Privacy Policy (Effective from 10 August 2022) Contents 1. Who are we? 2. What information is covered by this Privacy Policy? 3. What personal information do we collect from you and how do we collect that information? 4. How do we use your personal information? 5. Matters specific to the internet 6. Do we use your personal information for direct marketing? 7. Sharing your data with third parties 8. Where do we transfer your personal information? 9. What are your rights in relation to your personal information? 10. Do we use CCTV? 11. How do we protect your personal information? 12. How long do we keep your personal information? 13. How do we deal with children's privacy? 14. How can you contact us? 15. Which version of this Privacy Policy applies? Aesop is committed to protecting your privacy. This Privacy Policy explains the types of personal information we collect, how we use that information, who we share it with, and how we protect that information.
Please read the following carefully to understand our views and practices regarding your personal information.
1. Who are we? This Privacy Policy applies to information that Emeis Cosmetics Pty Ltd, and its parent, subsidiaries and affiliate entities worldwide (individually and collectively referred to herein as "Aesop", "we", "us" or "our") collects from you. The personal information we collect is controlled by Aesop UK Limited, Hay's Galleria, 1 Hay's Lane, Hay's Lane House, 3rd Floor, London, SE1 2HD (registered number 05192303), Emeis Cosmetics Pty Ltd, 23 Waterloo Road, Collingwood VIC 3066, Australia, (ACN registration: 007 409 001) and the relevant local corporate affiliates. For the purposes of applicable data protection laws, the relevant Aesop entity as set out in section 14 below is a data controller of your personal information. 2. What information is covered by this Privacy Policy? This Privacy Policy covers all personal information that we collect, use and process which means information that (either in isolation or in combination with other information) enables you to be identified directly or indirectly. 3. What personal information do we collect from you and how do we collect that information? The types of personal information we may collect, and hold vary depending on the nature of our interaction with you and may include:
• identifying and contact information such as your name, postal and email address, telephone number, gender, date of birth and title;
• payment information;
• information ascertained about you from social media such as your profile picture, likes, location and friend list;
• geo-location details when using one of our mobile applications;
• health information such as skin concerns and adverse reactions to products; and
• product preferences and other information.
We may collect your personal information in a number of ways including when you:
• visit our website and register an account with us and/or purchase products through our website and/or undertake a live consultation;
• visit one of our Aesop retail stores or counters, including if you register an account with us in store; or
• correspond with us across any of our channels (e.g. messaging platforms such as text message, live chat and WhatsApp, social media and email).
We typically collect your personal information directly from you. On some occasions, we may collect your personal information from third parties such as payment platform providers. 4. How do we use your personal information? Why we process your information: To provide you with information about our products and services. How we use your information for this purpose: We process your order history to develop, market, sell or otherwise provide products, services or information to you. We also process your name and contact details to provide you with copies of our newsletter and information about our products, store launches, partnerships and in-store events, contact you regarding service related matters, and provide you with other marketing or promotional information where we are permitted to do so in accordance with applicable laws or if you have provided consent for us to do so. We also process this information to ensure that we do not contact you for direct marketing purposes if you have asked us not to. Based on the following justification: Using your personal information in this way is necessary for us to perform our contractual obligations to you. It is also in our legitimate interests to provide you with the best possible customer experience online and instore.
Why we process your information: To process your payments and protect you against fraudulent transactions. How we use your information for this purpose: We process your personal information including your payment details (credit card, debit card and/or other payment details) to fulfil your purchase orders for our products, services and/or gift cards. We also process this information to keep your payment details safe and protect you against fraudulent transactions. We process details of your device when you shop on our website to enable us to detect any fraudulent transactions or suspicious purchasing activity. Based on the following justification: It is in our legitimate interests to process personal information to keep payments secure and necessary for the performance of our contract with you. Providing us with certain personal information is voluntary but we may not be able to process your order and send you the required order acknowledgement and shipping confirmation e-mails if you do not provide us with certain requested information.
Why we process your information: To provide you with products and services that you have purchased from us. How we use your information for this purpose: We may need to use your name and contact details to perform our obligations under a contract with you (e.g. where you have purchased a product or service from us, like a hand cream or a facial treatment). Based on the following justification: It is necessary for us to process your personal information in this way for us to perform our statutory and/or contractual obligations to you.
Why we process your information: To learn more about why you use certain products and inform our product developers. How we use your information for this purpose: We process your personal or health information (e.g. skin type or where you suffer an adverse reaction to a product) to update your account with us. We also process this data to conduct internal administrative activities, research, analytics, planning and product development. If you have a customer account (whether created online or in-store), we may also collect information about the products you browse online or purchase, where you purchased the products from and other information relevant to your customer relationship with Aesop. We use this information for our internal demographic insights into our customers, to offer you an enhanced service according to your preferences, including by identifying relevant products, services and events which may be of interest to you, and to personalise your experience with Aesop. Together with non-personal information, we may also use this information for our internal marketing analysis and demographic studies, to analyse, profile and monitor customer patterns so we can consistently improve our products. This means that we can offer more personalised and integrated shopping and interactive experiences to our customers across all our channels. Based on the following justification: It is in our legitimate interests to develop our products and market the right products to you.
Why we process your information: To improve your experience on our website. How we use your information for this purpose: We process information such as your Aesop account username and password, IP address, information about your purchases and your other activity on our website to improve our website, including to modify it to your usage, history and preferences and troubleshoot problems. Based on the following justification: It is in our legitimate interests to ensure we provide you with a seamless online experience.
Why we process your information: To assess the online activities of our website users. How we use your information for this purpose: We process information collected by our websites automatically and through cookies and other technologies to assess the activities of our users, to measure the interest in and use of our website and communications, and to customise the website and our communications with you. We do this on both an individual basis and in the aggregate. Please see the section titled 'Matters specific to the Internet' for more detail. Based on the following justification: It is in our legitimate interests to process personal information using cookies and other technologies that we need to use to run our website. Where required by applicable law, we will ask for your consent to the use of cookies that aren't necessary to run our website.
Why we process your information: To understand and analyse our sales, your needs and preferences. How we use your information for this purpose: We may use your information such as your geographical location to help us conduct focused market research (such as surveys) based on trends and common factors so that we develop, enhance, market and provide products and services to meet your individual needs. Based on the following justification: It is in our legitimate interests to process personal information to develop, enhance, market and provide products and services to you.
Why we process your information: To understand your preferences based on information included in your Aesop profile (completed online, in-store or at one of our counters) or in other communications you send to Aesop. How we use your information for this purpose: We process your information in this way to better understand you, to maintain, update and service your account with us. This processing also allows us to conduct internal administrative activities, research, analytics, planning and project development. Based on the following justification: It is in our legitimate interests to process personal information so that we can better provide our products to you.
Why we process your information: To process exchanges or returns. How we use your information for this purpose: We process your personal information to perform our obligations under our contract with you. Based on the following justification: It is necessary for us to process your personal information to fulfil our statutory and/or contractual obligations to you.
Why we process your information: To respond to requests or complaints. How we use your information for this purpose: If you contact Aesop by live chat from our site, by email or phone, or in person at a store or counter, Aesop will collect your personal information and use this to identify you as a customer, help with your query, process your order, process payments, deliver products and services, update our records and to generally manage your account with us under our terms with you. Based on the following justification: It is necessary for us to process your personal information to fulfil our statutory and/or contractual obligations to you.
Why we process your information: To ensure the security and integrity of Aesop resources, including the website. How we use your information for this purpose: Aesop will process personal information to assess and enhance the security and reliability of our remote and electronic resources, including analysis of information collected during technological development, and program enhancements. Based on the following justification: We process your personal information in an effort to provide safe, reliable access to our goods and services.
Why we process your information: To assess or ensure compliance with applicable laws, regulations, and policies. How we use your information for this purpose: We may process your personal information to audit, confirm, and document compliance with legal, administrative, industry, and ethical standards, including Aesop’s policies and procedures, code of conduct, and corporate responsibility initiatives. We will also process your personal information to audit our affiliates’ and service providers’ compliance with contractual obligations as well as applicable privacy and other standards. Based on the following justification: We process your personal information to obey laws and regulations, to enforce internal policies, and to prevent and detect fraud and other practices that undermine Aesop’s commitment to fair and ethical conduct.