At Charlotte Tilbury we are committed to protecting your personal data and respecting your privacy. It is your personal data and we respect that.
About us - who is the Charlotte Tilbury group?
We are a global make-up, skin-care and perfume business, with stores around the globe, and with companies that run and operate the Charlotte Tilbury business across the globe. This includes companies in the United Kingdom, Germany, the Netherlands, the United States and Hong Kong. When we refer to the “Charlotte Tilbury Group”, we are referring to the wider global group of Charlotte Tilbury companies.
Who processes your personal data
If you would like to get in touch with any of the data controllers set out below, you can do so at the address specified below or by emailing: email@example.com
|When you apply for a role with (or provide your data to) a Charlotte Tilbury Group company in the following country:||The data controller will be:|
|United Kingdom and Ireland|
Charlotte Tilbury Beauty Limited
8 Surrey Street
United Kingdom WC2R 2ND
Charlotte Tilbury Beauty Germany GmbH
Am Sandtorkai 68,
c/o Field Fisher (Germany) LLP
Charlotte Tilbury Beauty Netherlands B.V.
8 Surrey Street
United Kingdom WC2R 2ND
|United States of America|
Charlotte Tilbury Beauty Inc.
National Registered Agents Inc
160 Greentree Drive, Suite 101,
Dover DE 19904
Charlotte Tilbury Beauty Canada Inc.
199 Bay Street, Suite 5300 Commerce Court West,
Toronto ON M5L 1B9
Charlotte Tilbury Beauty Hong Kong Limited
29th floor, Edinburgh Tower, The Landmark
15 Queen’s Road Central
Central, Hong Kong
Ensuring the lawful use of your data
We will collect various types of personal data from you during the application process or Networking Event. Further details of how we use your personal data are set out below.
We only process personal data about applicants, or attendees at Networking Events, where the processing can be legally justified. This will usually be where the processing is necessary:
- If your application is successful, to enter into and/or to perform the employment contract;
- To ensure compliance with our legal obligations as a potential employer, e.g. to ensure you have the right to work;
- With your consent; and/or
We also may need to process personal data from job applicants to respond to and defend against legal claims.
What personal data do we collect?
To decide whether to shortlist you as an applicant and to contact you in relation to your application, we will need to collect the following information about you up to and including the shortlisting stage of the recruitment process:
- Your name and contact details (e.g. address, home and mobile phone numbers, email address);
- Your curriculum vitae/resume; and/or
- Details of your qualifications, experience, employment history and the role(s) you are applying for.
- We will not be able to process your application without this data.
After the shortlisting stage, we will need to collect and process the following data about you to allow us to make our final decision as to whether to recruit you:
- Data regarding your academic qualifications;
- If necessary, your nationality and information from related documents, such as your passport or other identification information and, if applicable, your immigration status and other relevant immigration information; and
- Any other information you may send to us or we may make about you as part of the recruitment process including, for example: CVs, covering letters and interview notes.
We are under a statutory obligation to collect the information regarding your nationality and immigration status and information to enable us to verify your right to work in the country where the position or role that you are applying for is located.
We will only process personal data that we obtained from you. If we collect your personal data from another source, we will provide you with the specific source of the data.
In the case of personal data collected at Networking Events, we will collect (with your consent), your name, the town/city of your residence, your email address, your telephone number and any other details we deem necessary for the purposes of contacting you about any roles with us that we think that you may be interested in applying for.
At the beginning of a recruitment search or exercise, we may employ filters using key words/phrases relevant to a particular search or exercise, which may result in the automated rejection of some CVs or applications. We only do this in order to establish that candidates have the right to work in the country in which a role they have applied for is located. This automated decision-making is necessary in order to make a shortlist of possible candidates, with the intention of entering into a contract with an applicant. The applicant has the right to obtain human intervention, to express his/her point of view and to contest the decision based on the automated decision-making at any time. If you wish to exercise any of these rights, please get in touch via the “Contacting Us” section.
Special categories of personal data - sensitive personal data
Where applicable (and if you have specifically given us your consent), we will process sensitive personal data, like information about your disability status to comply with our obligations to consider whether we need to provide appropriate adjustments during the recruitment process or if you are subsequently offered employment with us.
Disclosure of your data
If you have specifically given us your consent to do so, we will share your personal data collected during the application process with other Charlotte Tilbury Group companies for recruitment opportunities, (for example if you have expressed a desire to work in a particular country in which Charlotte Tilbury operates), and with third parties, for instance external reference agencies (such as XREF), psychometric or skills based testers (such as Recruitmenttests.co.uk) or other third parties who assist us with the recruitment process and, where applicable if you are going to be working in one of our retail partner department stores (such as House of Fraser, The John Lewis Partnership etc), we will disclose your personal data to those partner stores for the purposes of that store’s induction process.
We will also disclose your personal data to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
- If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our applicants and employees will be one of the transferred assets; and/or
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our agreements; or to protect the rights, property, or safety of us, our applicants, employees, customers and providers.
International transfer of your personal data
Where data may be held
Where you are an applicant for a role within the Charlotte Tilbury Group, your personal data will be held on Workable, an online, cloud based recruiting solution based in North America using Amazon Web Services (AWS). In the case of personal data collected at a Networking Event it will be held securely on our system on a Google Analytics platform.
Storage of your personal data
We will keep your personal data for as long as we need to in order to complete our recruitment process. Where permissible in accordance with local law, personal data relating to unsuccessful applicants will then be deleted at the latest 12 months following completion of our recruitment process, unless you have agreed to us retaining your personal data so that we can inform you of any suitable vacancies that arise in which case we may retain your personal data for up to 5 years. We comply with the applicable law in each jurisdiction so that if the period(s) of time in some jurisdictions are less than those set out above, we will observe those lesser time periods. You can, however, request the deletion of your personal data at any stage before then.
In the case of personal data that we obtain about you at Networking Events, with your consent we will keep this for a period of 12 months in order to send you updates about any job vacancies that we think that you may be interested in. You can, however, request the deletion of your personal data at any stage before then.
Security of your personal data
We are committed to ensuring that your personal data is secure and we have put in place suitable physical, electronic, contractual and managerial procedures, including our Information Security Management System, to protect your personal data. Our employees who have access to and process your personal data are obliged to respect the confidentiality and security of your personal data. We maintain security policies and procedures that apply to internal and third party systems.
Unfortunately, the transmission of data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Subject to certain exceptions, data protection laws provide you with the following rights, to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing your personal data;
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected and completed;
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below);
- Request the restriction of processing of your personal data, for example if you want to establish its accuracy or the reason for processing it; and
- Request the transfer of your personal data to another party.
You also have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Where we rely on your consent to process your personal data, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using any of the details set out below in the “Contacting Us” section. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you are dissatisfied with how we have handled your personal data, you have the right to make a complaint to your data protection regulator. In the UK, this is the Information Commissioner’s Office (“ICO”). You can make a complaint to the ICO by calling their helpline on 0303 123 1113 or on their website at www.ico.org.uk/concerns. In Hong Kong, this is the Office of the Personal Data Privacy Commissioner (“PDPO”). You can make a complaint to the PDPO by calling their helpline on 2827 2827 or emailing them at enquiry at pcpd.org.hk. In Holland, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), and you can call them on (31) (0)70 888 85 00 or write to them at Postbus 73374, 2509 AJ DEN HAAG.
We would, however, appreciate the chance to deal with your concerns before you approach your data protection regulator, so please contact us in the first instance.
Application of local laws
- By email at firstname.lastname@example.org; or
- By post at General Counsel, Charlotte Tilbury Beauty Limited, 8 Surrey Street, London, United Kingdom WC2R 2ND