Sephora Employee Privacy Notice

Sephora Employee Privacy Notice

Last Updated: November 26, 2023 Sephora USA, Inc. and Sephora Beauty Canada, Inc. (“Sephora”, “we”, “our” or “us”) are committed to protecting the privacy and security of your personal information. The purpose of this Employee Privacy Policy is to inform all permanent, temporary employees, and contractors of Sephora of the personal information we collect through your interaction with our “Employee Site” (meaning My Sephora Career and Fieldglass), and any other Sephora webpages, and mobile sites, which we link to this Employee Privacy Policy, and the purposes for which we use that information during, and after, your working relationship with us, in accordance with applicable data protection laws. This Employee Privacy Policy also tells you about the rights, and choices you have with respect to your personal information, and how you can reach us to get answers to your questions. Please note, our privacy practices are subject to the applicable laws of the places in which we operate. You will see additional region-specific terms that only apply to permanent, temporary employees, and contractors located in those geographic regions, or as required by applicable laws. Please read this privacy notice carefully. If you have any questions, please contact privacy@sephora.com.This Employee Privacy Policy covers:   

1. How and Why We Collect Your Personal Information 2. Additional Business Purposes For Using Your Person Information 3. Additional Purposes For Using Person Information 4. Retention Period For Your Person Information 5. Categories of Recipients to Whom Your Personal Information May Be Disclosed For Business, and Permitted Purposes 6. Changes To This Policy 7. Contacting Us 8. Electronic Monitoring A. Electronic Monitoring of Electric Systems       B. Purposes of Electronic Monitoring 9. Information for California Residents – California Privacy Rights       A. Right to Know       B. Right to Request Deletion of Personal Information       C. Right to Request Correction of Personal Information       D. Right to Limit Use and Disclosure of Sensitive Personal Information       E. Right to Opt-out of Sale of Personal Information       F. Right to Non-Discrimination

You can click on the following links to go directly to the corresponding sections of this Employee Privacy Policy.

1. How and Why We Collect Your Personal Information

For the purposes of this Employee Privacy Policy, “personal information” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual. We collect, maintain, use, and disclose different types of personal information in the context of our relationship with you. Where we disclose personal information to service providers or contractors is for the same business purposes described below and, where appropriate, requires that such parties maintain its confidentiality, and maintain appropriate systems and processes to ensure its security and protection. The following chart provides examples of the categories of personal information that we collect from you, the categories of sources from which we collect them, and how we collect, use, and disclose your personal information.

Categories of Personal Information

Categories of Sources from which Collected

Purposes for Collection, Use, and Disclosure

Identifiers such as personal information that identifies, relates to, describes, or is capable of being associated with a particular individual, including but not limited to, personal contact details such as name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, signature, social media username, professional license number, education, employment, employment history, financial information (e.g., bank account details), medical information, health insurance information, or other similar identifiers.

• Directly from you

• Automatically when you use our electronic systems

• Created by us (e.g., your username and Sephora email address)

• From service providers that help us to run our business

• To onboard and enroll you as an employee

• To assess your eligibility for employment

• To manage job duties, evaluate performance, and operate our business

• To book travel or arrange relocation

• Reimbursement of travel or recruiting expenses

• To communicate with you

• To provide compensation and benefits

• To manage the security of our premises and systems

Characteristics of protected classifications under California or applicable law such as age, race, gender identity, gender expression, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, pregnancy, or childbirth, and related medical conditions), and veteran or military status.

• Directly from you

• From service providers that help us to run our business

• To onboard and enroll you as an employee

• To assess your eligibility for employment

• To comply with laws

• For diversity, equity, and inclusion programs

Internet or other electronic network activity information such as all activity on the Sephora’s information systems, internet browsing history, search history, email communications, and all activity on communications systems.

• Automatically when you use our internal systems

• To manage corporate information technology

• To manage job duties, evaluate performance, and operate our business

• To manage the security of our premises, and systems

• To operate our internal systems as needed

Geolocation data.

• Directly from you

• Automatically when you use our electronic systems

• To manage corporate information technology

• To manage the security of our premises, and systems

Audio, video, electronic, visual, thermal, olfactory, or similar information such as security camera footage, and other information obtained through electronic means, such as swipe card records.

• Directly from you

• Automatically while you are on Sephora property

• To manage the security of our premises, and systems

• To manage job duties, evaluate performance, and operate our business

Professional or employment-related information such as wage and benefit information, including but not limited to, salary, bonus, additional pay, variable compensation, annual leave, and related compensation history and benefits information about your health, including any medical condition, health and sickness records, details of any absences from work (other than holidays), including time on statutory parental leave and sick leave, beneficiary information, and emergency contacts.

Details of any disciplinary investigations and proceedings, or of investigations following an alert.

Payroll information, including but not limited to, social security number or equivalent tax status information (i.e., marital status, dependents, etc.), payroll records, bank account details, and direct deposit/credit arrangements. Recruitment information, including copies of right-to-work documentation such as citizenship, work permit, or visa; references and other information included in a CV, resume, or cover letter, or as part of the application process; criminal background; references and interview notes; letters of offer and acceptance of employment, and employment agreements.

Employment records, including job titles/duties, job location, working arrangements, seniority data, employee identification number, performance ratings, engagement information, surveys, hire/re-hire date, termination date, job history, training records, professional memberships, and business travel arrangements.

Information related to employee training receive from us, or from third parties.

• Directly from you

• From service providers that help us to run our business

• Businesses

• To assess your eligibility for employment

• To onboard, and enroll you as an employee

• To manage job duties, evaluate performance, and operate our business

• To provide compensation and benefits

• To manage the security of our premises, and systems

Non-public education information such as school(s) attended, grades, transcripts, records of attendance, disciplinary records, and other information relating to your secondary and post-secondary education, including any graduate or professional degrees.

• Directly from you

• From service providers that help us to run our business.

• To assess your eligibility for employment;

• To onboard, and enroll you as an employee;

• To manage job duties, evaluate performance, and operate our business.

Inferences used to create a profile reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

• Drawn from the other categories of Personal Information we collect

• To manage job duties, evaluate performance, and operate our business;

• To manage corporate information technology.

Sensitive Personal Information such as information about your gender, race, ethnicity, sexual orientation, religious beliefs, health and disability data, and trade organization data.

• Directly from you.

• To manage job duties, evaluate performance, and operate our business;

• To manage corporate information technology

• To comply with laws

• For diversity, equity and inclusion programs

2. Additional Business Purposes For Using Your Personal Information

We may also use, and disclose the categories of personal information identified above, including sensitive personal information, for the following business purposes:

  1. Helping to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for these purposes;

  2. Debugging to identify and repair errors that impair existing intended functionality;

  3. Short-term, transient use, including but not limited to, non-personalized advertising shown as part of your current interaction with us, provided that your personal information is not disclosed to another third party, and is not used to build a profile about you, or otherwise alters your experience outside your current interaction with us;

  4. Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf;

  5. Undertaking internal research for technological development and demonstration; and

  6. Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.

3. Additional Purposes For Using Personal Information

In addition to the business purposes set forth above, we may use, and disclose the categories of personal information identified:

  1. To comply with applicable legal, and regulatory requests, and obligations (including investigations).

  2. To establish or defend legal claims and allegations.

  3. For security or the prevention, detection, or investigation of fraud, suspected or actual illegal activity, violations of company policy or rules, or other misconduct.

  4. To seek advice from lawyers, auditors, and other professional advisers.

All materials and information created, transmitted, accessed, or stored on, or through, Sephora equipment and systems (including but not limited to, computers, emails, internet, telephones, wires, radios, or cameras, and electromagnetic, photo-electronic, and/or or photo-optical systems) are the property of Sephora, and may be accessed or monitored by authorized personnel at any time without notice to the extent permitted by applicable law. Unless otherwise required by applicable law, Sephora has the right to enter and access all Sephora equipment and systems at any time without notice in order to inspect or review any and all data, and to randomly monitor Sephora equipment and systems. Any misuse may subject an associate to disciplinary action, up to and including termination of employment.

4. Retention Period For Your Personal Information

Except as otherwise permitted, or required by applicable law or regulation, we will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, as required to satisfy any legal obligations, or as necessary to resolve disputes. To determine the appropriate retention period for personal information, we consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use, or disclosure of your personal information, the purposes we process your personal information for, and whether we can achieve those purposes through other means. For example, we will retain your personal information so long as you are an employee of Sephora to fulfill the purposes we have described above, including but not limited to: onboarding, and enrolling you as an employee; assessing your eligibility for employment; managing job duties, evaluate performance, and operate our business; communicating with you regarding your application, reimbursing you for travel or recruiting expenses; and managing the security of our premises and systems .If you leave Sephora, we will retain your personal information as long as required by applicable laws, including but not limited to: Title VII of the Civil Rights Act of 1964; the Age Discrimination in Employment Act of 1967; American Disabilities Act of 1990; and for California Applicants, California Government Code Section 12946, the Income Tax Act (Canada), the Taxation Act (Québec), the Ontario Human Rights Code (Québec), the Charter of Human Rights and Freedoms (Québec), the Employment Standards Act (Ontario) and the Act respecting Labour Standards (Québec).Sephora reserves the right to remove or purge any of your personal information related to your status as an employment, as permitted by law.

5. Categories of Recipients to Whom Your Personal Information May Be Disclosed For Business, and Permitted Purposes

To carry out the purposes described above, we may disclose your personal information to the following recipients: security providers, background check vendors, human resources and information technology vendors, corporate parent, affiliates, and subsidiaries, outside legal counsel, and state, federal, and provincial-governmental agencies.

6. Changes To This Policy

We may revise this Employee Privacy Policy from time-to-time, and will post the date it was last updated at the top of this Employee Privacy Policy. We will provide additional notice to you if we make any changes that materially affect your privacy rights.

7. Contacting Us

If you have any questions about our privacy or security practices, you can contact Sephora’s General Counsel by mail, telephone, or e-mail: Sephora USA, Inc. Legal Department, Privacy 350 Mission Street, 7th Floor San Francisco, CA 94105 1-877-SEPHORA yourprivacyrights@sephora.com

If we need, or are required, to contact you concerning any event that involves your personal information, we may do so by e-mail, telephone, or postal mail.

8. Electronic Monitoring

Sephora employs various software and other technology to facilitate and protect our business operations. Some of these technologies may enable us to monitor our employees. For the purposes of this section, the term “Electronic Systems” includes, without limitation, Sephora computer hardware, software, email, instant messaging, web-based and other applications, mobile phones, telephone calls, voicemail, security systems (including video cameras and electronic pass cards), browsing history, and other computer or electronic communication or data storage systems.

A. Electronic Monitoring of Electronic Systems

Sephora may, at any time, and subject to applicable laws: a. engage in monitoring related to an employee’s use of our Electronic Systems and devices connected to our Electronic Systems; b. employ video or other digital recordings of individuals, including employees, that enter Sephora premises or property; and c. monitor, access, review, use and disclose files, documents or other information contained on our Electronic Systems or accessible through such technologies including without limitation:   

• information related to an employee’s access of the Electronic Systems; • email messages, instant messages, attachments, video conference calling, and associated metadata sent or received on the Electronic Systems; • IP addresses and location information; • system- and device-generated logs and data; and • other employee information or data related to establishing, managing or terminating the employment relationship. Employees should have no expectation of privacy with respect to any matter stored in, created, received, accessed through or sent over our Electronic Systems, whether Sephora-related or personal.

B. Purposes for Electronic Monitoring

Sephora may collect, use or disclose information obtained through such electronic monitoring to, among other things, establish, maintain, manage, and terminate the employment relationship. Without limiting the generality of the forgoing, this includes collection, use and/or disclosure for the purposes of:   

• performance reviews and management, and assessing suitability and eligibility for positions and promotions; • administering compensation and benefits; • internal analysis and workplace investigations; • discipline and/or discharge; • work-related planning and reporting; • addressing security and business continuity issues; • processing work-related claims (e.g., workers' compensation and disability claims); • cooperating with governmental authorities and regulators, or meeting legal and regulatory • in the event of an emergency; • any of the purposes described elsewhere in this Employee Privacy Policy; and • other employment-related purposes reasonable in the circumstances.

9. Information for California Residents – California Privacy Rights

California law requires us to disclose the following information with respect to our privacy practices. If you are a California resident, this section applies to you in addition to the rest of the Employee Privacy Policy. Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”), California residents have the right to request access to (also referred to as the “Right to Know”) the categories, and specific pieces, of personal information we collect, use, and disclose; the right to request deletion of their personal information (“Right to Delete”); the right to correct their personal information (“Right to Correct”); the right to limit use and disclosure of their sensitive personal information (“Right to Limit Sensitive Personal Information”); and the right to opt out of selling, and/or sharing of personal information (“Right to Opt-Out of Sale/Share).Please note that if you submit a request to know, request to delete, or request to correct, you will be asked to log into your employee account, or to provide 2-3 pieces of personal information that we will match against our records to verify your identity. You may designate an authorized agent to make a request on your behalf; however, you will still need to verify your identity directly with us before your request can be processed. An authorized agent may submit a request on your behalf using the webform, or toll-free number listed above.

A. Right to Know

You have the right to request, no more than twice in a twelve-month period, for any of the following:

  1. Categories of personal information collected, including:

   a. categories of sources from which personal information was collected;    b. business or commercial purposes for collecting, selling, or sharing personal information;    c. categories of third parties to which we disclose personal information;    d. categories of personal information that we sold, and for each category identified, the categories of third parties to which we sold that particular category of personal information;    e. categories of personal information that we disclosed for a business purpose, and for each category identified, the categories of third parties to which we disclosed that particular category of personal information.

  1. Specific pieces of personal Information we have collected.

To make a request for any of the information set forth above (a “Request to Know”), please submit a verifiable consumer request pursuant to the instructions below. We will acknowledge your request within ten (10) business days, and will attempt to respond substantively within forty-five (45) days. If we need additional time, we will let you know. If we deny your request, we will explain the reasons in our response and, if applicable, will provide guidance on how to cure deficiencies in your request. You can submit a request to access your personal information by:        

  • Calling – 1.877.737.2363          • Emailing – yourprivacyrights@sephora.com

 B. Right to Request Deletion of Personal Information

You have the right to request the deletion of your personal information collected, or maintained by us, subject to certain exceptions permitted by law. To make a request to delete, please submit a verifiable consumer request pursuant to the instructions below. We will acknowledge your request within ten (10) business days, and will attempt to respond substantively within forty-five (45) days. If we need additional time, we will let you know. You can submit a request to delete your personal information by:         

• Calling – 1.877.737.2363          • Emailing – yourprivacyrights@sephora.com

C. Right to Request Correction of Personal Information

You have the right to request the correction of your personal information collected, or maintained by us (“Request to Correction”), subject to certain exceptions permitted by law. To make a request to correct, please submit a verifiable consumer request pursuant to the instructions below. We will acknowledge your request within ten (10) business days and will attempt to respond substantively within forty-five (45) days. If we need additional time, we will let you know. You can submit a request to correct your personal information by:         

• Logging in to the Sephora Employee Site, going to “Options”, then “My Profile”, and click “Update the Information”.          • Calling – 1.877.737.2363          • Emailing – yourprivacyrights@sephora.com

 D. Right to Limit Use and Disclosure of Sensitive Personal Information

The CCPA gives California residents the right to limit uses of sensitive personal information, such as a race and ethnicity data, to certain uses set forth under the CCPA. Sephora does not use your sensitive personal information to infer characteristics about you, or beyond those permitted purposes, including to provide our goods and services, or as needed to ensure security and integrity; to prevent fraud or illegal activity; for physical safety; for short-term, transient use, including for non-personalized advertising; to perform services on behalf of the business; and to verify or maintain the quality or safety of a service or device owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance such services or devices. Therefore, Sephora does not treat any sensitive personal information collected as subject to a “Limit the Use and Disclosure of My Personal Information” request.

E. Right to Opt-out of Sale of Personal Information

Sephora does not “sell” or “share” personal information it collects about its employees, or personal information collected from the Employee Site.

F. Right to Non-Discrimination

You have the right to not receive discriminatory treatment for exercising your CCPA privacy rights. We do not discriminate against California residents who exercise any of their rights described in our Employee Privacy Policy.