Last Updated: 19th May 2018
At Kristals Cosmetics, we’re working hard to serve shoppers a little better every day. Looking after the personal data you share with us is a hugely important part of this. We want you to be confident that your data is safe and secure with us, and understand how we use it to offer you a better and more personalised shopping experience.
What this policy covers
The data controller is Kristals Cosmetics (referred to in this policy as “we” or “us”).
We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That’s why we’ve developed this privacy and cookies policy (“Policy”), which:
- sets out the types of personal data that we collect
- explains how and why we collect and use your personal data
- explains when and why we will share personal data within Kristals Cosmetics and with other organizations; and
- explains the rights and choices you have when it comes to your personal data
We offer a wide range of products and services, so we want you to be clear about what this Policy covers. This Policy applies to you if you use our services (referred to in this Policy as “our Services”). Using our Services means:
- shopping with us over the phone, or online or otherwise using any of the websites (“our Websites”) where this Policy is posted
- This Policy also applies if you contact us or we contact you about our Services
Some other parts of our business and other Kristals Cosmetics companies may need to collect and use personal data to provide you with their products and services and for certain other purposes. They have their own privacy policies that explain how they use your personal data.
Personal data we collect
This section tells you what personal data we may collect from you when you use our Services and what other personal data we may receive from other sources.
When you register for our Services, you may provide us with:
- Your personal details, including your postal and billing addresses, email addresses, and phone number
- Your account login details, such as your username and the password that you have chosen
When you shop with us online or browse our Websites, we may collect:
- Information about your online purchases (for example, what you have bought, when and where you bought it and how you paid for it)
- Information about your online browsing behaviour on our Websites and information about when you click on one of our ads (including those shown on other organizations’ websites)
- Information about any devices you have used to access our Services (including the make, model and operating system, IP address, browser type and mobile device identifiers)
When you contact us or we contact you or you take part in promotions, giveaways, surveys or reviews about our Services, we may collect:
- Personal data you provide about yourself anytime you contact us about our Services (for example, your name, username and contact details), including by phone, email or regular mail or when you speak with us through social media
- Details of the emails and other digital communications we send to you that you open, including any links in them that you click on
- Your feedback and contributions to customer surveys or reviews
When you visit our stores:
- footage of you may be recorded on our CCTV systems
Other sources of personal data
We may also use personal data from other sources, such as specialist companies that supply information or online media channels. For example, this other personal data helps us to:
- review and improve the accuracy of the data we hold; and
- improve and measure the effectiveness of our marketing communications, including online advertising.
How and why we use personal data
This section explains in detail how and why we use personal data. We use personal data to:
Make our Services available to you
This means that processing your personal data allows us to:
- Manage the accounts you hold with us
- Process your orders and refunds. Why do we process your personal data in this way? We need to process your personal data so that we can manage your customer accounts, provide you with the goods and services you want to buy and help you with any orders and refunds you may ask for.
Manage and improve our day-to-day operations
- Help to develop and improve our product range, services, stores, information technology systems, know-how and the way we communicate with you. Why do we process your personal data in this way? We rely on the use of personal data to carry out market research and internal research and development, and to improve our information technology systems (including security) and our product range, services and stores. This allows us to serve you better as a customer.
- Detect and prevent fraud or other crime. Why do we process your personal data in this way? It is important for us to monitor how our Services are used to detect and prevent fraud, other crimes and the misuse of services. This helps us to make sure that you can safely use our Services.
Personalize your experience
- Use your online browsing behavior and online purchases to help us better understand you as a customer and provide you with personalised offers and services to help us meet your needs as a customer.
Provide you with relevant marketing communications (including by email, regular mail or online advertising), relating to our products and services, and those of our suppliers or Retail Partners. As part of this, online advertising may be displayed on websites across the Kristals Cosmetics and on other organizations’ websites and online media channels. We may also measure the effectiveness of our marketing communications and those of our suppliers and Retail Partners.
Why do we process your personal data in this way? We want to ensure that we provide you with marketing communications, including online advertising, that are relevant to your interests. To achieve this we also measure your responses to marketing communications relating to products and services we offer, which also means we can offer you products and services that better meet your needs as a customer.You can change your marketing choices, both when you register with us, and at any time after that.You also have choices when it comes to online advertising. We set out below your choices when it comes to cookies, and how you can control your online behavioural advertising preferences.
Contact and interact with you
- Contact you about our Services, for example by phone, email or regular mail or by responding to social media posts that you have directed at us. Why do we process your personal data in this way? We want to serve you better as a customer so we use personal data to provide clarification or assistance in response to your communications
- Manage promotions and competitions you take part in, including those we run with our suppliers and Retail Partners. Why do we process your personal data in this way? We need to process your personal data so that we can manage the promotions and competitions you choose to enter.
- Invite you to take part in customer surveys, reviews and other market research activities carried out by Kristals Cosmetics and by other organizations on our behalf. Why do we process your personal data in this way? We carry out market research to improve our Services. However, if we contact you about this, you do not have to take part in the activities.
In relation to the headings mentioned in the section above (“how and why we use your personal data”), our legal basis for processing your personal data is:
Make our Services available to you
- Contractual Necessity – at the time we collect it:
- Purchase & transaction data;
- Contact details;
- Profile details;
- Delivery/collection details.
- We will not be able to provide you with your products or services if you do not provide us with this data.
- Legitimate Interests - following fulfilment of your order for the other personal data in that section.
Manage and improve our day-to-day operations
- Legitimate Interests.
Personalise your Kristals Cosmetics experience
- Legitimate Interests.
Contact and interact with you
- Legitimate Interests.
- Bringing or Defending Legal Claims.
Our Legitimate Interests in using your personal data
Where we have mentioned above our use of your personal data is based on our “legitimate interests”, these are:
- to service our customers’ needs, including delivering our products and services;
- to promote and market our products and services;
- to service your account, manage complaints and resolve any disputes;
- to understand our customers including their patterns, behaviours as well as their likes and dislikes;
- to protect and support our business, colleagues, customers and shareholders;
- to prevent and detect anti-social behavior, fraud and other crime;
- to test and develop new products and services as well as improve existing ones
Sharing personal data with Retail Partners and Service Providers
This section explains how and why we share personal data with Retail Partners and Service Providers.
When we share personal data with these companies we require them to keep it safe, and they must not use your personal data for their own marketing purposes.
We work with a number of Retail Partners who sell our products through their platforms. We only share personal data that enable our Retail Partners to provide their services.
We work with carefully selected Service Providers that carry out certain functions on our behalf. These include, for example, companies that help us with technology services, processing payments, provide us with legal or other professional services as well as delivering orders. We only share personal data that enable our Service Providers to provide their services.
Some of the Service Providers we work with operate online media channels, and they place relevant online advertising for our products and services, as well as those of our suppliers and our Retail Partners, on those online media channels on our behalf. For example, you may see an advert for our products and services as you use a particular social media site. Examples of our Service Providers include Facebook, Adobe, and Cybersource.
Sharing personal data with other organizations
This section explains how and why we share personal data with other organizations.
We may share personal data with other organizations in the following circumstances:
- if the law or a public authority says we must share the personal data or for the administration of justice;
- if we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud);
- where we restructure, sell or transfer our business (or a part of it). For example in connection with a takeover or merger.
How we protect personal data
We know how important it is to protect and manage your personal data. This section sets out some of the measures we have in place.
- We apply physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data;
- We protect the security of your information while it is being transmitted by encrypting it;
- We use computer safeguards such as firewalls and data encryption to keep this data safe;
- We only authorise access to employees and trusted partners who need it to carry out their responsibilities;
- We regularly monitor our systems for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security;
- We will ask for proof of identity before we share your personal data with you; and
- We will reveal only the last four digits of your payment card number when confirming an order.
Whilst we take appropriate technical and organizational measures to safeguard your personal data, it is important that you keep your login details and devices protected from unauthorized access.
The personal data that we collect from you is stored at a destination outside the European Economic Area ("EEA"). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers.
How long we use personal data for
We will not keep your personal data longer than we need to, how long this is depends on several factors, including:
- Why we collected it in the first place;
- How old it is;
- Whether there is a legal/regulatory reason for us to keep it;
- Whether we need it to protect you or us.
Marketing and market research
This section explains the choices you have when it comes to receiving marketing communications and taking part in market research.
We will send you relevant offers and news about our products and services in a number of ways including by email, but only if you have previously agreed to receive these marketing communications. When you register with us we will ask if you would like to receive marketing communications, and you can change your marketing choices at anytime online, by clicking the unsubscribe link in the footer of any marketing email, over the phone or in writing using our Contact form.
We also like to hear your views to help us to improve our Services, so we may contact you for market research purposes. You always have the choice about whether to take part in our market research.
Cookies and similar technologies
Cookies are small text files containing a unique identifier, which are stored on your computer or mobile device so that your device can be recognised when you are using a particular website or mobile app. They can be used only for the duration of your visit or they can be used to measure how you interact with services and content over time. Cookies help to provide important features and functionality on our Websites, and to improve your customer experience.
When you consent to Cookies on our Services, these may be used to do the following:
Improve the way our Websites work
Cookies allow us to improve the way our Websites work so that we can personalise your experience and allow you to use many of their useful features.
Improve the performance of our Websites
Cookies can help us to understand how our Websites and Mobile Apps are being used, for example, by telling us if you get an error messages as you browse.
These Cookies collect data that is mostly aggregated and anonymous.
Deliver relevant online advertising, including via social media
Cookies used for this purpose are often placed on our Websites by organizations providing specialist services to us. These Cookies may collect information about your online behaviour, such as your IP address, the website you arrived from and information about your purchase history or the content of your shopping basket. This means that you may see our adverts on our Websites and on other organizations’ websites. You may also see adverts for other organizations on our Websites.
To help us to deliver online advertising that is relevant to you, we may also combine data we collect through Cookies in the browser of your desktop computer or other devices with other data that we have collected, for example if you made a purchase after clicking over from Facebook.
Measuring the effectiveness of our marketing communications, including online advertising
Cookies can tell us if you have seen a specific advert, and how long it has been since you have seen it. This information allows us to measure the effectiveness of our online advertising campaigns and control the number of times you are shown an advert.
Third parties operating through our Websites
Our key partners are listed below with information about the services they provide to us. This list is not exhaustive but it does include those partners with whom we have an established relationship and whose cookie technologies are most frequently deployed through our Services.
Measurement & Personalisation
To analyse how our services are used, including to test different content versions. This data may also be used to enable us to personalise our services and the marketing of our services.
To enrich your shopping experience by delivering personalized recommendations to you on some of our websites.
To personalise Kristals Cosmetics adverts shown to you via Kristals Cosmetics and on other websites based on your interactions with Kristals Cosmetics. For example, by using data about your transactions with Kristals Cosmetics, what you have in your basket and the pages and products you look at.
To market to you via social media platforms and to enable social sharing and engagement on our websites. These companies may use your data for their own purposes, including to profile and target you with other advertising.
Your choices when it comes to Cookies
Web browser cookies
You can use your browser settings to accept or reject new Cookies and to delete existing Cookies. You can also set your browser to notify you each time new Cookies are placed on your computer or other device. You can find more detailed information about how you can manage Cookies through your browser’s help function.
If you choose to disable some or all Cookies, you may not be able to make full use of our Websites. For example, you may not be able to add items to your shopping basket, proceed to checkout, or use any of our products and services that require you to sign in.
You can also manage advertising related Cookies used on our Services by opting-out through the Service Providers listed in the table above or by visiting the YourOnlineChoices website. Where we display personalised adverts on other organizations’ websites, the AdChoices icon might be displayed. Clicking on this icon will provide you with specific guidance on how to control your online advertising preferences. More information is available on the YourAdChoices website.
Cookies work differently on Mobile Apps as they are coded into the App itself and will use a unique identifier created by your mobile device for use for advertising activities. You can turn off or reset this advertising identifier through your mobile device’s privacy settings.
Subject access rights
You have the right to see the personal data we hold about you. This is called a Subject Access Request.
If you would like a copy of the personal data we hold about you, please email us through our Contact page.
Other data protection rights
In relation to your personal data, you also have the right to:
- have inaccurate information corrected: Summary of the right: if you believe we hold inaccurate or missing information, please let us know and we will correct it.
- object to our use of it: Summary of the right:
- general objection - We will then consider your objection to our use of your personal data. If on balance, your rights outweigh our interests in using your personal data, then we will at your request either restrict our use of it (see section 3 below) or delete it (see section 4 below).
- objection in relation to direct marketing - If you make such an objection, we will stop using your personal data for direct marketing purposes.
- you have successfully made a general objection (listed in section 2 above).
- you are challenging the accuracy of the personal data we hold.
- we have used your personal data unlawfully, but you do not want us to delete it.
- we no longer need to keep your personal data;
- you have successfully made a general objection (listed in section 2 above);
- you have withdrawn your consent to us using your personal data (and we do not have any other grounds to use it);
- we have unlawfully processed your personal data.
How to contact us
If you have any questions about how we collect, store and use personal data please contact us through our Contact or Customer Care page.