WHO WE ARE
Take Two Cosmetics Ltd is responsible for the personal data that you share with us. When we say “Take Two Cosmetics”, “us”, “our” or “we”, this is who we are referring to. Take Two Cosmetics is the “data controller” for the purposes of applicable data protection laws.
Please see the “Contact Us” section for details on how to get in touch.
WHAT IS PERSONAL DATA?
“Personal data” means any information or pieces of information that could identify you either directly (e.g. your name) or indirectly (e.g. through pseudonymised data, such as a unique ID number). This means that personal data includes things like email/home addresses, usernames, profile pictures, personal preferences and shopping habits, user generated content, financial information, and health information. It could also include unique numerical identifiers like your computer’s IP address or your mobile device’s MAC address, as well as cookies.
WHAT PERSONAL DATA DO WE COLLECT FROM YOU AND HOW DO WE USE IT?
You, the consumer, are our priority. You drive what we do. We love hearing from you, learning about you, and creating and delivering products that you will love. We know that many of you love interacting with us and because of this, there are many ways that you might share your personal data with us, and ways that we might collect it.
HOW DO WE COLLECT OR RECEIVE YOUR PERSONAL DATA
We might collect or receive personal data from you via our websites, forms, apps, devices, Take Two Cosmetics products or brand pages on social media or otherwise. Sometimes you give this to us directly e.g. when you create an account, when you contact us, when you purchase from our websites or stores, sometimes we collect it e.g. using cookies to understand how you use our websites.
The below table explains the following:
- In what context is your personal data collected? This column explains what activity or scenario you are involved in when we use or collect your personal data. For example, whether you are making a purchase, browsing our website or signing up to a newsletter.
- What personal data may we hold about you? This column explains what types of personal data we may collect when you take part in a particular activity.
- How and why we use it? This column explains what we do with your personal data, and the purposes for collecting and using it.
- What is our legal basis for using your personal data? Whenever we use your personal data, we will have a legal basis to do this. For example, you have asked us to provide a service, you have given us your consent, or we have a legitimate interest in using your personal data.
The legal basis for the processing of your personal data can be:
- Your consent – This applies where you provide your personal data and specifically consent to us using it to provide you with a specific service, for example, so that:
- you can receive marketing communications from us. If you later ask us to stop sending you marketing communications, we need to keep some of your personal data on a suppression list so that we can make sure we do not contact you again. This is a legal obligation; and
- we can store certain cookies on your device. We may place targeted advertising cookies (these allow us to tailor services we offer, specifically to you), analytical cookies (these measure your interaction with our site so we can make improvements) on your device.
- The performance of a contract – This applies where you provide us with your personal data in order for us to provide you with a service (e.g. you ask us to create a customer account for you or you wish to purchase a product and we can manage the associated logistics).
- Our legitimate interests – This applies where you provide us with your personal data and we use it to:
- improve our products and services. By providing us with your personal data, we are able to better understand your needs and expectations when it comes to the products and services we offer. This understanding means we can improve our products and services so they match your needs. This might involve performing analytics on how you use our products, services, and websites/apps/devices, or trying out new functions which we think you might like based on what we know about you.
- better engage with you. Where you provide us with your personal data, we may use it to encourage you to be more actively engaged with our products and brands and increase your overall brand engagement and awareness. One way we do this is by tailoring the marketing communications we send you so that you receive the information most relevant to you.
- iii. prevent fraud. Where you provide us with your personal data, it means we can action any payment you make when you purchase any of our products and/or services, and importantly, check that your payment is free from fraud.
- secure our tools: We may use your personal data to keep our tools (websites/apps/devices) safe and secure. This involves making sure our tools are working properly, and that your personal data is kept secure.
- To comply with a legal obligation – This is where you provide us with your personal data which we need to keep for our legal reasons (e.g. when you make a purchase we need to keep your transaction information to comply with our tax and financial reporting obligations).
- Our legitimate interests – This applies where you provide us with your personal data and we use it to:
- To protect the vital interests of an individual – This is where we use your personal data to protect you (or someone else) where there is evidence of danger to your (or someone else’s) health and/or safety.
The table below sets out which legal basis we rely on when processing your personal data for each context.
When we collect personal data, we will indicate which types of personal data are mandatory via asterisks. Some of the personal data we request from you are either necessary for us to:
– Perform our contract with you (e.g. to deliver the goods you have purchased on our websites/apps);- Provide you with a service you have asked for (e.g. to provide you with a newsletter);- Comply with legal requirements (e.g. invoicing).
If you do not provide the personal data marked with an asterisk, this may affect the goods and services that we can provide.
|In which context is your personal data collected?||What personal data may we hold about you?||How and why we may use it?||What is our legal basis for processing your personal data?|
|Personal account creation and management:
Where your personal data is collected during the creation or management of an account on the Take Two Cosmetics website, through a social media login or in store.
|Personal account creation and management:
Where your personal data is collected during the creation or management of a professional account on the Take Two Cosmetics website,* professional accounts are created in relation to a business capacity; they are not for personal use.
|Newsletter and marketing subscription:
Where your personal data is collected when you subscribe to receive our marketing communications.
|Purchases and order management:
Where your personal data is collected during the purchase process made on the Take Two Cosmetics website.
Where your personal data is collected by cookies or similar technologies (“cookies”*) when you browse the Take Two Cosmetics website or on third-party website/apps where we have cookies. For information on the specific cookies placed on a particular website, please check the cookies table or tool available on the specific website.
What are cookies?
Cookies are small text files stored on your device (computer, tablet or mobile) when you are on the Internet, including on Take Two Cosmetics website.
|Data related to your use of our websites, including:
Where your personal data are collected during a competition, game, contest, promotional offer, sample request, survey etc.
|User Generated Content:
Where your personal data are collected when you submit content (for example images or ratings and reviews) on our website/social media platforms, or accept our re-use of any content you posted on social media platforms.
|Use of websites/apps and devices:
Where your personal data are collected as part of your use of our apps and/or devices.
Where your personal data are collected when you ask questions relating to our brands, our products and their use, or your purchases, account or rights.
AUTOMATED DECISION MAKING
Automated decision making means the ability to make decisions using technology, without human involvement.
We may use automated decision making in the following circumstances:
- For the purposes of securing transactions placed through our websites/apps/devices against fraud. We may use a third party provider’s solution to protect against fraud. The method of fraud detection is based on a number of different data prediction and data intelligence techniques that may change over time, to keep up with technological advancement. These may include, for example, data comparison or association, or detecting outlier (unusual) data patterns. This fraud detection process may be completely automated or may involve some human intervention where the final decision is taken by a person.
As a result of automatic fraud detection, you may experience a delay in the processing of your order/request whilst we review your transaction. You may be limited or excluded from using a service if a risk of fraud is identified.
You have the right to access the information on which we base our decision.
WHO MAY ACCESS YOUR PERSONAL DATA?
First, we want to be clear that we do not sell your personal data.
We may share your personal data within Take Two Cosmetics. Your personal data may be accessed within Take Two Cosmetics. Where appropriate, your data may be shared to harmonise and update the information you share with us, to tailor our communications based on your preferences, and to run analytics and perform statistics.
We may also share your personal data in a pseudonymised way (not allowing direct identification) with Take Two Cosmetics Research & Innovation scientists, including those located outside of your country, for research and innovation purposes. We also collect information using cookies to understand how you interact with our advertising content, to make sure we’re delivering this is the most relevant way. We do this on our sites and on third party sites. See our Cookies Policy below for more information.
Your personal data may also be processed on our behalf by our trusted third party suppliers.
We rely on trusted third parties to perform a range of business operations on our behalf. We only provide them with the information they need to perform the service, and we require that they do not use your personal data for any other purpose. We will always use our best efforts to make sure that all third parties we work with will keep your personal data secure. Examples include:
- Third parties that assist and help us in providing digital and e-commerce services such as social listening, loyalty programs, identity management, ratings and reviews, CRM, web analytics and search engine, user generated content curation tools;
- Advertising, marketing, digital and social media agencies to help us to deliver advertising, marketing, and campaigns, to analyse their effectiveness, and to manage your contact and questions;
- Third parties required to deliver a product to you e.g. postal/delivery services;
- Third parties that assist and help us in providing IT services, such as platform providers, hosting services, maintenance and support on our databases as well as on our software and applications;
- Payment service providers and credit reference agencies for the purpose of assessing your credit score and verifying your details where this is a condition of entering into a contract with you;
- Third parties that assist us for customer care and cosmetovigilance purposes.
The legal basis for this sharing is our legitimate interests – (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; (iv) secure our tools and design new features; and (v) use appropriate suppliers.
We may also disclose your personal data to third parties:
- In other circumstances if we have your consent or we are permitted to do so by law.
We may disclose your personal data to our partners:
- In the event the service you subscribe to was co-created by Take Two Cosmetics and a partner (for example, a co-branded app). In such cases, Take Two Cosmetics and the partner will process your personal data each for their own purposes and as such your personal data will be processed:
WHERE WE STORE YOUR PERSONAL DATA
The personal data that we collect from you may be transferred to, accessed in, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our service providers.
For further information, please contact us at firstname.lastname@example.org
HOW LONG DO WE KEEP YOUR PERSONAL DATA
We will keep your personal data for as long as we need it to provide you with your requested service(s) or to meet our commercial or legal obligations.
To determine the retention period of your personal data, we consider several criteria to make sure that we do not keep your personal data for long than is necessary or appropriate. These criteria include:
- The purpose for which we hold your personal data;
- Our legal and regulatory obligations in relation to that personal data, for example any financial reporting obligations;
- Whether our relationship with you is ongoing, for example, you have an active account with one or more of our brands, you continue to receive marketing communications, or you regularly browse or purchase off our websites/apps);
- Whether you are no longer actively participating or engaging with our brands, for example, you do not open our emails, visit our websites, or share user generated content;
- Any specific requests from you in relation to the deletion of your personal data; and
- Our legitimate business interests in relation to managing our own rights, for example the defence of any claims.
When we no longer need to retain your personal data, it will be deleted or be anonymised so that you can no longer be identified from it.
IS MY PERSONAL DATA SECURE?
We are committed to keeping your personal data secure, and taking all reasonable precautions to do so. We contractually require that trusted third parties who handle your personal data for us do the same.
We always do our best to protect your personal data and once we have received your personal data, we use strict procedures and security features to try to prevent unauthorised access. As no transmission of information via the internet is completely secure, we cannot guarantee the security of your personal data transmitted to our site although. Any transmission is therefore at your own risk.
LINKS TO THIRD PARTY SITES AND SOCIAL LOGIN
Our website may, from time to time, contain links to the websites of our partner networks, advertisers and/or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you share any personal data with these websites.
SOCIAL MEDIA AND USER GENERATED CONTENT
Our website may allow users to submit their own content. Please remember that any content submitted to our social media platforms can be viewed by the public, and you should be cautious about providing certain personal data e.g. financial information or address details. We are not responsible for any actions taken by other individuals if you post personal data on one of our social media platforms and we recommend that you do not share such information.
YOUR RIGHTS AND CHOICES
Take Two Cosmetics respects your right to privacy: it is important that you are able to control your personal data. You have the following rights:
|Your rights||What does this mean?|
|The right of access||You have the right to access, and receive a copy of, any personal data we hold about you (subject to certain restrictions). In exceptional circumstances we may charge a reasonable fee for providing such access but only where permitted by law.|
|The right to rectification||You have the right to have your personal data rectified if it is incorrect or outdated and/or completed if it is incomplete. If you have an account, it may be easier to correct your own personal data via your “My Account” function.|
|The right to erasure/right to be forgotten||In some cases, you have the right to have your personal data erased or deleted. Note this is not an absolute right, as we may have legal or legitimate grounds for retaining your personal data.|
|The right to object to direct marketing, including profiling, and any processing based on our legitimate interests||You can unsubscribe or opt out of our direct marketing communication at any time. The easiest way to do this is by clicking on the “unsubscribe” link in any email or communication we send you. In circumstances where you have the right to object to profiling or any processing based on our legitimate interests, you should contact us using the details below.|
|The right to withdraw consent at any time for and personal data processing based on consent||You can withdraw your consent to our processing of your personal data when such processing is based on consent. Where you withdraw your consent, this does not affect the lawfulness of our processing before your withdrawal. Please see the table in section “what personal data do we collect from you and how do we use it” specifically the column “What is our legal basis for processing your personal data?” to see where/when our processing is based on consent.|
|The right to object to processing based on legitimate interests||You may object at any time to our processing of your personal data when such processing is based on our legitimate interests. Please see the table in section “what personal data do we collect from you and how do we use it” specifically the column “What is our legal basis for processing your personal data?” to see where/when our processing is based on legitimate interests.|
|The right not to be subject to a decision based solely on automated decision-making||Where we use your personal data to make an automated decision about you (please see “Automated Decision Making” above for examples), you have the right to object to our decision. Your right does not apply if: (i) you gave us your explicit consent to use your personal data to make our decision; (ii) we are allowed by law to make our decision; or (iii) our automated decision was necessary to enable us to enter into a contract with you.|
|The right to lodge a complaint with a supervisory authority||You have the right to contact the data protection authority of your country in order to lodge a complaint against our data protection and privacy practices. Do not hesitate to contact us at the details below before lodging any complaint with the competent data protection authority as we will always seek to resolve your complaint in the first instance.|
|The right to data portability||You have the right to move, copy or transfer personal data from our database to another. This only applies to personal data that you have provided, where processing is based on a contract or your consent, and the processing is carried out by automated means. Please see the table in section “what personal data do we collect from you and how do we use it” specifically the column “What is our legal basis for processing your personal data?” to see where/when our processing is based on consent or the performance of a contract.|
|The right to restriction||This right means that our processing of your personal data is restricted, so we can store it, but not use nor process it further. It applies in the following limited circumstances set out in the General Data Protection Regulation:
|The right to deactivate cookies||The settings from the Internet browsers are usually programmed by default to accept cookies, but you can easily adjust it by changing the settings of your browser or, where available, by using the tools on our websites.Many cookies are used to enhance the usability or functionality of a website; therefore disabling some types of cookies may prevent you from using certain parts of our websites.If you wish to restrict or block all the cookies which are set by our websites, please use the tool available on the particular website (if applicable), or refer to the Help function within your browser to learn how to manage your settings within your browser. For more information please consult the following links:http://www.aboutcookies.org/.|
How can I exercise these rights?
For more information, or to request any of the rights noted above, please contact us on the details set out below. Note that we may require proof of your identity and full details of your request, before we process any request(s).
What are they? A cookie is a small file that a website transfers to the cookie file of the browser on your device so that the website can remember who you are.
Do I want to stop them?
Many cookies are used to enhance the usability or functionality of a website; therefore disabling cookies may prevent you from using certain parts of this website. We explain the cookies we use in the table below and give you a button by which you can block the optional cookies. If you do not make either choice then you will be treated as having accepted all cookies on this site. You can change your mind in subsequent visits and use the buttons below to change your cookie status for our site.
If you wish to restrict or block all the cookies which are set by our website (which as we say may prevent you from using certain parts of the site), or indeed any other website, you can do this through your browser settings. The Help function within your browser should tell you how. For more information go to www.aboutcookies.org
Which cookies are being used on this site?
We use four different types of cookies on this site – those that are strictly necessary for the website to function, functionality cookies, performance/analytics cookies, and targeted/advertising cookies.
1.Strictly Necessary cookies: These are cookies that are essential for our website to work correctly. They may be required for system administration, to prevent fraudulent activity, or for a shopping cart function. These cookies cannot be switched off.
2. Functionality cookies: These cookies are used to enhance and simplify your user experience. For example, they may remember information about previous choices you have made, remember your password, or allow video or social media content to be properly viewed on the website. You can opt out of functionality cookies using the function below
3. Analytics and Performance cookies: These are used for internal purposes to help us understand how you interact with our site, so we can provide you with an improved user experience e.g. to assess the performance of our website, or to test different design ideas for the website. We may work with third parties to perform these services for us, so these cookies may be set by a third party. You can opt out of these cookies using the function below.
4.Targeting and advertising cookies: These cookies are used to deliver relevant and tailored content (including advertising content) to you, and also to evaluate the effectiveness of that content. This content may be delivered on our websites, or on a third party website. We often work with third parties to deliver this content, so some of these cookies may be set by a third party. You can opt out of them using the function below. You can also opt out of targeted advertising by clicking on the “Ad Choices” logo on our advertising, or at http://www.youronlinechoices.com/uk/your-ad-choices. Note however by opting out of these cookies you do not opt out of receiving advertising content altogether; you will instead receive general content that does not take into account your interests and preferences.
Where we work with third parties, they may set cookies to deliver the services that they are providing (e.g. tailored advertising). We make every effort to identify these cookies and detail them below, so that you can choose to opt out.
There may be additional cookies managed by third parties, for example:
- Social Media Networks and Third Party Content – On our website we may use social networking icons and sometimes embed video content from websites such as YouTube. When you visit a page with content embedded from, for example, YouTube, or click on a social network icon that takes you to a that social network, you will be presented with third party cookies from Youtube or that site as applicable. We do not control these cookies and you need to check with the applicable third party website for more information.
- Flash cookies – Take Two Cosmetics uses Flash files to deliver part of its content, such as Video Player, throughout the site. To improve user experience Local Shared Objects – or flash cookies as they are commonly known – are employed to provide features such as auto-resume and for saving your preferences. Flash Cookies are stored in your terminal much in the same way as cookies are, however it is not possible to manage them at browser level in the same way. How to disable Flash Cookies – the adobe website provides comprehensive information on how to delete or disable Flash cookies either for a specific domain like www.taketwocosmetics.com or for all websites – see www.adobe.com/products/flashplayer/security for details. Restricting the use of Flash cookies may affect your enjoyment of this site
- Spotlight tags – These are something we use to track measure and report on activities that happen when you see or click on one of our advertisements somewhere on the web and then either click through to our website from that ad or visit certain pages on our website within 30 days of having seen one of our advertisements somewhere on the web. You can block the use of these spotlight tags by visiting www.networkadvertising.org/managing/opt_out.asp
Any changes we may make to our Privacy and Cookies Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Privacy and Cookies Policy.
If you have any questions or concerns about how we treat and use your personal data, or would like to exercise any of your rights above, please contact us via email at email@example.com or by writing to us at:
Data Protection Officer
Take Two Cosmetics Ltd,
Last updated: 20 May 2018