Privacy Policy

 PRIVACY NOTICE 2018

1        Important notice

1.1              This is the Privacy Notice of Penhaligon’s Inc., located at 400 Madison Avenue, Suite 10B, New York, NY 10017.
1.2              This Privacy Notice sets out how Penhaligon’s Inc.(‘we’, ‘us’ or ‘our’) and our group companies (including Puig S.L.) collect and process your personal information when you access and use our site www.penhaligons.com (‘our site’). This Privacy Notice also provides certain information that is legally required and lists your rights in relation to your personal data.
1.3              This Privacy Notice relates to personal information identifying you. We refer to this information throughout this Privacy Notice as ‘personal data’ and section 2sets out further detail of what this includes.
1.4              Please read this Privacy Notice to understand how we may use your personal data.

2        The personal data we collect about you

We may collect the following personal data about you:

2.1              personal data you provide to us via our site, including information that you provide by filling in forms on our site. This includes information provided at the time of registering to use our site and when you make purchases from our site.  For example:
2.1.1        your name and title;
2.1.2        your billing and delivery postal address, phone, fax and email addresses;
2.1.3        your gender (although this is not mandatory);
2.1.4        where you have registered with us, your user name and password; and
2.1.5        how you heard about us.

2.2             
personal data you provide when you enter a competition or promotion sponsored by us, and/or when you report a problem with our site;

2.3              we may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them;

2.4              details of transactions you carry out through our site and of the fulfilment of your orders;

2.5              details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access;

2.6              information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users' browsing actions and patterns, and does not identify any individual;

2.7              personal data gathered using cookies – please see our Cookie Policy for further information;

2.8              personal data you provide when you request our marketing material or email newsletter or submit a query to us or which is collected via social media;

2.9              personal data you provide when using interactive features of our site; and

2.10          personal data you provide when applying for a job advertised or submit a speculative job application and/or your CV.

3        Key information about your personal data

3.1              Data controller and contact details

3.1.1        If you have a concern or question regarding your privacy, you can contact our company by emailing [email protected].  

3.2              Processing data

3.2.1        We collect and process your personal data for a variety of different purposes which are set out in further detail below.

3.3              How we use your personal data for marketing and promotions  

3.3.1        We may ask for your consent to contact you by telephone, SMS, post and/or email about other offers, products, promotions, developments or services which we think may be of interest to you and for other marketing purposes.  You can indicate your consent by ticking the relevant box.
3.3.2        We may ask for your consent to group companies including Puig SL to contact you by telephone, SMS, post and/or email about other offers, products, promotions, developments or services which may be of interest to you and for other marketing purposes.  You can indicate your consent by ticking the relevant box.
3.3.3        We may ask for your consent to allow third parties to contact you by telephone, SMS, post and/or email about other third party offers, products, promotions, developments or services which may be of interest to you and for other marketing purposes.  You can indicate your consent by ticking the relevant box.
3.3.4        We also request consent for some cookies in accordance with our Cookie Policy.

3.4              Withdrawing your consent for marketing materials  

3.4.1        You may at any time withdraw the consent you give to our processing your personal data for those purposes set out in section 3.3above by contacting us at [email protected].
3.4.2        If you want to stop receiving future marketing messages and materials at any time, you can do so alternatively by clicking the 'unsubscribe' link which is included in all of our email marketing messages.
3.4.3        Our Cookie Policy sets out how to manage cookies.

3.5              How we use your personal data  

3.5.1        These are some of the ways we use your personal data:

How we use your personal data
In order to perform our contractual obligations to you. This would include our fulfilling orders you have placed for goods or services, contacting you in relation to any issues with your order or where we need to provide your personal data to our service providers (e.g. our courier company).
 
In order to comply with our own legal obligations or to assist in an investigation (e.g. from the police).
 
In order to use your personal data to operate our business and that of our group companies (including Puig S.L.), but otherwise than in performing our contractual obligations to you. These would be our and our group companies’ ‘legitimate interests’ for the purposes of Data Protection Legislation and are as follows:
 
(i)                 notifying winners of online competitions;
(ii)               sending you surveys in connection with our goods and services;
(iii)to send you important notices such as communications about changes to our terms and conditions and policies;
(iv)             to assist in the investigation of suspected illegal or wrongful activity. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
(v)               to deal with any misuse of  our site;
(vi)             to contact you by telephone, SMS, post and/or email about other offers, products, promotions, developments or services our ours which we think may be of interest to you and for other marketing purposes. Please make it clear when you provide personal data to us, should you not wish to receive such information to send you information you have requested;
(vii)           to deal with your enquiries;
(viii)         to allow you to participate in interactive features of our service, when you choose to do so;
(ix)             where you have submitted a job application we may for a reasonable period keep your details on file for future reference should a suitable position subsequently become available and we may send you information about job opportunities;
(x)               to develop, deliver and improve our goods or services;
(xi)             to help us develop our site to be more useful to you;
(xii)           for internal purposes for research, analysis, testing, monitoring, customer communication, risk management and administrative purposes;
(xiii)         to protect and defend our rights or property or those of our customers or others;
(xiv)         to sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers; and
(xv)           in order to enforce or apply our site’s Terms of Website Use or Terms and Conditions of Sale and other agreements with third parties.
 
 
3.5.2        We will do our best to inform you when we carry out any of the above activities, but it may be that we are unable to do so in each case.  

3.6              Who receives the personal data you provide to us  

3.6.1        We will share your personal data with the following recipients:
(a)                RedEye in relation to our marketing email communications with our customers;
(b)               Affilinet for our affiliate programme which allows us to see anonymously which website you came from right before you visited our site;
(c)                SagePay – and PayPal – to process payments made on our site;  
(d)               Winparf in relation to point of sale;
(e)                Yocuda in relation to electronic receipts;
(f)                Falcon Social in relation to social media marketing with our customers;
(g)                CDL Logistics and DPD in relation to order fulfilment and delivery services;
(h)               Paraspar in relation to online transactional services;
(i)                 Facebook in relation to our social customer audience segments;
(j)                 SAP for finance and logistical purposes;
(k)               Puig S.L. for management of Group Company data; and
(l)                 Borderfree Inc. in relation to us orders international shipping (selected countries)
However, we do not forward personal data to these third parties for any promotional purposes by those companies.
3.6.2        In addition, we may disclose the personal data you provide to us to our group companies or any third party data processors other than those listed above who may process data on our behalf for the purposes set out in section 3.5 above.
3.6.3        We may also disclose your personal information to other third parties in order to undertake any of the activities listed in sections 3.3. and  3.5.
 
3.7              Transfers of your personal data to other countries  

3.7.1        The personal data we collect from you is currently held within the European Economic Area (‘EEA’).  However, it is possible that in the future such personal data may be transferred, stored and/or processed outside the EEA.
3.7.2        By submitting your personal data, you agree to this transfer, storing and/or processing. You should be aware that countries outside the EEA may not offer the same level of data protection as the United Kingdom.   

3.8              Data Retention  

3.8.1        We will only hold your personal data for so long as is necessary for us to do so, however because this depends in each case on how each of our customers interact with us, we keep the length of time that we hold your personal data for under  review.
3.8.2        Where we no longer need to process your personal data for the purposes set out in this Privacy Notice then we will delete your personal data from our system.  

3.9              Why should you provide us with personal data?  

3.9.1        Please be aware that we do need to use certain of your personal data in order to fulfil our contractual obligations to you and to provide you with the goods and services you have elected to receive. If you do not provide it then we may not be able to perform the contract to the level you expect or at all.  Please see our Terms and Conditions of Sale for further details.   

3.10          Where we store your personal data  

3.10.1    All information you provide to us is stored on our secure servers.
3.10.2    We will keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.
3.10.3    Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
3.10.4    Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. 3.10.5    Payment transactions are made using payments providers. All credit/debit card transactions on our site are processed using, a secure online payment gateway that encrypts your card details and cannot be accessed by us.

4        Links to other websites

This policy only applies to Penhaligon’s Inc. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy notices or policies and that we do not accept any responsibility or liability for any use of your personal data that is made by unconnected third party websites. You should remember to read and understand those websites’ privacy notices or policies as well.
 
5  Interest-Based Advertising - Opt-Out

Our site interest-based advertising, which is the collection of browsing data over time so that our ads and marketing can be personalized and displayed to you on our websites and 3rd party websites.  You can choose to opt out of having your data used for targeting and serving interest-based advertising by using the opt-outs provided by the Network Advertising Initiative and the Digital Advertising Alliance:
·         NAI: http://www.networkadvertising.org/managing/opt_out.asp
·         DAA: http://www.aboutads.info/choices/
This does not mean that we will not serve you ads, but it does mean that we will not use interest-based advertising to do so.
 
6  Do Not Track

Do-Not-Track is a public-private initiative that has developed a “flag” or signal that an Internet user may activate in the user’s browser software to notify websites that the user does not wish to be “tracked” by third-parties as defined by the initiative. The online community has not agreed on what actions, if any, should be taken by the websites that receive the “do not track” signal, and therefore Do-Not-Track is not yet standardized. Our website does not alter its behaviour or change its services when it receives a “do-not-track” flag or signal from your browser.
 
7  Information from Children Under 13

On our website, we do not intentionally gather Personal Information from visitors under the age of 13.  If you believe we have inadvertently collected information about your child, please contact our Data Protection Officer, and we will attempt to delete the information.
 
8  Your California Privacy Rights

Under Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for those third parties' direct marketing purposes, and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To exercise your rights, you may make one request each year by emailing us at [email protected] with "Request for California Privacy Information" on the subject line and in the body of your message. Be sure to provide in the request sufficient information to properly identify you and/or the members of your family.
 
EFFECTIVE DATE: This Privacy Notice may vary from time to time so please check it regularly. These terms were most recently updated on Tuesday 2nd January 2018