LAST REVISED: May 17th, 2019
- Information We Collect
- Advertising and Analytics Services Provided by Others
- How We Use Your Information
- How We Share Your Information
- Your Rights And Choices
- Data Transfers and Privacy Shield
- Residents of the European Economic Area
- Links to Other Websites and Third Party Content
- Data Retention
- California Privacy Rights
- Contacting Glossier
Information we collect directly from you
We collect the information you provide directly to us, such as when you open an account, place an order, ask to receive emails, or interact with us on social media. The types of personal data we may collect directly from you include:
- Contact information, such as your name, email address, mailing address, and phone number;
- Account information, such as your username and password;
- Billing information, such as credit card details and billing address;
- Optional information you may choose to provide, such as your date of birth, gender, social handles, makeup and color preferences; and
- Any other information you choose to provide.
Information about your use of our Services
We collect information about your use of the Services, such as the products you buy or express interest in.
If you choose to use our refer-a-friend service to tell a friend about Glossier, we may collect your friend's name and email address in order to send your friend an email and (if you so choose) one follow-up reminder email inviting him or her to shop with us. We store information about the individuals you refer in order to send these emails and to administer and track the success of our referral program.
Information we collect from other sources
When you access the Services through a social network, we collect information from the social network in accordance with your settings on the social network. If you interact with us on social media, we will collect information about those interactions. The information we may collect includes your name, picture, and email address. We may also collect information about you from third parties, including mailing list providers and publicly available sources, or friends that refer you to Glossier.
Information we collect by automated means
- Search terms used to reach our websites;
- Details about the devices that are used to access our websites (such as IP address, browser information, device information, and operating system information);
- Details about your interaction with our websites (such as the date, time, length of stay, and specific pages accessed during your visits to our websites, and which emails you may have opened); and
- Usage information (such as the number and frequency of visitors to our websites).
We may associate this information with your Glossier account if you have one, the device you use to connect to our Services, or email or social media accounts that you use to engage with Glossier.
Advertising and Analytics Services Provided by Others
How We Use Your Information
We may use the information we collect to deliver the products you request, to maintain and customize your account and our interactions with you, and to provide, maintain, and improve our Services. We also use the information we collect to:
- Communicate with you about our Services, including to tell you about products and services that may be of interest to you;
- Respond to your requests, inquiries, comments, and suggestions;
- Facilitate your engagement with the Services, including to enable you to post comments and reviews;
- Offer contests, sweepstakes, or other promotions;
- Conduct or administer surveys and other market research; and
- Protect against, identify, investigate, and respond to fraud or other illegal activity.
We may share the information we collect:
- With service providers that perform services on our behalf, such as those that provide shipment and payment services, customer service, and marketing support;
- With select partners as a part of co-sponsored promotions;
- To comply with a legal or regulatory obligation, protect and defend Glossier’s rights or property, protect the safety of our customers and website users or the public, and protect against legal liability;
- In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company;
- Between and among Glossier’s current and future parents, subsidiaries, affiliates, and other companies under common control and ownership; and
- With your consent and at your direction.
When you provide a product review or other user content, that content will be publicly posted. Other users may be able to see your name or other information about you that you post.
If you are in the United States, we may share information about you with select third parties so that they can communicate with you about products or services that may be of interest to you. If you prefer that we not share your information with such third parties, you may opt out by emailing us at [email protected].
Managing or deleting your Glossier account
You may review, update, or modify your account information, including profile and contact information, at any time by logging into your Glossier account. You may delete your Glossier account by emailing [email protected].
Opting out of email marketing
You may unsubscribe from our promotional emails at any time by following the instructions included in those emails. If you opt out of receiving such communications, note that we may continue to send you non-promotional emails (such as order confirmation emails or emails about changes to our legal terms).
Most web browsers are set to accept cookies by default. You can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our websites.
Our Services are not designed for children and do not knowingly collect personal data from children. If you have reason to believe that a child has provided personal data to us, please contact us, and we will endeavor to delete that information from our databases.
Glossier is headquartered in the United States, and we have operations and entities in the United States and other countries. As such, we may transfer your personal data to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it.
When we transfer personal data from the European Union or Switzerland to the United States, we comply with the EU-U.S. Privacy Shield Framework and the Swiss - U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and Switzerland to the United States, respectively (collectively, the "Privacy Shield Principles"). Glossier has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
In compliance with the Privacy Shield Principles, we are committed to resolving complaints about our processing of your personal data. EU and Swiss individuals with inquiries or complaints regarding our compliance with the Privacy Shield program should first contact us. We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Under certain conditions, you may be able to invoke binding arbitration to resolve your complaint. Glossier is subject to the investigatory and enforcement powers of the Federal Trade Commission.
If we share personal data transferred to the U.S. under the Privacy Shield with a third-party service provider that processes such data on our behalf, then we will be liable for that third party’s processing in violation of the Privacy Shield Principles, unless we can prove that we are not responsible for the event giving rise to the damage.
Legal Basis for Processing
If you are an European Resident, we process your personal data when:
- We need to use your personal data to perform our responsibilities under our contract with you (e.g., processing payments for and providing the Glossier products you have ordered).
- We have a legitimate interest in processing your personal data. For example, we may process your personal data to send you marketing communications and to provide, secure, and improve our Services.
- We have your consent to do so.
Data subject requests
If you are an European Resident, you have the right to access personal data we hold about you and to ask that your personal data be corrected, updated, or erased. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may contact us as indicated below. If you have a Glossier account, you may also review, update, and delete certain personal data by logging into your account.
Questions or Complaints
If you are an European Resident and have a concern about our practices concerning the processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your relevant local Data Protection Authority, please see http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm, or if you are a Resident of Switzerland, https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/
Links to Other Websites and Third-Party Content
Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which the data was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired.
California law permits residents of California to request notice of how their information is shared with third parties for direct marketing purposes or to opt out of such sharing. If you are a California resident and would like a copy of this notice or to opt out, please submit a written request to the following address: Glossier, Inc., 233 Spring Street, Floor 10, New York, NY 10013, Attn: Legal, or by emailing us by emailing us at [email protected].
233 Spring Street, Floor 10
New York, NY 10013
Customers in the EU may contact:
Phase EU Limited
5 New Street Square
London, United Kingdom, EC4A 3TW