Global Privacy Policy
Effective May 31, 2022
Deciem Beauty Group Inc. and its affiliates and subsidiaries (collectively, “DECIEM”, “we”, “us” or “our”) respects your concerns about privacy and values the relationship we have with you. This Global Privacy Policy (“Policy”) describes the types of personal information (“information”) we collect about our customers, including in-store and online, how we use the information, with whom we share it, and the choices available to our customers regarding our use of the information. We also describe the measures we take to protect the security of the information and how our customers can contact us about our privacy practices.
PLEASE REVIEW THIS POLICY CAREFULLY. When you submit information to or through the Website (as defined below), you agree to the collection and processing of your information as described in this Policy. By using the Website, you accept the terms of this Policy and our Terms of Use and agree to our collection, use, disclosure and retention of your information as described in this Policy.
In order to exercise any of your rights described herein, you can contact us using the details at Section 19 (“How to Contact Us”) below.
How We Collect Your Information
We may obtain information about you from various sources. We may collect information when you purchase goods or services from us, provide it to us at one of our stores, on our website located at www.deciem.com (the “Website”), via our social media pages, at one of our events or if you contact us by telephone, e-mail or live chat.
Our products are available for sale online, in our or our reseller’s retail stores and many department stores. Unless otherwise indicated at the time that you provide your information, any information collected in our reseller’s retail stores or department stores is not provided to us. This Policy does not address any data collection by any of our retail partners. When you visit our Website or our social media pages, we may also collect certain information about your device or usage by automated means, including using technologies such as cookies, web server logs and web beacons.
The kinds of personal information we may collect are set out in Sections 2 and 3 of this Policy.
In relation your information collected for the purpose of purchasing our products in the United Kingdom or the European Economic Area, the controller is Deciem UK Ltd.
Information You Provide
You may choose to provide information to us in a number of ways, such as when you participate in an offer or promotion, when you make a purchase on our Website or in our stores or via our social media pages. The types of information you may provide to us include:
- Contact information (such as name, postal address, email address, mobile or other phone number)
- Age and date of birth
- Gender
- Payment information (such as your delivery address and billing address)
- Purchase history
- Account information (e.g. user ID)
- Product preferences and feedback
- Location information
- Information in relation to product complaints (includes reaction to skin, your ethnic origin and allergies)
- Content you provide (such as photographs, videos, reviews, articles, survey responses and comments)
- Device information provided to us through the type of device you use when you visit our Website and social media pages which may also include your unique device identifier, IP address, type of device or mobile operating system
- Information provided to us through social media networks when you visit our social media pages (such as your name, profile picture, likes, location, friend list and other information made publicly available by you on the social media network)
Information We Collect by Automated Means
When you visit our Website, view or click on our online advertisements (including our advertisements on third party websites), or visit our social media pages, we also collect certain information about your usage or device by automated means or by using technologies such as cookies, web server logs and web beacons. For example, if you visit our Website, we may collect your IP address, your unique device identifier (or other device identifier) and/or geolocation data. As set forth in more detail below, we may also collect information about your usage and browsing habits using various web-based technologies.
We use Adyen, Stripe and PayPal for payment, analytics, and other business services. Adyen, Stripe and PayPal collect identifying information about the devices that connect to its services. Adyen, Stripe and PayPal use this information to operate and improve the services it provides to us, including for fraud detection. You can learn more about Adyen and its privacy practices here: https://www.adyen.com/policies-and-disclaimer/privacy-policy. You can learn more about Stripe and its privacy practices here: https://stripe.com/privacy-center/legal. You can learn more about PayPal and its privacy practices here: https://www.paypal.com/ca/webapps/mpp/ua/privacy-full.
How We Use the Information
We may use the information provided to:
- Send you promotional materials or other communications, in accordance with your communication preferences
- Provide products and services to you
- Process your payment and/or gift card transactions
- Create and manage your online account, including access to your online and in-store purchase history
- Assist with product selection
- Respond to your inquiries
- Tailor ads displayed to you on our Website and elsewhere to your interests and history with us
- Communicate with you about, and administer your participation in, special events, contests, sweepstakes, surveys and other offers
- Operate and communicate with you about our social networking applications
- Operate, evaluate and improve our business (including developing new products and services)
- Improve our current products and services; manage our communications; analyze our products; perform data analytics; and perform accounting, auditing and other internal functions
- Protect our systems and infrastructure from security risks
- Comply with applicable legal requirements, relevant industry standards and our policies
- As otherwise required, authorized or permitted by applicable laws.
If we use your information in ways not mentioned here, we will let you know in advance.
Technologies We Use
Cookies, Web Server Logs and Web Beacons
Cookies are small text files that websites send to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings in your browser. Your browser may tell you how to be notified when you receive certain types of cookies and how to restrict or disable certain cookies. Please note, however, that without cookies you may not be able to use all of the features of our Website. For details on these types of cookies and information on how to opt-out, click here.
In conjunction with obtaining information through cookies, our web servers may log details such as your operating system type, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone in which your device is located. The web server logs also may record information such as the address of the web page that linked you to our Website and the IP address of the device you use to connect to the Internet.
To control which web servers collect this information, we may place tags on our webpages called “web beacons.” These are computer instructions that link web pages to particular web servers and their cookies.
Third Party Web Analytics Services
We may use third party web analytics services on our Website such as Google Analytics. The service providers that administer these services use technologies such as cookies, web server logs and web beacons to help us analyze how visitors use our Website. The information collected through these means (including IP address) is anonymized before being shared with these service providers, who use the information to evaluate use of the Website. You may deactivate the ability of these analytics services to analyze your browsing activities on the Website. If you would like to opt-out from the use of your information by Google Analytics, you may use Google’s Analytics opt-out browser add-on designed for this purpose.
Targeted Advertising
We also may contract with third-party advertising networks that collect IP addresses and other information through the use of cookies, web server logs and web beacons on our Website and emails; on third-party websites and emails; and on our advertising placed on third-party websites. They use this information to provide advertisements about products and services tailored to your interests (including for companies not affiliated with us). You may see these advertisements on our Website and other websites. This process also helps us manage and track the effectiveness of our marketing efforts. To not have your information shared with such parties, you may manage your cookie preferences here, or by going to our "Do Not Sell My Personal Information" web page.
How We Use the Information Collected by Automated Means
We may use the information collected through automated means on our Website for market research, data analytics and system administration purposes, such as to determine whether you have visited us before or are new to the Website, to tailor ads displayed to you on our Website and elsewhere and for compliance with our legal obligations, policies and procedures, including compliance with relevant industry standards. We also may use the information in other ways for which notice is provided at or before the time of collection.
Do Not Track
We currently do not change our tracking practices in response to “do-not-track” signals or other similar mechanisms. “Do-not-track” is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. For details, including how to turn on “do-not-track, visit www.donottrack.us.
Information We Share
We do not rent lists or sell or otherwise disclose information we collect about you, except as described here. We may share your information with:
- Our affiliated legal entities
- Third party service providers who perform services on our behalf based on our instructions. We do not authorize these service providers to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements. Examples of these service providers include entities that process credit card payments, fulfill orders and provide web hosting, advertising and marketing services.
In addition, and notwithstanding any other provision herein, we may retain and disclose information about you (a) if we are required to do so by law or legal process; (b) to law enforcement authorities or other government officials; or (c) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
We also reserve the right to transfer information we have about you in the event we sell or transfer all or a portion of our business or assets, including in connection with a merger, acquisition, reorganization, liquidation, change in control or other sale by or of us or any affiliated entity (in each case whether in whole or in part). Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use information you have provided to us in a manner that is consistent with this Policy. Following such a sale or transfer, you may contact the entity to which we transferred your information with any inquiries concerning the processing of that information.
Your Rights and Choices
We offer you certain choices in connection with the information we collect from you, such as how we use the information and how we communicate with you. To update your preferences, please contact us in the manner specified below.
Email Opt-Out
You can at any time tell us not to send you marketing communications by email by clicking on the unsubscribe link within the marketing emails you receive from us or by contacting us as indicated below.
Social Networking Application Opt-Out
To remove or delete our social media applications from your social networking account, follow the instructions from the particular social network.
Access and correct your information
You have the right to request access to, or corrections of, any personal information which we hold about you. We will respond to all access or corrections requests promptly, and in accordance with applicable laws. If you would like to make an access or correction request, you should submit your request using our contact details in Section 19 of this Policy below.
Children’s Privacy
Our Website is not directed to children under the age of sixteen and we do not knowingly collect information from children under the age of sixteen on our Website. If we become aware that we have inadvertently received information from a visitor under the age of sixteen on our Website, we will delete the information from our records.
Storage of Information / Data Transfers
DECIEM is based in Canada and operates an international retail and online business. As a result, your information may be transferred to, stored at or processed in other countries, including Canada, the United States, Australia, Germany, France, Hong Kong and United Kingdom and other countries which may not have equivalent privacy or data protection laws. However, regardless of where your information is transferred, we will protect it in accordance with this Policy and applicable law.
Information Security and Data Retention
We use physical, technical, organizational and administrative safeguards to help protect your information from unauthorized access or loss. For example, we use technology like encryption to protect sensitive information (such as your name and address) during transmission. However, no security system is perfect, and we cannot promise that information about you will remain secure in all circumstances, including the security of your data during transmission to us. We will retain your information for as long as the information is needed for the purposes listed herein and for any additional period that may be required or permitted by law.
User Submitted Content
Users may be able to submit reviews, content and other information and materials that users have created through our Website and through third party social media platforms. DECIEM MAY REMOVE OR MODERATE ANY USER CONTENT CREATED THROUGH OUR WEBSITE OR ANY THIRD PARTY SOCIAL MEDIA PLATFORMS AT ITS SOLE DISCRETION. ANY OPINIONS EXPRESSED IN ANY SUCH USER SUBMITTED CONTENT ARE SOLELY THOSE OF THE USERS THAT SUBMITTED THE CONTENT AND DO NOT NECESSARILY REFLECT THE OPINIONS, POLICY OR POSITION OF DECIEM. YOU ASSUME ALL RISKS ASSOCIATED WITH SUCH CONTENT, INCLUDING, BUT NOT LIMITED TO, ANY THIRD PARTY’S RELIANCE ON ITS QUALITY, ACCURACY, OR RELIABILITY, OR ANY DISCLOSURE OF INFORMATION IN YOUR USER CONTENT THAT MAKES YOU OR OTHERS PERSONALLY IDENTIFIABLE. YOU HEREBY AGREE THAT DECIEM HAS NO RESPONSIBILITY OR LIABILITY WHATSOEVER FOR ANY SUCH ACTIVITIES. YOU ALSO AGREE AND UNDERSTAND THAT YOUR USER CONTENT IS NOT SPONSORED OR ENDORSED BY DECIEM, AND YOU WILL NOT IMPLY THAT YOUR USER CONTENT IS IN ANY WAY SPONSORED OR ENDORSED BY DECIEM.
Third Party Websites
Our Website may contain links to other third-party websites. These other websites may have their own privacy policies and terms and conditions that are not governed by this Policy. We are not responsible for the privacy practices or the content of any website(s) owned and operated by any such third parties. Other websites may collect and treat information collected differently, so we encourage you to carefully read and review the privacy policy for each website you visit. Any links from this Website to other websites, or references to products, services or publications other than those of DECIEM, do not imply the endorsement or approval of such websites, products, services or publications by DECIEM.
California Privacy Rights
California "Shine the Light" Law
If you reside in California, you have the right to ask us one time each year if we have shared information with any third parties for their direct marketing purposes. To make such a request, please contact us as described below. In your correspondence, please confirm that you are a California resident making a "California Shine the Light" inquiry.
California Consumer Privacy Act (“CCPA”)
If you reside in California, you have the following rights:
- You have the right to opt-out of any sale by us of your personal information
- You have the right to request the deletion of your personal information
- You have the right to request us to disclose to you the following, no more than twice in a 12-month period:
- Categories of personal information we collected about you during the preceding 12 months
- Categories of sources from which we collected the personal information during the preceding 12 months
- Categories of information we have sold during the preceding 12 months
- Business or commercial purpose for collecting or selling your personal information during the preceding 12 months
- Categories of third parties with whom we shared the personal information during the preceding 12 months
- Specific pieces of personal information we collected about you during the preceding 12 months
- You have the right not to be discriminated against for exercising any of the aforementioned rights.
We have collected the following categories of personal information about California residents in the preceding 12 months for the business purposes set forth below. For a listing of the categories of sources from which that personal information was collected and the categories of third parties with whom we share such personal information or to whom we sell or disclose such personal information for a business or commercial purpose, please see Sections 1 (“How We Collect Your Information”) and 8 (“Information We Share”) of this Policy.
Categories of Personal Information | Description | Purpose(s) |
---|---|---|
Identifiers | Name, alias, postal address, online identifier, Internet Protocol address, email address, or other similar identifiers. |
|
Categories listed in the California Customer Records statute | Name, signature, physical characteristics or description, address, telephone number. | |
Protected classification characteristics under California or federal law. | Race, color, national origin, gender. | |
Commercial information | Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | |
Internet or similar network activity | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | |
Geolocation data | Location information. | |
Visual information | Physical characteristics. |
DECIEM does not sell personal information. However, the collection of data through third party cookies for our targeted advertising purposes may be considered a “sale” under the CCPA. While we do not sell personal information, as described in Section 5.3 (“Targeted Advertising”) above, we do use third party cookies for targeted advertising purposes. To not have your information shared with such parties, you may manage your cookie preferences here, or by going to our "Do Not Sell My Personal Information" web page.
DECIEM does not knowingly sell personal information of minors under the age of 16.
To exercise the rights described above, you must submit a verifiable consumer request to us by contacting us as described in Section 19 (“How to Contact Us”) of this Policy and providing the requested information. You may make a verifiable request on behalf of your minor child. You may also designate an authorized agent to make a request on your behalf by providing the agent with signed written permission to do so.
To submit a verifiable consumer request, you will be asked to provide certain information to help us verify your identity. The information we ask you to provide to initiate a request may differ depending upon the type of request, the type, sensitivity and value of the personal information that is the subject of the request, and the risk of harm to you that may occur as a result of unauthorized access or deletion, among other factors. We may also require you to provide a written declaration that you are who you say you are. If we cannot verify your identity, we will not be able to comply with your request. We will inform you if we cannot verify your identity.
Third Party Collection
California law also requires website and online service operators to disclose whether third parties may collect information about their users’ online activities over time and across different sites when the users use the operator’s website or service. Third parties that have content or services on our Website such as a social feature, analytics service, or an advertising network partner, may obtain information about your browsing or usage habits while you visit our Website and while you visit third-party websites that use the same content or services.
Nevada Residents
Under Nevada law, DECIEM does not sell your personal information. However, if you are a Nevada resident, you may submit a request that we not sell any personal information we have collected about you by contacting us as set out in Section 19 (“How to Contact Us”) of this Policy.
EU Residents
With respect to “personal data” as defined by Regulation (EU) 2016/679 (“GDPR”) that you may provide to us through the Website, we serve as the “controller.”
We provide the Website from servers located in the US. If you are accessing the Website from the European Union, we will only transfer your personal information outside of the European Union through the use of appropriate safeguards. We process personal information to pursue our legitimate business interest to operate the Website and as described in Section 4 (“How We Use the Information”) above. To learn more about with whom we share your personal information please refer to Section 8 (“Information We Share”) above.
We will retain your personal information for as long as necessary to fulfill the purpose for which it was collected, or as required by applicable laws or regulation. Copies of information that you have updated, modified, or deleted will remain in our systems if applicable law requires us to retain it.
You have a right to access your personal information, rectify inaccurate personal information kept about you, request the erasure of personal information and to request that we restrict the processing of your data in certain circumstances. If you wish to access your personal information, please contact us at the contact information provided in Section 19 below in writing, and allow reasonable time for the data to be collected. You also have the right to lodge a complaint with a supervisory authority.
Updates To Our Privacy Policy
This Policy may be updated periodically and without prior notice to you to reflect changes in our information practices. Any changes to this Policy will be posted to this page so you are always aware of the information we collect and how we use it. Accordingly, please refer back to this page frequently as the Policy may change.
How to Contact Us
To contact us in relation to information you have provided to us, to send us general enquiries, to contact us in relation to this Policy and how DECIEM processes your personal information, or if you have any questions on any privacy issues concerning DECIEM, you may contact us via our Website or postal mail as follows:
Website Online Form |
|
Post |
Canada DECIEM 15 FRASER AVE TORONTO, ONTARIO M6K 1Y7 CANADA Attention: Data Protection Officer |
Toll-Free Telephone Number (North America only) | 1-800-921-4819 |
You may also contact us using the details above if you believe we have not complied with this Policy or have breached our privacy obligations under applicable law. Please provide as much detail as possible, so that we can fully investigate your complaint. We will treat all complaints seriously and will endeavor to respond to you as soon as possible.
If we need, or are required, to contact you concerning any event that involves your information we may do so by telephone or email.