Privacy Policy

LAST UPDATED: 21/04/2023

 

This Privacy Policy (“Policy”) explains how we use the personal data (“Data” i.e. any information about you) we may collect when you interact with us either online, when you use our websites and applications (hereinafter referred to as the “Services”, the “Site” or the “Sites”) or offline, when you visit one of our stores, and how we ensure the protection of this Data.

Privacy and data protection information notices or consent requests will, if necessary, be communicated to you in specific situations not covered in this Policy where the Orveon Group (as defined below) may process your Data.

It’s likely that we’ll need to update this Policy from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.

We hope the following sections will answer any questions you may have but if not, please do get in touch with us via email: privacy@orveonglobal.com.

 

  1. Who is the controller of your Data?

The bareMinerals brand is part of the brand portfolio owned by Orveon Global US LLC (“Orveon”) and its affiliates, and its or their subsidiaries and (direct and indirect) parent companies (together, the “Orveon Group”). References in this Policy to “we”, “us” or “our” refer to Orveon. Orveon is the data controller and as such is responsible for collecting and processing Your Data as explained by this Privacy Policy.

We are committed to building strong and lasting relationships with our customers based on trust and transparency. In accordance with this philosophy, the protection of your Data is essential to us and we wish to inform you via this Privacy Policy of how we collect and process this Data.

 

  1. What Data do we collect and from what sources?

Depending on how you interact with us (online, offline, by phone, etc.), we may collect from you various categories of Data, which are described in more details below.

  1. a) Data you provide to us

You may provide the following categories of Data when you interact with us for instance when you visit our Sites, our stores, or when you participate in one of our promotional operations, etc.

  • Identification information: this includes information such as your name, surname, customer number, login ID, password, age or age range, title, date of birth, general geographic location (e.g., postcode or city and state), etc.
  • Contact information: this includes any information that would allow us to personally contact you, such as your home address, billing address, your email address, or your phone number (home, mobile), etc.
  • Order and product information: this includes details of the products you have ordered and searched for online or in our shops, the date and time of your orders and searches and the shops you prefer to visit etc.
  • Habits and preferences: this includes any information related to your preferences and interests such as your favourite products, lifestyle information, your concerns in terms of beauty and care, etc.
  • Facial attribute data: this includes videos, pictures or images with Your facial attributes and face geometry captured via our virtual try-on feature. We do not store, maintain, share, or otherwise use this information. PERFECT CORP. provides the virtual try-on feature and is the data controller for this service. You can find their privacy policy here. Please note that any image, picture, or video that may be captured or generated by the virtual try-on feature may be stored on the server, computer, or system that You are using to access this feature.
  • Payment and transaction-related information: this includes any information that you use to make a purchase, such as your payment card details. Payments made on the Site are made through our payment gateway providers, PAYPAL, APPLE PAY, CLEARPAY or SHOPIFY PAYMENTS. Please note that we do not have access to the payment details you provide to these providers which operate autonomously. For more information please refer to the relevant service providers privacy policy.
  • User-generated content and posts: this refers to any content (suggestions, testimonials, surveys or other any other feedback) that you voluntarily share with us about your experience in using our products or services. This also includes your posts on our applications, such as our Facebook fan pages (photos, videos, personal stories, or other similar media or content).
  • Information on adverse events: this might include information on your allergies, intolerances and other health-related information, which might be related to our products, that you provide to our customer service. Please note that we only use this information in accordance with our legal obligations to follow-up on adverse events reported to us by our customers (in accordance with EU Regulation on cosmetic products no.1223/2009 as transferred under UK law).
  • CCTV: your image may be recorded on CCTV when you visit one of our shops. We might have to use it for security reasons. We regularly delete the footage unless an incident or alleged incident requires investigation or action.
  1. b) Automatically collected Data

The following categories of Data may be collected automatically when you navigate though our Sites, thanks to various tracking technologies such as browser cookies:

  • Technical information: such as your IP address, the browser you use or other technical data related to your device, etc.
  • Connection data: such as your identifiers, date and time of connection to your account, to our Sites, etc.)
  • Data relating to your use of our Sites and applications: pages viewed, products you searched for, duration of your visit, etc.

For more information on our use of cookies, please see our Cookie Policy.

  1. c) Data we receive and collect from other sources
  • Third parties and advertising partners:we may obtain information, including Data, from third parties and sources other than our Site, such as our partners or advertisers. This may be the case when you accept cookies, which help us understand your activities, how you use our services, the purchases you make, the advertisements you watch, etc.
  • Social media partners:we might receive information from social media platforms when you use your social network account such as Facebook, to access one of our services (e.g., to participate in one of our promotional operations or to make a purchase without having to create an account on our site) or when using social media plug-ins (e.g., “like” and “share” buttons).

 

  1. For what purposes do we use your Data?

We may collect, use and disclose your Data for the main following purposes:

For what purpose do we use your Data?

What Data do we use?

On which ground?

Create and manage your online account

· Identification and contact information

· Order and product information

· Habits and preferences

· Connection data

Your prior consent

Manage your product orders (made online, by phone, etc.).

· Identification and contact information

· Order and product information

· Payment and transaction-related information

· Connection data

Performance of the sales contract with you

Manage your participation in one of our promotional operations (game-contests, sample operations, promotional offers, etc.)

· Identification and contact information

· Order and product information

· User-generated content

Your prior consent

Offer you quality services in-store, including:

·        providing personalised services and advice in store, according to your preferences, and

·        managing your appointments with us (with your beauty consultants, make-up sessions, tutorials and events, etc.)

· Identification and contact information

· Order and product information

· Habits and preferences (might include information related to your allergies)

Your prior consent

Interacting with you, including by:

·        managing promotional communications (via email, SMS or phone);

·        replying to you when you contact us via our customer service or any other communications channel;

·        managing your comments and reviews on our products. 

· Identification and contact information

· Order and product information

· Habits and preferences

· Technical information

· Connection data

· Data relating to your use of our Sites and applications

· User-generated content

Your prior consent

Providing you access to a virtual try-on feature for our products.

· Identification and contact information

· Facial attribute data

· Technical information

Your prior consent

Assess your satisfaction and carry out market surveys

· Identification and contact information

· Order and product information

· Habits and preferences

· User-generated content

Our legitimate interest. When we carry out market survey, we always ask for your consent.

Manage email notifications, including back-in-stock and adverse events notifications

· Identification and contact information

· Order and product information

· Habits and preferences

· Information on adverse events including health-related information and pictures of you and those you might send us

Your prior consent, or in case of adverse events notifications -compliance with a legal obligation applicable to us

Offering you online content adapted to your preferences and online behaviour

· Habits and preferences

· Connection data

· Data related to your use of our Sites and applications

· Technical information

Your prior consent

Performing analysis and statistics, including managing and following traffic on our Sites

· Order and product information

· User-generated content

· Habits and preferences

· Connection data

· Data related to your use of our Sites and applications

· Technical information

Our legitimate interest (or, where necessary, your prior consent)

Exercise our legal rights in case of litigation or legal proceedings

· Identification and contact information

· Order and product information

· Information on adverse events

· User-generated content

Our legitimate interest

Ensuring our Sites security

· Identification and contact information

· Technical information

· Data related to your use of our Sites and applications

· Connection data

Our legitimate interest

Managing video surveillance in our shops

· CCTV images

Our legitimate interest

 

 

  1. Data Enrichment and Profiling

To have a better overall understanding of you as a customer, we may combine information about you gathered across various channels. For example, Data collected in the course of your online activity (e.g. shopping, account creation, etc.) may be combined with Data we collect when you visit one of our stores (if you have consented).

This Data enrichment may also occur between different brands of the Orveon Group. For example, if you make an online purchase on the Bare Minerals website and then create an online account with the same email address on the website of another Orveon Group brand (e.g., bareMinerals or BUXOM), the Data collected through these two websites may be combined to enrich your customer profile. This helps us to propose products and advice that is most relevant to your interests at particular times, by email (where we have your consent) or when you visit one of our stores.

Under no circumstances will this enrichment allow us to send you communications relating to another brand of the Orveon Group if you have not consented to it.

You can object to these “profiling” operations at any time by contacting us. Please refer to the “Your rights and choices” section.

 

  1. With whom do we share your Data?
  • Other members of the Orveon Group: your Data may be shared with the other members of the Orveon Group who are involved in our customer relationship management. Your data may also be shared with other brands of the Orveon Group to enrich your customer profile and update your Data.
  • Third party vendors and providers: your Data may be accessible to selected third-party vendors or providers acting on our behalf and our instructions, for the needs of the purposes described above in section 4. For example, our transporters will need to access your Data to deliver the products you ordered, our e-commerce support and marketing campaign providers will need to access your Data to send you the relevant communications, our maintenance providers might need to access your Data in case of technical incident, etc.
    In any case, we require such third parties to:
    • be subject to strict contractual data protection and confidentiality obligations; undertake to comply with all applicable data protection laws and exclusively for the purposes specified in the contract with have with them;
    • implement appropriate technical and organizational security measures designed to protect the integrity and confidentiality of your Data.
  • Public and judicial authorities: we might need to share your Data with public authorities when the law requires us to do so. For instance, we might be requested to provide invoices to tax or financial authorities, or to provide information related to adverse events linked to the use of our products to health authorities. We might also need to share your Data with judicial authorities in the event of a litigation.

In any case, please rest assured that we only grant access to your Data on a need-to-know basis, and that such access is limited to the Data that is strictly necessary to perform the purpose for which such access is granted. We will never rent, trade or sell your Data to third party companies.

 

  1. Where may we transfer your Data?

Orveon is a multinational organization with affiliates, vendors and partners located in many countries around the world. For that reason, we may need to share your Data with entities located in jurisdictions which may not be regarded as providing the same level of protection as yours.

In all cases, we ensure that adequate safeguards, as required under the applicable data protection legislation, are in place. Such safeguards may include:

  • adequacy decisions issued by the European Commission (with respect to transfers out of the EEA) or the UK Government (with respect to transfers out of the UK) that determine the data protection legislation in the recipient jurisdiction provides an ‘adequate’ level of protection for personal data;
  • Standard Contractual Clauses approved by the EU Commission (with respect to transfers out of the EEA) and the UK Government (with respect to transfers out of the UK); or
  • our providers’ Binding Corporate Rules (often known as ‘BCRs’)


For more information about the transfer of your Data, you can contact our Data Protection Officer (please refer to the “Your rights and choices” section).

 

  1. How do we protect your Data?

Orveon knows how much data security matters to all our customers. We take all appropriate steps to protect your Data from unauthorized access, alteration, disclosure, or destruction, and require the same from the suppliers who we share your data with. We pay particular attention to sensitive data, especially payment card data, allergy or intolerance data.

SECURE OPERATING ENVIRONMENTS
We secure access to all transactional areas of our websites and apps using ‘https’ technology.

ENCRYPTION FOR PAYMENT INFO
Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured by SSL encryption.

OTHER SECURITY MEASURES
In addition to the methods above, we may take other measures to protect your information, depending on the sensitivity of the data and other considerations (such as how the information is collected and where it is stored). These measures may include (among other things) additional access restrictions, password requirements, and physical protections (e.g., secure data centres, etc.).

Please note, however, that any information you choose to share in public areas such as our website community features, or other social areas is by definition considered as public and can be seen by anyone accessing the related platform.

 

  1. How long do we retain your Data?

We will retain your Data for the period necessary to fulfil the purposes outlined in this Policy (see section 4).

The criteria used to determine such retention periods include:

  • the length of time we have an ongoing relationship with you;
  • whether there is a legal obligation to which we are subject imposing or authorizing us to keep you Data.
  • whether a longer retention period is required or permitted by law.

 

  1. Data about Children

Our Sites are not directed to anyone under 16 years of age. We do not solicit or collect any type of information from a person known to be under the age of 16.

If we become aware that we have accidentally collected information from a child, we will remove that information from our records as soon as feasibly possible.

 

  1. Your rights and choices

In accordance with the applicable data protection law, you have the right to request:

  • Access to the Data we hold about you, which means that you can ask us to provide you information regarding the personal data we have about you;
  • The correction of your Data if they are incomplete or inaccurate;
  • The erasure of your Data, in the cases provided by law. Please note that in some cases, we may be obliged to retain your Data anyway, for legal or legitimate reasons;
  • The interruption of the use of your Data by withdrawing your consent at any time where our “lawful basis” is consent, or by objecting to the use of your Data where our “lawful basis” is our legitimate interests and that we have no legitimate overriding interest;
  • The restriction of the use of your Data, in the cases provided by law (e.g., for us to stop carrying out the data enrichment and profiling activities described in Section 5); and/or.
  • To obtain a copy of the Data you provided us, in a commonly used format, to transmit it to another data controller, in the cases provided by law.

To exercise your rights or for any further questions related to the use of your Data, please contact our Data Protection Officer:

  • Via email: privacy@orveonglobal.com.
  • Via our postal address: 12 Henrietta Street, 2nd Floor, Convent Garden, London, WC2E 8LH


Please note that to process your request, we may ask you for proof of identity. We do this to avoid data breaches, e.g. because an unauthorized person pretends to be you and exercises a right in your name.


If you feel that your Data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your Data, you have the right to lodge a complaint with your local data protection authority. For the UK that is the Information Commissioner’s Office (ICO) - https://ico.org.uk/.

---

This Cookie Policy applies to the bareminerals.co.uk website (“Site”) which is operated by or on behalf of Orveon Global Ltd (12 Henrietta Street, 2nd Floor, Convent Garden, London, WC2E 8LH). It sets out our use of cookies and other similar technologies on our Site. It should be read in conjunction with our Privacy Policy.

The use of cookies is standard on the Internet. Although most Web browsers automatically accept cookies, the decision of whether to accept or not is yours. You have the choice to accept or decline cookies by way of consent. You may adjust your browser settings to prevent the reception of cookies, or to provide notification whenever a cookie is sent to you. 

By using our Site, you are consenting to our use of cookies in accordance with this Cookie Policy. If you do not agree to our use of cookies in this way, you should refuse the use of cookies by selecting the appropriate settings on your browser or not use our Site. The most common browser settings in this respect will be explained below. However, please note that if you do select such setting, you may not be able to access the full functionality of our website.

WHAT ARE COOKIES ?

Cookies are small files or pieces of information stored on your computer (or other Internet enabled devices, such as a smartphone or tablet) when you visit one of our Site. A cookie will usually contain the name of the website from which the cookie has come from, the “lifetime” of the cookie (i.e. how long it will remain on your device), and a value, which is usually a randomly generated unique number.

WHAT ARE COOKIES USED FOR?

We use cookies to improve your browsing experience, make our Site easier to use and to better tailor the Site and our products to your interests and needs. Cookies may also be used to help speed up your future activities and experience on our Site. For example, they are used to remember your preferences (language, country, etc.) while browsing and on future visits. We also use cookies to compile anonymous, aggregated statistics that allow us to understand how people use our Site and to help us improve their structure and content. This information does not reveal your identity “in the real world”. On occasions, if we have obtained your informed consent in advance, we may use Cookies, tags or other similar devices to obtain information that enables us to show you, either from our own website or from third-party websites or any other means, advertising based on the analysis of your browsing habits.

WHAT ARE COOKIES NOT USED FOR ON THIS WEBSITE?

We do not store sensitive personal information, such as your address, your password, your credit or debit card data, etc., in the Cookies we use.

Who uses the information stored in Cookies?
The information stored in the Cookies from our website is used exclusively by us, except for those identified below as “third-party cookies”, which are used and managed by external entities to provide services requested by us to improve our services and the experience of the user when browsing our website. The main services for which these “third-party cookies” are used are to obtain access statistics and to guarantee the payment transactions that are carried out.

Do we put cookies on third-party support?
We may put our Cookies on websites of our partners broadcasting advertisements for our brands and/or products. These Cookies are mainly used to present you with appropriate content, corresponding to your interests, and to evaluate the consultation of our content (including advertising).

What types of cookies do we use?
Our Site uses cookies and/or other similar technologies such as device-IDs, pixel tags or web beacons to collect and store certain information. These typically involve pieces of information or code that a website transfers to or accesses from your computer hard drive or mobile device to store and sometimes track information about you. Cookies and similar technologies enable you to be remembered when using that computer or device to interact with webSite and online services and can be used to manage a range of features and content as well as storing searches and presenting personalized content.

We use the following types of cookies:

  • Strictly necessary cookies. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. They include, for example, cookies that enable you to log into secure areas of our Site and use a shopping cart.

Cookie

Description

Lifetime

Origin

keep_alive

Used in connection with buyer localization to process buying requests.

2 weeks 

First party

localization

Used in connection with checkout to process buying requests.

2 weeks

First party

OptanonConsent

Stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given.

1 year

First party

_tracking_consent

Used to store a user's preferences for privacy rules.

1 year

First party

  • Performance and analytics cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They allow us to recognize and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us for our legitimate interests of improving the way our Site works, for example, by ensuring that users are finding what they are looking for easily.

Cookie

Description

Lifetime

Origin

2c.cId

Identifies browsers between their visits to the site.

1 year

First party

_gid

Google Analytics cookie used to store information on how visitors use a website, while also creating a report of the website’s performance.

1 day

Third party

_ga

Google Analytics cookie which calculates visitor, session and campaign data and also keeps track of site usage for the site’s analytics report.

2 years

Third party

_shopify_y

Shopify Cookies are used to measure and report analytics related to marketing, referrals and tracking landing pages.

1 year

Third party

_s

Shopify Cookies are used to measure and report analytics related to marketing, referrals and tracking landing pages.

Session

Third party

_y

Shopify Cookies are used to measure and report analytics related to marketing, referrals and tracking landing pages.

1 year

Third party

rmuid

Targeting Cookies used by Rakuten Advertising Affiliate Network. Rakuten Advertising Privacy Policy here

30 days

Third party

  • Functional cookies. These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our pages. These are used to recognize you when you return to our Site. This enables us, subject to your choices and preferences, to personalize our content, greet you by name and remember your preferences (for example, your choice of language or region).

Cookie

Description

Lifetime

Origin

cart_currency

Set after a checkout is completed to ensure that new carts are in the same currency as the last checkout.

2 weeks

First party

_GRECAPTCHA

Provides spam protection

Session

Third party

intercom-id-zmcdradn

Anonymous visitor identifier cookie.

9 months

Third party

intercom-device-id-zmcdradn

Stores a unique ID for each device that interacts with the Messenger. Allows users to access the conversations that were created on this device for the duration of the cookie’s life.

9 months

Third party

intercom-session-zmcdradn

Identifies each unique browser session and helps keep track of sessions.

1 week

Third party

shopify_pay_redirect

Used in connection with checkout.

1 hour, 3 weeks or 1 year depending on value

First party

secure_customer_sig

Used to identify a user after they sign into a shop as a customer so they do not need to log in again.

1 year

First party

storefront_digest

Stores a digest of the storefront password, allowing merchants to preview their storefront while it's password protected.

Session

First party

 

How to manage your Cookies preferences in your Internet Browser?
The settings from the Internet browsers are usually programmed by default to accept Cookies, but you can easily adjust it by changing the settings of your browser. However, if you choose to disable the Cookies on your browser, you might not be able to benefit from all the functionalities offered by our Site.

For more information on how to customize your cookies options in your browser settings, please consult the following links:

For Microsoft Edge™: https://support.microsoft.com/en-us/help/4468242/microsoft-edge-browsing-data-and-privacy
For Safari™: https://support.apple.com/kb/HT1677?viewlocale=en_US
For Chrome™: https://support.google.com/chrome/answer/95647?hl=en
For Firefox™: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
For Opera™: https://help.opera.com/Windows/10.20/en/cookies.html.

For more information about other commonly used browsers, please refer to http://www.allaboutcookies.org/manage-cookies/.

Please be aware that if Cookies are disabled, not all features (e.g. online ordering) of the Site may operate as intended.