1. Information We Collect
We collect information from you when you access our Services or otherwise interact with or provide information to us. This includes when you: register for an account; place orders; participate in surveys, contests or promotions; communicate with us; or otherwise use our Services.
The types of personal information we collect may include:
- Contact data: Name, address, email, phone number
- Account profile: Username, password, preferences
- Shopping data: Items purchased, prices paid, size/color choices, shopping cart contents, order numbers
- Payment information: Debit/credit card details, billing address
- Survey data: Information from any surveys you participate in
- Sweepstakes data: Information you provide for any sweepstakes entries
- Correspondence: Notes of issues/feedback provided to our service reps
- Social media data: If you access our Services via social media sites
- Device/connectivity data: IP addresses, device IDs, device type, browser type and mobile carrier
As permitted by law or with your consent, we may also collect additional details like your birthday, skin tone, hair type and texture, product or ingredient preferences to support personalized services you elect to receive.
2. How We Use Your Information
We may use your personal information for the following purposes:
To provide our services including processing orders; shipping and tracking status notifications; loyalty program management; personalized recommendations; and customer support.
To improve our services by analyzing your interactions with our Services; gathering feedback; personalization to better match your interests and preferences; and improving our product ranges and online experience.
Security and fraud prevention by detecting threats; restricting suspected fraudulent transactions; assisting investigations; enforcing use rules; and to comply with legal obligations.
To market and promote our products & services via electronic communications; customizing content and promotions; determining effectiveness of campaigns; operating loyalty programs; managing sweepstakes or contests; improving outreach efficiency; and analytics to understand usage trends.
3. Legal Bases for Processing
We process your personal information only when legally permitted including when:
- You consent to provide it for a specific purpose like product personalization or sweepstakes entry. Consent is revocable anytime by updating your preference settings.
- It is necessary to fulfill orders, process payments or provide other specifically requested services.
- It benefits legitimate business interests like securing our services, marketing or communicating product updates that do not outweigh your privacy rights. You may choose to restrict types of processing that are not strictly necessary by adjusting settings or opting out of certain programs.
- It is required to meet legal or regulatory obligations for data handling activities like tax reporting, retention requirements or duty-to-warn notifications.
4. Information Sharing
We restrict access to your personal information only to personnel with need to manage services you utilize, except when required to comply with legal process or appropriately responding to threats in keeping with applicable laws.
Beyond our corporate family, we will not share, trade, rent or sell data to other third parties without your consent except to comply with warrants, subpoenas or other legal process requirements to provide requested information when reasonably necessary for security purposes or financial reporting; or during emergencies presenting danger of death or injury when information could assist others respond.
5. Data Security
We follow generally accepted security standards like encryption, firewalls, intrusion detection protocols and secure communication practices for technical safeguards designed to protect data stored with us. We restrict access through validated credentials, limited employee access profiles and monitor systems to identify unauthorized attempts.
However, no data handling or storage system is completely secure or hack-proof. We cannot guarantee security of systems at all times or fully eliminate risks of data theft or inadvertent exposures through technological failures.
6. Data Retention
We retain personal information as long as actively required to fulfill your request, manage products/services utilized, comply with applicable document retention regulations for activities like tax reporting, or reasonably needed to handle consumer disputes around original transactions.
Certain data like orders, promotional enrollments or sweepstakes may be retained for longer periods required by law then expunged except where we aggregate or sufficiently de-identify it without reasonable ability to link back to you as determinable individual.
You may request deletion of your personal information anytime by contacting email@example.com or through preference management tools if available, assuming no prevailing legal obligations still require associated retention at time of request receipt. Otherwise we will retain data only as long as reasonably necessary then delete safely irreversibly. After termination of formal retention timeframes, we may retain fully anonymized or aggregated statistical data indefinitely and reserve rights to any previously non-personal usage data including individual session logs, activity patterns, or service usage analytics.
7. Your Rights & Choices
Based on jurisdiction of your primary residence and limitations of applicable laws, you may have certain individual rights around your personal data including:
Access Requests: Confirming what personal data Sephora may hold about you and receiving copies per request.
Rectification Requests: Updating any inaccurate data like contact information details.
Erasure Requests: Request to delete certain data entirely to extent reasonably possible unless prevailing legal obligations still require associated retention at time of request receipt.
Portability Requests: Receiving copies of certain personal data held by Sephora in commonly used open formats should you desire to transfer it for use elsewhere.
Processing Restriction Requests: Temporarily pausing collection or use of your personal data other than storage until issues can be resolved based on contests over accuracy, legal violations or erasure requests.
Direct Marketing Opt-Outs: Revoking consent to receive direct marketing communications via channels like email or SMS text while still allowing strictly service-related operational messaging.
Right to Object: Opposing certain data handling practices likely to cause damage or distress unless we demonstrate a compelling legitimate grounds for processing that overrides negative impact.
Right to Non-Discrimination: Obtaining comparable levels of supporting services from Sephora without penalization if you choose to exercise certain privacy rights like opting-out of data sales that may help fund certain non-essential services.
Right to Complain: Lodging formal grievances with appropriate supervisory authorities if you feel Sephora violated applicable privacy regulations related to your data.
While Sephora maintains policies aligned with various privacy rights and principles, actual ability to honor certain requests may vary based on jurisdiction-specific regulations. Please submit specific requests to firstname.lastname@example.org so we may evaluate them.
8. International Data Transfers
We operate data hosting, storage systems and corporate equipment primarily in the United States with supplemental systems globally as required for redundancy, load balancing or disaster recovery protections.
We utilize approved mechanisms like Standard Contractual Clauses to legitimize transfers only to countries deemed as providing adequate baseline safeguards for personal data required by applicable cross-border transfer regulations. Please contact us if you have questions on specific hosting locations or transfer mechanisms implemented to store or process your personal information.
9. Children’s Privacy
Our products, services and programs available online are not aimed at children. We do not intend or design them to attract children under age 18. We do not knowingly collect personal data from children or market to them online.
If you believe a child has submitted personal data without requisite parental consent, please contact us immediately so reasonable deletion efforts may be attempted unless prevailing legal obligations require data retention.
10. Links to Third-Party Websites
Our Website contains links enabling convenient access to websites operated by non-affiliated companies with whom we have no relationship. Linked sites have their own terms, privacy policies and security practices once you navigate away. We have no responsibility or liability for policies or actions of third parties operating linked websites. Please carefully review privacy terms on each site visited after following external links.
11. Policy Changes
12. How to Contact Sephora
Email: email@example.com or
Mail: Sephora Privacy Official
123 Main St.
Anytown, USA 12345