Privacy policy
Data privacy statement - Germany
We at Charlotte Tilbury Beauty Ltd. are committed to protecting your personal data and respecting your privacy. We understand that your personal data belongs to you and fully respect that.
This privacy policy describes below how and why we collect and use the personal data you share with us when visiting our website or online shop. We want to ensure that you are fully informed about how we use your data and how we protect your data and rights.
We are confident that this privacy policy answers all your questions about data protection at our company. However, should you still have any questions, please contact our legal department directly at legal@charlottetilbury.com or alternatively, you can use the contact details provided after this privacy policy to get in touch by mail.
We may update this privacy policy from time to time as part of website updates. We will, of course, inform you of any changes to our policies, but we also encourage you to check back periodically and review the privacy policy yourself.
At the same time, we also encourage you to check back from time to time and review the privacy policy yourself.
About us - Who is the Charlotte Tilbury Group?
This privacy policy is provided by Charlotte Tilbury Beauty Limited (hereinafter referred to as “we”, “us” or “our” for the purposes of this privacy policy). Charlotte Tilbury Beauty Ltd.
For the personal data you provide to us in Europe, we are the "data controller" under data protection law, in particular the EU General Data Protection Regulation (GDPR). In the Netherlands, this role is fulfilled by our sister company, Charlotte Tilbury Netherlands BV, and we refer you to the Netherlands Privacy Policy for further information. This Privacy Policy applies to the online services of Charlotte Tilbury Beauty Ltd., offered under the domain www.charlottetilbury.com/ie/, and to all orders placed by customers on our website.
When you place an order on our website, you are entering into a contract with Charlotte Tilbury Beauty Limited. Charlotte Tilbury Beauty Ltd. is also part of the Charlotte Tilbury Group, which operates the Charlotte Tilbury business in other parts of the world. This includes the USA, Canada, Hong Kong, and the countries of Europe. Hereinafter, the term "Charlotte Tilbury Group" refers to the larger global group of Charlotte Tilbury companies.
For further information about the Charlotte Tilbury Group, please contact us using the contact details you will find at the end of this privacy policy.
Sales partner
You can purchase Charlotte Tilbury products through our website or from one of our retail partners in Europe. For example, at KaDeWe, de Bijenkorf, and Brown Thomas (hereinafter referred to as our "Retail Partners"). When you purchase Charlotte Tilbury products and/or services from one of our Retail Partners, please note that you are entering into a purchase agreement directly with the Retail Partner and not with the Charlotte Tilbury Group of companies. This applies to products/services purchased both online and in one of our Retail Partners' stores.
All personal data that you give to a sales partner will be handled by that sales partner, and you should check the sales partner's website or contact the sales partner directly if you have any questions about the collection and handling of your personal data.
How we ensure the lawful use of your data
We only use your data when there is a legal basis for processing your personal data. We only use your personal data to fulfill our contract with you (e.g., delivering the goods you purchased from us) or when we have a legitimate interest, such as improving our goods and services—more precisely, our business interests—and even then, only in a way that does not infringe on your interests, rights, and freedoms. For example, we may use your purchase history to send you personalized offers or combine it with the combined purchase history of our customers to better understand their needs and expectations. This allows us to improve our services, websites, products, and brands, and to develop new products for our customers. For more information on this topic, please contact us using the contact details provided at the end of this privacy policy.
We may sometimes use your data to comply with our legal obligations (e.g., for fraud prevention: to ensure that payments are made in full and without fraudulent behavior or embezzlement). There are also cases where we ask for your consent to use your personal data, for example, when you subscribe to our newsletter and to send you commercial communications.
Further information on how we use your personal data can be found below.
What data do we collect from you and how do we use it?
The data we collect from you and how we use this information depends on how you communicate with us, for example, whether you place an order on our website, contact us by phone or email, purchase a product, or schedule an appointment in one of our stores. The table below lists some examples that explain how we collect and use data.
| What personal data do we collect? | How and for what purpose do we process the data? | What is the legal basis for processing your personal data? |
|---|---|---|
| We collect personal data to identify you, such as username, password, and date of birth. We also collect your contact information, such as your email address, landline phone number, mobile phone number, and delivery/billing address. | This may be necessary to process your order (e.g., delivery of your order) or to contact you regarding your order. For example, DPD, UPS, DHL. | For the purpose of fulfilling the contract. |
| For account creation and management | Legitimate interest | |
| To send you email newsletters with updated information on new products and services that we believe will be of interest to you, to inform you about our latest offers, and, if you wish, to allow you to participate in our loyalty and VIP programs. | Where you gave your consent. | |
| To send you SMS messages to keep you up to date on our products, services and our latest offers that we think you'll be interested in. | Where you gave your consent | |
| To send you information with your order, to keep you up to date on our products, services and our latest offers that we think will interest you. | Legitimate interest | |
| To make an appointment or to participate in an event. | Legitimate interest | |
| To participate in a competition, contest, or prize draw. | Where you gave your consent | |
| To contact you regarding your order or booking, or if you are submitting a complaint or inquiry. | Legitimate interest | |
| To complete surveys we have sent you (if you wish) or to provide comments or reviews on our products or services, which we can use to improve our products and services. | Legitimate interest | |
| Fraud prevention and fraud detection | Legal obligation/Legitimate interest | |
| We may be legally or governmentally required to do so, for example by NHS Test and Trace. We may be legally or otherwise required to share this information under certain circumstances, such as with NHS Test and Trace if our premises are identified as the site of a COVID-19 outbreak. | Legal obligation | |
| Managing your payment details and transaction data | To process payments for your order and, if necessary, to issue refunds. We do not store any payment information after the transaction is complete. We share this data with credit card companies and other payment providers. | For the purpose of fulfilling the contract. |
| Fraud prevention and fraud detection | Legal obligations/Legitimate business reasons. | |
| Details of your transaction including purchase history and activity | To assess whether you are eligible for a loyalty program | Legitimate interest or where you have given your consent, if required |
| Information that you share with us when contacting us by phone, email, post or on social media, via our website, via LiveChat or via VideoChat, including your phone number, email address, social media profile/account and picture (where applicable). | To offer you the support and customer service you desire. | Legitimate interest or where you have given your consent, if required |
| Video surveillance in our stores. | To record video footage for security purposes. | Legitimate interest |
| Technical data about your hardware, browser activity, and behavior patterns. Information about how you use the website and its pages, including the pages and links you view, when and for how long you visit them, and the choices you make while using the website. We collect this personal data using cookies, server logs, and other similar technologies such as web beacons or pixels on our website, apps, and emails. You can find full details about our use of cookies in our Cookie Policy. | To manage and improve our website. To ensure that our website functions optimally and to provide you with the best website experience. You should consent to using the interactive features on our website. | Where you gave your consent. |
| For analysis, testing, research and statistical data collection so that we can improve our products and services. | Where you gave your consent. | |
| So that our website remains secure and safe. | Legal obligation, legitimate interest | |
| To make suggestions to you and other users of our website regarding our products or services that might be of interest to you or other users of our website. To provide you with information and to remember products and services you have viewed on the website. | Where you gave your consent. | |
| To measure and understand the effectiveness of our advertising campaigns and to offer you advertising content tailored to you. | Where you gave your consent. | |
| To identify behavioral patterns from emails we send to you, so that we are able to observe and analyze the effectiveness of these emails. | Where you gave your consent. | |
| Additional data that you voluntarily provide to us, such as your birthday, hair color, eye color, makeup shade, skin tone, and beauty preferences. We may collect this information in various ways, including through your Charlotte Tilbury account, bookings you make, consultations and appointments you have with us, games you play on our website, emails we send you, or marketing campaigns to collect additional, optional data. | To help you choose personalized cosmetic treatments. | Legitimate interest |
| Photographs, videos and video stills of you that you voluntarily provide to us. | For use on the website, social media channels and other Charlotte Tilbury channels and in promotional materials for marketing purposes and product recommendations. | Where you gave your consent. |
| Personal data provided in audio or video recordings, such as when you call us, customer service calls or online consulting services. | To improve and monitor our services, to learn and develop, as well as for training and quality reasons. | Where you gave your consent |
| Social Media Accounts | If you provide us with your social media account to participate in Charlotte Tilbury programs or similar, we will allow you to be identified and to view your social media account(s). | Legitimate interest |
You are not required to provide us with any of the above data, but if you choose not to, we may not be able to offer you the products and services you request. The forms you fill out on our website and in our stores clearly illustrate which data we require for each product or service and which data you can share voluntarily.
To enable us to gain a better understanding of our customers, we combine personal data from all areas of the Charlotte Tilbury Group, such as our customers' purchase history.
Automated decision-making
We may use profiling, a type of automated decision-making, to analyze our customers' purchase history and activity. This could include, for example, creating a list of customers who are eligible for a loyalty program based on their purchases and spending, or identifying the types of advertising or marketing that might interest you. You have the right to ask us not to use your personal data in this way by contacting us as described at the end of this privacy notice.
Who has access to your personal data?
DISCLOSURE OF YOUR DATA WITHIN THE CHARLOTTE TILBURY GROUP
We may disclose your personal data within the Charlotte Tilbury Group for the purposes of data analysis, the development of new products or other business development processes, and/or to enable the Charlotte Tilbury Group to provide services to you. In this case, your personal data is protected by written data protection agreements within the Charlotte Tilbury Group to ensure the protection of your privacy.
DISCLOSING YOUR DATA TO TRUSTED THIRD PARTIES
We share your personal data with trusted third parties to provide you with our services. When we share your personal data with trusted third parties, we only provide the information our partners need to deliver the service you have requested. In this case, your personal data is protected by written data protection agreements, and we only share data relevant to our partners to ensure the protection of your privacy.
Trusted third parties:
| DESCRIPTION | EXAMPLES |
|---|---|
| Companies that help us fulfill your order and, if necessary, deliver orders, such as courier services and payment providers. | Examples: DPD, Klarna, Stripe, Paypal |
| Professional service providers such as website hosting providers, system providers, website and social media analytics providers, advertising agencies and appointment booking providers, who help us with our business processes. | Examples: Booking Bugs, Google Analytics, DoubleClick, Magento.Track |
| Direct marketing companies that manage our electronic communication with you | Examples: Dotmailer, Ometria, Moveable ink. |
| Social media agencies or web platforms that show you products that might interest you while you browse the internet. | Examples: Facebook, Instagram, YouTube |
| Companies that send segmented, personalized web communications for us | Examples: Qubit, Revel, Implicit Design |
| For fraud prevention at credit reference agencies, law enforcement agencies and authorities that combat fraud | Examples: Stripe, PayPal |
We may also share your personal data with third parties if we sell any business units or assets. In this case, we will disclose your personal data to the potential buyer of such a business unit or asset and to professional service providers such as accountants, insurance companies, lawyers, or financial institutions.
We may also disclose your personal data to the police, administrative authorities (such as tax authorities) or other law enforcement agencies if we are legally obliged to do so.
Your data will only be shared with third parties (including our group of companies) with your explicit consent, for example for advertising purposes.
Data we receive from third parties
We may also receive information about you from third parties, such as our partners who provide us with information collected during a sweepstakes, competition, offer period, sample request or survey, or information that is publicly available in the media, or if you have written a review about us.
Depending on your settings or the specific offer for social media or messaging providers, such as Facebook, Twitter or WhatsApp, we may, with your consent, collect information about you from these sources.
We may combine information from you with information we have obtained from other sources. However, this will only happen if there is a legal basis for doing so.
Online advertising for our website
We may work with third parties to provide us with analytics services and to show you Charlotte Tilbury ads and banners when you use certain apps or visit other websites. For this purpose, we use various ad exchange companies and digital marketing networks. We and our advertising partners use various advertising technologies, such as ad tags, cookies, pixels, identifiers, and web beacons. This information may be used by Charlotte Tilbury and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content tailored to your interests on our website and other websites, and better understand your online activity. For more information about interest-based advertising, or to prevent your web browsing activity from being used for behavioral advertising, please see our Cookie Policy and Cookie Management Tool.
To prevent your web browsing activity from being used for behavioral advertising purposes, please visit our Cookie Policy and our Cookie Management Tool.
The ads and banners you see are based on information we've collected from you. Or information gathered from your visits to other websites, for example, information about products you've viewed, content you've read, or Charlotte Tilbury banners you've previously clicked on.
We may also work with other third parties and use services they offer to show you ads on third-party websites and platforms (such as Facebook or Instagram) as part of a tailored campaign. As part of these advertising campaigns, we or the third-party providers may convert information about you, such as your email address and phone number, into a unique identifier that can be matched with a user account on these platforms. This allows us to learn about your interests and show you ads that are tailored to them. For more information about this advertising, or to opt out of seeing this type of tailored advertising, please visit the websites and platforms of the third-party providers that offer you choices regarding this type of tailored advertising.
International transfer of your personal data
We are a company with a global presence and some of our service providers or companies in our group are located outside of the UK or the EU.
As a result, it may be necessary for the personal data you have shared with us to be transferred to or accessed by companies outside the UK or the EU. This will only happen if it is necessary for us to fulfill our obligations to you. In any case, we follow processes designed to ensure the security of your data.
When we transfer your personal data to countries deemed by the European Commission or the UK government to offer an adequate level of data protection, we rely on this decision when transferring your personal data. For transfers to group companies and service providers outside the UK or the EEA for which no adequacy decision applies, we use standard contractual clauses or other transfer mechanisms provided for in applicable data protection laws to protect your personal data. All transfers of your personal data are carried out in accordance with applicable laws, and we handle the information in accordance with the principles set out in this privacy policy.
For further information on this topic or a copy of the standard contractual clauses we use, please contact us using the contact details you will find at the end of this privacy policy.
NON-BRITISH CUSTOMERS
If you are located outside the UK and place an order on the website or contact us via the website using LiveChat or VideoChat, your personal data may be used in the UK and/or the EU by Charlotte Tilbury Beauty Limited and the third parties mentioned above.
The legal basis for data processing in the UK is currently, until June 2021, the provisions of the Brexit Agreement (Article FINPROV.10A: Interim provision for transmission of personal data to the United Kingdom). The authorities are also currently working on an adequacy decision. We will, of course, monitor developments and update this privacy policy accordingly.
How long do we store your personal data?
We only store your personal data for as long as we need it to fulfill your needs, the purpose for which we collected your personal data, or our legal obligations. For example, we keep your data until your order is completed, your customer service request is resolved, or as long as you have a customer account with us.
We may retain certain personal data to comply with our legal and regulatory obligations, for fraud prevention, or to administer our rights. For example, we retain your order details for 5 years after the order was placed to comply with our legal obligations.
When we no longer need your personal data, we delete it from our systems and records or anonymize it so that you can no longer be identified. For example, by merging the data with other data so that the data is rendered unrecognizable and can no longer be used for business or analytical purposes.
Update your personal data
It's important that the data we have stored about you is up-to-date and accurate. If you have a customer account with us, please update it occasionally to ensure your information is current.
Security
We are committed to keeping your personal data secure and take all appropriate and reasonable security measures to achieve this goal. We have implemented physical, electronic, and administrative measures, such as our Information Security Management System and Secure Sockets Layer (SSL) encryption, to protect your personal data. Our employees who have access to your data are bound by confidentiality and security obligations.
Third-party links
Our website may contain links to other websites that might be of interest to you. However, we would like to point out that we have no control over third-party websites and that they are subject to their own privacy policies, not this privacy statement.
What can I do to stop receiving marketing communications?
We are happy to present our latest products, services and events to you via email and SMS, but if you decide that you no longer wish to receive our communications, you can unsubscribe at any time as follows:
To stop receiving emails, send us an email to:
You can unsubscribe by emailing customercare@charlottetilbury.com or clicking "unsubscribe" at the bottom of any email we send you. If you have a customer account with us, you can also unsubscribe via the account information page on the Charlotte Tilbury website by clicking on Newsletters and canceling your subscription to the mailing service.
To stop receiving text messages, please follow the link at the bottom of every text message we send. You can also email us at customercare@charlottetilbury.com.
Your rights
You have the following rights regarding your personal data stored by us:
• Access to the personal data we hold about you (data subject access request), including a copy of your data. • You have the right to have your personal data corrected if it is inaccurate or no longer up-to-date, and/or to have any missing information completed. You can also correct this data yourself via the account information page of the Charlotte Tilbury website if you have a customer account with us. • You have the right to have your personal data deleted if there is no longer a good reason to retain it. Please note that this is not an absolute right, as there may be legal or legitimate reasons for retaining your personal data (see below). • You have the right to restriction of processing, meaning that we can limit the processing of your data and may store it, but not use or process it. This applies, for example, if you want to verify the accuracy of the data for the purpose of processing, and • to receive a copy of the personal data we hold about you to use elsewhere or to ask us to transfer it to a third-party provider of your choice.
Please note that we may require proof of identity and full details of your request before processing any of the above requests.
Right of withdrawal
You can object to the processing of your data based on our legitimate interests at any time, and we must comply with your objection unless we determine that there are legitimate interests that override your objection and allow us to continue processing your data.
You have the right to contact your country's data protection authority to lodge a complaint about our data protection and privacy practices. In the UK, this is the Information Commissioner's Office (ICO). You can contact the ICO either by phone on their helpline number 0303 123 1113 or via their website www.ico.org.uk/concerns.
Before contacting the ICO or your country's data protection authority, we would appreciate it if you would first inform us of your concerns. So it would be great if you contacted us directly first.
Children
To create a customer account with us, subscribe to our newsletter, contact us, or connect with us via live chat or video chat, customers must be 18 years of age or older. We do not collect data from children under 18, and if you are under 18, please do not provide us with your personal information. We ask parents of children under 18 to ensure that their children do not provide us with any personal information without parental consent. If you believe that a minor has provided us with personal information, please contact us, and we will delete this data from our systems.
Marketing service provider
Your personal data, which includes demographic information, transaction history and online behavior, may be shared with selected marketing service providers for the following purposes and is commonly referred to as data profiling:
- They help us to better understand the preferences of our customers;
- With their help, we create forecasts in order to make the most interesting recommendations for products or services to you and other users;
- The relevance and suitability of our customer marketing will be improved (e.g., offers, products, and services); and
- Communication with our customers, both offline and online, can be made more effective. This could mean that you receive or are shown individually tailored advertising in the form of emails addressed directly to you or when visiting a website.
To ensure the security and protection of your data, all information shared with marketing service providers is converted into an unreadable format. This means that your personal identifiers are removed and replaced with pseudonymous placeholders or encrypted tokens.
Marketing service providers can compare the data we provide with their own data or that of third parties. For example, they can combine the unreadable data we provide with data from various recognized sources to gain more comprehensive insights into consumer behavior and preferences.
CONTACT
If you have any questions about our privacy policy, would like to submit a request, or have a complaint, you can contact us at the following address:
- Email: dpo@charlottetilbury.com; or
- Mail to: Data Protection Officer, Charlotte Tilbury Beauty Limited, 8 Surrey Street, London, WC2R 2ND, United Kingdom;