EFFECTIVE: July 14, 2017
- How We Collect Information
- Types of Information We Collect
- How We Use Your Information
- How We Share Your Information
- Your Rights And Choices
- User Content
- Links to Other Websites and Third Party Content
- International Data Transfers
- Data Retention
- California Privacy Rights
- Contacting Glossier
We may collect personal data from various sources, including:
- Directly from you;
- Through our websites and mobile apps;
- From social media or other public forums; and
- From third party vendors or business partners.
The types of personal data we may collect include:
- Contact information, such as your name, email address, mailing address, and phone number;
- Demographic information, such as your date of birth, gender, and zip code;
- Account information, such as your username and password;
- Billing information, such as credit card details, billing address, and proof of identification; and
- When you access the Services through Facebook credentials, the information Facebook makes available to us based on your Facebook privacy settings, such as your name, picture, and email address.
Cookies and other information collected by automated means
We, our service providers, and our business partners, may also collect certain information about the use of our websites and mobile apps by automated means, such as cookies, web beacons and other technologies. A “cookie” is a text file that websites send to a visitor‘s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, is used to transmit information back to a web server. We and our service providers and business partners may collect information about your online activities over time and across third-party websites.
The information that may be collected by automated means includes:
- URLs that refer visitors to our websites;
- Search terms used to reach our websites or locate our mobile apps;
- Details about the devices that are used to access our websites or mobile apps (such as IP address, browser information, device information, and operating system information);
- Details about your interaction with our websites and mobile apps (such as the date, time, length of stay, and specific pages accessed during your visits to our websites and mobile apps, and which emails you may have opened);
- Usage information (such as the number and frequency of visitors to our websites); and
- Geo-location data (which determines your current locations) from some of our Services, such as mobile apps.
We may associate the information we collect by automated means with your Glossier account if you have one, the device you use to connect to the Services, or email or social media accounts that you use to engage with Glossier or our partners.
Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time.
We may use the information we collect to:
- Establish and maintain any account you create on our websites or mobile apps;
- Fulfill, manage, and send you information about your orders;
- Communicate with you about our Services, including the products we offer and our websites and mobile apps;
- Respond to your requests, inquiries, comments, and suggestions;
- Facilitate your engagement with the Services, including to enable you to post comments and reviews;
- Offer promotions, sweepstakes, or other contests;
- Administer surveys and other market research;
- Conduct research on our customer demographics, interests and behavior
- Operate, evaluate and improve our business, our websites and mobile apps, and other products and services we offer (including to develop new products and services);
- Tailor the content we display to you in our communications, and in connection with your use of our websites or mobile apps;
- Analyze and enhance our communications and strategies (including by identifying when emails sent to you have been received and read);
- Comply with legal requirements, judicial process, and our company policies (including to verify users’ identity in connection with access or correction requests); and
- Protect against, identify, investigate, and respond to fraud, illegal activity (such as incidents of hacking or misuse of our websites and mobile apps), and claims and other liabilities, including by enforcing the terms and conditions that govern the use of our websites and mobile apps.
We may share your information with:
- Glossier’s subsidiaries and affiliates; and
- Service providers that perform services on our behalf, or partners with whom we may collaborate, including:
- Customer service and support providers;
- Shipping and fulfillment service providers;
- Payment processing providers;
- Partners with whom we jointly develop products or services;
- Survey and market research providers;
- Advertising partners;
- Analytics organizations; and
- Technology providers (including technology support, email and web hosting providers, email and text communications providers, and mobile app developers).
We may also disclose your personal data to comply with a legal or regulatory obligation, protect and defend Glossier’s rights or property, protect the safety of our customers and website and mobile app users or the public, or to protect against legal liability.
Your Rights And Choices
You have certain rights and choices regarding our processing of your personal data. Please note that if your exercise of these rights and choices limits our ability to process personal data, we may not be able to provide you with the Services. We reserve the right to verify your identity in connection with any requests regarding personal data to help ensure that we provide the information we maintain to the individuals to whom it pertains, and allow only those individuals or their authorized representatives to exercise rights with respect to that information. General objections to the processing of personal data
To the extent provided by applicable law, you may withdraw any consent previously provided to us, or object at any time on legitimate grounds, to the processing of your personal information. We will apply these preferences going forward. In some circumstances, withdrawing consent to our use or disclosure of your personal data will mean that Glossier may no longer be able to provide you with the Services.
_Access to personal data _ You may request access to the personal data we maintain about you. If we grant your request, we will provide you with a copy of the personal data we maintain about you in the ordinary course of business, in a commonly used format. You may request to correct any errors in your personal data. We may reject your request to access or correct personal data, as permitted by applicable law. If we reject your request, we will notify you of the reason(s) for the rejection.
In order to access your personal data, we will require you to provide proof of your identity. This information will only be used for that purpose.
Portability of personal data Under certain conditions, you may request that we transfer your personal data to another data controller. We may reject your request, as permitted by applicable law. If we reject your request, we will notify you of the reason(s) for the rejection.
Deletion of personal data You may request that we delete your personal data. We may reject your request, as permitted by applicable law. For example, Glossier may be required by legal, tax or other reasons to retain your personal information in its business records. If we reject your request, we will notify you of the reason(s) for the rejection.
Marketing You may unsubscribe from receiving marketing or other commercial emails from Glossier by following the instructions included in the email. However, even if you opt out of receiving such communications, we retain the right to send you non-marketing communications (such as order confirmation emails or changes in our website or mobile app terms).
Some of our business partners that collect information about your activities on our websites and in our mobile apps may be members of organizations or programs that provide you with choices regarding the use of your browsing behavior for purposes of targeted advertising. For example, you may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. European users may opt out of receiving targeted advertising on websites through members of the European Interactive Digital Advertising Alliance by clicking here, selecting your country, and then clicking “Choices” (or similarly-titled link). Mobile app users may opt out of receiving targeted advertising in mobile apps through members of the Digital Advertising Alliance by installing the AppChoices mobile app, available here, and selecting your choices. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.
Geo-location data You may stop sharing your location data by adjusting your mobile device’s location services settings. For instruction on changing the relevant settings, please contact your service provider or device manufacturer.
Some features of the Services allow you to provide content to the Services, such as product reviews. The Services are designed to help you share such content with others. As a result, some of the content that you provide may be shared publicly or with third parties.
Our websites and mobile apps do not knowingly collect personal data from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided personal data to us through our websites or mobile apps, please contact us, and we will endeavor to delete that information from our databases.
Links to Other Websites and Third Party Content
We may provide links to other websites, services, and applications, such as Facebook, that are not operated or controlled by Glossier (the "Third Party Services"). The policies and procedures we described here do not apply to the Third Party services. While we attempt to facilitate access only to those Third Party Services that share our respect for your privacy, we cannot take responsibility for the content, privacy policies, or practices of those Third Party Services. We encourage you to review and understand the privacy practices of any Third Party Services before providing any information to or through them.
International Data Transfers
We may transfer personal data from the European Economic Area (“EEA”) to countries that the European Commission has deemed to adequately safeguard personal information, in which case no additional safeguards are required in order to transfer this information. If we transfer your personal data to other countries, we will either transfer it subject to the recipient’s compliance with standard contractual clauses, EU-US Privacy Shield, or Binding Corporate Rules, or with your consent to the transfer, unless we are permitted by law to transfer personal data without such formalities. You may contact us for a copy of the specific safeguards applied to the export of your personal data.
Glossier maintains reasonable administrative, technical and physical safeguards designed to protect the personal data we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, we cannot guarantee that the measures we maintain will ensure the security of the personal data.
Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which the data was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired. When we no longer need the personal information we collect, we either irreversibly anonymize the information (in which case, we may further retain and use the anonymized information) or securely destroy the information.
California Privacy Rights
Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer data which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: Glossier, Inc., 123 Lafayette Street, Floor 3, New York, NY 10013, Attn: Legal.
123 Lafayette Street, Floor 3
New York, NY 10013
If you are a EEA or Canadian resident, you also have the right to file a complaint with the supervisory authority of your member state or province.