Privacy Policy

Last Modified: February 2023
Privacy Policy

INTRODUCTION

We invite you to read this privacy policy (“Privacy Policy”), which describes how Chantecaille Beauté Inc., its affiliates and subsidiaries, including but not limited to, Chantecaille (UK) Ltd.  (collectively, “Chantecaille” or “We” or “us” or “Company” or “Chantecaille”) process your Personal Data. We use the term “Personal Data” to describe any information relating to an identified or identifiable individual.

This Privacy Policy covers the following topics:

  1. Notice To California Residents
  2. Personal Data We Collect and How We Collect It
  3. Why Do We Need Your Personal Data
  4. Children’s Personal Data
  5. Sharing of Personal Data with Third Parties
  6. Cookies And Related Technologies
  7. What are Your Rights Related to Your Personal Data
  8. Your Choices Regarding Your Personal Data
  9. International Data Transfers
  10. How We Protect Your Personal Data
  11. How Long We Store Your Personal Data
  12. US Privacy Disclosures
  13. Changes to Our Privacy Policy
  14. Data Controllers and Contact
1.NOTICE TO CALIFORNIA RESIDENTS
What categories of Personal Data do we collect? What are the purposes for which we collect and use your Personal Data?
  • Identifiers: This includes your name, home and mobile phone number, IP address, home address, country of residence, email address, signature, or other similar identifiers. This data will be sold or shared in accordance with our Privacy Policy.
  • Personal Data Described in Subdivision (e) of California Civil Code Section 1798.80:

  • - Billing Information. This includes your delivery address and payment details. Please note that we do not collect your credit card details. This data is not sold or shared.

  • Website registration credentials. This includes your username and password. This data is not sold or shared.
  • Preferences. This includes communication channels, preferred language, product preferences, and skincare wishes and/or concerns. This data is not sold or shared.
  • Personal life information and inferences. This includes life habits, interests, lifestyle, hobbies, and reactions to marketing campaigns. This data is not sold or shared.
  • Correspondence and communication between us and you. This data is not sold or shared.
  • Contact information for friends, family or other people who are the recipients of a gift card purchased by you. This data is not sold or shared.
  • Information or content you provide to us. This includes photographs, videos, reviews, questions, survey response and comments. This data is not sold or shared.
  • Social Media Information. If you accept targeting cookies from social networks on the Digital Platforms (as hereinafter defined), or if you use the share button to share our content through those platforms, those third parties may collect and process your data in order to provide you with personalized advertising. This data will be sold or shared in accordance with this Privacy Policy.
  • Information necessary to fight counterfeiting and infringements of Chantecaille’s intellectual property rights and protect the Chantecaille’s brand. This includes identification and contact details and any other information and documents related to counterfeit and infringing activities. This data is not sold or shared.
  • Characteristics of Protected Classifications Under California or Federal Law: This includes your age, gender, and national origin. This data is not sold or shared.
  • Internet or other Network Activity Information: This includes online activity such as browsing history, search history; information regarding your interaction with our websites or third-parties websites such as social media, applications or advertisements and other technical Personal Data or Personal Data shared by the service provider you are using; and technical information about your browser, device type, and operating system. This data will be sold or shared in accordance with our Privacy Policy.
  • Geolocation Data: This includes location information when you visit our Digital Platforms in order to direct you to the appropriate domain (internet location) or when you request location services provided by us, for example in order to find the nearest store to you. This data will be sold or shared in accordance with our Privacy Policy.
  • Inferences: We also may draw inferences from any of your information and interactions with us to enrich and supplement such profile, reflecting your preferences, characteristics, trends, predispositions, aptitudes and attitudes. This data is not sold or shared.
  • Sensitive Personal Data: This includes Skin type and health information in case you participate in our beauty consultations or treatments or interact with our customer service. This data is not sold or shared.

Business and Commercial Purposes:

    • To provide the products you may order and services you request, including processing orders and returns, and participating in our beauty treatments and consultations;
    • Provide support and respond to questions from customers and Site visitors
    • Set up and manage your Chantecaille account and loyalty program, including learning about customers’ needs and provide personalized servicess
    • Contact customers for service-related purposes
    • To monitor the use of our Digital Platforms and Points of Sale and help us monitor, improve and protect our products, brand, content, services, Digital Platforms and Points of Sale.
    • For our internal corporate reporting or company’s reorganization
    • In connection with legal claims, compliance, regulatory and investigative purposes
    • To monitor your account to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime in accordance with applicable law;
    • To help us design and deliver our Digital Platforms.
    • To the extent necessary to detect, block, report and mitigate cyber-threats, improve our network and information security, and in order to prevent or detect fraud.
    • To send you promotional, advertising and other marketing materials or communications from us or our agents and provide you with more relevant advertisements (referred to as “Retargeting”) or participate in surveys, contests, promotions or market research
    • To create lookalike campaigns that enable us to reach people who are likely to be interested in our products because they are similar to you
Additional Purposes:
  • As Otherwise Permitted by Law or as We May Notify You. We may also use information you provide to us for other purposes as disclosed at the time you provide your information or otherwise with your consent

Notice of third-party plugins that control collection of Personal Data

We use third party services on our website where the third party directly controls the collection of Personal Data on our behalf. These services are targeted marketing and advertising services. You have the right to opt-out of the “sale” or “sharing” of your Personal Data by submitting your request on “Do Not Sell or Share My Personal Information” or as detailed in Section 12 B) “US Privacy Disclosures – How to submit a request”.
Data Retention: All of the categories of Personal Data described above will be retained for a certain period of time based on the following criteria: (i) as long as necessary to fulfil the purposes outlined in this Privacy Policy; (ii) any applicable legal requirements; or (iii) any request for deletion from you in applicable situations.
2.PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT
We obtain Personal Data from or about you from various online and offline sources including when you:
  • Visit or otherwise use our websites (“Sites”), mobile applications, our social media pages, chat services, forums or blogs (collectively, “Digital Platforms”)
  • Create an account on our Digital Platforms or at one of our stores (“Points of Sale”)
  • Make purchases on our Digital Platforms or at one of our Points of Sale
  • Participate in our events and demonstrations, loyalty or other client programs, competitions, promotions or surveys
  • Subscribe to our marketing communications
  • Interact with us through email, text and/or other electronic messages
  • Participate in beauty consultations or treatments
  • Provide information at one of our Points of Sale
  • Interact with our beauty advisors and customer service
The following generally describes the type of Personal Data we may collect about you and the respective sources. However, the collection and processing of these data are not systematic; only the Personal Data necessary to fulfil each purpose will be collected and used.
Personal Data Provided by You. We collect information directly provided by you (for example, when you place an order, from emails, registration, web forms or in other manners), including:
  • contact information, such as first name, last name, telephone number, email address, and physical address;
  • identification information, such as your date of birth, nationality, country of residence, signature and geolocation;
  • commercial information, such as purchase history and interactions with us, order details, products bought and quantity, consultations, treatments, visits to our Digital Platforms or Points of Sale;
  • payment information, such as shipping address, billing address. Please note that we do not collect your credit card details;
  • preferences and reviews, such as communication channels, preferred language, product preferences, product reviews, skincare wishes, satisfaction;
  • personal life information and inferences, such as life habits, interests, lifestyle, hobbies, reactions to marketing campaigns, characteristics, trends, predispositions, aptitudes and attitudes;
  • account information, such as email address and password;
  • correspondence and communication between us and you;
  • contact information for friends, family or other people who are the recipients of a gift card purchased by you;
  • skin type and health information in case you participate in our beauty consultations or treatments (such as allergies, medication, previous reactions) or you provide this information to our customer service;
  • information about your physical characteristics, skin type, skincare wishes and/or concerns and any other information obtained through the different interactions with us (such as a beauty consultation or treatments, a survey or when you visit our social media pages, blogs or forums or interact with customer service or our chat service).
Personal Data automatically collected and processed by us or from your use of our Digital Platforms or interactions with our online adverts:
As you navigate through and interact with our Digital Platforms, we use automatic data collection technologies to collect the following information:
  • technical information, including your device’s IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, unique device identifiers and advertising identifiers;
  • information about your visit to our Digital Platforms, including the URL clickstream to, through and from our Digital Platforms (including date and time); products you viewed or searched for, the content (and any ads) that you view or interact with, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page;
  • online activity, such as your internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with our Sites or third-parties websites such as social media, applications or advertisements and other technical information or Personal Data shared by the service provider you are using;
  • social media data – the use of our Digital Platforms does not generally involve processing data in relation to third party media platforms and/or social networks, such as Facebook or Instagram. However, if you accept the targeting cookies or if you use the share button to share our content through those platforms, those third parties may collect and process your data in order to provide you with personalised advertising. Additionally, we may monitor social media or review sites, and collect information posted in comments or reviews. When you post information on social media pages owned or controlled by us, we may collect information about your activities on those pages, including whether you visited or commented on the page, or provided a rating or review. To find out more about how those third parties process your data and your data protection rights, please check their respective privacy policies; and,
  • information necessary to fight counterfeiting and infringements of Chantecaille’s intellectual property rights, such as identification and contact details and any other information and documents related to counterfeit and infringing activities. This information may be collected directly by us or one of our vendors on our behalf and provided to us by external parties.

Information collected and processed from third party sources:

  • From time to time (where permitted by applicable law), we collect information such as your preferences, interests and other demographic data from trusted third party sources (e.g. business and retail partners, payment and delivery services, social media networks, advertising networks, analytics providers, market research organisations, our affiliates and subsidiaries, event partners, your family or friends, public authorities and search information providers) for example, when you have given consent to such third party to share your information with us. We may also instruct such third-party partners to provide their own information about you to external platforms. This information will be used for the purposes outlined in this Privacy Policy. The privacy and cookie policies of those third parties will apply to their processing of your Personal Data.
  • Location information when you visit our Digital Platforms in order to direct you to the appropriate domain (internet location) or when you request location services provided by us, for example in order to find the nearest store to you or to provide more precise location based content.
  • When you pay for your products, we may get information from our payment processing service provider who will carry out credit and antifraud checks on you and the payment method you provide in order to verify your identity, to validate your credit or debit card, to obtain an initial credit or debit card authorization and/or to authorize individual purchases.

Profiling: In order to ensure data accuracy and to offer you a better and personalized client experience no matter where and how you interact with us, we link or combine the information that we collect from the different sources and channels outlined above to provide personalized services, content, targeted communications and advertising and for analytics purposes (e.g., we combine data about your purchases in our Digital Platforms with your interactions with our marketing communications so that we can provide you with personalized service, offers and skincare recommendations). This may include combining Personal Data collected also by our affiliates and subsidiaries. All the information we process about you (including information provided by you or collected by us or by third parties) will be linked to your profile. We also may draw inferences from any of your information and interactions with us to enrich and supplement such profile, reflecting your preferences, characteristics, trends, predispositions, aptitudes and attitudes. We will use your identification data such as email address or phone number to link the information to your profile. The above also applies when checking out as a guest on our Site and if you are a prospective client. You have the right to opt out of such profiling by opting out of marketing communications.

You do not have to provide your information to access our Digital Platforms or visit our Points of Sale but certain functionalities (such as being able to buy our products in our Site) will not otherwise be available to you.
Our products are sold through various business partners. Unless otherwise indicated at the time that you provide your Personal Data, this Privacy Policy does not apply to any Personal Data that our business partners independently collect from you.
3.WHY DO WE NEED YOUR PERSONAL DATA
Your Personal Data may be used for the following purposes on the following legal basis:
Purpose
Legal basis
To provide the products you may order and services you request, including processing orders and returns, and beauty consultations or treatments.
  • To fulfil a contract or take steps linked to a contract
Provide support and respond to questions from customers and Site visitors.
  • To fulfil a contract or take steps linked to a contract
Set up and manage your Chantecaille account and loyalty program, including learning about customers’ needs and provide personalized services.
  • To fulfil a contract or take steps linked to a contract
  • Our legitimate interest in strengthening customer loyalty by providing personalized services based on customer’s interests and preferences
  • Your consent (if required by local applicable laws)
Contact customers for service-related purposes.
  • To fulfil a contract or take steps linked to a contract
To monitor the use of our Digital Platforms and Points of Sale and use your information to help us monitor, improve and protect our products, brand, content, services, Digital Platforms and Points of Sale, both online and offline and your experiences with us including via trends’ analysis, and conduct research and demographic studies; analytics and data cleansing and measuring the effectiveness of our advertising campaigns.
  • Our legitimate interests in the delivery of our products, services and communications to you, and developing and growing our business.
For our internal corporate reporting or company’s reorganization.
  • Our legitimate interest to manage our business
In connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such Personal Data in connection with legal processes or litigation), requests from authorities or to enforce or apply our Terms & Conditions or any other agreements, or to protect the rights, property, or safety of Chantecaille, our customers, or others.
  • Fulfilling our legal requirements
  • Our legitimate interests to protect our company and the Chantecaille brand and defend ourselves from legal claims
To monitor your account to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime in accordance with applicable law.
  • Our legitimate interests to protect our business and our systems
  • Fulfilling our legal requirements
To help us design and deliver our Digital Platforms, including but not limited to as part of our network’s functionality, engineering activities, troubleshooting and to place cookies and related technologies (unless your consent is required by applicable laws).
  • Our legitimate interests to ensure the good performance of our Site and user experience
  • Your consent
To the extent necessary to detect, block, report and mitigate cyber-threats, improve our network and information security, and in order to prevent or detect fraud;
  • Our legitimate interest to protect our organization and our customers from cyber threats
To send you promotional, advertising and other marketing materials or communications from us or our agents and provide you with more relevant advertisements (referred to as “Retargeting”) or participate in surveys, contests, promotions or market research. When permitted by law, we may also use your personally identifiable information to contact you in ways other than email or regular mail, such as via telephone contact, facsimile or text message.
We may correlate your information with other commercially available information to identify demographics and preferences to assist us in our marketing efforts; and provide specific relevant marketing, promotional, or other information to you. You may opt-out of receiving such communications any time by contacting us as provided for in the Section 8 “Your Choices Regarding Your Personal Data”.
  • Your consent
To create lookalike campaigns that enable us to reach people who are likely to be interested in our products because they are similar to you. We may use cookies or other technologies that may rely on third parties (such as Facebook, Instagram and other online platforms). You may have provided your consent to those third parties and their respective privacy policies would apply.
  • Your consent

4.CHILDREN’S PERSONAL DATA

We recognize the importance of children’s safety and privacy. The Site is not designed to attract children, and is not directed at, or intended for use by, children. We do not request or collect any Personal Data from children, nor do we knowingly sell or ship items ordered through the Site directly to children. By registering with, ordering or purchasing from, or providing information to or from, us, you confirm that you have reached the age of consent in your country of residence or, if you are under the age of consent, that your parent(s) or legal guardian(s) also agree(s) to such registration or order when they can give you such authorization under the law of your country of residence. If you are a parent or legal guardian of a child and you believe a child has provided us with Personal Data, please contact us by using our Contact Us form and we will remove that child’s Personal Data from our files.

5.SHARING OF PERSONAL DATA WITH THIRD PARTIES

In addition to our affiliates and subsidiaries, we may share your Personal Data (where permitted in accordance with applicable laws) with the following third parties for the purposes detailed in this Privacy Policy:

  1. Our third-party service providers who perform services on our behalf based on our instructions. We do not authorize these parties to use or disclose the information except as necessary to perform services on our behalf or to comply with legal requirements. Examples of these third parties include:

    • Email Marketing Services Providers. Business entities that provide email address management and communication contact services;
    • Information Technology Service Providers. Network equipment and application management providers and hosting entities;
    • Shipping Providers. We may share your information with certain providers in order to have our products delivered to you;
    • Advertising and Marketing Service Providers. This may include digital and personalized advertising, data cleansing and management, segmentation and analysis.
  2. Credit Processing Companies and Related Financial Institutions. Credit and debit card payment gateways and processors; the issuing and acquiring banks involved in the funds settlement procedures necessary to charge your cards or financial accounts;

  3. Third parties, where we have your permission to do so (e.g. social network providers, concierge services or our authorized retail partners). Your Personal Data will become subject to the privacy policies of those third parties when your Personal Data is shared with them;

  4. Legal and Investigator Service Providers. We may share your information with judicial, administrative, legal, financial and/or accounting providers, and related government entities and adverse parties. Some instances where this may occur, include, but are not limited to: if we are required to respond to civil and/or criminal investigations, claims or lawsuits, or if we are subject to judicial or administrative process (such as a subpoena) to release your information or to prosecute or defend legal actions, and as we believe is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.

  5. Business/Asset Purchasers. In the event that we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organization, we may need to transfer some or all of your information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analyzing any proposed sale or re-organization. We may also need to transfer your information to that re-organized entity or third party after the sale or reorganization for them to use for the same purposes as set out in this Privacy Policy.

    If we, or substantially all of our assets, were acquired, or in the unlikely event that we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer may continue to use your Personal Data in accordance with this Privacy Policy and if permitted by applicable laws.

  6. Social media and search engine partners: We aggregate your Personal Data with the information of other customers, creating a dataset of information about the usage of our Digital Platforms, purchase of our products, and other general, grouped information about our customers. Although this dataset is aggregated and anonymised, meaning it cannot directly identify you as an individual, it provides a valuable insight into the use of our Digital Platforms and Points of Sale and we will share it with select third parties. These parties include our group companies.

    We also transfer information about you to ad technology providers and our social media and search engine partners (including Meta, Google and Twitter) so that they may recognize your devices and deliver interest-based content and advertisements. The information can include your name, postal address, email, device ID, or other identifier in encrypted form. The providers often process the information in hashed or de-identified form. These providers can collect additional information from you, such as your IP address and information about your browser or operating system; combine information about you with information from other companies in data sharing cooperatives in which we participate; and may place or recognize their own unique cookie on your browser. The third parties that generate these cookies have their own privacy policies that will apply.
    In this regard, we have concluded a corresponding agreement with Meta for joint controllership, which can be accessed here: https://www.facebook.com/legal/controller_addendum. This agreement defines the respective responsibilities for fulfilling the obligation under the applicable laws with regard to joint controllership. The contact details of the controller and the data protection officer of Meta can be found here: https://www.facebook.com/about/privacy ). Without prejudice to this, the jurisdiction of the Rights of Data Subjects is not limited. We have agreed with Meta that Meta can be used as a contact point for the exercise of data subject rights (see Section 4).

    Further information on how Meta processes Personal Data, including its legal basis and further information on the rights of data subjects can be found here: https://www.facebook.com/about/privacy. We transfer the data within the scope of joint controllership based on the legitimate interest.

    Information on the data security conditions can be found here. https://www.facebook.com/legal/terms/data_security_terms and on processing on the basis of standard contractual clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.

6.COOKIES AND RELATED TECHNOLOGIES

To enhance your online experience with us, our Digital Platforms may use cookies and related technologies. Cookies are bits of electronic information that may be transferred to a visitor’s computer or mobile device to identify specific information about the visitor’s use of the Site, email or other electronic media. We use cookies, for example, to preserve the contents of your virtual shopping bag between visits. The Site uses a browser feature known as a cookie, which assigns a unique identification to your computer. Cookies are typically stored on your computer’s hard drive and are used to help track clicks as you go through the pages within our Site. We may also use cookies to tell us whether you have previously visited the Site. We also use cookies which may be set by third parties with whom we have entered into agreements which may enable us to obtain analytics information about the use of our Site. The cookies that we use can be categorized as follows:

  • Strictly necessary cookies

These cookies are necessary for the Site to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

  • Analytical / Performance cookies

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. Whenever technically possible, all information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site. Please note that we use Google Analytics, run by Google Inc for this purpose. To opt out of being tracked by Google Analytics, you can visit the Cookie Preference centre here: or visit https://tools.google.com/dlpage/gaoptout.

  • Functionality cookies

These cookies enable the Site to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

  • Targeting/advertising cookies

Some content or applications, on the Site are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Site. The information they collect may be associated with your Personal Data or they may collect information, including Personal Data, about your online activities over time and across different Sites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We may also work with third-party platforms, including platforms operated by social networks, such as Google, and Facebook, to show you advertisements or measure the effectiveness of our advertisements. We may convert your email address, telephone number, or other information into a unique value and have these third-party platforms match this unique value with a user on their platform or with other data they may have. This matching enables us to deliver advertisements to you and others on these platforms. To opt-out of using your Personal Data in this way, see Your Choices Regarding Your Information.

Other than as provided herein, we will not use shared local objects (commonly referred to as “FLASH cookies”) in a manner inconsistent with the purposes for which they were designed unless you are specifically notified that we intend to use them for a specific service. FLASH cookies are cookies that are placed on your computer that are not removed through normal browser management tools.

You have the option to accept or reject our cookies at any time in the Cookie Settings preference centre here. By rejecting or disabling cookies, certain Site content or functionality may not be available to you.

Use of Web Beacons, Clear-GIFs, Pixel Tags and JavaScript. We may use “pixel tags” (also called “action pixels,” “web beacons” or “clear gifs”) and/or JavaScript plug-ins, placed on our Site and in our emails to you. Both pixel tags, which are small graphic images (typically that you cannot see), and JavaScript plug-ins, which are code on a Site or in an email message, are used for such things as recording web pages and advertisements clicked-on by a user, or for tracking the performance of email marketing campaigns. These devices help us analyze our customers’ online behavior and measure the effectiveness of our Site and our marketing. We also work with third-party service providers that help us track, collect, and analyze this information. Third-party entities with whom we have agreements may place these devices on the Site and/or in emails to use information obtained from them such as pages viewed, items purchased, emails opened and items upon which you may click in emails. These third-party providers may also place cookies onto your computer. Those third-party cookies enable us to obtain aggregated information (i.e., information where your Personal Data has been removed) and user statistics about you and your preferences.

Server Logs and Widgets. A web “server log” is a record of activity created by a computer that delivers certain content to your browser. Certain activities that you perform on our Site may record information in server logs, such as if you enter a search term into a search box located on the Site. The server log may record the search term(s), or the link you clicked on to bring you to our Site. The server log may also record information about your browser, such as your IP address and the cookies set on your browser.

A “widget” is generally an application that can be embedded in a webpage. Widgets can provide real-time information to the webpage. Widgets are often provided by third parties and we may provide widgets on our Site. Widgets may enable the third parties that provide them to collect data about users visiting the Site.

Search Queries on Our Site. We may provide you with options to search for information on our Site. If you enter information in a search query box, we may store that information and we may aggregate that information with other information we may have about the browser and/or IP address from which the search query originated.

“Do Not Track” Signals. Some web browsers have “Do Not Track” or similar features that allow you to tell each Site you visit that you do not want your activities on that Site tracked. At present, we do not respond to “Do Not Track” signals and consequently, will continue to collect information about you even if your browser’s “Do Not Track” feature is activated. To learn more about DNT signals, please see http://allaboutdnt.com.

7.WHAT ARE YOUR RIGHTS RELATED TO YOUR PERSONAL DATA

You have the following rights in relation to your Personal Data:

  • to ask us to provide you with information regarding the Personal Data we process concerning you;
  • to rectify, update or complete inaccurate or incomplete Personal Data concerning you;
  • to request the erasure of Personal Data concerning you that we no longer have a legal basis to use;
  • in certain circumstances, to require us to restrict the way in which we process your Personal Data;
  • to withdraw any consent you may have given for us to process Personal Data concerning you;
  • to obtain a copy of the Personal Data that you have provided to us.

Right to object

You have the right to object to the processing of your Personal Data when such processing is based on legitimate interests. Nevertheless, we may have legitimate reasons to continue processing your Personal Data. You also have the right to object to the processing of your Personal Data for direct marketing purposes at any time as indicated under Section 8 “Your Choices Regarding Your Personal Data”.

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).

To exercise of any of the rights above, you may submit your request through our Contact Us form.

8.YOUR CHOICES REGARDING YOUR PERSONAL DATA

Opt-out of email promotions. If you do not wish to receive emails about special offers and other promotions from us, click the unsubscribe link located in our emails.

Updating your Personal Data. We ask that you keep the Personal Data that you provide to us current and that you correct any information you have provided us. You can update your Personal Data in your account on our Site, by contacting us using our Contact Us form. You represent and warrant that all Personal Data you provide us is true and correct.

Opt-out of text notifications. By subscribing to Chantecaille’s text notifications, you agree to receive automated marketing text messages from us about our products and services at the phone number you provided when you subscribed, and that the messages may be sent via automatic telephone dialing system or other technology. Message frequency is recurring. Consent is not a condition of purchase. Message and data rates may apply. Reply STOP to optout and HELP for customer support. You may receive an additional text message confirming your decision to opt-out. You understand and agree that attempting to opt-out by any means other than texting the opt-out commands above is not a reasonable means of opting out.

Cookie and similar tracking technologies. You have the option to accept or reject our cookies at any time in the Cookie Settings preference center here. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website.

Targeted advertising. If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers’ target-audience preferences, you can opt-out at any time in at any time in the Cookie Settings preference center here.

You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website, located at: www.networkadvertising.org. To learn more about interest-based advertising visit www.aboutads.info/choices/. Please note that any opt-out choice you exercise will apply to interest-based advertising, but will still allow the collection and use of data for other purposes, including research, analytics and internal operations. You may continue to receive advertising, but that advertising may be less relevant to your interests.

9.INTERNATIONAL DATA TRANSFERS

Your information may be transferred to, stored and/or processed outside of the country in which you reside and may be maintained on servers and systems located within the United States or other countries. Please note that the data protection laws in the United States and those other countries might not be as strict as those required by your country.

Where your Personal Data is transferred to countries outside the EU, the UK and/or countries that do not offer an adequate level of data protection in accordance with the authorities in your country of residence, we will take steps to ensure your information is adequately protected in compliance with applicable laws, such as the EU and UK approved standard contractual clauses, or put in place other measures under applicable laws to ensure that such transfer provides adequate safeguards.

A copy of the relevant mechanism can be obtained for your review on request by using our Contact Us form

10.HOW WE PROTECT YOUR PERSONAL DATA

We are committed to protecting the Personal Data we collect and keeping your Personal Data secure is very important to us. We take steps to ensure that your Personal Data is protected against unauthorized or unlawful processing and against accidental loss, damage or destruction or disclosure and we limit access to your Personal Data to persons who reasonably need access to it, to provide products or services to you. However, no set of security measures is completely effective against all security threats.

Our Site may contain links to other websites. We are not responsible for the privacy prapctices, advertising, products, or the content of such other websites. None of the links should be deemed to imply that we endorse or have any affiliation with the third-party websites being linked to.

If you create an account with us, you will be asked to provide an account username and password as part of our security procedures. You must treat such information as confidential and you must not disclose it to any third party.

11.HOW LONG WE STORE YOUR PERSONAL DATA

Your Personal Data will be retained for a certain period of time based on the following criteria: (i) as long as necessary to fulfil the purposes outlined in this Privacy Policy; (ii) any applicable legal requirements; or (iii) any request for deletion from you in applicable situations.

12.US PRIVACY DISCLOSURES

A. Your Rights and choices

If you are a California resident, you may take advantage of the following privacy rights:

  • Right to Know: you have the right to know what Personal Data we have collected about you, including the categories of Personal Data, the categories of sources from which the Personal Data is collected, the business or commercial purpose for collecting, selling, or sharing Personal Data, the categories of third parties to whom we disclose Personal Data, and the specific pieces of Personal Data we have collected about you.
  • Right to Delete: you have the right to delete Personal Data that we have collected from you, subject to certain exceptions. Note that there are some reasons we will not be able to fully address your request, such as if we need to complete a transaction for you, to detect and protect against fraudulent and illegal activity, to exercise our rights, for our internal purposes, or to comply with a legal obligation.
  • Right to Correct: you have the right to correct inaccurate Personal Data that we may maintain about you, subject to appropriate verification.
  • Right to Opt-Out of the Sale or Sharing of Personal Data: you have the right to opt-out of the “sale” or “sharing” of your Personal Data, as such terms are defined in California privacy laws, to third parties and to affiliated companies that do not share the same brand name. This means that, if you opt out, going forward, we will not sell or share your Personal Data with such third parties to use for their purposes, including cross-context behavioral advertising, unless you later direct us to do so

If you are a Virginia resident, you may take advantage of certain privacy rights pursuant to Virginia Code 59.1-577. For example, you may request to access, correct, or delete your Personal Data. Because we “sell” Personal Data and engage in “targeted advertising” as these terms are defined in Virginia law, you may also exercise your right to opt-out of such sales or targeted advertising. You have the right to appeal a denial of your privacy rights.

B. How to submit a request

To take advantage of your right to know, delete, or correct under California or Virginia law, or to submit an appeal of a denial of your privacy rights, please use the following methods:
Calling us at: 1.877.673.7080
Emailing us at: [email protected]
Contact Us form Contact Us – Chantecaille

We may request certain information to verify your identity before we can respond to your access and deletion requests. We will confirm receipt of your request within 10 business days and will respond to your request within 45 calendar days, after proper verification, unless we need additional time, in which case we will let you know.

To take advantage of your right to opt out of the sale or sharing of Personal Data, please submit your request on the “Do Not Sell or Share My Personal Information” link which also is on our Site footer or contact us using the contact methods detailed above.

We will not discriminate against you because you exercise any of your rights described in this section. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

C. Agent Requests

You may authorize someone to make a privacy rights request on your behalf (an authorized agent). Authorized agents will need to demonstrate that you’ve authorized them to act on your behalf or must demonstrate they have power of attorney pursuant to applicable probate law. Chantecaille retains the right to request confirmation directly from you confirming that the agent is authorized to make such a request, or to request additional information to confirm the agent’s identity. An authorized agent is prohibited from using a consumer’s Personal Data, or any information collected from or about the consumer, for any purpose other than to fulfil the consumer’s requests, for verification, or for fraud prevention.

D. Data Protection Disclosures

Categories of Personal Data Disclosed for Business Purposes

In the last 12 months, we have disclosed the following categories of Personal Data for a business purpose (such as with our service providers or processors, whose use of Personal Data we disclose is limited to providing certain service to us pursuant to a written contract):

  • Identifiers, Billing Information, Commercial Information, Characteristics of Protected Classifications Under California or Federal Law and contact information for friends, family or other people (recipients of a gift card) disclosed to our affiliates and subsidiaries, service providers (including such as IT, CRM and analytics services), payment and shipping processors, email/SMS service providers, customer service and intelligence platforms, cloud data storage providers, and anti-fraud and anti-counterfeiting service providers.
  • Site Registration Credentials, disclosed to our cloud data storage providers.
  • Preferences, disclosed to our affiliates and subsidiaries, email/SMS service providers, customer service and intelligence platforms, and cloud data storage providers.
  • Personal Life Information, disclosed to our affiliates and subsidiaries, service providers (including such as IT, CRM and analytics services), customer service and intelligence platforms and cloud data storage providers.
  • Preferences, disclosed to our affiliates and subsidiaries, service providers (including such as IT, CRM and analytics services), email/SMS service providers, customer service and intelligence platforms, and cloud data storage providers.
  • Communications with You, disclosed to our cloud data storage providers.
  • Content You Provide, disclosed to our affiliates and subsidiaries, service providers (including such as IT, CRM and analytics services), customer service and intelligence platforms, cloud data storage providers.
  • Internet or Electronic Activity Information, disclosed to our affiliates and subsidiaries, service providers (including such as IT, CRM and analytics services), payment processors, email/SMS service providers, customer service and intelligence platforms, cloud data storage providers, and anti-fraud and anti-counterfeiting service providers.
  • Inferences drawn from the above categories, disclosed to our affiliates and subsidiaries, service providers (including such as IT, CRM and analytics services), our payment processors, email/SMS service providers, customer service and intelligence platforms, cloud data storage providers, and anti-fraud and anti-counterfeiting service providers.
Additional detail on the business purposes for which we disclose Personal Data is provided above under Section 5 “Sharing of information with third parties”.

Categories of Personal Data Sold or Shared

We do not knowingly sell your Personal Data for monetary consideration and have not done so in the past 12 months and we will try always to share your Personal Data with third parties in a way that it is not considered a sale, for example with our service providers processing your Personal Data on our behalf. However, the meaning of “sale” under California law is very broad and it may include the sharing of Personal Data with companies that provide services to us, such as companies that help us to market or advertise our products, including the collection of your information done by third parties on our Site via cookies or similar technologies in order to provide you with personalized advertisement.

In the last 12 months, we have sold or shared the following categories of Personal Data with advertising networks, advertising platforms, and social media companies for the purposes described in this Privacy Policy, including for targeted advertising.

  • Identifiers
  • Commercial information
  • Internet or Electronic Activity Information
  • Geolocation data
  • Social Media Information

We do not knowingly sell or share Personal Data about persons under the age of 16.

E. Financial Incentive

When you provide us with contact information and identifiers such as your name, phone number, date of birth and email address within the enrollment in our loyalty program, we will provide certain perks to you, such as rewards and exclusive offer as detailed above. These perks may be considered a “financial incentive” in exchange for Personal Data under the California law and by enrolling in the loyalty program, you opt-in to those financial incentives. You may withdraw from a financial incentive at any time by contacting us using the Contact Us form Contact Us – Chantecaille. Generally, we do not assign monetary or other value to your Personal Data, however, California law requires that we assign such value in the context of financial incentives. In such context, the value of the Personal Data is related to the estimated cost of providing the relevant financial incentive(s) for which the information was collected. The disclosure of the value described herein is not intended to waive, nor should be interpreted as a waiver to, our proprietary or business confidential information, including trade secrets, and does not constitute any representation with regard to generally accepted accounting principles or financial accounting standards.

13.CHANGES TO OUR PRIVACY POLICY

We reserve the right to change this Privacy Policy at any time, in whole or in part, at our discretion and without prpior notice. In the event we make material changes to this Privacy Policy, we will post any such changes or amendments in our then current Privacy Policy on the Site, which will supersede all prior versions. Therefore, please review this Privacy Policy from time to time so that you are aware when any changes are made to this Privacy Policy. In any event, your continued use of the Site after such change constitutes your acceptance of any such change(s) and the policy as updated.

14.DATA CONTROLLERS AND CONTACT

If you have any questions about this Privacy Policy or privacy matters generally or to make a complaint about our compliance with applicable privacy laws, please contact us using the Contact Us page of our website or contacting us at [email protected] and we will be happy to assist you.

We will acknowledge and investigate any complaint you make (including a complaint that we have breached your rights under applicable privacy laws). We hope that we can satisfy queries. However, you have the right to lodge a complaint with the relevant data protection authority, in particular in the country of your habitual residence or place of the alleged infringement.

Data controllers

Chantecaille Beaute Inc.
584 Broadway, Suite 1111
New York, New York 10012 USA

The Chantecaille group companies will also act as local data controllers:

United Kingdom

Chantecaille (UK) Ltd.
1st Floor Sheraton House,
Lower Road, Chorleywood,
Hertfordshire,
England, WD3 5LH