SEPHORA TO GO PRIVACY POLICY

Last Updated: July 12, 2017

Thank you for downloading the Sephora To Go application (either via Apple iOS or Google Android) to your smartphone or tablet (“Sephora Mobile”). Sephora Mobile is made available by Sephora USA, Inc. (“Sephora”, “we”, “us” or “our”) and this privacy policy describes how Sephora collects, uses, and shares the information we obtain from you through Sephora Mobile.

BY USING SEPHORA MOBILE, YOU SIGNIFY YOUR AGREEMENT TO THIS PRIVACY POLICY. IF YOU DO NOT AGREE, YOU SHOULD NOT USE SEPHORA MOBILE.

Changes To This Policy

We may revise this policy from time to time. You should review our privacy policy periodically so that you keep up-to-date on our most current practices. We will note the effective date of the latest version at the top of each policy. We may also add additional features to Sephora Mobile from time to time and this policy will govern those new features when added.

YOUR CONTINUED USE OF SEPHORA MOBILE FOLLOWING POSTING OF ANY CHANGES OR MODIFICATIONS CONSTITUTES YOUR ACCEPTANCE OF SUCH CHANGES OR MODIFICATIONS. IF YOU DO NOT AGREE WITH THESE CHANGES OR MODIFICATIONS, YOU MUST IMMEDIATELY CEASE USING SEPHORA MOBILE.

What Our Privacy Policy Covers

This privacy policy discusses the “personal information” that Sephora obtains when you download Sephora Mobile or use services or features of the application including, for example, applying for membership in the Beauty Insider Program (“Beauty Insider Membership”) or accessing your existing Beauty Insider Membership or the Sephora Community program through Sephora Mobile. When we use the term “personal information” we are referring to information that is connected to you as an identifiable individual. This may include things like your name, e-mail address, mailing address, birthday, telephone number, photographs, personal images, beauty profile information you provide such as hair color and eye color, or information about your purchases or preferences. Any information that is not connected to your name is not considered personal information.

This privacy policy does not cover information that you submit on Sephora’s website or other websites, even if we communicate with you on those sites or post a link to those sites within Sephora Mobile. For example, if you post something on Facebook, Twitter, or YouTube, that information is governed by the privacy policies on those websites, and is not governed by this policy. Information that Sephora obtains from you via our online presence at https://www.sephora.com, including when you apply for Beauty Insider Membership or access your existing Beauty Membership or Sephora Community, is governed by the Sephora Privacy Policy, located at https://www.sephora.com/privacy-policy.

What We Collect

The following are examples of the personal information that we collect:

Activity Examples of Personal Information Collected
Downloading or accessing Sephora Mobile IP address and mobile device ID
Registering on Sephora Mobile Name, e-mail address, and birth day and month
Purchasing on Sephora Mobile Name, credit card number, billing address, shipping address, and phone number
Beauty Insider Membership Name, full birthday, telephone number, mailing address, and e-mail address
Using Beauty Insider Pass Name, e-mail address, full birthday, Beauty Insider status and point balance, Beauty Insider rewards earned, device location
Sephora Community Any information about yourself that you choose to submit or post as part of your Sephora Community membership or that relates to your activities in the Sephora Community such as your: nickname, number of Beauty Insider followers, Instagram/YouTube handles, personal characteristics such as a description “about you,” skin tone and type, skin concerns, hair colour and type, hair concerns, eye colour, Color IQ, age range, groups, conversations, photographs, videos, and product reviews.
Sweepstakes and contests Name, e-mail address, and age
Product Availability Notifications Name and e-mail address

In addition to the above, we may use the following technologies to automatically collect information about your activities on Sephora Mobile.

  • Cookies.1
  • Flash Cookies.2
  • Web beacons, clear pixels, or pixel tags.3
  • Analytical tags. 4
  • Web server logs.5
  • Geo-location technologies.6
  • In-Store Beacons.

In-Store Beacons

Some of our stores utilize hardware and software manufactured by Gimbal Inc. (“Gimbal”) which transmits a Bluetooth signal to and/or works with your mobile device running Sephora Mobile to create a more personalized experience for you when shopping in Sephora stores and to make you aware of in-store offers, events and products (the “Beacon”). The first time you download Sephora Mobile or update Sephora Mobile to the Beacon enabled version, you will be asked to choose between “Enable” or “No Thanks” and will be given an opportunity to review this Privacy Policy and our Terms of Use. YOUR CONTINUED USE AT SUCH POINT CONSTITUTES YOUR ACCEPTANCE OF THE PRIVACY POLICY AND TERMS OF USE. If you choose “No Thanks,” you will have opted-out of having the Beacon communicate with your mobile device. If you choose “Enable,” the Beacon will communicate with your mobile device and collect certain data as provided in this policy. You can always opt-out of communicating with the Beacon in the future or manage the features of the Beacon by changing your notification settings in Sephora Mobile.

If you have enabled the Beacon, depending on the features included in Sephora Mobile and linked to the Beacon, Sephora may collect the following information:

  • Information about your device including make, model, operating systems and similar information but not your telephone number;
  • The state of your mobile device (e.g. location services on/off, Bluetooth on/off, WiFi on/off, cellular data on/off, and other similar information);
  • Information about your version and your use of Sephora Mobile such as your use of various features, functions or clicks on notifications or content as well as application permissions (e.g., deliver notifications, use location services, use Bluetooth, and other similar information);
  • Information about the status of the Beacon on your device including which features are activated/deactivated, whether the Beacon is activated/deactivated, and other similar information);
  • Information about your Beauty Insider Membership status (if applicable) and products you have expressed an interest in (including those in your Basket, in Loves or that you have purchased);
  • Information you may provide to us by participating in a survey, labeling a location you visit, providing feedback, sending us questions or otherwise responding to requests for information;
  • Periodic collection of your location (e.g., latitude and longitude coordinates) and time of day or your location when/if your device is near any Beacon or near beacons at other stores or locations; and
  • Attributes of WiFi networks visible to your device.

Note that we do not intentionally collect any personal information from children under the age of 13. If you are under the age of 13, you can look at our websites, but you should not make a purchase, register, or submit personal information to us.

You can choose to store information needed to make a purchase, such as your credit card number, shipping and billing addresses, during checkout on Sephora Mobile. If you change your mind about storing this information, you can amend or delete it by signing in to https://www.sephora.com (for U.S. residents) or https://www.sephora.ca (for Canadian residents), going to the My Account page, and following the instructions.

For your convenience, Sephora Mobile includes functionality allowing you to remain logged in to Sephora Mobile so that you do not have to re-enter your password each time you access Sephora Mobile. IF YOU CHOOSE TO REMAIN LOGGED IN, YOU SHOULD BE AWARE THAT ANYONE WITH ACCESS TO YOUR MOBILE DEVICE WILL BE ABLE TO ACCESS AND MAKE CHANGES TO YOUR ACCOUNT AND MAY BE ABLE TO MAKE PURCHASES THROUGH YOUR ACCOUNT. For that reason, if you choose to remain logged in to your device using Sephora Mobile, we strongly recommend that you enable the “Passcode Lock” security feature on your mobile device to protect against unauthorized access to and use of your mobile device and your Sephora Mobile account. Please also notify us as soon as possible if you suspect any unauthorized use of your account or password.

How We Use Your Personal Information

Sephora primarily uses the personal information that it collects to provide you with products, information, and services. We may use your information to track your purchase history and to contact you for account and promotional purposes. We may also use your personal information for other legitimate business purposes, including to detect and prevent fraud, to collect amounts owing to us and to maintain business records.

Sephora may use the information collected from you when your mobile device interacts with a Beacon in our stores to notify us when you arrive at or leave a Sephora store with a Beacon and where you are located within a particular store.

How We Share Your Personal Information

Sephora may share your personal information in the following circumstances:

  • Corporate affiliates. Sephora may share certain personal information with its affiliates (including parent company, sister companies and subsidiaries including Sephora Beauty Canada, Inc.) to administer the Beauty Insider program, various promotions, and to facilitate purchases, or joint venture partners like JCPenney, as described below.
  • Service providers. We may share your personal information with companies that perform services for us, such as fulfilling orders, delivering packages, sending postal mail and e-mails, analyzing customer data, providing marketing assistance, supporting Beacons, processing credit card payments, investigating fraudulent activity, conducting customer surveys, and providing customer service. We share U.S. and Canadian client e-mail activity data with Epsilon Data Management, LLC (“Epsilon”) to help Epsilon better target e-mail deployments to consumers for marketing purposes. While Epsilon has a license from Sephora to use e-mail addresses and e-mail activity data in its application, Epsilon does not share e-mail addresses or any specific e-mail activity data with other third parties that are not Sephora service providers (although Epsilon may share aggregate/non-specific activity data). Should you wish to opt out of this sharing, you simply need to opt out of e-mail communications from us.
  • JCPenney. If you apply for a Beauty Insider Membership, or use your Beauty Insider Membership, at a Sephora Inside JCPenney store located in the U.S. that is operated by JCPenney, we may share your personal information with JCPenney. We may also share your personal information with JCPenney in the event we suspect you are violating our terms or engaging in fraudulent behavior as it relates to our business. JCPenney has agreed that any information that it collects in this manner will be used only to administer the Beauty Insider Program, for internal analysis to make your shopping experience better, to monitor fraudulent or suspicious behavior, and to help us communicate with you better. JCPenney does not use this information for direct marketing purposes.
  • Social Networks, Widgets, and Plug-ins. If you use any features made available to you on our website by a third party it may result in information being collected or shared between us and the third party. For example, if you use Facebook’s “Like” feature, Facebook may register the fact that you “liked” a product and may post that information on Facebook.
  • The Beacon. The information collected from you by the Beacon will be originally collected by Gimbal on its servers located in the United States and then shared with Sephora. Gimbal collects this information in accordance with a written agreement with us and may not use that information for any purpose other than to support the Beacon, to support Sephora Mobile’s functions and features related to the Beacon, to respond to inquiries from you, to improve Gimbal’s systems and devices, and, if the data is de-identified and aggregated, for its own business purposes. Gimbal may use aggregated and de-identified information collected from Sephora Mobile users interacting with the Beacon for its own business purposes but that information cannot be traced to you. Please review Gimbal’s privacy policy available at https://manager.gimbal.com/privacy if you have any questions. Information will be stored on your mobile device for up to sixty days, on Gimbal servers for up to one year, and may be kept in de-identified state for longer than a year. However, Sephora Mobile gives you certain controls relating to information collected by the Beacon including “on/off” control, controls to “disable/enable” certain features, access to inferred profile information and a data deletion control. You also can shorten any of the time periods during which your information is stored by using the data deletion control.
  • Community. Sephora’s online social community (“Community”) allows you to participate in Sephora Groups, Sephora Conversations, the Sephora Gallery, to provide Ratings & Reviews, and to receive product recommendations.
  • If you have previously registered for a Sephora account and selected a nickname, a public Profile page containing your nickname, Beauty Insider status, and past contributions to Sephora’s public forums will be automatically generated for you on or about July 12, 2017 and will be visible to everyone. This is content that already exists on Sephora public platforms, but it is now being organized into one centralized place for your reference.
  • If you have not previously registered for a Sephora account and selected a nickname as indicated above, you can only create a public Profile page if you affirmatively choose to be a part of Community.

    Some of the information you provide in association with the Community can be seen by everyone on your Profile and some information can only be seen by you on your Profile, as indicated below:

    Seen by You and Everyone Else on your Profile Seen Only by You on your Profile
    Profile and banner photo or default Sephora avatar
    Nickname
    # of Beauty Insiders that you follow and that follow you
    Beauty Insider status
    "About You" content created by you
    Your Instagram/YouTube handles shared by you
    Skin tone and type, hair colour and type, eye colour, Color IQ, age range Personal traits such as skin concerns* and hair concerns*
    My Groups Featured Groups
    My Recent Conversations Featured Conversations
    My Looks (photos and videos) Featured Looks
    My Recent Reviews
    Review Recent Purchases
    Products Recommended For You

    *Even though your skin concerns and hair concerns are only visible to you on your Profile, they will be visible to everyone else on the product page if you submit a Rating & Review.

    For more information about Community, see our Terms of Use.

  • Other instances. Sephora may share your personal information in order to protect the legal rights of our company, our employees, our agents, and our affiliates, to protect the safety and security of our visitors, to detect and protect against fraud, or to comply with law or legal process.
  • Business transition. Sephora may share your personal information with another company that buys some, or all, of the assets or stock of Sephora, and that company may use and disclose personal information for purposes similar to what is described in this policy. Sephora may also share personal information with prospective purchasers to evaluate the proposed transaction.

Sephora may share de-identified information (i.e., information that is not directly connected to your name) in the following circumstances in addition to those identified above:

  • Aggregate information. We may share de-identified aggregate information about our customers with advertisers and marketing partners.
  • Behavioral-based advertising. A third party may use technology to collect information about your use of application so that they can provide advertising about products and services tailored to your interest. That advertising may appear either when you are using Sephora Mobile, or using your mobile device to visit other websites.

How We Protect Your Information

We realize that our customers trust us to protect their personal information. We take that task seriously and maintain reasonable and appropriate physical, electronic and procedural safeguards to help protect your personal information. While we attempt to protect the information in our possession, no security system is perfect and we cannot promise that information about you will remain secure in all circumstances, including the security of your data during transmission to us or the security of your data on a mobile device.

Your Choices

You have the following choices with how your information is used:

Your Options What you need to do
Updating or Correcting the Personal Information Relating to Your Account You can update or correct your name, e-mail address, security questions, and other preferences by visiting https://www.sephora.com (for U.S. residents) or https://www.sephora.ca (for Canadian residents), logging in and clicking on the “My Account” page, calling 1-877-SEPHORA, or visiting a Sephora or Sephora Inside JCPenney retail store and speaking with a representative.
Receiving newsletters and promotional e-mails You can click on the “unsubscribe” link at the bottom of any promotional e-mail that you receive. You can also edit your e-mail preferences by visiting https://www.sephora.com (for U.S. residents) or https://www.sephora.ca (for Canadian residents), logging in and clicking on the “My Account” page. Please call 1-877-SEPHORA to discontinue receiving material by mail.
Behavioral Based Advertising You can opt-out of some, but not all, online app behavioral based advertising by adjusting the settings within each app that shows you ads and you can opt out of Sephora’s mobile app advertising tracking at http://www.optoutmobile.com.
Remove content from user review You can remove content that you posted on a Sephora public space, such as part of a Ratings & Review, by e-mailing details to community.support@sephora.com. Note that we will endeavor to honor your request to remove information, however, our removal of your information does not completely erase that information from the internet. For example, historical copies, or “caches,” may remain.
Sephora Community You can remove some of your Sephora Community activity by emailing Customer Service at community.support@sephora.com.

CALIFORNIA PRIVACY NOTICES

If you are a California resident under 18 years old and a registered user of the Site, you can request that we remove content or information that you have posted to our Site or on Community. Please note that responding to your request may not ensure complete or comprehensive removal from our Site or on Community (e.g., if the content or information has been reposted by another user). To request removal of content or information, please contact us at the address, telephone or email below.

Communicating With Us

If you have any questions about our privacy or security practices, or of you would like to request access to or correction of your personal information, you can contact Sephora’s General Counsel by mail, telephone, or e-mail:

Sephora USA, Inc.
Legal Department, Privacy
525 Market Street, 32nd Floor
San Francisco, CA 94105
1-877-SEPHORA
privacy@sephora.com

Your right to access or correct your personal information is subject to applicable legal restrictions. We may take reasonable steps to verify your identity before granting access or making corrections.

If we need, or are required, to contact you concerning any event that involves your personal information we may do so by e-mail, telephone, or mail.

For Residents of Canada

We may establish a file of your personal information for the purposes described in this Sephora To Go Privacy Policy, which will be maintained on our servers or those of our service providers. Employees, agents and mandataries of Sephora who require access to your personal information in order to fulfill their job requirements will have access to your personal information. Sephora is located in the United States and our service providers may be located in the United States or elsewhere outside of Canada. As a result, your personal information will be processed and stored outside of Canada and will be subject to applicable foreign laws, which may allow government and national security authorities to have access to your personal information in certain circumstances.

If you wish to request access to or correction of your personal information in our custody or control, you may write to the above address. Your right to access or correct your personal information is subject to applicable legal restrictions. We may take reasonable steps to verify your identity before granting access or making corrections. You may withdraw your consent to our collection, use and disclosure of personal information at any time, subject to contractual and legal restrictions and reasonable notice. Note that if you withdraw your consent to certain uses or disclosures of your personal information, we may no longer be able to provide certain of our products or services.

1. "Cookies" are small bits of information that are placed on your mobile device. Cookies remember information about your activities on Sephora Mobile to make your use of Sephora Mobile more enjoyable and valuable to you by providing a customized experience and recognizing your preferences when you use our application. If you've chosen to disable cookies on your mobile device, some of the functionality of our website may be lost. Certain of our features, particularly those that require a login and password, require that cookies be enabled and cannot be used when you have disabled cookies.

2. "Flash cookies (also called Local Shared Objects or "LSOs") are data files similar to cookies, except that they can store more complex data. Flash cookies are used to remember settings, preferences, and usage, particularly for video, interactive gaming, and other similar services.

3. Web beacons are small graphic images on a Web page or in an e-mail that can be used for such things as recording the pages and advertisements clicked on by users, or tracking the performance of e-mail marketing campaigns.

4. We use analytical tags to analyze what our clients like to do and the effectiveness of our features an advertising. They can also help us customize your browsing and shopping experience. We may use information collected through analytical tags or tracked links in combination with your personal information. We may also combine personal information you provide to Sephora with other personal information (such as purchase history and demographic information). We often work with other companies to help us track, collect and analyze this information but they are prohibited from using this information for any other purpose.

5. Web server logs are records of activity created by the computer that delivers the webpages you request to your browser. For example, a web server log may record the search term you entered or the link you clicked to bring you the webpage. The Web server log also may record information about your browser, such as your IP address and the cookies set on your browser by the server.

6. Geo-location technology refers to technologies that permit us to determine your location. We may ask you to manually provide location information (like your postal code), or to enable your mobile device to send us precise location information. For example, if you use the Find in Store feature to determine whether an item is in stock at a Sephora retail location or the Store Locator feature, you will be asked to allow Sephora Mobile to use your current location. You are not required to allow Sephora Mobile to use your current location and can manually enter a postal code instead. If you consent, Sephora Mobile will use your current location to locate nearby retail locations.