Too Faced United States Privacy Policy

 

Last Update: June 30, 2020

Too Faced Cosmetics, LLC. (“Too Faced, we, us, or our”) respects your privacy and values the relationship we have with you. This Privacy Policy describes the types of personal information we collect, how we use the information, with whom we share it, and the choices available regarding our use of the information. We also describe the measures we take to protect the security of the information and how to contact us about our privacy practices.

The Too Faced entity responsible for the processing of your personal information will depend on the different purposes for which Too Faced will use your personal information and where you are located in the world. Please review our List of Local Entities for the name of the Too Faced entities responsible for the processing of your personal information and the appropriate contact information.

Too Faced products are available for sale in many places—online at toofaced.com and at third-party retail locations. This Privacy Policy applies to the personal information collected on toofaced.com and any website, mobile application or document that refers to this Privacy Policy. Unless otherwise indicated at the time that you provide your personal information, any personal information collected at third-party retail locations is not provided to us and is not subject to this Privacy Policy.

Click on one of the links below to jump to the listed section:

 

INFORMATION WE COLLECT

We may collect or may have collected the following categories of information about you. In some cases, the information we collect may fall within more than one category.

  • Contact information and personal identifiers, such as your name, address, email address, telephone number, and username or social media handle.
  • Device identifiers, such as information about your device like your MAC address, IP address, or other online identifiers.
  • Demographic information, such as your age, sex, and gender (some of which may be protected by applicable law).
  • Physical characteristics, such as your hair type and color, skin type, and eye color.
  • Commercial information, such as the products or services you have purchased, returned or considered, and your product preferences.
  • Payment information, such as your method of payment and payment card information (including payment card number, expiration date, delivery address and billing address).
  • Biometric information, such as facial images (for example, if you use one of our make-up try on applications).
  • Identity verification information, such as photo identification for in-store pick-ups, loyalty member ID, and other authentication information (like passwords).
  • Online or network activity information, such as information regarding your interaction with our website, mobile applications, digital properties, and advertisements, information about your browsing and search history on our website or mobile applications, and log file information, which includes, but may not be limited to, your browser type, webpages you visit, and other electronic network activity.
  • Geolocation information, such as information that can help identify your physical location (like your GPS coordinates or the approximate location of your mobile device).
  • Audio and visual information, such as recordings of your voice when you call our customer service and images we record through CCTV in our M∙A∙C Cosmetics owned retail stores.
  • Professional or employment-related information, such as information from your resume, employment history, education information, and professional licenses or certifications.
  • Health and medical information, such as skincare concerns, diagnoses, medical reports and history.
  • User Content, such as your communications with us and any other content you provide (including photographs, videos, reviews, articles, survey responses, and comments).
  • Inferences drawn from or created based on any of the information identified above.
  •  

    HOW WE COLLECT INFORMATION

    We may collect or may have collected personal information about you from various sources. The categories of sources from which we may collect personal information are:

  • Directly from you, such as when you make a purchase on our website, contact us with a question or complaint, use one of our mobile applications, create an account on our website, respond to a survey, participate in a contest or other promotion, sign-up to attend an event, apply for employment, or sign-up to receive marketing communications.
  • From your friends or family members, such as when your friend or family member sends you a gift or makes a referral.
  • Cookies and automatic collection methods. When you visit our website or use one of our mobile applications, and when you open or click on emails we send you, we (and third parties we work with) may automatically collect information from your browser or device using technologies such as cookies, web beacons, pixel tags, and similar technologies. Cookies are small text files that websites send to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings in your browser. Web beacons or pixel tags are small images which are embedded into our website or emails that provide us with information about your browser or device, or whether you open or click on the emails we send you. These technologies enable us, or the third parties who place such technologies, to collect information such as device identifiers and online or other network activity information.
  • Through offline technologies, such as call recording technology when you speak to customer service.
  • From our business partners and service providers, such as demographic companies, analytics providers, advertising companies and networks, third-party retailers, and other third parties that we choose to collaborate or work with.
  • From social media platforms and networks, such as Facebook, Twitter, Pinterest, and Instagram. For example, we may obtain your information from a social media platform or network if you interact with us on social media or choose to log-in to our website using your social media credentials.
  • From other Estee Lauder Companies brands or that you have interacted with
  •  

     

    HOW WE USE INFORMATION

    We may use or may have used the information we have about you:

    • To provide products and services to you, such as fulfilling orders and processing payments, creating, servicing and/or maintaining your account, assisting with product selection and replenishment, and managing current or past purchases.
    • To communicate with you, including to respond to your inquiries or complaints, and to help you place an order.
    • To administer your participation in special events, contests, sweepstakes, surveys, and promotions.
    • For marketing and advertising, such as to send you marketing and advertising materials via postal mail, text message or email, and to show you advertisements for products and/or services tailored to your interests on social media and other websites.
    • For analytics purposes, such as to understand how you use our website and mobile applications, understand your preferred method of purchasing with us; determine what browser and devices you use to visit our website or mobile applications; and to evaluate and improve our products, services, advertisements, website and mobile applications.
    • To operate and improve our business, including to respond to employment applications, provide quality assurance, conduct research and development to develop new products and services, and perform accounting, auditing and other internal business functions.
    • For legal and security purposes, such as to detect, prevent, and prosecute harmful, fraudulent, or illegal activity, loss prevention, identify and repair bugs on our website or mobile applications, and to comply with applicable legal requirements, relevant industry standards and our policies.

    We also may use or may have used the information in other ways for which we provide specific notice at the time of collection.

    Some of the purposes for which we use your personal information may not be necessary to maintain our relationship with you, such as for marketing and advertising purposes. If you do not want us to use your personal information for these purposes you may opt-out of such uses by following the instruction in the Your Rights and Choices section or by submitting a request through the Privacy Request Portal.

     

    LEGAL BASIS FOR PROCESSING

    Where required by law, we will use the personal information you provide for the above purposes if:

    • • it is necessary to perform a contract to which you are party (e.g., to process your payment and fulfil your order);
    • we have obtained your consent; or
    • we have a legitimate interest in doing so (including a legitimate interest in performing marketing activities, research activities, data analytics, internal administration functions, processing and enforcing legal claims and conducting our business in compliance with all applicable laws, relevant industry standards and our policies).

     

    INFORMATION WE SHARE

    We may share or may have shared your personal information with:

    • Our corporate brands and affiliates. For a list of our corporate brands see https://www.elcompanies.com/en/our-brands and for a list of our corporate affiliates see https://www.elcompanies.com/en/news-and-media/contact-us.
    • Service providers. We may transfer personal information to service providers who perform services on our behalf based on our instructions. We do not authorize these service providers to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements. Examples of these service providers include entities that process credit card payments, fulfill orders, and that provide website and application functionality, hosting, analytics, advertising and marketing services.
    • Parties to a corporate transaction. We also reserve the right to transfer personal information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution, or liquidation).
    • Advertising Companies. We work with third party advertising companies (such as advertising networks) to serve advertisements on our behalf. For additional information, see the Cookies, Targeted Advertising & Analytics section.
    • Other third parties. In addition, we may disclose personal information about you (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials, (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity, (iv) when disclosure of your personal information is otherwise required or permitted by law, or (v) with your consent.

     

    YOUR RIGHTS AND CHOICES

    Your Privacy Rights

    Subject to applicable law, you may have the right to request access to and receive details about the personal information we maintain about you, update and correct inaccuracies in your personal information, and have the personal information deleted, as appropriate. Subject to applicable law, you may also have the right to request the restriction of the processing of your personal information or to object to that processing on grounds relating to your particular situation, the right to withdraw your consent and to receive, in a structured, commonly used and machine-readable format, the personal information that you have provided to us where technically feasible. You may also lodge a complaint with your supervisory authority.

    These rights may be limited in some circumstances by local law. We may take reasonable steps to verify your identity before granting access or making corrections. You may exercise your privacy rights through our Privacy Request Portal.

    Email Opt-Out

    You can opt-out of receiving marketing or clienteling communications by email by following the instructions within the emails you receive from us or by contacting us through our Privacy Request Portal. Please note that your opt-out request is specific to the particular type of email communication you receive from us. For example, if you opt-out from a clienteling email, you will no longer receive clienteling email communications, but you may still receive email marketing communications from us. Further, if you opt-out from both clienteling email communications and marketing email communications, we may still send you transactional or operational emails. Examples of transactional or operational emails include, purchase or shipping confirmations, password resets, profile updates or other account related messages.

    Postal Mail Opt-Out

    You can opt-out of receiving marketing communications by postal mail by following the instructions that may be included in a particular promotion. You also can request that we refrain from sending you promotional postal mail by contacting us through our Privacy Request Portal.

    Text Message Opt-Out

    You can opt-out of receiving text messages from us by replying STOP to the text message you receive from us or making a request through our Privacy Request Portal. Please note that this will only opt you out of the specific text messaging program associated with that number.

    Push Notifications Opt-Out

    When you download one of our mobile applications or when you visit our website, we may provide you with the option to receive push notifications. You may opt-out of receiving push notifications by adjusting the settings on your mobile device or browser.

    Geolocation Information Opt-Out

    When you use one of our mobile applications, we may ask you to share your location. You may choose not to share your geolocation details by adjusting your mobile device’s location services settings.

    COOKIES, TARGETED ADVERTISING & ANALYTICS

    Cookies

    Cookies are small text files that websites send to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings in your browser. We use different types of cookies on our website, including performance cookies, functional cookies and targeting cookies. For details on these types of cookies and information on how to opt-out, click here: Cookie Settings.

    Please note that your opt-out only applies to the browser you use to submit your opt-out, so if you use multiple browsers or devices, you must opt-out on each browser, on each device. Your opt-out is enabled using cookies so once you opt-out, if you delete your browser’s saved cookies on a device, you will need to opt-out again on that browser on that device.

    Targeted Advertising

    We work with third party advertising companies (such as advertising networks) to serve advertisements for us. These advertising companies may use cookies and other technologies to collect device identifiers, online or network activity information, commercial information, or inferences, such as information about the websites you visit over time and the advertisements you click on, in order to deliver advertisements that are targeted to you. You can opt-out of this form of targeted advertising from the companies we work with by changing your Cookie Settings.Please note that even if you opt-out of this form of targeted advertising, you may still see ads from us, but the ads will not be targeted based on behavioral information about you. To learn more about this type of advertising in general, visit the Digital Advertising Alliance at www.aboutads.info/choices or the Network Advertising Initiative at www.networkadvertising.org/choices or the Digital Advertising Alliance of Canada (“DAAC”) at http://youradchoices.ca/choices.

    We also work with third-party platforms, including platforms operated by social networks, such as Google, and Facebook, to show you advertisements or measure the effectiveness of our advertisements. We may convert your email address, telephone number, or other information into a unique value and have these third-party platforms match this unique value with a user on their platform or with other data they may have. This matching enables us to deliver advertisements to you and others on these platforms. You also can request that we refrain from using your personal information in this way by contacting us through our Privacy Request Portal.

    Do Not Track and Advertising Across Different Websites

    We currently do not change our tracking practices in response to “do-not-track” signals or other similar mechanisms. Third parties that have content or services on our website such as a social feature, an analytics service, or an advertising network partner, may obtain information about your browsing or usage habits. These third parties do not change their tracking practices in response to “do-not-track” signals from your web browser and we do not obligate these parties to honor “do-not-track” signals. To learn more about browser tracking signals and “Do Not Track,” please visit http://allaboutdnt.com.

    Analytics Services

    We may use analytics services, such as Google Analytics, on our website, our social media pages, or our mobile applications to help us evaluate and analyze how visitors use these platforms. For specific details on how Google collects and uses information on our website, social media pages, or mobile applications, please visit: How Google Uses Data.

    INTERNATIONAL TRANSFERS

    We may transfer the personal information we collect about you to our affiliates and third party service providers in countries other than the country in which the information was originally collected (including the United States), where necessary to fulfill the purposes described in this Privacy Policy and your personal information may be processed and stored outside of your country of residence. Those countries may not provide the same level of data protection as your country of residence. When we transfer your personal information to other countries, we will protect that information in the manner described in this Privacy Policy. We have also implemented appropriate safeguards to ensure such a level of data protection when transferring your personal information, including the conclusion of data transfer agreements incorporating the European Commission’s Standard Contractual Clauses, or using U.S. service providers certified to the EU-U.S. Privacy Shield as set forth by the U.S. Department of Commerce and the European Commission regarding the collection, use and retention of personal information transferred from the European Economic Area to the United States, or other applicable data transfer mechanisms. You may obtain a copy of these data transfer mechanisms by contacting us as indicated below.

    CHILDREN'S PRIVACY

    This website is not intended for or directed to children under the age of thirteen and we do not knowingly collect personal information from children under the age of thirteen on the website. If we become aware that a child under the age of thirteen has provided us with personal information, we will delete the information from our records.

    DATA RETENTION

    We keep the personal information you provide for the duration of our relationship, plus a reasonable period of time thereafter.

    HOW WE PROTECT PERSONAL INFORMATION

    We maintain reasonable administrative, technical, and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure, or use.

    LINKS TO OTHER WEBSITES

    Our website or mobile applications may provide links to other websites for your convenience and information. These websites may operate independently from us. Linked websites may have their own privacy notices or policies, which we strongly suggest you review if you visit any linked websites. To the extent any linked websites you visit are not owned or controlled by us, we are not responsible for the websites’ content, any use of the websites, or the privacy practices of the websites.

    UPDATES TO OUR PRIVACY POLICY

    This Privacy Policy may be updated periodically and without prior notice to you to reflect changes in our personal information practices. We will post a prominent notice on our website to notify you of any significant changes to our privacy practices and indicate at the top of the Privacy Policy when it was most recently updated.

    HOW TO CONTACT US

    If you have any questions or comments about this Privacy Policy, or the manner in which we or our service providers treat your personal information, please contact our Chief Privacy Officer by email at privacy@estee.com or 1-855-866-3223.

    If we need, or are required, to contact you concerning any event that involves your personal information we may do so by telephone or email.

    ADDITIONAL RIGHTS AND DISCLOSURES FOR CALIFORNIA RESIDENTS

    Disclosures of Personal Information

    We disclose the following categories of personal information for business or commercial purposes:

    CategoryDisclose to Third Parties
    Contact information and personal identifiersWe may disclose or may have disclosed this information to:
    • our corporate brands and affiliates
    • service providers
    • fraud detection providers
    • law enforcement authorities or other government officials where required or permitted by law
    Device IdentifiersWe may disclose or may have disclosed this information to:
    • our corporate brands and affiliates
    • service providers
    • fraud detection providers
    • law enforcement authorities or other government officials where required or permitted by law
    Demographic informationWe may disclose or may have disclosed this information to:
    • our corporate brands and affiliates
    • service providers
    • law enforcement authorities or other government officials where required or permitted by law
    Physical characteristicsWe may disclose or may have disclosed this information to:
    • our corporate brands and affiliates
    • service providers
    • law enforcement authorities or other government officials where required or permitted by law
    Commercial informationWe may disclose or may have disclosed this information to:
    • our corporate brands and affiliates
    • service providers
    • fraud detection providers
    • law enforcement authorities or other government officials where required or permitted by law
    Payment informationWe may disclose or may have disclosed this information to:
    • our corporate brands and affiliates
    • service providers
    • fraud detection providers
    • law enforcement authorities or other government officials where required or permitted by law
    Identity verification informationWe may disclose or may have disclosed this information to:
    • our corporate brands and affiliates
    • service providers
    • fraud detection providers
    • law enforcement authorities or other government officials where required or permitted by law
    Online or network activity informationWe may disclose or may have disclosed this information to:
    • our corporate brands and affiliates
    • service providers
    • fraud detection providers
    • law enforcement authorities or other government officials where required or permitted by law
    Geolocation informationWe may disclose or may have disclosed this information to:
    • our corporate brands and affiliates
    • service providers
    • fraud detection providers
    • law enforcement authorities or other government officials where required or permitted by law
    Audio and visual informationWe may disclose or may have disclosed this information to:
    • our corporate brands and affiliates
    • service providers
    • law enforcement authorities or other government officials where required or permitted by law
    Professional or employment related informationWe may disclose or may have disclosed this information to:
    • our corporate brands and affiliates
    • service providers
    • law enforcement authorities or other government officials where required or permitted by law
    Health and medical informationWe may disclose or may have disclosed this information to:
    • our corporate brands and affiliates
    • service providers
    • law enforcement authorities or other government officials where required or permitted by law
    User ContentWe may disclose or may have disclosed this information to:
    • our corporate brands and affiliates
    • service providers
    • law enforcement authorities or other government officials where required or permitted by law
    InferencesWe may disclose or may have disclosed this information to:
    • our corporate brands and affiliates
    • service providers
    • law enforcement authorities or other government officials where required or permitted by law

     

    These disclosures take place for the following business or commercial purposes:

    • To audit our interactions with you to ensure compliance with applicable law and to measure the effectiveness of our products, services, and advertisements;
    • To detect, prevent, and prosecute harmful, fraudulent, or illegal activity;
    • To identify and repair bugs on our website or mobile applications;
    • To provide services, such as customer service, order fulfillment, and payment processing, which we either conduct or engage service providers to conduct on our behalf;
    • For research and development;
    • To further our business goals, including to advertise our products and services; and
    • For quality assurance.

     

    Sale of Personal Information

    We do not sell your personal information for monetary consideration. However, California law may characterize our sharing of personal information with companies that provide services to us, such as companies that help us to market or advertise our products and services to you, as "sales”. We may “sell” or may have “sold” the following categories of personal information for valuable consideration to the third parties listed below:

    CategorySold to Third Parties
    • Device identifiers
    • Online or network activity information
    • Commerical information
    • Inferences
    We may sell or may have sold this information to:
    • advertising companies

    We do not have actual knowledge that we sell the personal information of minors under 16 years of age.

    Financial Incentive

    We may offer you various financial incentives such as discounts and special offers when you provide us with contact information and identifiers such as your name and email address. When you sign-up for our email list or other discounts and special offers, you opt-in to a financial incentive. You may withdraw from a financial incentive at any time by opting out from our emails. Generally, we do not assign monetary or other value to personal information, however, California law requires that we assign such value in the context of financial incentives. In such context, the value of the personal information is related to the estimated cost of providing the relevant financial incentive(s) for which the information was collected.

    Your California Privacy Rights

    You have the right to request, twice in a 12 month period, that we disclose to you the personal information we have collected, used, disclosed, and sold about you during the past 12 months. In addition, you have the right to request that we delete the personal information we have collected from you (subject to certain exceptions)

    You can exercise your rights through our Privacy Request Portal or by contacting us at 1-855-866-3223. Before processing your request, we will take reasonable steps to verify your identity, which will include verifying that the email address from which you submit the request matches the email address we maintain on file for you. In order to ensure you are the owner of the email address, you must respond to a confirmation email that we will send to such email address. In some cases, we may ask that you provide additional information in order to verify your identity.

    You may also designate an authorized agent to make a request on your behalf. The authorized agent may submit the request through our Privacy Request Portal and will be required to provide proof that they have been authorized to act on your behalf. If the authorized agent does not provide such proof, you will be required to confirm your identity and the authenticity of the request.

    You can also opt-out of the sale of your personal information by emailing privacy@estee.com, or by clicking here: Do Not Sell My Personal Information.

    We will not discriminate against you on account of your exercise of your California privacy rights.

    If you would like us to read this Privacy Policy to you, please contact us at 1-855-866-3223.

     

    LIST OF DATA CONTROLLERS

    COUNTRYTOO FACED DATA CONTROLLERS
    Canada

    Online Purchases:

    Too Faced Cosmetics, LLC with company number 5069893 and with its registered address at 17361 Armstrong Avenue, Irvine, CA 92614

    Marketing and all other processing:
    Too Faced Cosmetics, LLC with company number 5069893 and with its registered address at 17361 Armstrong Avenue, Irvine, CA 92614 and Estee Lauder Cosmetics Ltd., with company number 049298-1 and with its registered address at 161 Commander Blvd., Agincourt, ON M1S 3K9, Canada.

     

    United Kingdom and IrelandOnline Purchases:
    Too Faced Cosmetics, LLC with company number 5069893 and with its registered address at 17361 Armstrong Avenue, Irvine, CA 92614


    Marketing and all other processing:
    Too Faced Cosmetics, LLC with company number 5069893 and with its registered address at 17361 Armstrong Avenue, Irvine, CA 92614, Too Faced Cosmetics UK Limited, with company number 06995501 and with its registered address at 843 Finchley Road, London NW11 8NA United Kingdom, and Estee Lauder Cosmetics Limited, with company number 00659213 and with its registered office address at
    One Fitzroy, 6 Mortimer Street, London, W1T 3JJ, United Kingdom;

    United StatesOnline Purchases:  Too Faced Cosmetics, LLC with company number 5069893 and with its registered address at 17361 Armstrong Avenue, Irvine, CA 92614

    Marketing and all other processing:
    Too Faced Cosmetics, LLC with company number 5069893 and with its registered address at 17361 Armstrong Avenue, Irvine, CA 92614

    MexicoOnline Purchases:
    Too Faced Cosmetics, LLC with company number 5069893 and with its registered address at 17361 Armstrong Avenue, Irvine, CA 92614
    Marketing and all other processing:
    Too Faced Cosmetics, LLC with company number 5069893 and with its registered address at 17361 Armstrong Avenue, Irvine, CA 92614

    Estee Lauder Cosmeticos S.A. de C.V. with company number ELC 691230 B65 and with its registered address at 3 Floor, Prado Sur No. 230, Col. Lomas de Chapúltepec 11000, Mexico