This Privacy Policy describes how Sephora (“Sephora,” “we,” “us,” and “our“) collects, uses, shares, and secures the personal information you provide through our websites, mobile applications, and other online services and applications (collectively, the “Services“). Please read this Privacy Policy carefully.

1. Information We Collect

We collect information from you when you access our Services or otherwise interact with or provide information to us. This includes when you: register for an account; place orders; participate in surveys, contests or promotions; communicate with us; or otherwise use our Services.

The types of personal information we collect may include:

As permitted by law or with your consent, we may also collect additional details like your birthday, skin tone, hair type and texture, product or ingredient preferences to support personalized services you elect to receive.

2. How We Use Your Information

We may use your personal information for the following purposes:

To provide our services including processing orders; shipping and tracking status notifications; loyalty program management; personalized recommendations; and customer support.

To improve our services by analyzing your interactions with our Services; gathering feedback; personalization to better match your interests and preferences; and improving our product ranges and online experience.

Security and fraud prevention by detecting threats; restricting suspected fraudulent transactions; assisting investigations; enforcing use rules; and to comply with legal obligations.

To market and promote our products & services via electronic communications; customizing content and promotions; determining effectiveness of campaigns; operating loyalty programs; managing sweepstakes or contests; improving outreach efficiency; and analytics to understand usage trends.

3. Legal Bases for Processing

We process your personal information only when legally permitted including when:

4. Information Sharing

We restrict access to your personal information only to personnel with need to manage services you utilize, except when required to comply with legal process or appropriately responding to threats in keeping with applicable laws.

We utilize other companies, agents or contractors (“Service Providers”) to perform services on our behalf like payment processing, order fulfillment, website development, data analytics or email campaign management and loyalty programs. We may provide access to or share certain data needed to perform assigned services but subject service providers to strict confidentiality obligations consistent with this Privacy Policy and prohibit using data for other purposes. They must delete data when engaged services conclude.

We may also share some personal information like contact details, order details and shopping history with our parent company [FICTIONAL COMPANY NAME] and any of our corporate subsidiaries to support centralized functions like order processing, customer service, marketing or product analysis. Our subsidiaries follow privacy practices aligned to this Privacy Policy.

Beyond our corporate family, we will not share, trade, rent or sell data to other third parties without your consent except to comply with warrants, subpoenas or other legal process requirements to provide requested information when reasonably necessary for security purposes or financial reporting; or during emergencies presenting danger of death or injury when information could assist others respond.

5. Data Security

We follow generally accepted security standards like encryption, firewalls, intrusion detection protocols and secure communication practices for technical safeguards designed to protect data stored with us. We restrict access through validated credentials, limited employee access profiles and monitor systems to identify unauthorized attempts.

However, no data handling or storage system is completely secure or hack-proof. We cannot guarantee security of systems at all times or fully eliminate risks of data theft or inadvertent exposures through technological failures.

You play a vital role in protecting your information as well. Take steps like keeping all account credentials confidential; using unique complex passwords that nobody could guess; and review account activity to ensure charges were authorized. Alert us immediately of any unauthorized access, hacking attempts or situations presenting possible data exposure risks that we should address. By using our Services following changes to this Privacy Policy, you agree and understand we cannot accept liability for damages resulting from unauthorized access to any personal data we collect or store resulting from sharing or inadvertently exposing credentials or any failure to update passwords.

6. Data Retention

We retain personal information as long as actively required to fulfill your request, manage products/services utilized, comply with applicable document retention regulations for activities like tax reporting, or reasonably needed to handle consumer disputes around original transactions.

Certain data like orders, promotional enrollments or sweepstakes may be retained for longer periods required by law then expunged except where we aggregate or sufficiently de-identify it without reasonable ability to link back to you as determinable individual.

You may request deletion of your personal information anytime by contacting or through preference management tools if available, assuming no prevailing legal obligations still require associated retention at time of request receipt. Otherwise we will retain data only as long as reasonably necessary then delete safely irreversibly. After termination of formal retention timeframes, we may retain fully anonymized or aggregated statistical data indefinitely and reserve rights to any previously non-personal usage data including individual session logs, activity patterns, or service usage analytics.

7. Your Rights & Choices

Based on jurisdiction of your primary residence and limitations of applicable laws, you may have certain individual rights around your personal data including:

Access Requests: Confirming what personal data Sephora may hold about you and receiving copies per request.

Rectification Requests: Updating any inaccurate data like contact information details.

Erasure Requests: Request to delete certain data entirely to extent reasonably possible unless prevailing legal obligations still require associated retention at time of request receipt.

Portability Requests: Receiving copies of certain personal data held by Sephora in commonly used open formats should you desire to transfer it for use elsewhere.

Processing Restriction Requests: Temporarily pausing collection or use of your personal data other than storage until issues can be resolved based on contests over accuracy, legal violations or erasure requests.

Direct Marketing Opt-Outs: Revoking consent to receive direct marketing communications via channels like email or SMS text while still allowing strictly service-related operational messaging.

Right to Object: Opposing certain data handling practices likely to cause damage or distress unless we demonstrate a compelling legitimate grounds for processing that overrides negative impact.

Right to Non-Discrimination: Obtaining comparable levels of supporting services from Sephora without penalization if you choose to exercise certain privacy rights like opting-out of data sales that may help fund certain non-essential services.

Right to Complain: Lodging formal grievances with appropriate supervisory authorities if you feel Sephora violated applicable privacy regulations related to your data.

While Sephora maintains policies aligned with various privacy rights and principles, actual ability to honor certain requests may vary based on jurisdiction-specific regulations. Please submit specific requests to so we may evaluate them.

8. International Data Transfers

We operate data hosting, storage systems and corporate equipment primarily in the United States with supplemental systems globally as required for redundancy, load balancing or disaster recovery protections.

By using our Website, participating in our programs or services accessible online, your personal data may be collected initially in or transferred to the United States or other countries where different and potentially less stringent privacy laws may apply compared to your country of residence. Regardless where your data resides, it remains subject to restrictions stipulated in this Privacy Policy from unauthorized access, sharing or undue retention timeframes.

We utilize approved mechanisms like Standard Contractual Clauses to legitimize transfers only to countries deemed as providing adequate baseline safeguards for personal data required by applicable cross-border transfer regulations. Please contact us if you have questions on specific hosting locations or transfer mechanisms implemented to store or process your personal information.

9. Children’s Privacy

Our products, services and programs available online are not aimed at children. We do not intend or design them to attract children under age 18. We do not knowingly collect personal data from children or market to them online.

If you believe a child has submitted personal data without requisite parental consent, please contact us immediately so reasonable deletion efforts may be attempted unless prevailing legal obligations require data retention.

10. Links to Third-Party Websites

Our Website contains links enabling convenient access to websites operated by non-affiliated companies with whom we have no relationship. Linked sites have their own terms, privacy policies and security practices once you navigate away. We have no responsibility or liability for policies or actions of third parties operating linked websites. Please carefully review privacy terms on each site visited after following external links.

11. Policy Changes

We may update aspects of this Privacy Policy to reflect changes in data handling practices, address new regulatory requirements or align with modifications on our Services. We will indicate at top of this page the date this Privacy Policy was last updated. If revisions involve substantive changes or introduce material new uses for your data, we may provide more prominent notification or obtain your consent prior to applying changes to previously collected data.

Your continued use of our Services constitutes acceptance of updated Privacy Policy terms which become effective upon posting. Please revisit this page periodically to review updates.

12. How to Contact Sephora

Please direct any inquiries related to this Privacy Policy or general data handling practices to our Privacy Officer:

Email: or

Mail: Sephora Privacy Official
123 Main St.
Anytown, USA 12345