1. Who is the controller of your data?
Whenever dealing with one of LUSH companies (the “Company”), the controller of your Data will be the Company that decides how and why your Data is processed.
For the management of the Group website, the controller of your Data is LUSH.
LUSH websites or applications may contain links to the websites of our partner networks and/or affiliates. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
3. Which data do we collect from you?
We may collect Data that you provide us with through various channels, including websites, social media, events, telephone contacts, email or otherwise. Such Data may include:
– Identification information (e.g. name, surname, date of birth);
– Contact details (e.g. postal address, e-mail address, phone number);
– Job title/position in your company, if you are acting in a professional context;
– Records of correspondence with the Company and responses to our surveys.
4. For what purpose do we use your data?
We mainly use your Data for the purpose of managing our customer/prospect relationships, notably when:
– Processing orders and delivering products;
– Responding to your requests,
– Managing products claims;
– Sending you news and information about our products that may interest you;
– Managing loyalty programs;
– Conducting surveys to improve our services and products;
– Organizing contests;
– Generating statistics for marketing analysis.
We may process your Data for any other specific purpose indicated at the time of Data collection.
5. On which legal grounds do we use your data?
Taking into consideration the purpose, your Data are processed on the following legal grounds:
– Where it is required for the performance of a contract we have with you;
– Where it is necessary to pursue our legitimate interests, including:
– network and information security to protect your Data against loss, damage or unauthorized access
– assess our services through recordings of calls with our contact centers
– direct marketing activities (other than where we rely on your consent);
– where it is necessary to comply with a legal obligation, notably to assist a public authority or an investigation body;
– where you have given your explicit consent for specific and determined purposes.
6. Who do we share you data with?
We may share your Data with:
– other entities within LUSH for internal administrative purposes;
– our trusted third party suppliers to perform a range of business services on our behalf, such as hosting and maintenance services;
– third parties that may offer services in relation to our own products and services;
– judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law.
In all cases, we will only share your Data on a “need-to-know” basis to fulfill the purposes defined above.
7. Where do we store your data?
Your Data are stored either in our database or in the database of our service providers.
8. How do we ensure security and confidentiality of your data?
We are committed to ensuring the security of your Data. To this end, we maintain appropriate technical and organizational measures to avoid, as far as possible, any accidental or unlawful destruction, loss, alteration, or unauthorized access.
9. For how long do we keep you data?
We will retain your Data for the period of time necessary to achieve the purpose for which they were collected, within the limits provided by applicable law. In some circumstances, we may keep your Data for a longer period of time in order to satisfy legal, accounting or reporting requirements.
10. What are your rights and how can you exercise them?
Subject to applicable law, you may have the right:
– To access your Data;
– To correct and update your Data;
– To erase your Data;
– To restrict the processing of your Data;
– To object to the processing of your Data, mainly when the processing is based on our legitimate interests;
– To withdraw your consent at any time;
– To request the return of your Data in a structured data file, either to you or to a third party, where technically feasible (data portability);
– To lodge a complaint with the competent data protection authority.
Please note that we may require proof of your identity and full details of your request before processing it.
The data will only be used to verify your identity and will not be stored for longer than needed for this purpose.
We will reply in a reasonable delay, in accordance with the applicable regulations.
The above policy applies to www.lushia.org