Last Updated: January 1, 2020
- Information We Collect
- Advertising and Analytics Services Provided by Others
- How We Use Your Information
- Who May Have Access to Your Information
- Your Rights And Choices
- Data Transfers and Privacy Shield
- European Residents
- California Privacy Rights
- Links to Other Websites and Third Party Content
- Data Retention
- Contacting Glossier
Information we collect directly from you
We collect the information you provide directly to us, such as when you open an account, place an order, ask to receive emails, contact customer service, or interact with us on social media. The types of personal data we may collect directly from you include:
- Contact information, such as your name, email address, mailing address, and phone number;
- Account information, such as your username and password;
- Billing information, such as credit card details and billing address;
- Optional information you may choose to provide, such as your social handles, makeup and color preferences, age range, gender; and
- Any other information you choose to provide, such as product reviews, responses to surveys or quizzes or to receive customer support.
Information about your use of our Services
We collect information about your use of the Services, such as the products you buy or express interest in.
Information we collect from other sources
We may collect information about you from other sources, including:
- Other users, such as through our refer-a-friend program or e-gift card offerings. If you choose to participate in our refer-a-friend program or purchase an e-gift card for someone else, we will collect information about your friend (such as a name and email address) in order to invite your friend to shop with us or send them their e-gift card.
- Third-party social media services. When you access the Services through a social network, we collect information about you from the social network in accordance with your settings on the social network. If you interact with us on social media, we will collect information about those interactions. The information we may collect includes your name and email address.
- Other unaffiliated third parties, including advertising networks, media monitoring companies, and publicly available sources.
Information we collect by automated means
- URLs that refer visitors to our websites;
- Search terms used to reach our websites;
- Details about the emails we send, such as opens, clicks, and unsubscribes;
- Details about the devices that are used to access our websites (such as IP address, browser information, device information, and operating system information);
- Details about your interaction with our websites (such as the date, time, length of stay, and specific pages accessed during your visits to our websites, referral activity, and which emails you may have opened);
- Information about activity in our stores, such as through closed circuit TVs for security monitoring or geofencing to identify traffic in our stores; and
- Usage information (such as the number and frequency of visitors to our websites).
We may associate this information with your Glossier account if you have one, the device you use to connect to our Services, or email or social media accounts that you use to engage with Glossier.
Advertising and Analytics Services Provided by Others
We may also work with third parties to serve ads to you as part of a customized campaign on third-party platforms (such as Facebook or Google). As part of these ad campaigns, we or third-party platforms may convert information about you, such as your email address, into a unique value that can be matched with a user account on these platforms to allow us to learn about your interests and to serve you advertising that is customized to your interests. Note that the third-party platforms may offer you choices about whether you see these types of customized ads.
How We Use Your Information
We may use the information we collect to deliver the products and Services you request, to maintain and customize your account and our interactions with you (such as on our digital properties), and to provide, maintain, and improve our Services. We also use the information we collect to:
- Create and manage your online accounts and profiles;
- Communicate with you about our Services, including to tell you about products and services that may be of interest to you;
- Complete the transactions you request, perform our contractual obligations, and use as otherwise anticipated within the context of our ongoing business relationship;
- Respond to your requests, inquiries, comments, and suggestions;
- Facilitate your engagement with the Services, including to enable you to post comments and reviews, to engage with other customers, and to post on social media;
- Offer contests, sweepstakes, loyalty programs or other promotions;
- Personalize your online experience and the advertisements you see when you use the Services or third-party platforms based on your preferences, interests, purchasing history and browsing behavior;
- Monitor, audit and analyze trends, usage, and activities in connection with our Services;
- Carry out short-term activities and other internal uses related to the products or services you purchase from us or your ongoing relationship with us;
- Conduct internal research and development;
- Detect, investigate, and respond to security incidents and protect against illegal or objectionable activities, including the unauthorized use of the Services, and protect the rights and property of Glossier and others;
- Debug, identify and repair errors that impair existing intended functionality of our Services;
- Comply with our legal obligations, including those required for you to benefit from rights recognized by law, or any regulatory requirements or provisions; and
- Conduct or administer surveys and other market research.
Who May Have Access to Your Information
Within Glossier: We may disclose certain of your personal information to Glossier affiliates and personnel who need to know the information for the purposes described above, including personnel in the customer service and information technology departments.
Third-Party Service Providers: We may use third party service providers acting on Glossier’s behalf to perform some of the services described above. For example, we share certain information with service providers who assist with the processing of credit cards and payments, hosting, managing and services our data, distributing emails, conducting research and analytics, advertising, analytics, or administering certain services and features. We also may share information about you with our professional advisors, including accountants, auditors, lawyers, insurers and bankers, if needed. These service providers may change over time, but we will always use trusted service providers who we require to take appropriate security measures to protect your personal information in line with our policies. We only permit them to process your personal information for specified purposes and, as appropriate, in accordance with our instructions and the provisions of this Policy and applicable law.
Other Third Parties: In certain limited circumstances, we share and/or are obligated to share your personal information with other third parties, including (a) to comply with our obligations, to protect the rights and property of Glossier, our customers and the public, to cooperate with law enforcement investigations, and to detect and respond to suspected illegal activity and threats to the health or safety or any person or of our systems or services; (b) in connection with, or during negotiations of, any merger, joint venture, sale of company assets, financing, or acquisition of all or a portion of our business, assets or stock by another company (including in connection with any bankruptcy or similar proceedings); and/or (c) with your consent and at your direction.
When you provide a product review or post other user content, that content may be publicly posted. Other users may be able to see your name or other information about you that you post. In certain instances, we may also share aggregated or de-identified information that cannot reasonably be used by those third parties to identify you.
Managing or deactivating your Glossier account
You may review, update, or modify your account information, including profile, contact, payment and shipping information, at any time by logging into your Glossier account. You may also deactivate your Glossier account by emailing gTeam@glossier.com.
Opting out of email marketing
You may unsubscribe from our promotional emails at any time by following the instructions included in those emails. If you opt out of receiving such communications, note that we may continue to send you non-promotional emails (such as order confirmation emails or emails about changes to our legal terms).
Most web browsers are set to accept cookies by default. You can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our websites.
Web Push Notifications/Alerts
With your consent, we may send promotional and non-promotional push notifications or alerts to your browser. You can deactivate these messages at any time by changing the notification settings on your browser.
Our Services are not designed for children. If you have reason to believe that a child has provided personal data to us, please contact us.
Glossier is headquartered in the United States, and we have operations and entities in the United States and other countries. As such, we may transfer your personal data to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it.
When we transfer personal data from the European Union, the United Kingdom or Switzerland to the United States, we comply with the EU-U.S. Privacy Shield Framework and the Swiss - U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and Switzerland to the United States, respectively (collectively, the “Privacy Shield Principles”). Glossier has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
In compliance with the Privacy Shield Principles, we are committed to resolving complaints about our processing of your personal data. EU, UK and Swiss individuals with inquiries or complaints regarding our compliance with the Privacy Shield program should first contact us. We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Under certain conditions, you may be able to invoke binding arbitration to resolve your complaint. Glossier is subject to the investigatory and enforcement powers of the Federal Trade Commission.
If we share personal data transferred to the U.S. under the Privacy Shield with a third-party service provider that processes such data on our behalf, then we will be liable for that third party’s processing in violation of the Privacy Shield Principles, unless we can prove that we are not responsible for the event giving rise to the damage.
Legal Basis for Processing
If you are a European Resident, we process your personal data when:
- We need to use your personal data to perform our responsibilities under our contract with you (e.g., processing payments for and providing the Glossier products you have ordered).
- We have a legitimate interest in processing your personal data. For example, we may process your personal data for performance marketing activities, to conduct data analytics and to provide, secure, and improve our Services.
- We need to do so to comply with a legal obligation to which we are subject.
- We need to do so to protect your vital interests or those of others.
- We have your consent to do so, which you may withdraw at any time.
Data Subject Requests
If you are a European Resident, you have the right to access personal data we hold about you and to ask that your personal data be corrected, updated, or erased. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may contact us as indicated below. If you have a Glossier account, you may also review, update, and delete certain personal data by logging into your account.
Questions or Complaints
If you are a European Resident and have a concern about how we process personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you live. For contact details of your relevant local Data Protection Authority, please see http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm or, if you are a resident of Switzerland, https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/.
California law permits residents of California to request notice of how their information is shared with third parties for direct marketing purposes or to opt out of such sharing. If you are a California resident and would like a copy of this notice or to opt out, please email us at firstname.lastname@example.org.
Additionally, if you are a California resident, the California Consumer Privacy Act (“CCPA”) requires us to disclose the following information with respect to our collection, use, and disclosure of personal data.
- Categories of Personal Data Collected: In the preceding 12 months, we have collected the following categories of personal data: identifiers; commercial information; demographic information (note that some demographic information may be considered characteristics of protected classifications under state or federal law); internet or electronic network activity; geolocation data; audio, electronic, visual, thermal, olfactory, or similar information; inferences; and other categories of personal data that relates to or is reasonably capable of being associated with you. For examples of the precise data points we collect, please see “Information We Collect” above.
- Business or Commercial Purpose for Collecting and Using Data: We collect each category of personal data listed above for the business or commercial purposes described in the “How We Use Your Information” section above.
- Categories of Sources of Personal Data: We collect each category of personal data listed above from you and the third-party sources described in the “Information we collect from other sources” section above.
- Categories of Personal Data Disclosed: In the preceding 12 months, we have disclosed the following categories of personal data for business or commercial purposes: identifiers; commercial information; demographic information (note that some demographic information may be considered characteristics of protected classifications under state or federal law); internet and electronic network activity; geolocation data; audio, electronic, visual, thermal, olfactory or similar information; inferences; and other categories of personal data that relates to or is reasonably capable of being associated with you.
- Categories of Third Parties With Whom We Share Personal Data: We may share each category of personal data listed above with the third parties as described in the “How We Share Your Information” section above.
Your Consumer Rights
California consumers have the right to request access to their personal data, additional details about our information practices and deletion of their personal data (subject to certain exceptions). California consumers also have the right to opt out of sales of personal data, if applicable. We describe how California consumers can exercise their rights under the CCPA below. Please note that you may designate an authorized agent to exercise these rights on your behalf by providing a notarized power of attorney evidencing that you have empowered the authorized agent to exercise your CCPA rights on your behalf. We will not discriminate against you if you choose to exercise your rights under the CCPA.
Right to Know: You may request access to the specific pieces of personal information we have collected about you in the last 12 months. You may also request additional details about our information practices, including the categories of personal information we have collected, the sources of collection, the purpose for collecting information, the categories of information we share, and the categories of third parties with whom we share information. You may make an access request by calling 1-855-929-2179 or visiting this page. We will verify your request by contacting you after receiving your request to verify your identity.
Deletion: You may request that we delete the personal data we have collected about you (subject to certain exceptions). Please note that we may retain certain information as required or permitted by applicable law. You may make these requests by emailing email@example.com or visiting this page. We will verify your request by contacting you after receiving your request to verify your identity. If you request to delete your personal data, certain of our products and services may no longer be available to you.
No Sale of Personal Data
Glossier does not and will not sell personal data as the term “sell” is defined by the CCPA.
Links to Other Websites and Third-Party Content
The Services may offer social sharing features and other integrated tools (such as the Facebook "Like" or "Share" button or the Twitter “Tweet” button) which let you share actions you take on our Services with other media. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features.
Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which the data was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired. When we no longer need to use your personal data, it is removed from our systems and records or anonymized so that you can no longer be identified from it.
Glossier, Inc. 233 Spring Street, Floor 10 New York, NY 10013 Privacy@glossier.com
Customers in the EU may contact: Phase EU Limited 5 New Street Square London, United Kingdom, EC4A 3TW Privacy@glossier.com