à conditions.

Global Applicant/ Recruitment Privacy Policy

Last Updated: April 2026

1. Introduction

We are a global make-up, skincare and fragrance business, with stores and operations worldwide. In this notice, the “Charlotte Tilbury Group” means all affiliates and subsidiaries of Charlotte Tilbury Limited. We are also part of the wider Puig group of companies, which includes ANTONIO PUIG, S.A. and its affiliates. Your personal data may be shared within the Charlotte Tilbury Group and with relevant Puig group companies where necessary for recruitment purposes. In this Recruitment Privacy Notice (“Notice”), references to ‘we’ or ‘us’ means the relevant Charlotte Tilbury Group company.

This Notice may also be applicable to applicants’ referees, if you provide us with information regarding your referees, and/or candidates recommended by you. If you provide us with information of these third parties, please provide them with a copy of this notice.

2. Contact Us

If you have any queries, comments or requests regarding this Notice or you would like to exercise any of your individual rights, you can contact our Charlotte Tilbury Data Protection Officer in the following ways:

  • Online: Privacy Request Portal
  • Email: dpo@charlottetilbury.com; or
  • EU Representative Email: dpocharlottetilburyeurope@dentons.com; or
  • By post at Data Protection Officer, Charlotte Tilbury Beauty Limited, 8 Surrey Street, London, WC2R 2ND, UK.

3. Data Controllers

The data controller of your personal data is the Charlotte Tilbury Group company responsible for recruitment for the role you apply for.

By way of example, Charlotte Tilbury Group companies that may act as data controller include those listed in the table below. This list is not exhaustive and may be updated from time to time. If the data controller for your application is not listed, or if you would like confirmation of the relevant entity, please contact us using the details in the Contact Us section.

In some cases, this will be the entity that advertises the role, and its legal name will be shown in the job advert or application portal. Further details of the relevant entity can be provided on request. In general, the data controller will be the Charlotte Tilbury Group company that is the prospective employer for the role you have applied for.

Country

Charlotte Tilbury Entity

Registered Office Address

Austria

Charlotte Tilbury Beauty Austria GmbH

Rotenturmstraße, 5-9, Top/512-513, 1010 Vienna, Austria

Canada

Charlotte Tilbury Beauty Canada Inc

2600, 160 Elgin Street Ottawa, Ontario Canada K1P 1C3

France

Charlotte Tilbury Beauty France S.A.S

10, boulevard Haussmann – 75009 Paris, France.

Germany

Charlotte Tilbury Beauty Germany GmbH

c/o Fieldfisher Partnerschaft von Rechtsanwälten mbB

Amerigo-Vespucci-Platz 1, 20457 Hamburg, Germany

Hong Kong

Charlotte Tilbury Beauty Hong Kong Limited

10th Floor, Lee Garden Five, 18 Hysan Avenue, Causeway Bay, Hong Kong

Ireland

Charlotte Tilbury Beauty Ireland Limited

Regus, Ormond Building, 31-36 Ormond Quay Upper, Dublin 7, Ireland.

Italy

Charlotte Tilbury Beauty Limited - Filiale a Italia

Piazza San Fedele 2, Milan, CAP 20121, Italy

Macau

Charlotte Tilbury Beauty Macau Limited

Avenida da Praia Grande, no. 409, China Law Building, 21st/F., Macau

Netherlands

Charlotte Tilbury Beauty Netherlands B.V

Regus, Amsterdam Sloterdijk, Kingsfordweg 151, Amsterdam, 1043 GR, Netherlands

Poland

Charlotte Tilbury Beauty Poland Spzoo

pl. Władysława Andersa 3, 11th floor, 61-894 Poznań, Poland.

Spain

Charlotte Tilbury Beauty Limited Sucursal En Espana

Calle Maldonado, 4  28006 Madrid, Spain.

Switzerland

Charlotte Tilbury Beauty Switzerland AG

c/o Format A AG, Wiesenstrasse 9 8008 Zurich, Switzerland

Turkey

Charlotte Tilbury Beauty Kozmetik Limited Şirketi

Dikilitaş Mah. Hakkı Yeten Cad. No: 10/N İç Kapı No: 8 34349 Beşiktaş/İstanbul, Turkey.

United Kingdom

Islestarr Holdings Limited

8 Surrey Street, London, United Kingdom, WC2R 2ND, UK.

United States

Charlotte Tilbury Beauty Inc

148 Lafayette Street, 2nd Floor, New York, New York, 10013, US.

In some cases, other Charlotte Tilbury Group companies may provide shared recruitment administration or systems support to the controller. Where this applies, appropriate arrangements are in place to ensure your personal data is protected and used only for recruitment purposes.

4. Personal Data We Collect

We will collect various types of personal data from you during the application process or networking event. Further details of how we use your personal data are set out below.

Recruitment applications

  • Identity and contact details: name, email, phone number, address (where provided)
  • Application and career information: CV/resume, cover letter, employment history, qualifications, work experience, skills, role preferences, interview notes and assessments
  • Right to work / eligibility information (where required): nationality, immigration status, and documentation required to verify your right to work in the relevant country such as your passport or other identification information
  • References (if we proceed to offer stage): referee details and reference responses (typically collected via a reference provider)
  • Candidate assessments; you may be asked to complete a short assessment, with a range of questions that are designed to help understand your preferred style at work, what motivates you and an assessment of your ability. The assessment will help assess your suitability for the role you have applied for
  • Digital Video Interview: You may be asked to complete a short video interview, which will include a pre-defined set of questions which you will be required to answer within a set time frame. This may include a case study relevant to the job opportunity for which you are applying for. You will be asked to record your answer to each question; and /or
  • Personal Interview: When you are invited for a physical or video conferencing interview the interviewer may ask relevant questions to assess your suitability for the role.
  • Criminal record and background check: for individuals working in a role where Civil Aviation Authority (CAA) regulations apply such as at airports or handling air cargo (where permitted by applicable law and where necessary for the role).

Where required by law, we are under a statutory obligation to collect the information regarding your nationality and immigration status and information to enable us to verify your right to work in the country where the position or role that you are applying for is located.

Applications from children / minimum age

Our roles are intended for individuals who meet the minimum working age requirements in the country of employment. Where required by local law, we may take additional steps to verify age or obtain appropriate permissions for applicants who are under 18.

Networking Events

Where you provide your details at a networking event, we may collect:

  • name, contact details (email/phone), location (e.g., city), role interests, and any other information you choose to share with us relevant to recruitment.

Special Category Data (sensitive data)

In limited cases we may process special category data (e.g., health/disability information) where it is necessary to:

  • make reasonable adjustments for interviews/assessments, and/or
  • comply with employment, equality or other legal obligations. We ask that you do not include special category data in your CV or application unless it is specifically requested or relevant (e.g., to request adjustments).

5. Where we get your personal data from

Most of the time we collect personal data directly from you (application forms, CVs, emails, interviews, networking events).

In some cases, we may also receive personal data from:

  • recruitment agencies / head-hunters,
  • professional networking platforms (e.g., LinkedIn) where you have made your information publicly available or shared it with recruiters,
  • employee referrals,
  • referees, and
  • background/right-to-work documentation providers (where permitted and appropriate).

If we collect your personal data from another source, we will provide you with the source and categories of data where required by law.

Why we use your personal data and our lawful bases

Purpose

Examples of processing

Lawful basis

Manage your application and the recruitment process

reviewing your CV, scheduling interviews, communicating with you, assessing suitability

Legitimate interests

Make hiring decisions

interviews, assessments, selection decisions

Legitimate interests and/or steps prior to entering a contract

Verify identity and right to work (where required)

checking nationality/immigration status and right-to-work documentation

Legal obligation (where applicable) and/or legitimate interests

Obtain references (offer stage)

contacting referees via a reference provider

Legitimate interests and/or steps prior to entering a contract

Maintain records and improve recruitment

audit trails, reporting, process improvement

Legitimate interests

Establish, exercise or defend legal claims

responding to disputes or complaints

Legitimate interests and/or legal claims basis (where applicable)

Talent pool/future opportunities

retaining your CV and contact details to consider you for future vacancies; contacting you about roles that may interest you

Legitimate interests and/or consent (depending on local law and how you were asked to join the talent pool)

Where we keep your details for future opportunities (a “talent pool”), you can ask us to remove your data at any time by contacting us using the details in the Contact Us section. Our legitimate interests include running an efficient recruitment process, assessing suitability, maintaining recruitment records, and improving hiring effectiveness. You can contact us for more information about the balancing test we have undertaken for processing based on legitimate interests.

Special category data lawful basis

Where we process special category data (e.g., disability/health data for adjustments), we do so only where permitted, typically because it is necessary for:

  • employment / social protection law obligations
  • equality law obligations
  • to comply with our obligations to consider whether we need to provide appropriate adjustments during the recruitment process or if you are subsequently offered employment with us
  • establishing, exercising or defending legal claims (where relevant),
  • and with appropriate safeguards.

If, in a specific scenario, we rely on consent for special category data, you may withdraw consent at any time. This will not affect processing already carried out, and we may continue processing if another lawful basis applies.

Networking events (talent outreach)

If you give us your details at a networking event, we use them to:

  • contact you about roles we believe may interest you and invite you to apply.

Lawful basis: typically consent (where required) and/or legitimate interests (talent outreach), depending on local law and how you were asked to provide your details.

Mandatory data

Some information is necessary to progress your application (e.g., contact details and CV). If you do not provide it, we may be unable to process your application.

Right-to-work information is required where we have a legal obligation to verify eligibility in the relevant country.

Any offer of employment will be subject to satisfactory references, and if we would like to make an offer of employment to you, we will ask a reference agency, to contact you and your referees to obtain references on our behalf. If your application is successful, we will use the data provided above to the extent necessary to administer your employment. Further details about how we will process your personal data pursuant to your employment is provided in our Employee Privacy Policy which will be provided to you during the onboarding process or available via the intranet.

We will notify you of any significant changes which are applicable to your personal data, but we would encourage you to come back and review this Recruitment Notice from time to time.

6. Automated decision making

We may use technology-assisted tools as part of our recruitment process, for example to help:

  • identify whether applicants meet essential role requirements (such as eligibility criteria);
  • organise, score or summarise assessment results; and/or
  • support recruiters in managing application volumes efficiently.

Where such tools are used, they typically generate an output such as a score, recommendation, ranking, or flag against defined criteria. This output may be used to support recruitment decisions and prioritisation, with human review at each stage. If you have any questions or would like to learn more, please contact us using the details in the Contact Us section above.

7. Who we share your personal data with

We may share your personal data within the Charlotte Tilbury Group and the Puig group where necessary for recruitment administration, recruitment systems support, reporting, and (where relevant) considering you for roles across the Group.

We share personal data only with parties who need it for recruitment and related purposes, including:

Internal recipients

  • relevant hiring managers,
  • the People Team,
  • IT and security teams (for access and systems),
  • payroll (only if you are hired).

Service Providers

We may share data with third-party agents and service providers that support our recruitment process, such as:

  • Applicant Tracking System providers;
  • Reference providers;
  • Right to work checks and references;
  • Psychometric/skills assessment providers; and
  • IT hosting and support providers.

These service providers process personal data on our instructions (as processors) or, in some cases, as independent controllers (e.g., certain assessment or reference providers) under their own privacy notices. We take steps to ensure appropriate contracts and safeguards are in place.

We will also disclose your personal data to third parties:

  • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
  • If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our applicants and employees will be one of the transferred assets; and/or
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our agreements; or to protect the rights, property, or safety of us, our applicants, employees, customers and providers.

Retail partner department stores (where applicable)

If the role is located within a retail partner environment (e.g., a department store), we may share necessary onboarding/induction information with that partner for the purposes of enabling their induction and access processes. The retail partner may process data as an independent controller under its own privacy notice.

8. International Transfers

As the Charlotte Tilbury Group operates globally and as we use recruitment systems and service providers that are located outside the UK/EEA or that support us from outside the UK/EEA (including Workable and its hosting/sub-processing arrangements), your personal data may be transferred to or accessed from those locations. Where required, we use appropriate safeguards such as Standard Contractual Clauses, and/or the UK International Data Transfer Agreement or UK Addendum, as applicable, together with supplementary measures where appropriate.

You can contact us using the details in the Contact Us section to request further information about the safeguards that apply to a particular transfer.

Where your data is stored

Where you are an applicant for a role within the Charlotte Tilbury Group, your personal data will be held on Workable, an online, cloud-based recruiting solution based in North America using Amazon Web Services (AWS).

9. Retention and Security

We keep your personal data only as long as necessary for recruitment and related purposes, including for record-keeping and legal considerations.

  • Unsuccessful applicants: deleted no later than 12 months after the end of the recruitment process, unless local law requires a shorter period.
  • Talent pool (with appropriate permission where required): we may retain your data for up to 12 months to contact you about suitable vacancies, unless local law requires a shorter period or you ask us to delete it earlier.
  • Networking event contacts: retained for 12 months (or less where local law requires) to contact you about opportunities, unless you ask us to delete it earlier.
  • Successful applicants: relevant recruitment data will be retained as part of your employment record in accordance with our Employee Privacy Policy and Data Retention Policy.
  • Right to work / identity documentation: where we retain copies (where permitted), we will retain them only for as long as necessary to meet legal and compliance requirements and then securely delete them.

Security

We implement appropriate technical and organisational measures to protect personal data, including access controls, contractual protections with vendors, and incident response procedures. Our employees who have access to and process your personal data are obliged to respect the confidentiality and security of your personal data. We maintain security policies and procedures that apply to internal and third-party systems.

10. Your Rights

You may have certain rights under your local law in relation to the personal data we hold about you. In particular, you may have a right to:

  • to be informed about the collection and use of your personal data;
  • request a copy of personal data we hold about you;
  • request that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;
  • request that we delete personal data that we hold about you, or restrict the way in which we use such personal data;
  • request that we restrict our processing of your personal data or object to such processing
  • request that you will not be evaluated solely on the basis of automated processing, including profiling, and that your application will be subject to human intervention and to express your point of view where automated processing is used;
  • request to withdraw your consent to our processing of your personal data (to the extent such processing is based on consent and consent is the only permissible basis for processing);
  • complain to a Data Protection Authority in your country.

To exercise your data privacy rights, you can reach out to us at dpo@charlottetilbury.com You will not have to pay a fee to access your personal data (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Where we rely on your consent to process your personal data, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using any of the details set out above in the “Contact Us” section. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Making a Complaint

If you are dissatisfied with how we have handled your personal data, you have the right to make a complaint to your data protection regulator. We would, however, appreciate the chance to deal with your concerns before you approach your data protection regulator, so please contact us in the first instance. In the UK, this is the Information Commissioner’s Office (ICO) https://ico.org.uk and for contacts of other authorities in Europe that you can find and contact on the website of the European Data Protection Board.

11. Local Laws Compliance

If local laws in a particular country require different or stricter standards for the processing of data than those described in this Notice, the relevant Charlotte Tilbury Group company will treat such data in accordance with local laws.

12. Updates to this notice

We may update this notice from time to time. Where we make material changes that affect how we process your personal data, we will notify you by appropriate means (such as by email or a prominent notice on our careers website). We encourage you to review this notice periodically.

Most of the time we collect personal data directly from you (application forms, CVs, emails, interviews, networking events).

In some cases, we may also receive personal data from:

  • recruitment agencies / head-hunters,
  • professional networking platforms (e.g., LinkedIn) where you have made your information publicly available or shared it with recruiters,
  • employee referrals,
  • referees, and
  • background/right-to-work documentation providers (where permitted and appropriate).

If we collect your personal data from another source, we will provide you with the source and categories of data where required by law.

Why we use your personal data and our lawful bases

Purpose

Examples of processing

Lawful basis

Manage your application and the recruitment process

reviewing your CV, scheduling interviews, communicating with you, assessing suitability

Legitimate interests

Make hiring decisions

interviews, assessments, selection decisions

Legitimate interests and/or steps prior to entering a contract

Verify identity and right to work (where required)

checking nationality/immigration status and right-to-work documentation

Legal obligation (where applicable) and/or legitimate interests

Obtain references (offer stage)

contacting referees via a reference provider

Legitimate interests and/or steps prior to entering a contract

Maintain records and improve recruitment

audit trails, reporting, process improvement

Legitimate interests

Establish, exercise or defend legal claims

responding to disputes or complaints

Legitimate interests and/or legal claims basis (where applicable)

Talent pool/future opportunities

retaining your CV and contact details to consider you for future vacancies; contacting you about roles that may interest you

Legitimate interests and/or consent (depending on local law and how you were asked to join the talent pool)

Where we keep your details for future opportunities (a “talent pool”), you can ask us to remove your data at any time by contacting us using the details in the Contact Us section. Our legitimate interests include running an efficient recruitment process, assessing suitability, maintaining recruitment records, and improving hiring effectiveness. You can contact us for more information about the balancing test we have undertaken for processing based on legitimate interests.

Special category data lawful basis

Where we process special category data (e.g., disability/health data for adjustments), we do so only where permitted, typically because it is necessary for:

  • employment / social protection law obligations
  • equality law obligations
  • to comply with our obligations to consider whether we need to provide appropriate adjustments during the recruitment process or if you are subsequently offered employment with us
  • establishing, exercising or defending legal claims (where relevant), and with appropriate safeguards.

If, in a specific scenario, we rely on consent for special category data, you may withdraw consent at any time. This will not affect processing already carried out, and we may continue processing if another lawful basis applies.

Networking events (talent outreach)

If you give us your details at a networking event, we use them to:

  • contact you about roles we believe may interest you and invite you to apply.

Lawful basis: typically consent (where required) and/or legitimate interests (talent outreach), depending on local law and how you were asked to provide your details. Mandatory data

Some information is necessary to progress your application (e.g., contact details and CV). If you do not provide it, we may be unable to process your application.

Right-to-work information is required where we have a legal obligation to verify eligibility in the relevant country.

Any offer of employment will be subject to satisfactory references, and if we would like to make an offer of employment to you, we will ask a reference agency, to contact you and your referees to obtain references on our behalf. If your application is successful, we will use the data provided above to the extent necessary to administer your employment. Further details about how we will process your personal data pursuant to your employment is provided in our Employee Privacy Policy which will be provided to you during the onboarding process or available via the intranet.

We will notify you of any significant changes which are applicable to your personal data, but we would encourage you to come back and review this Recruitment Notice from time to time.

6. Automated decision making

We may use technology-assisted tools as part of our recruitment process, for example to help:

  • identify whether applicants meet essential role requirements (such as eligibility criteria);
  • organise, score or summarise assessment results; and/or
  • support recruiters in managing application volumes efficiently.

Where such tools are used, they typically generate an output such as a score, recommendation, ranking, or flag against defined criteria. This output may be used to support recruitment decisions and prioritisation, with human review at each stage. If you have any questions or would like to learn more, please contact us using the details in the Contact Us section above.

7. Who we share your personal data with

We may share your personal data within the Charlotte Tilbury Group and the Puig group where necessary for recruitment administration, recruitment systems support, reporting, and (where relevant) considering you for roles across the Group.

We share personal data only with parties who need it for recruitment and related purposes, including:

Internal recipients

  • relevant hiring managers,
  • the People Team,
  • IT and security teams (for access and systems),
  • payroll (only if you are hired).

Service Providers

We may share data with third-party agents and service providers that support our recruitment process, such as:

  • Applicant Tracking System providers;
  • Reference providers;
  • Right to work checks and references;
  • Psychometric/skills assessment providers; and
  • IT hosting and support providers.

These service providers process personal data on our instructions (as processors) or, in some cases, as independent controllers (e.g., certain assessment or reference providers) under their own privacy notices. We take steps to ensure appropriate contracts and safeguards are in place.

We will also disclose your personal data to third parties:

  • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
  • If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our applicants and employees will be one of the transferred assets; and/or
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our agreements; or to protect the rights, property, or safety of us, our applicants, employees, customers and providers.

Retail partner department stores (where applicable)

If the role is located within a retail partner environment (e.g., a department store), we may share necessary onboarding/induction information with that partner for the purposes of enabling their induction and access processes. The retail partner may process data as an independent controller under its own privacy notice.

8. International Transfers

As the Charlotte Tilbury Group operates globally and as we use recruitment systems and service providers that are located outside the UK/EEA or that support us from outside the UK/EEA (including Workable and its hosting/sub-processing arrangements), your personal data may be transferred to or accessed from those locations. Where required, we use appropriate safeguards such as Standard Contractual Clauses, and/or the UK International Data Transfer Agreement or UK Addendum, as applicable, together with supplementary measures where appropriate.

You can contact us using the details in the Contact Us section to request further information about the safeguards that apply to a particular transfer.

Where your data is stored

Where you are an applicant for a role within the Charlotte Tilbury Group, your personal data will be held on Workable, an online, cloud-based recruiting solution based in North America using Amazon Web Services (AWS).

9. Retention and Security

We keep your personal data only as long as necessary for recruitment and related purposes, including for record-keeping and legal considerations.

  • Unsuccessful applicants: deleted no later than 12 months after the end of the recruitment process, unless local law requires a shorter period.
  • Talent pool (with appropriate permission where required): we may retain your data for up to 12 months to contact you about suitable vacancies, unless local law requires a shorter period or you ask us to delete it earlier.
  • Networking event contacts: retained for 12 months (or less where local law requires) to contact you about opportunities, unless you ask us to delete it earlier.
  • Successful applicants: relevant recruitment data will be retained as part of your employment record in accordance with our Employee Privacy Policy and Data Retention Policy.
  • Right to work / identity documentation: where we retain copies (where permitted), we will retain them only for as long as necessary to meet legal and compliance requirements and then securely delete them.

Security

We implement appropriate technical and organisational measures to protect personal data, including access controls, contractual protections with vendors, and incident response procedures. Our employees who have access to and process your personal data are obliged to respect the confidentiality and security of your personal data. We maintain security policies and procedures that apply to internal and third-party systems.

10. Your Rights

You may have certain rights under your local law in relation to the personal data we hold about you. In particular, you may have a right to:

  • to be informed about the collection and use of your personal data;
  • request a copy of personal data we hold about you;
  • request that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;
  • request that we delete personal data that we hold about you, or restrict the way in which we use such personal data;
  • request that we restrict our processing of your personal data or object to such processing
  • request that you will not be evaluated solely on the basis of automated processing, including profiling, and that your application will be subject to human intervention and to express your point of view where automated processing is used;
  • request to withdraw your consent to our processing of your personal data (to the extent such processing is based on consent and consent is the only permissible basis for processing);
  • complain to a Data Protection Authority in your country.

To exercise your data privacy rights, you can reach out to us at dpo@charlottetilbury.com You will not have to pay a fee to access your personal data (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Where we rely on your consent to process your personal data, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using any of the details set out above in the “Contact Us” section. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Making a Complaint

If you are dissatisfied with how we have handled your personal data, you have the right to make a complaint to your data protection regulator. We would, however, appreciate the chance to deal with your concerns before you approach your data protection regulator, so please contact us in the first instance. In the UK, this is the Information Commissioner’s Office (ICO) https://ico.org.uk and for contacts of other authorities in Europe that you can find and contact on the website of the European Data Protection Board.

11. Local Laws Compliance

If local laws in a particular country require different or stricter standards for the processing of data than those described in this Notice, the relevant Charlotte Tilbury Group company will treat such data in accordance with local laws.

12. Updates to this notice

We may update this notice from time to time. Where we make material changes that affect how we process your personal data, we will notify you by appropriate means (such as by email or a prominent notice on our careers website). We encourage you to review this notice periodically.