Privacy & Cookies Policy
Last revised May 27th, 2020
Molton Brown Limited, 130 Shaftesbury Avenue, London, W1D 5EU ("Kao Company"or "we"or our") and each of its affiliates and subsidiaries in the EMEA region collectively, the Kao Group") takes data privacy seriously. This Privacy Policy informs the users of www.moltonbrown.com.cy and any other Kao Company-owned websites or mobile applications on which this Privacy Policy is displayed ("Website") how we, as controller within the meaning of the General Data Protection Regulation ("GDPR") collect and process the personal data and other information of such users in connection with their usage of the Website. Note that other Kao Group websites or mobile apps may be governed by other privacy policies.
With N&M Beautyberry Co. Ltd, a company registered in Cyprus having its registered office at 24, Solonos Michaelides, 1035, Nicosia, Cyprus and any sub-processors (both located within or outside of the EU/EEA ) engaged by N&M Beautyberry Co. Ltd, may receive the personal data to process such data under the appropriate instructions (the "Additional Processor") for the purposes mentioned above. The Additional Processor will be subject to contractual obligations to implement the appropriate technical and organisational security measures to safeguard the personal data and to process the personal data as instructed.
1.Categories of Personal Data and Processing Purposes - What personal data do we process about you and why?
Metadata
You may use the Website without providing any personal data about you. In this case, we will collect only the following metadata that result from your usage of the Website: browser type and version, operating system and interface, website from which you are visiting us (referrer URL), webpage(s) you are visiting on our Website, date and time of accessing our Website, and internet protocol (IP) address.
Your IP address will be used to enable your access to our Website. The metadata, including the shortened IP address, will be used to improve the quality and services of our Website and services by analysing the usage behavior of our users.
Account
If you create an account on our Website you will be asked to provide the following personal data about you: name, gender (salutation), date of birth, postal address, email address, telephone number, selected password for your account, payment details, invoicing and delivery address and your preferences in receiving marketing from us (voluntary). We process such personal data for purposes of account administration, answering your queries or information requests, providing desired products or services, providing you with marketing materials where you have provided consent for us to do so, to the extent permitted by applicable law, analysing your interests for marketing purposes, improving our Website according to usage patterns, and for technical administration or other purposes to which you have agreed.
Product Orders
If you order a product via our Website we collect and process the following personal data about you: name, gender (salutation), postal address, email address, telephone number, payment details, invoicing and delivery address, type and amount of product, purchase price, order date, order status, product returns, customer care requests, and your preferences in receiving marketing from us (voluntary). We process such personal data for purposes of carrying out the contractual relationship and the product order, providing customer care services, compliance with legal obligations, defending, establishing and exercising legal claims, providing you with marketing materials where you have provided consent for us to do so, to the extent permitted by applicable law, and analysing your interests for marketing purposes.
Competitions
If you participate in a competition, we collect and process the following personal data about you: name, gender (salutation), postal address, email address, telephone number and selection as winner. We process such personal data for purposes of carrying out the competition, informing the winner, delivering the prize to the winner, carrying out the event, and providing you with marketing materials where you have provided us consent to do so, to the extent permitted by applicable law, and analysing your interests for marketing purposes.
Newsletter
If you request to receive our newsletter, we collect and process the following personal data about you: name, email address, date of birth (optional), gender (optional) and, your preferences in receiving marketing communications (voluntary). We process such personal data for purposes of providing the newsletter and other marketing materials to the extent permitted by applicable law and where you have provided us consent to do so, and analysing your interests for marketing purposes.
Contact Us
On our website, we offer you the opportunity to contact us via a contact page. For this we need the following personal data from you: email name, telephone number (optional), address (optional), date of birth (optional) and gender (optional). The personal data that you provide us in the context of this contact request will only be used to answer your inquiry and for the technical administration thereof. The transfer to third parties does not take place. Your personal data will be deleted as soon as we have processed your request or you revoke the consent you have given.
2. Processing Basis and Consequences - What is the legal justification for processing your personal data and what happens if you choose not to provide it?
We rely on the following legal grounds for the collection, processing, and use of your personal data:
- your consent to the processing of your data for one or more specific purposes (as detailed in Section 1) ; or if
- we have a legitimate interest in doing so (including but not limited to) a legitimate interest in performing marketing activities, research activities, data analytics, internal administration functions, processing and enforcing legal claims and conducting our business in compliance with all applicable laws, relevant industry standards and our policies).
The provision of your personal data is not required by a statutory or contractual obligation. The provision of your personal data is not necessary to enter into a contract with us or to receive our services/products as requested by you. The provision of your personal data is voluntary for you.
Not providing your personal data may result in disadvantages for you, for example, you may not be able to receive certain products and services. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you.
3. Categories of Recipients and International Transfers - Who do we transfer your personal data to and where are they located?
We may transfer your personal data to third parties for the processing purposes described above as follows:
- Within the Kao Company: Our parent entity in Japan, KaoCorporation, and each from its affiliates and subsidiaries (each affiliate and subsidiary company including ours is referred to as " the Kao Company"• collectively as the "Kao Group") within the international Group and may receive your personal data, if deemed necessary, for the purposes of processing mentioned above. Depending on the categories of your personal data and the reasons for their collection, different internal departments of the Company and the Company may receive your personal data. For example, the INFORMATION TECHNOLOGY department may have access to your account data, and the ecommerce department (eCommerce) as well as sales departments may have access to your account data or data related to product orders. In addition, other departments within the Kao Company, such as the legal department, the financial or internal audit department, may have access to your specific personal data due to the need to know basic information.
- With data processors: Specific external partners, whether they are affiliated or independent entities, such as internet service providers, order fulfillment providers, customer service providers, service providers marketing, it support service providers, and other service providers who help us maintain our commercial relationship with you, may receive your personal data to process it under appropriate instructions ("processors") when necessary, for the purposes of processing mentioned above. Processors are contractually obliged to implement appropriate technical and organizational security measures to ensure the your personal data and process it only in the manner indicated to them.
- Other recipients: We may transmit – in compliance with applicable data protection law – personal data to law enforcement authorities, government authorities, judicial authorities, legal advisers, external consultants, or business partners. In the event of a corporate merger or acquisition, personal data may be transferred to third parties involved in the merger or acquisition. We will not disclose your personal data to third parties for advertising or marketing purposes or any other reason without your permission.
Any access to your personal data is strictly limited only to those individuals who must necessarily be aware of it in order to fulfill the responsibilities of their work.
International Transfers. The personal data we collect or receive about you may be transmitted or processed by recipients located inside or outside the European Economic Area ("EEA").
- For recipients outside the EEA, some are certified under the Europe - U.S. Privacy Shield and some are based in countries that offer adequate protection and, in any case, the transfer of data from now on is recognized as a way to provide an adequate level of data protection from the European legal perspective of data protection.
- Other recipients may be based in countries that do not offer an adequate level of protection from the European legal point of view of data protection. We will take all necessary steps to ensure that data transfers outside the EEA are adequately protected as required by applicable data protection law.
- With regard to data transfers to countries where the level of data protection is not sufficient, we will base the transfer on appropriate protection measures, such as standard data protection clauses adopted by the European Commission or a supervisory authority, approved codes of conduct combined with binding and enforceable obligations for the recipient, or approved certification mechanisms with binding and enforceable obligations for the recipient.
You can contact us as indicated below in Section 7, to ask us for a a copy of these appropriate protection measures.
4. Your Rights – What are your rights and how can you assert them?
Right to withdraw your consent: If you have given your consent to the collection, processing and use of your personal data (in particular for direct communication with you for marketing purposes via email, telephone / SMS and by post), you can recall at any time with immediate effect. This revocation will not affect the lawfulness of the processing that preceded the withdrawal of consent. Please contact us with us as indicated below in Section 7 to withdraw your consent. In addition, you can object to the use of your personal data for marketing purposes without incurring any costs, in addition to the transfer costs, as defined by the basic costing.
Additional personal data rights: In accordance with the applicable law on the protection of personal data, you may have the right to: (i) request access to your personal data; (ii) request rectification of your personal data• (III) request deletion of your personal data; (iv) request limited processing of your personal data• (v) request the portability of the data; and/or (vi) object to the processing of your personal data (including objection to profiling).
Please note that the above-mentioned rights may be limited in accordance with the applicable national law on the protection of personal data. Please find additional information on your rights below within the limits of the "GDPR" applies:
- Right to request access to your personal data: You may have the right to ask us for confirmation as to whether or not some of your personal data are being processed and where possible to request access to it. This access includes, inter alia, the reasons for the processing, the categories of personal data concerned by the processing, and the recipients or category of recipients to whom your personal data has already been or will be disclosed. However, this right is not absolute and it is possible that the interests of other people limit your right of access. You may have the right to receive a free copy of your personal data that is being processed. If you ask us for additional copies you may incur a reasonable charge based on administrative costs.
- Right to request rectification: You may have the right to ask us to correct inaccurate personal data concerning you. Depending on the reasons for the processing, you may have the right to request that we complete incomplete personal data, even through the provision of a supplementary statement.
- Right to request deletion (right to be forgotten): Under certain circumstances, you may have the right to ask us to delete your personal data and we may have an obligation to delete such personal data
- Right to request limited processing: Under certain circumstances, you may have the right to ask us to restrict the processing of your personal data. In such a case, the corresponding data will be noted and only we will be able to process it for specific purposes.
- Right to request data portability: Under certain circumstances, you may have the right to receive the personal data concerning you, which you have given us, in a structured, commonly used and machine-readable format and you may have the right to transfer this data to another operator without us entering an obstacle.
- Right to lodge an objection: Under certain circumstances, you may have the right to lodge an objection, for reasons related to your own case, at any time during the processing by us of your personal data and we may be instructed to no longer process your personal data. Such a right of objection may apply specifically in the event that we collect and process your personal data for the purpose of drawing up your profile, in order to better understand your interests in our products and services as well as for direct sales promotion purposes. If you have the right to lodge an objection and exercise your right, we will no longer be able to process your personal data for the above purposes. You may exercise this right by contacting us as indicated below in Section 7. Such a right to object may, in particular, not exist if the processing of your personal data is necessary to take specific steps prior to the conclusion of a contract or to perform a contract that has already been completed. If you no longer wish to receive promotions by email, phone/ SMS and by post, you can withdraw your consent as indicated at the beginning of Section 5.
To exercise your rights, please contact us as indicated below in Section 7. You also have the right to lodge a complaint with the competent supervisory authority for the protection of personal data.
5. Cookies and other tracking technologies
This website uses cookies and other tracking technologies.
What is a cookie?
a cookie is a small text file that an internet portal installs on the computer, tablet or smart phone when you visit a website. Cookies can help us in many ways, such as allowing the portal to remember specific entries and settings (e.g. account login information, language, font size and other viewing preferences) for a specific period of time, so that you do not have to enter this information every time you visit or navigate to a website, for example, allowing us to customize a website based on your interests or save your password so that you don't have to type it in every time. In addition, when you visit our website you may notice some cookies that are not related to our. If you visit a website that contains embedded content, you may be sent cookies from those websites.
In case cookies are not enabled on your computer, you will still be able to browse the site www.moltonbrown.com.cy but your experience will be limited and you may not be able to add items to your cart and buy them.
Using your browser settings you can see which cookies are installed on your computer, remove all or some of them and set when to allow, and when not.
We do not control the setting of these cookies, so we suggest you check the websites third-party providers for more information about their cookies and how to Manage. If you do not wish to receive cookies, please set your browser to deletes all cookies from the computer's hard drive, blocks all cookies, or receives a notification before a cookie is stored.
For more information on how to manage cookies in the browser that use we recommend that you visit www.aboutcookies.org website.
How we use cookies and why:
Cookies used on the Molton Brown website are categorized according to the instructions of the Uk International Chamber of Commerce Cookie Guide (ICC UK Cookie Guide). Below we list the main cookies we use and the reasons why we use them.
Category 1: Strictly Necessary CookiesFor those type of cookies that are strictly necessary, no consent is required.
NAME OF COOKIE: JSESSIONID(Sitzung), cmTPSet, criteo_write_test (1 Tag), cto_tld_test (1 Tag), tms_VisitorID (559 Tage) tms_wsip (1 Tag) userPrefLanguage (18145 Tage) cookies.js (Sitzung), notFirstTime (Sitzung), sessionConf (session)
DOMAIN: www.moltonbrown.com.cy
PURPOSE OF COOKIE: These cookies are required to make the core functionality of the website to work. It ensure that your shopping selections are carried through your journey by preserving your states across page requests.
EXPIRATION DATE: See name of cookie box.
Category 2: Google Analytics, Google Signals, performance and statistics cookies.
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.
In case IP-anonymization is activated on this website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there. The IP-anonymization is active on this website.
Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage.
The IP-address, that your Browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Add on for your current web browser: tools.google.com/dlpage/gaoptout.
As an alternative to the browser plug-in and especially for mobile browsers, please click on the following link to set an opt-out cookie. This opt-out cookie prevents detection by Google Analytics within this website. http://www.moltonbrown.co.uk/data-protection-policy/?google-analytics-opt-out=true
We also use the web analysis service, Google Signals. Via Google Signals, Google provides us with reports on cross-device user numbers, as well as different groups of users, based on different device combinations. In order to do so Google uses the data of users who have activated the option “personalized advertising” in their Google account settings. Google Signals can only be used with activated IP anonymization. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. Thus, no conclusions can be drawn as to the identity of a single user.
You can object to the collection of your data via Google Signals, at any time via disabling “personalised advertising” in your Google Account: https://support.google.com/ads/answer/2662922?hl=en
Additional information on how Google handles personal data in its advertising network can be found here: Advertising and Privacy
NAME OF COOKIE: APISID, HSID, NID, SAPISID, SID, SSID, SIDCC
DOMAIN: google.co.uk / google.com
PURPOSE OF COOKIE: Various unique identifiers. Google set a number of cookies on any page that includes a Google Map or YouTube Video. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google Maps users.
EXPIRATION DATE: Most of the cookies expire 10 years after your last visit to a page containing a Google Map.
Category 3: Advertising, marketing &3rd party cookies.
These cookies are used to deliver adverts that are relevant to you and your interests They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaigns. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.
NAME OF COOKIE: Tuuid, tuuid_lu, um, umeh
DOMAIN: 360yield.com
PURPOSE OF COOKIE: This Third Party tracking allows our media owners to better understand user profiles and enables them and us to tailor our adverts to make them more relevant to our customers’ needs.
EXPIRATION DATE: up to 3 months
NAME OF COOKIE: tluid
DOMAIN: 3lift.com
PURPOSE OF COOKIE: Used to present the visitor with relevant content and advertisement - The service is provided by third party advertisement hubs, which facilitate real-time bidding for advertisers. This domain is owned by TripleLift, a USA based business providing programmatic native advertising services.
EXPIRATION DATE: 3 months
NAME OF COOKIE: na_id, ouid, uid
DOMAIN: Addthis
PURPOSE OF COOKIE: Add this creates a unique, machine-generated user ID. Add This, which is owned by Clearspring Technologies, uses the user ID to make it possible for the user to share content across social networks and provide detailed statistics to various providers. The Add This cookie is “dropped” when an end user visits a publisher site that uses the Add This Website Tools. Certain consent tools allow for cookies to be suspended (or “not dropped”) if the user has not consented to cookies on the site. Geolocation, is used to help providers determine how users who share information with each other are geographically located (state level). If your intent is to disable the services you need to read and follow instructions https://datacloudoptout.oracle.com/
EXPIRATION DATE: 1 year
NAME OF COOKIE: anj, uuid2
DOMAIN: adnxs.com
PURPOSE OF COOKIE: Registers a unique ID that identifies a returning user's device.
EXPIRATION DATE: 3 months
NAME OF COOKIE: TDCPM, TDID
DOMAIN: adsrvr.org
PURPOSE OF COOKIE: Purpose of these cookies is to allow for optimisation of performance of advertising on other websites as well as to understand what advertising converts on the website and track web browsing behaviour.
EXPIRATION DATE: 1 year
NAME OF COOKIE: APID, IDSYNC
DOMAIN: advertising.com
PURPOSE OF COOKIE: Collects information on visitor behavior on multiple websites. This information is used on the website, in order to optimize the relevance of advertisement. Identifies if the cookie-data needs to be updated in the visitor's browser - This is determined through thir d-party adserving-companie.
EXPIRATION DATE: 1 year
NAME OF COOKIE: c, tuuid, tuuid, tuuid_lu
DOMAIN: bidswitch.net
PURPOSE OF COOKIE: Regulates synchronization of user identification and exchange of user data between various ad services.
EXPIRATION DATE: 1 year
NAME OF COOKIE: MUID, MUIDB
DOMAIN: bing.com
PURPOSE OF COOKIE: Used widely by Microsoft as a unique user ID. The cookie enables user tracking by synchronising the ID across many Microsoft domains.
EXPIRATION DATE: 1 year
NAME OF COOKIE: anj, uuid2
DOMAIN: Βluekai.com
PURPOSE OF COOKIE: Registers anonymized user data, such as IP address, geographical location, visited websites, and what ads the user has clicked, with the purpose of optimizing ad display based on the user's movement on websites that use the same ad network.
EXPIRATION DATE: 179 days
NAME OF COOKIE: CMDD, CMID, CMPRO, CMPS, CMRUM 3, CMST
DOMAIN: casalemedia.com
PURPOSE OF COOKIE: Collects anonymous data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.
EXPIRATION DATE: CMPRO, CMPS
3 months
CMID, CMRUM3
1 χρόνος
CMST, CMDD
1 day
NAME OF COOKIE: uid
DOMAIN: criteo.com
PURPOSE OF COOKIE: Collects anonymous data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.
EXPIRATION DATE: 1 year
NAME OF COOKIE: tms_VisitorID, tms_wsip, newsPopup
DOMAIN: Fresh Relevance
PURPOSE OF COOKIE: tms_VisitorID - This cookie is used to identify each shopper and attributes site interactions to them. The cookie is set to expire after 80 weeks, which is extended each time the shopper visits the site. If they don't return to the site within that period, the cookie will be automatically deleted.
tms_wsid - This is a housekeeping cookie set to expire after 30 minutes and works in conjunction with the tms_VisitorID cookie to capture shopper activity.
newsPopUp - This is the default cookie used by PopOver SmartBlocks to suppress a PopOver x days after it is last seen, where x is configurable for each PopOver. The duration is also the same value as x.
EXPIRATION DATE:
NAME OF COOKIE: ayl_visitor
DOMAIN: omnitagjs.com
PURPOSE OF COOKIE: This cookie registers data on the visitor. The information is used to optimize advertisement relevance.
EXPIRATION DATE: 29 days
NAME OF COOKIE: i
DOMAIN: openx.net
PURPOSE OF COOKIE: This domain is owned by OpenX. The main business activity is: Advertising. This cookie registers anonymized user data, such as IP address, geographical location, visited websites, and what ads the user has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same ad network.
EXPIRATION DATE: 1 year
NAME OF COOKIE: criteo
DOMAIN: outbrain.com
PURPOSE OF COOKIE: This cookie is currently under review and its purpose is being assigned. Once complete, this description will be updated accordingly.
EXPIRATION DATE: 29 days
NAME OF COOKIE: opt_out
DOMAIN: postrelease.com
PURPOSE OF COOKIE: This cookie is currently under review and its purpose is being assigned. Once complete, this description will be updated accordingly.
EXPIRATION DATE: 1 year
NAME OF COOKIE: KRTBCOOKIE_#, PUBMD CID, PugT
DOMAIN: pubmatic.com
PURPOSE OF COOKIE: This domain is owned by Pubmatic. It operates an advertising exchange platform where online publishers can sell targeted advertising space to media buyers using real time bidding. This cookie registers a unique ID that identifies the user's device during return visits across websites that use the same ad network. The ID is used to allow targeted ads. If your intent is to disable pubmatic services you need to read and follow instructions.
EXPIRATION DATE: 29 days
PUBMDCID
3 months
NAME OF COOKIE: rlas3, pxrc
DOMAIN: rlcdn.com
PURPOSE OF COOKIE: Collects anonymous data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.
EXPIRATION DATE: 2 months
NAME OF COOKIE: stx_user_id
DOMAIN: sharethrough.com
PURPOSE OF COOKIE: Sets a unique ID for a specific visitor. This ID can be used to recognize the visitor upon re-entry and implement any preference choices made. The cookie also allows the website to track the visitor on multiple websites for marketing purposes
EXPIRATION DATE: 1 year
NAME OF COOKIE: UID uid-bp
DOMAIN: ads.sticky adstv.com
PURPOSE OF COOKIE: Unique user ID that recognizes the user on returning visit.
EXPIRATION DATE:
UID
1 year
uid-bp
29 days
NAME OF COOKIE: t_gid, taboola_usg, taboola_vmp
DOMAIN: taboola.com
PURPOSE OF COOKIE: This cookie gives a user a User ID that is used for attribution and reporting and keeps track of user segmentation.
EXPIRATION DATE: 1 year
NAME OF COOKIE: Tt_viewer
DOMAIN: Τeads.tv
PURPOSE OF COOKIE: This domain is owned by Teads, a video advertising marketplace company, specialising in native advertising on video.
EXPIRATION DATE: 1 year
NAME OF COOKIE: AWSELB
DOMAIN: crieopartners.tremorhub.com
PURPOSE OF COOKIE: Load Balancing Cookie: Used to map the session to the instance.
EXPIRATION DATE: 1 day
NAME OF COOKIE: B
DOMAIN: Yahoo.com
PURPOSE OF COOKIE: Collects anonymous data related to the user's website visits, such as the number of visits, average time sp ent on the website and what pages have been loaded. The registered data is used to categorise the users'interest and demographical profiles with the purpose of customising the website content depending on the visitor.
EXPIRATION DATE: 1 year
Controlling cookies
You can randomly manage and/or delete these cookies. You can delete all of the cookies stored on your computer and you can set up most browsers in such a manner that the archiving of cookies is prevented in the first place.
However, if you do this, you may have to manually adjust some settings every time you visit and live with the impairment of some of the functions
Questions and Contact Information
For further information and to exercise your statutory rights according to section 5, please go to www.kao.com/global/en/EU-Data-Subject-Request.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time in response to changing legal, regulatory or operational requirements. We will notify you of any such changes, including when they will take effect, by updating the "Last revised"date above or as otherwise required by applicable law.
Your continued use of our Website after any such updates take effect will constitute acceptance of those changes. If you do not accept updates to this Privacy Policy, you should stop using our Website.