LAST UPDATED: February 4, 2021
If you are a California resident, please see the section below titled “California Privacy Rights.”
- Information We Collect
- Advertising and Analytics Services Provided by Others
- How We Use Your Information
- Who May Have Access to Your Information
- Your Rights And Choices
- Data Transfers and Privacy Shield
- European Residents
- California Privacy Rights
- Links to Other Websites and Third Party Content
- Data Retention
- Contacting Glossier
Information we collect directly from you
We collect the information you provide directly to us, such as when you open an account, place an order, ask to receive emails, contact customer service, or interact with us on social media. The types of personal data we may collect directly from you include:
- Contact information, such as your name, email address, mailing address, and phone number;
- Account information, such as your username and password;
- Billing information, such as credit card details and billing address;
- Optional information you may choose to provide, such as your social handles, makeup and color preferences, age range, gender; and
- Any other information you choose to provide, such as product reviews, responses to surveys or quizzes or to receive customer support.
Information about your use of our services
We collect information about your use of the Services, such as the products you buy or express interest in.
Information we collect from other sources
We may collect information about you from other sources, including:
- Other users, such as through our refer-a-friend program or e-gift card offerings. If you choose to participate in our refer-a-friend program or purchase an e-gift card for someone else, we will collect information about your friend (such as a name and email address) in order to invite your friend to shop with us or send them their e-gift card.
- Third-party social media services. When you access the Services through a social network, we collect information about you from the social network in accordance with your settings on the social network. If you interact with us on social media, we will collect information about those interactions. The information we may collect includes your name and email address.
- Other unaffiliated third parties, such as advertising networks, media monitoring companies, and publicly available sources.
Information we derive
We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your location based on your IP address or infer that you are looking to purchase certain products based on your browsing behavior and past purchases.
Information we collect by automated means
- URLs that refer visitors to our websites;
- Search terms used to reach our websites;
- Details about the emails we send, such as opens, clicks, and unsubscribes;
- Details about the devices that are used to access our websites (such as IP address, browser information, device information, and operating system information);
- Details about your interaction with our websites (such as the date, time, length of stay, and specific pages accessed during your visits to our websites, referral activity, and which emails you may have opened);
- Information about activity in our stores, such as through closed circuit TVs for security monitoring or geofencing to identify traffic in our stores; and
- Usage information (such as the number and frequency of visitors to our websites).
We may associate this information with your Glossier account if you have one, the device you use to connect to our Services, or email or social media accounts that you use to engage with Glossier.
Advertising and Analytics Services Provided by Others
We may also work with third parties to serve ads to you as part of a customized campaign on third-party platforms (such as Facebook or Google). As part of these ad campaigns, we or third-party platforms may convert information about you, such as your email address, into a unique value that can be matched with a user account on these platforms to allow us to learn about your interests and to serve you advertising that is customized to your interests. Note that the third-party platforms may offer you choices about whether you see these types of customized ads.
How We Use Your Information
We may use the information we collect to deliver the products and Services you request, to maintain and customize your account and our interactions with you (such as on our digital properties), and to provide, maintain, and improve our Services. We also use the information we collect to:
- Create and manage your online accounts and profiles;
- Communicate with you about our Services, including to tell you about products and services that may be of interest to you;
- Complete the transactions you request, perform our contractual obligations, and use as otherwise anticipated within the context of our ongoing business relationship;
- Respond to your requests, inquiries, comments, and suggestions;
- Facilitate your engagement with the Services, including to enable you to post comments and reviews, to engage with other customers, and to post on social media;
- Offer contests, sweepstakes, loyalty programs or other promotions;
- Personalize your online experience and the advertisements you see when you use the Services or third-party platforms based on your preferences, interests, purchasing history and browsing behavior;
- Monitor, audit and analyze trends, usage, and activities in connection with our Services;
- Carry out short-term activities and other internal uses related to the products or services you purchase from us or your ongoing relationship with us;
- Conduct internal research and development;
- Detect, investigate, and respond to security incidents and protect against illegal or objectionable activities, including the unauthorized use of the Services, and protect the rights and property of Glossier and others;
- Debug, identify and repair errors that impair existing intended functionality of our Services;
- Comply with our legal obligations, including those required for you to benefit from rights recognized by law, or any regulatory requirements or provisions; and
- Conduct or administer surveys and other market research.
Who May Have Access to Your Information
Within Glossier: We may disclose certain of your personal data to Glossier affiliates and personnel who need to know the information for the purposes described above, including personnel in the customer service and information technology departments.
Vendors, Consultants Service Providers: We may use vendors, consultants, and service providers acting on Glossier’s behalf to perform some of the services described above. For example, we share certain information with service providers who assist with the processing of credit cards and payments, hosting, managing and servicing our data, distributing emails, conducting research and analysis, advertising, analytics, or administering certain services and features. We also may share information about you with our professional advisors, including accountants, auditors, lawyers, insurers and bankers, if needed. These vendors, consultants and service providers may change over time, but we will always use trusted service providers who we require to take appropriate security measures to protect your personal data in line with our policies. We only permit them to process your personal data for specified purposes and, as appropriate, in accordance with our instructions and the provisions of this Policy and applicable law.
Other Third Parties: In certain limited circumstances, we share and/or are obligated to share your personal data with other third parties, including (a) to comply with our obligations, to protect the rights and property of Glossier, our customers and the public, to cooperate with law enforcement investigations, and to detect and respond to suspected illegal activity and threats to the health or safety or any person or of our systems or services; (b) in connection with, or during negotiations of, any merger, joint venture, sale of company assets, financing, or acquisition of all or a portion of our business, assets or stock by another company (including in connection with any bankruptcy or similar proceedings); and/or (c) with your consent and at your direction.
Advertising Companies. We work with third party advertising companies (such as advertising networks) to serve advertisements on our behalf. For additional information, see the "Advertising and Analytics Services Provided by Others" section.
When you provide a product review or post other user content, that content may be publicly posted. Other users may be able to see your name or other information about you that you post. In certain instances, we may also share aggregated or de-identified information that cannot reasonably be used by those third parties to identify you.
Managing or deactivating your Glossier account
You may review, update, or modify your account information, including profile, contact, payment and shipping information, at any time by logging into your Glossier account. You may also deactivate your Glossier account by emailing gTeam@glossier.com.
Opting out of email marketing
You may unsubscribe from our promotional emails at any time by following the instructions included in those emails. If you opt out of receiving such communications, note that we may continue to send you non-promotional emails (such as order confirmation emails or emails about changes to our legal terms).
To opt out of having your web browsing activity used for targeted advertising on www.glossier.com, click here and for www.intothegloss.com, click here. Please note that even if you set your cookie preferences to block targeted advertising cookies, you may still see ads from us, though the ads will no longer be targeted based on your web browsing behavior. Note also that your cookie preferences apply only to the browser where you set such preferences, so if you use multiple browsers or devices, you will have to set your cookie preferences on each browser, on each device. If you delete your browser’s saved cookies, you will need to reset your cookie preferences for that browser on that device.
Web Push Notifications/Alerts
With your consent, we may send promotional and non-promotional push notifications or alerts to your browser. You can deactivate these messages at any time by changing the notification settings on your browser.
Our Services are not designed for children. If you have reason to believe that a child has provided personal data to us, please contact us.
Glossier is headquartered in the United States, and we have operations and entities in the United States and other countries. As such, we may transfer your personal data to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it.
When we transfer personal data from the European Union, the United Kingdom or Switzerland to the United States, we do so in reliance on an approved data transfer mechanism, such as the Standard Contractual Clauses adopted by the European Commission. We also comply with the EU-U.S. Privacy Shield Framework and the Swiss - U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and Switzerland to the United States, respectively (collectively, the “Privacy Shield Principles”). Glossier has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
In compliance with the Privacy Shield Principles, we are committed to resolving complaints about our processing of your personal data. EU, UK and Swiss individuals with inquiries or complaints regarding our compliance with the Privacy Shield program should first contact us. We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Under certain conditions, you may be able to invoke binding arbitration to resolve your complaint. Glossier is subject to the investigatory and enforcement powers of the Federal Trade Commission.
If we share personal data transferred to the U.S. under the Privacy Shield with a third-party service provider that processes such data on our behalf, then we will be liable for that third party’s processing in violation of the Privacy Shield Principles, unless we can prove that we are not responsible for the event giving rise to the damage.
Legal Basis for Processing
If you are a European Resident, we process your personal data when:
- We need to use your personal data to perform our responsibilities under our contract with you (e.g., processing payments for and providing the Glossier products you have ordered).
- We have a legitimate interest in processing your personal data. For example, we may process your personal data for performance marketing activities, to conduct data analytics and to provide, secure, and improve our Services.
- We need to do so to comply with a legal obligation to which we are subject.
- We need to do so to protect your vital interests or those of others.
- We have your consent to do so, which you may withdraw at any time.
Data Subject Requests
If you are a European Resident, you have the right to access personal data we hold about you and to ask that your personal data be corrected, updated, or erased. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may submit a request here. If you have a Glossier account, you may also review, update, and delete certain personal data by logging into your account.
Questions or Complaints
If you are a European Resident and have a concern about how we process personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you live. For contact details of your relevant local Data Protection Authority, please see http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm or, if you are a resident of Switzerland, https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/.
The California Consumer Privacy Act or “CCPA” (Cal. Civ. Code § 1798.100 et seq.) and the Shine the Light law (Cal. Civ. Code § 1798.83) afford consumers residing in California certain rights with respect to their personal data. If you are a California resident, this section applies to you.
California Consumer Privacy Act
The CCPA requires us to disclose the following information with respect to our collection, use, and disclosure of personal data. In the preceding 12 months, we have collected the following categories of personal data: identifiers; commercial information; demographic information (note that some demographic information may be considered characteristics of protected classifications under state or federal law); internet or electronic network activity; geolocation data; audio, electronic, visual, thermal, olfactory, or similar information; inferences; and other categories of personal data that relates to or is reasonably capable of being associated with you. For examples of the precise data points we collect, please see Information We Collect above. We collect personal data for the business or commercial purposes described in the How We Use Your Information section above.
Disclosure of Personal Data: In the preceding 12 months, we have disclosed the following categories of personal data for business to the following categories of recipients:In the preceding 12 months, we have disclosed the following categories of personal data for business to the following categories of recipients:
|Category of Personal Data||Categories of Recipients|
|Identifiers||Advertising networks, marketing partners, data analytics providers, market research platform, payment processors, fulfilment partners, customer support partners, Internet service providers, operating systems and platforms, other users, fraud prevention partners, cloud service providers, technical maintenance and system security providers|
|Commercial Information||Data analytics providers, advertising networks, marketing partners, market research platform, payment processors, fulfilment partners, customer support partners, and fraud prevention partners, cloud service provider|
|Characteristics of Protected Classifications under state or federal law, such as age||Advertising networks, marketing partners, market research platform, other users, customer feedback platforms|
|Internet or other electronic network activity||Advertising networks, marketing partners, data analytics providers, Internet service providers, operating systems and platforms, cloud service providers, fraud prevention partners, technical maintenance and system security providers|
|Geolocation data||Advertising networks, marketing partners, data analytics providers, Internet service providers, operating systems and platforms|
|Audio, electronic, visual, or similar information||Customer support partners, market research platform, facility security partners|
|Inferences||Advertising networks, data analytics providers, customer support partners, fraud prevention partners, cloud service providers|
Sale of Personal Data: California law requires that we provide transparency about personal data we "sell," which for the purposes of the CCPA broadly means scenarios in which we have shared personal data with third parties in exchange for valuable consideration. Glossier does not sell your personal data to other companies for money; however, we do allow our advertising partners to collect certain information to show you ads that are targeted to your interests, which may be considered a “sale” in California. In the preceding 12 months, we have allowed our advertising partners to collect identifiers, commercial information, and Internet or other electronic network activity information for targeted advertising purposes. You have the right to opt out of having your information used for targeted advertising at any time on www.glossier.com by clicking here and on www.intothegloss.com by clicking here or by clicking the “Do Not Sell My Personal Information” link located in the footer of each respective page. We do not knowingly sell personal information about consumers under the age of 16.
Your Rights: In addition to the right to opt out of sales explained above, subject to certain limitations, California consumers have the right to (1) request to know more about the specific pieces and categories of personal data we collect, use, sell and disclose, (2) request deletion of their personal data, and (3) not be discriminated against for exercising their rights. You may make a request to know more about or delete your personal data by submitting this online form or emailing firstname.lastname@example.org. Additionally, access requests under the CCPA can be made by calling 1-855-929-2179. We will verify your request by contacting you after receiving your request to verify your identity. Please note that we may retain certain information as required or permitted by applicable law. If you request to delete your personal data, certain of our products and services may no longer be available to you.
If we receive your request from an authorized agent, we may ask for evidence that you have provided such agent with a power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf.
Notice of Financial Incentives: We offer various financial incentives. For example, we may provide discounts or other benefits to customers who sign up to receive our marketing emails. When you participate in a financial incentive, we collect personal data from you, such as identifiers like your name and email address. You can opt into a financial incentive by following the sign-up instructions, and you have the ability to opt-out of the incentive by contacting us. In some cases, we may provide additional terms and conditions for a financial incentive, which we will provide to you when you sign up. The value of your personal data is reasonably related to the value of the offer or discount presented to you.
Shine the Light: California law permits residents of California to request certain details about how their information is shared with third parties for direct marketing purposes or to opt out of such sharing. We do not share your personal data with third parties for their own direct marketing purposes.
Links to Other Websites and Third-Party Content
The Services may offer social sharing features and other integrated tools (such as the Facebook "Like" or "Share" button or the Twitter “Tweet” button) which let you share actions you take on our Services with other media. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features.
Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which the data was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired. When we no longer need to use your personal data, it is removed from our systems and records or anonymized so that you can no longer be identified from it.
Glossier, Inc. 233 Spring Street, Floor 10 New York, NY 10013 Privacy@glossier.com
Customers in the EU may contact: Phase EU Limited 5 New Street Square London, United Kingdom, EC4A 3TW Privacy@glossier.com