Updated: 26th May 2021
At Charlotte Tilbury Beauty Hong Kong Limited, we are committed to protecting your personal information and respecting your privacy. It is your personal data and we respect that.
ABOUT US – WHO IS THE CHARLOTTE TILBURY GROUP?
However, we are part of a wider group of Charlotte Tilbury companies that run and operate the Charlotte Tilbury business elsewhere across the globe. This includes in the UK, US, Canada, Spain, France, the Netherlands and Germany. When we refer to the Charlotte Tilbury Group we are referring to the wider group of Charlotte Tilbury companies.
We may share your personal data with other companies within the Charlotte Tilbury Group to enable us to run data analysis, develop new products, for other business development purposes and/or to allow another Charlotte Tilbury Group company to perform services on our behalf. Where we do this, we have written contracts in place between the companies within the Charlotte Tilbury Group to ensure your privacy is secure and respected.
You can purchase Charlotte Tilbury products and services at a Charlotte Tilbury concession in the store of our retail partner Lane Crawford (‘Concession’). Please note that when you purchase any products in the Concession you are contracting directly with us and we are the data controller and data user of any personal data we collect when you purchase products at the Concession.
ONLINE RETAIL PARTNER
You can also purchase Charlotte Tilbury products and services via the website of our retail partner in Hong Kong, Lane Crawford. (‘Retail Partner’). Please note that when you are purchasing Charlotte Tilbury products and/or services online through the Retail Partner you are contracting directly with that Retail Partner and not with us or the wider Charlotte Tilbury Group.
Any personal data which you provide to a Retail Partner will be controlled by the Retail Partner and you should visit the Retail Partner’s website or contact them directly if you have any questions about how they process, handle and use your personal data. We do not own or control, and are not responsible for the privacy practices of any Retail Partner’s website.
ENSURING THE LAWFUL USE OF YOUR DATA
We may sometimes need to use data to comply with our legal obligations (for example to pass on details related to fraud). In other instances, we will ask for your consent to use your data, for example, where you sign-up to receive our email newsletters.
Further details of how we use your personal information are provided below.
WHAT INFORMATION WE COLLECT FROM YOU AND HOW WE USE IT
The information we collect about you and how we will use it, depends on how you interact with us, for example, if you purchase products from the Concession, contact us with a query by email or phone, or book an appointment in the Concession. The table below provides some examples of the information we collect about you and how we will use it, as well as the legal basis (where applicable under relevant laws).
How we use it
- To process, fulfil and deliver your order placed via the Website, or to process any refund, return or exchange requested by you in relation to an order placed via the Website. On the lawful basis to fulfil our contract with you.
- To allow you to create an account with us. On the lawful basis of legitimate business purposes.
- To allow you to book an appointment with us or to attend an event. On the lawful basis of legitimate business purposes.
- So that you can enter competitions, events or prize draws run by us. On the lawful basis where you consent.
- To send you email newsletters to keep you up-to-date about our products and services which we think will interest you and our latest offers, subject to you providing your consent. (see the "Marketing" section below for further information). On the lawful basis where you consent.
- To communicate with you in relation to your booking, or if you raise an enquiry or complaint with us. On the lawful basis of legitimate business purposes.
- To allow you to complete any surveys we send you (if you wish to) or to comment on or review our products or service, to help us to improve them. On the lawful basis of legitimate business purposes.
- Fraud prevention and detection. On the lawful basis of legal obligation/legitimate business purposes.
- To email you to inform you when a product you want to order is back in stock. On the lawful basis of legitimate business purposes.
The personal data we collect from you: Payment details and details of your transactions.
How we use it
- To assess whether you are eligible for a loyalty programme. On the lawful basis of legitimate business purposes
The personal data we collect from you: Information you provide to us when you contact us by telephone, by email, by post or on social media.
How we use it
- Provide you with the support and customer service you have requested. On the lawful basis legitimate business purposes
How we use it
- To administer and to improve our Website, to ensure it is presented in the most effective manner for you and to give you the best Website experience and to allow you to participate in interactive features of our Website if you choose to do so. On the lawful basis legitimate business purposes
- For data analysis, testing, research and statistical statistics to help us to improve our products and services. On the lawful basis legitimate business purposes
- To keep our Website safe and secure. On the lawful basis legitimate business purposes
- To make suggestions and recommendations to you and other users of our Website about products or services that may interest you or them. On the lawful basis legitimate business purposes
- To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you. On the lawful basis legitimate business purposes
The personal data we collect from you: Additional information you choose to provide us, including your hair colour, eye colour and skin tone.
How we use it
- To assist us to provide you with a more personalised beauty experience. On the lawful basis legitimate business purposes
The personal data we collect from you: Social Media Handles
How we use it
- Where you have provided us your social media handle to participate in a Charlotte Tilbury program or similar, to enable us to identify and view your social media account(s). On the lawful basis legitimate business purposes
The personal data we collect from you: Photographs of you, where you choose to provide them to us.
How we use it
- For use on the Charlotte Tilbury website for marketing purposes and product recommendations. On the lawful basis where you consent
You don’t have to give us any of the personal data set out above but, if you don’t provide us with certain information, we may not be able to provide you with the goods and services you have requested from us. The forms you fill in on our Website and in our stores will make it clear what information we need in order to provide the product or service you are requesting and what information you can choose to provide if you wish.
To help us form a better, overall understanding of you as a customer, we combine your personal data gathered across the Charlotte Tilbury Group, for example, your shopping history.
Subject to your consent, we may use your personal data or transfer your personal data (including your name, phone number, email address, postal address, transaction history, social media account and customer profile) to members of the Charlotte Tilbury Group, for the purposes of sending you marketing and promotional materials concerning the latest news, updates, offers, advice, events, contests and promotions in relation to beauty, cosmetics, fragrance, skincare, toiletries or personal care products or services offered by us or the Charlotte Tilbury Group.
AUTOMATED DECISION MAKING
We don’t currently carry out automated decision-making, using information we hold about you.
SHARING YOUR DATA WITHIN THE CHARLOTTE TILBURY GROUP
We may share your personal data with other companies within the Charlotte Tilbury Group to enable us to run data analysis, develop new products, for other business development purposes, to allow another Charlotte Tilbury Group company to perform services on our behalf and/or (subject to your consent) for them to send you marketing and promotional materials on their own behalf (see section on "Marketing" for more information). Where we do this, we have written contracts in place between the companies within the Charlotte Tilbury Group to ensure your privacy is secure and respected.
SHARING YOUR DATA WITH TRUSTED THIRD PARTIES
We share your personal data with trusted third parties to allow us to provide our services to you. When we do share your data with these third parties we only provide the information they need to perform the service. We have written contracts in place with them to ensure they only use your data for the purpose we specify to them and that your privacy is secure and respected.
These trusted third parties include the following:
- Companies that help us fulfil your orders and, where required, get your purchases to you, such as delivery couriers and payment providers; (eg., SF Express, Stripe)
- Professional service providers such as website hosting providers, system providers, website analytics providers, advertisers and appointment booking providers, who help us run our business; (eg. Booking Bug, Google Analytics, Magento, Pontac)
- Direct marketing companies who help us manage our electronic communications with you; (eg. Dotmailer, Ometria, Moveable ink, Pontac)
- Social Media or Web platforms to show you products that might interest you while you’re browsing the internet; (eg. Facebook, Instagram, YouTube)
- Companies who send segmented, personalized marketing communications on our behalf; (eg.Qubit, Revel, Implicit Designs)
We may also share your personal data in connection with a business transition (such as a merger, acquisition by another company, or a sale of all of or portion of our assets). In these circumstances, we may need to share your personal data with a prospective buyer and external professional advisors such as accountants, insurers, lawyers or financial institutions.
We may be required to share your personal data with the police, administrative authorities or other enforcement, regulatory or Government bodies, where we are legally obliged to do so.
We will only share your personal data with third parties (including our group companies) for them to use for their own direct marketing purposes when you have given your consent for us to do so.
INFORMATION WE RECEIVE FROM THIRD PARTIES
We may receive information about you from third parties, such as partners we run competitions and events with, for example, our Retail Partner in Hong Kong and trade shows or from other organisations we work with, or from publicly available sources, such as Companies House, or information which is published in the media.
Depending on your settings or the privacy policies of social media or messaging services, such as Facebook, Twitter or WhatsApp, we may collect information about you from these sources, with your permission.
We may combine the information you have given us, with information obtained from other sources, but we will only do this when we have a lawful basis to do so.
SEEING ADVERTISEMENTS FOR OUR WEBSITE ONLINE
We, like many other companies, target Charlotte Tilbury ads and banners to you when you are browsing on apps and other websites. We do this by way of various ad exchanges and digital marketing networks. We use various advertising technologies, for instance, ad tag, cookies, pixels, identifiers and web beacons. We also use services offered by some sites and social networks, for example, Facebook’s Custom Audiences.
The ads and banners you see are based on information that we hold about you, or on your prior use of our Website, for example, products you have browsed previously, content you have read on our Website, or on Charlotte Tilbury banners or ads that you have engaged with in the past.
We use CCTV surveillance systems (the “CCTV System”) at our concession stores in Hong Kong for the purposes of: (i) prevention, reduction, detection, investigation or prosecution of any crime and other incidents; (ii) ensuring the safety of staff, visitors and customers; (iii) assisting in the investigation of suspected breaches of our regulations by staff, visitors or customers; and (iv) data analytics.
With regard to the use of our CCTV System for data analytics, only non-personally identificable information is collected on an anonymized basis by our service provider, such as data captured in real-time from our CCTV System to determine demographics, track footfall, engagement time, and so on. No faceprint data or individual profiles are captured or stored for data analytics purposes. No footage or images from our CCTV System are collected or stored by our service provider for data analystics purposes.
Appropriate signage will be in place in all locations where CCTV Systems are deployed, to inform individuals of their presence.
We have in place appropriate security measures and access controls to prevent any unauthorized access to our CCTV System and all recorded images. Our Head of Workplace Technology and Infrastructure is responsible for the overall management and operation of the CCTV System and the recorded images, including activities relating to installation, recording, reviewing, monitoring, disposal and dislclosure.
Unless required for evidential purposes, the investigation of an offence, a security incident or as required by law, or for any other directly related purpose, the CCTV images will be deleted within 22 days of being captured.
INTERNATIONAL TRANSFER OF YOUR PERSONAL DATA
We are a global business and some of our group companies and service providers are located outside of Hong Kong.
As a result, it may be necessary for the personal data that we collect from you to be transferred to or accessed from outside Hong Kong in order for us to provide our services.
HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
We may also keep hold of some of your personal data if we are required to do so for legal purposes, for example, to meet our legal or regulatory requirements or to prevent fraud and abuse. For example, we will keep your order data for five years after you place an order with us to allow us to comply with our legal obligations.
When we are no longer required to keep your personal data, your data will either be deleted or completely anonymised. For example, by aggregation with other data so that it can be used in a non-identifiable way for business planning and analysis purposes.
ENSURING YOUR PERSONAL DATA IS UP TO DATE AND CORRECT
It is important that the personal data we hold about you is accurate and current. If you have an account with us, please keep your details up-to-date.
We are committed to ensuring that your personal data is secure and we have put in place suitable physical, electronic, contractual and managerial procedures, including our Information Security Management System and Secure Sockets Layer (SSL) encryption, to protect your personal data. Our employees who have access to and process your personal data are obliged to respect the confidentiality and security of your personal data.
THIRD PARTY LINKS
HOW CAN I UNSUBSCRIBE FROM MARKETING COMMUNICATIONS?
We love keeping you up-to-date by email about our latest products, services, offers and events, but if you decide that you don’t want to receive these communications at any point, you can unsubscribe as follows:
Email us at: email@example.com or click on the unsubscribe button on the bottom of any email we send you. If you have an account with us, you can also unsubscribe by going to the Account Information page on the Charlotte Tilbury website, clicking on Newsletters, and unsubscribing to general subscription.
You may request access to or correction of your personal information which we hold about you under the Personal Data (Privacy) Ordinance Cap 486. A small fee will be payable in relation to complying with any data access requests. If you would like a copy of the information held on you please write to Customer Care, Charlotte Tilbury Beauty Limited, Unit 5, 50 Brook Green, London, W6 7BJ or email firstname.lastname@example.org.
RIGHT TO OBJECT
If you are dissatisfied with how we have handled your personal data, you have the right to make a complaint to your data protection regulator. In Hong Kong, this is the Office of the Privacy Commissioner for Personal Data (’PCPD’). You can make a complaint to the PCPD by calling their helpline on 2827 2827 or emailing them at email@example.com.
We would, however, appreciate the chance to deal with your concerns before you approach the ICO or, (if you’re based outside of the UK, your data protection regulator), so please do contact us in the first instance.
You need to be over 18 to create an account with us or to sign up for our newsletter. We will not knowingly collect data about under 18s and if you are under 18, please do not provide us with your personal information. We would ask parents to please ensure that their children that are under 18 do not provide us with any personal information without their permission. If you believe that a child who is under 18 has provided personal data to us, please contact us, using the details below and we will seek to delete that data from our systems.
For advertising purposes, we occasionally use information about our customers to generate a "lookalike audience" or similar audience of prospective customers through the Facebook, Google, Snapchat, Pinterest or TikTok advertising platforms. This allows us to target advertisements on their networks to potential customers who appear to have shared interests or similar demographics to our existing customers, based on the platforms' own data. We typically do this by uploading a list of email addresses. These third parties’ policy is to irreversibly hash (encrypt) such lists prior to uploading, match the hashed data against their own customers, generate the lookalike audience, then delete the uploaded list and use it for no other purpose. We do not have access to the identity of anybody in the lookalike audience, unless they choose to click on the ads. Based on this, we believe that generating lookalike audiences poses little or no threat to the privacy of our customers. If you wish to opt out of "similar audiences" in Google, you can do so through your Ads Settings. Many of the companies that display interest-based advertising are members of the Network Advertising Initiative ("NAI") and/or Digital Advertising Alliance ("DAA"). To learn more about interest-based advertising and how you may be able to opt-out of interest-based advertising, tracking, and/or sharing of tracking data by their members, visit their online resources at www.networkadvertising.org/choices and www.aboutads.info/choices, respectively. Other resources (not affiliated with NAI or DAA) include http://preferences-mgr.truste.com/, or for EU residents, www.youronlinechoices.eu.
• by email to our General Counsel at firstname.lastname@example.org; or
• by post to our General Counsel at General Counsel, Charlotte Tilbury Beauty Limited, 8 Surrey Street, London, WC2R 2ND