Privacy Notice

e.l.f. Cosmetics
Effective as of October 12, 2020

At e.l.f. Cosmetics (“we” or “us”), we believe in being clear and open about how we collect and use personal information related to you. In the spirit of transparency, this Privacy Notice provides you with information about the types of personal information we collect, how we use such personal information and to whom and under what circumstances we disclose it.

This Privacy Notice applies to personal information we collect from you, or that you provide to us, and communications from us, in connection with your use of our websites, our mobile applications (if available in your country), promotions in which we are involved, and social media. Please read this Privacy Notice carefully so that you understand your rights in relation to your personal information, and how we will collect, use, and process your personal information.

If you do not agree with this Privacy Notice in general or any part of it, you should not use our websites, our mobile applications, request marketing material from us, or take part in our promotions or social media activity, as applicable.

If you are a California resident, please see the California Residents Privacy Addendum for additional information about our privacy practices and your rights as a California resident.

If you are resident of the European Economic Area (the “EEA”) or the United Kingdom, please see the EU/UK Privacy Addendum for additional information about our privacy practices and your rights as a resident of the EEA or the UK.

WHAT INFORMATION DO WE COLLECT, HOW DO WE COLLECT IT, AND HOW DO WE USE IT?

We collect information about you in many ways from many places. Some of the information we collect may include information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your device (“personal information”). In some countries like those in the EEA or the UK or in states like California, things like IP address or cookie and mobile device identifiers may also be considered personal information. When we collect information from you, we indicate any information that you are required to provide to us, and the consequences of the failure to do so.

Whenever we use your personal information, we will have a reason to do this.

We use your personal information for one or more of the following business purposes:

  • to fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our products, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product, we will use that information to process your payment and facilitate delivery. We also save your information to facilitate new product orders or process returns;
  • to provide, support, and develop our websites, mobile applications, products, and services;
  • to create, maintain, customize, and secure your account with us;
  • to process your requests, purchases, transactions, and payments and prevent transactional fraud;
  • to provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;
  • to personalize your website or mobile application experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our websites or mobile applications and via email or text message (with your consent, where required by law);
  • to help maintain the safety, security, and integrity of our websites, mobile applications, products, and services, including to detect, prevent, or otherwise address fraud, security, or technical issues; and
  • to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users is among the assets transferred.

In particular, in the table below, we explain:

  • what activity or scenario you are involved in when we use or collect your personal information;
  • what categories of personal information we collect when you take part in a particular activity;
  • what we do with your personal information, and the purposes for collecting and using it; and
  • solely for purposes of the General Data Protection Regulation (the “GDPR”) (or UK equivalent) (which is only applicable to residents of the EEA or the UK, as applicable), our legal basis for using your personal information

What We Collect

How We Use It

Our Legal Basis for Processing, Using, and Storing It for Purposes of the GDPR (or UK equivalent)

Purchases and Order Management

Identifiers and commercial information that we collect, or you give us, when you place an order, including:

your contact details including: your first and last name, billing address, mailing address, email address; and

the product(s) you purchased.

 

We use this information to:

fulfill your requests and orders for products;

take payment from or give you a refund;

help us ensure that our consumers are genuine and to prevent fraud;

manage and keep your order history (including by adding to your account if you have one);

send you personalized offers, shopping ideas or other marketing materials; and

enhance your shopping experience while on our websites or mobile applications by showing you personalized content; and

run analytics, statistics, and research.

 

We base this processing on:

performance of a contract—so we can perform our contract for the sale of our products to you and manage the associated logistics;

our legitimate interests—we have a legitimate business interest in (i) maintaining records relating to our business for commercial, tax, accounting, auditing and anti-money laundering purposes, (ii) improving our products and services; (iii) preventing fraud; and (iv) securing our tools; and

to comply with our specific statutory retention obligations arising from, in particular, applicable commercial, tax, accounting, auditing or anti money laundering laws).

Account Creation and Management

Identifiers and characteristics of protected classifications that we collect, or you give us, when you create an account or manage your account, including:

your contact details including: your first and last name, billing address, mailing address, email address;

your account password;

your birthdate;

your credit card information (1);

your order history;

your wish list;

your social media account handles;

your gender; and

your demographic information (if you choose to provide this to us), including your household income and your skin tone and type.

 

We use this personal information to:

manage and keep your order history;

allow you to manage your preferences;

operate and manage your account and any associated loyalty program;

enhance your shopping experience while on our websites or mobile applications by showing you personalized content;

send you personalized offers, shopping ideas or other marketing materials; and

run analytics, statistics, and research.

 

We base this processing on:

performance of a contract—so you can create and manage your account and so that we can operate and manage our loyalty program;

our legitimate interests—we have a legitimate business interest in improving our products and services.

Marketing and Promotional Materials

Identifiers that we collect, or you give us, when you sign up for our marketing materials:

your email address; and

your phone number.

 

We use this personal information to:

send you offers, shopping ideas or other marketing materials (which may be personalized based on the personal information we know or learn about you);

deliver targeted advertising, such as advertisements and content on social media platforms and other websites;

keep an up to date suppression list if you have asked not to be contacted; and

run analytics, statistics, and research.

 

We base this processing on:

your consent to receiving marketing communications from us (other than targeted advertising); and

our legitimate interests—we have a legitimate business interest in improving our products and services.

Questions and Customer Service

Identifiers that we collect, or you give us, when you communicate with us whether in person, through our websites, mobile applications, through via email, over the phone, through social media or via any other medium, including:

your contact details including: your first and last name, mailing address, email address, social media account name, or whatever method you use to contact us;

the details of your communications with us; and

the details of our communications to you.

 

We use this personal information to:

answer and manage your questions; and

run analytics, statistics, and research.

 

We base this processing on:

performance of a contract—so that we can answer and manage your questions; and

our legitimate interests—we have a legitimate business interest in (i) improving our products and services; and (ii) securing our tools.

Online Browsing

Identifiers and internet or other electronic network activity that we collect through your use of our websites (which may be through cookies), including:

Internet Protocol (IP) address;

MAC address;

browser type;

operating system;

device identifying personal information;

the specific web pages visited during your connection;

the domain name from which you accessed our websites; and

your browsing behavior, such as the date and time you visit our websites, the areas or pages of our websites that you visit, the amount of time you spend viewing our websites, the number of times you return to our websites or mobile applications, the products you selected to create your basket, whether you left items in your basket or “abandoned” your basket, and other clickstream data.

For more information on cookies, see “Cookies and Traffic Data” Section.

 

We use this information to:

allow our websites to function properly (for example, to ensure the proper display of content, to create and remember your shopping cart and to create and remember your account login details);

improve our websites (for example, by testing new ideas or layouts)

ensure our websites are secure and safe, and to protect you against fraud or misuse of our websites or services (for example through performing troubleshooting);

enhance your shopping experience while on our websites by showing you personalized content;

send you personalized offers, shopping ideas or other marketing materials;

deliver targeted advertising, such as advertisements and content on social media platforms or other websites; and

run analytics, statistics, and research.

 

We base this processing on:

your consent to storing cookies on your device. For more information on cookies, see “Cookies and Traffic Data” section; and

our legitimate interests—we have a legitimate business interest in (i) operating and improving our websites, products and services; (ii) preventing fraud; and (iii) securing our tools.

Third-Parties

Identifier and commercial information that we collect from our third-parties, including:

payment processing companies;

address update services; and

public relations/communications companies (with respect to influencers).

 

We use this information to:

take payment from or give you a refund;

help us ensure that our consumers are genuine and to prevent fraud; and

communicate with influencers and media contacts.

 

We base this processing on:

performance of a contract—so we can perform our contract for the sale of our products to you; and

our legitimate interests—we have a legitimate business interest in (i) maintaining records relating to our business for commercial, tax, accounting, auditing and anti-money laundering purposes, and (ii) preventing fraud.

 

Use of Social Media (2)

Identifiers and internet or other information that we collect when you publicly share or engage with content through social media, including:

information about you that you have made publicly available through your social media profile (for example, your photos or posts, and the photos, posts or the “likes” you make).

Identifiers and other information that we collect when you publicly mention us on social media platforms, including:

social media handle;

photo; and/or

any comments mentioned in your post.

 

We use this information to:

understand how consumers view our products/services;

identify beauty trends; and

run analytics, statistics, and research.

Where possible, we do this in way that we are unable to directly identify you.

 

We base this processing on:

our legitimate interests—we have a legitimate business interest in improving our products and services

Promotions

Identifiers that we collect, or you give us, when you participate in a sweepstakes, contest, or other promotion, including:

your name;

your contact details;

birthdate or age range;

address or country of residence;

your social media handle and promotion entry (if the promotion is run on a social media platform); and

user generated content / promotion entries.

 

We use this information to:

manage and operate the promotion;

use the content you have created and/or shared in accordance with the specific terms and conditions accepted by you;

understand how consumers view our products/services;

identify beauty trends; and

run analytics, statistics, and research.

 

We base this processing on:

performance of a contract—so you can enter into the promotion, we can contact you about the promotion, and we can deliver the prize;

your consent to the use of content you have created and/or shared in accordance with the specific terms and conditions accepted by you; and

our legitimate interests—we have a legitimate business interest in (i) improving our products and services; and (ii) securing our tools.

User Generated Content

Identifiers and other information that we collect, or you give us, when you submit content (for example images or ratings and reviews) on our websites, mobile applications, or social media platforms, when you publicly tag us on a social media post, or accept our re-use of any content you posted on social media platforms:

We use this information to:

use the content you have created and/or shared in accordance with the specific terms and conditions accepted by you; and

understand how consumers view our products/services;

identify beauty trends; or

run analytics, statistics, and research.

We base this processing on:

your consent to the use of content you have created and/or shared in accordance with the specific terms and conditions accepted by you; and

our legitimate interests—we have a legitimate business interest in improving our products and services.

(1) For more information on credit card storage and usage on our websites or mobile applications, please see the “Third-Party Collection of your Credit Card Information” section.

(2) Please note that you may be able to control what information you share through the privacy settings for your social media accounts—please refer to the applicable social media’s privacy policies and terms of use for more details and information.

We obtain all of the above personal information directly from you, except for personal information that we (i) receive from payment processing companies and address update services, (ii) obtain from publicly available social media profiles and social media engagement with our content, and (iii) with respect to influencers, public relations/communications companies, as indicated above.

Influencer Data

We obtain contact details and other personal information regarding media contacts and influencers from a variety of sources including Cision. If you wish to know more about how such information is collected and used, please refer to Cision’s privacy notice at www.cision.com/us/legal/privacy-policy.

Cookies and Traffic Data

Cookies

Certain cookies and web beacons that we employ are necessary for the operation of our website. Other cookies that we employ are not necessary for the operation of our websites but are employed to enhance your use of our websites and shopping experience.

Our cookies include session cookies (temporary cookies that identify and track users within our websites which are deleted when you close your browser or leave your session) or persistent cookies (cookies which enable our websites to “remember” who you are and to remember your preferences within our websites and which will stay on your computer or device after you close your browser or leave your session).

We use the following different types of cookies:

Category

Description

Strictly Necessary

These are cookies which are needed for our websites to function properly, for example, these cookies allow you to access secure areas of our websites or to remember what you have put into your shopping basket.

Performance

These cookies allow us to keep a record of traffic data, count visits, traffic sources, access rates, page hits and page views so we can measure and improve the performance of our website. They help us know which pages are the most and least popular and see how visitors move to and from and around our website.

Functional

These cookies allow our websites to remember choices you make (such as your username, language, or the region you are in) and provide enhanced, more personal features. These cookies allow the provision of enhance functionality and personalization, such as chats. They are set by us or by third party providers whose services we have added to our pages.

Targeting

These cookies are set through our websites by our advertising partners. They are used by those companies to build a profile of your interests and show you relevant ads on other websites. They record a user’s visit to a website, the pages a user has visited and the links a user has followed. Companies will use this information to make the website more relevant to users. Companies may also share this information with third parties for this purpose.


You can find more general information about cookies and generally how to manage them at www.allaboutcookies.org and www.youronlinechoices.com.

We use third-party advertising companies (with your consent if you are a resident of the EEA or the UK) that use tracking technologies to serve our advertisements across the Internet. These companies collect personal information about your visits to our websites and other website/applications and your interaction with our advertising and other communications. These advertising companies serve ads on behalf of us and others on non-affiliated website, and some of those ads will be personalized, meaning that they are intended to be relevant to you based on personal information collected about your visits to our websites and elsewhere over time. Other companies may also use such technology to advertise on our website.

Google Analytics

We use Google Analytics, which is a web analytics tool that helps us understand how users engage with our website. Like many services, Google Analytics uses first-party cookies to track user interactions, as in our case, where they are used to collect details about how users use our website. This information is used to compile reports and to help us improve our website. The reports disclose trends without identifying individual visitors.

Google Analytics services are provided in Europe by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and elsewhere by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and other affiliated Google entities.

Google Analytics uses cookies to collect information about visitors to our websites (data related to the user’s device/browser, IP address and on-site activity). They measure and report on user interactions on our websites. This includes details of the volume and nature of traffic to our websites (for example, which pages users visit first, which pages are most popular, how long users stay on the site, and geographical region of users). Google may also use data collected from these reports to improve their own services, for benchmarking purposes and to provide technical support.

You can find out more about how Google uses personal information here: https://policies.google.com/privacy.

For residents of the EEA or the UK that are subject to the GDPR, we base the use of Google Analytics on your consent.

You can opt out of Google Analytics without affecting how you visit our websites – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.

HOW WE SHARE YOUR PERSONAL INFORMATION?

For Business Purposes

We personal information collected from, and about, you for a business purpose with service providers who help us run our business, including order management and shipping processors; payment processors; customer service providers; shopping experience service providers; customer relationship management service providers; analytics service providers, advertisers; loyalty program providers; product review program providers; cloud storage providers; and IT service providers. We share only the personal information needed for these service providers to complete the tasks we request.

Third-Party Collection, Processing and Storage of your Credit Card Information

We use a third-party payment processor to process credit card transactions. Our third-party payment processor will utilize a process known as “tokenization” in order to securely process credit card transactions when you provide your credit card data to us. Tokenization is the replacement of sensitive data with a unique identifier that cannot be mathematically reversed. These tokens take the place of sensitive credit card data.

When you submit your credit card data to us for one-time purchases or for saving in your account, that data is immediately encrypted and transmitted directly to our third-party payment processor for storing, processing, and token generation.

If we offer subscription orders, when you make a subscription order, your credit card data will be encrypted and transmitted directly to our subscription order manager for processing and storage. When it is time for your next order per your subscription plan, your credit card data will be encrypted and transmitted by our subscription order manger and processed by our third-party payment processor.

Your credit card data is not stored or retained by us in any circumstance.

For Advertising

We personal information collected from, and about, you with advertisers, advertising publishers, and marketing service providers to serve you targeted advertising.

With Your Consent

In certain circumstances and where required by law, we disclose personal information collected from, and about, you with companies, organizations or individuals with your express consent.

For Legal Reasons

We also share personal information collected from, and about, you with third-parties if we are legally required to do so, or if we have a good-faith belief that access, use, preservation or disclosure of the personal information is reasonably necessary to:

  • comply with any applicable federal, state, or local law, regulation, civil, criminal or regulatory inquiry, investigation legal process or enforceable governmental request;
  • respond to legal process (such as a search warrant, subpoena, summons or court order);
  • enforce our Terms of Use (or other terms of service for our websites or mobile applications), including investigation of potential violations;
  • detect, prevent or otherwise address security, fraud or technical issues;
  • cooperate with law enforcement agencies concerning conduct or activity that we reasonably and in good faith believes violate federal, state, or local law; or
  • exercise or defend legal claims, protect against harm to our rights, property or safety or the rights, property or safety of third-parties, our consumers, or the public as required or permitted by law (exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).

Affiliated Brands and Companies

We also share personal information collected from, and about, you with our corporate affiliates, including our parent company, e.l.f. Beauty, Inc., or other brands in the e.l.f. Beauty portfolio. For additional information regarding our corporate affiliates or other brands, please visit investor.elfcosmetics.com.

In Connection with a Sale or Merger

If we directly or indirectly undergo a business transition (including proposed transactions), like a merger, acquisition by another company, or sale of all or part of our assets, we may disclose or transfer personal information collected from, and about, you to the successor organization in the transition.

Aggregated, Non-Personally Identifiable Information

We share aggregate, non-personally identifiable information with our service providers in order for those service providers to enhance and optimize their services and for statistical analysis, research, and other purposes.

YOUR CHOICES

Updating Your Information

If you maintain an account with us, you may view, update, correct or modify certain of your personal information by signing into your account.

Withdrawing Your Consent for (Opting-Out of) Promotional Emails

If you do not wish to receive communications from us about special offers and promotions, you can opt-out of receiving these communications by following the instructions contained in the messages you receive. Even if you opt-out of receiving these messages, we reserve the right to send you certain communications relating to the services we provide, service announcements and administrative messages. We do not offer you the opportunity to opt-out of receiving those service or administrative communications.

Withdrawing Your Consent for (Opting-Out of) of SMS Text Messages

If you are a resident of the United States and you do not wish to receive communications from us about special offers and promotions, you can opt-out of receiving these communications by following the instructions in the SMS Text Messages Terms and Conditions.

You can set your browser to reject cookies, warn you about attempts to place cookies on your computer or device, or limit the type of cookies you allow. You can also manually delete individual or all the cookies on your computer or device by following your browser’s or device’s help file directions. You can also set your browser or device to delete cookies every time you finish browsing. Please note that browser- and device-management tools for cookies are outside of our control and we cannot guarantee their effectiveness. Please also note that flash cookies operate differently than browser cookies and cookie management tools available may not remove flash cookies.

Residents of the EEA or the UK may also turn off cookies that are not necessary for the operation of our website. Please follow the applicable procedure in the “Withdrawing Consent” section in the EU/UK Privacy Addendum.

Please note that if you turn off cookies that are not necessary for the operation of our websites, your browser or device is set to reject cookies, or you manually delete cookies, some or all the features and functionality of our websites may not function properly (including features we add to our websites in the future).

Opting Out of Third-Party Tailored Advertising

If you are interested in more information about tailored advertising and your choices to prevent third parties from delivering tailored web and mobile web advertising, please visit the following websites:

These opt-out tools are provided by third parties (and not by us). We do not control or operate these tools or the choices that advertisers and others provide through these tools.

SECURITY OF YOUR PERSONAL INFORMATION

We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized access, destruction, loss, alteration, disclosure or use.

COMPLAINTS

We strive to be transparent about the ways in which we collect and use personal information and welcome your questions and concerns. If you have any concern or complaint about the way we handle your personal information, please contact us using the contact information detailed in the “Contact Us” section.

To the extent you believe we have not addressed your concerns or otherwise choose to do so, you have the right to complain to a supervisory authority in the country where you reside. In the UK, contact details for the relevant supervisory authority are available here. In the EEA, contact details for the relevant supervisory authority are available here.

INTEREST BASED ADVERTISING

We use third-party advertising companies that use tracking technologies to serve our advertisements across the Internet. These companies may collect personal information about your visits to our websites and other websites/applications and your interaction with our advertising and other communications. These advertising companies serve ads on behalf of us and others on non-affiliated websites, and some of those ads may be personalized, meaning that they are intended to be relevant to you based on personal information collected about your visits to our websites and elsewhere over time. Other companies may also use such technology to advertise on our website.

OUR POLICIES CONCERNING CHILDREN

Our websites or mobile applications are not directed to children, nor do we knowingly collect any personal information from, children under the age of 13 (or with respect to residents of the EEA, children under the age of 16) without verifiable parental or legal guardian consent.

THIRD PARTY WEBSITES

Our websites or mobile applications contain links to third-party websites, such as social media websites (for example, Instagram, Facebook, YouTube, TikTok, Pinterest, Twitter, and Snapchat), each of which have privacy policies that differ from this Privacy Notice. We are not responsible for the activities and practices that take place on these websites. Accordingly, we recommend that you review the privacy policy or privacy notice/statement posted on any external website before disclosing any personal information. Please contact those websites directly if you have any questions about their privacy policies.

CHANGES TO THIS PRIVACY NOTICE

We may change this Privacy Notice from time to time, including as required to keep current with rules and regulations, new technologies and security standards. When we do, we will post the change(s) on the applicable page of our website. For significant changes, we will notify you by posting a notice on the applicable website indicating at the top of the Privacy Notice when it was most recently updated or notify you in another appropriate manner. If you wish to review a copy of the privacy notice effective prior to the effective date of this Privacy Notice, please contact us using the contact information detailed in the “Contact Us” section.

CONTACT US

If you have questions or concerns about this Privacy Notice or how we collect and use the information of our consumers, please contact us by webform, by phone at (212) 239-1530 (Weekdays 9:30am-5:30pm EST) or by email at elfcare@elfcosmetics.com or elfcare.eu@elfcosmetics.com (for EEA residents).

You may also write to us at:

e.l.f. Cosmetics, Inc.
570 10th Street, 3rd Floor
Oakland, CA 94607
ATTN: Legal Department
RE: Privacy Info


CALIFORNIA RESIDENTS PRIVACY ADDENDUM

Last Updated: October 12, 2020

Please note that the California Residents Privacy Addendum only applies to California residents.

COLLECTION AND SHARING OF PERSONAL INFORMATION

Collection of Personal Information

During the 12-month period prior to the effective date of this California Residents Privacy Addendum, we have collected the personal information listed in the section “What Information Do We Collect, How Do We Collect It, And How Do We Use It?” in the Privacy Notice.

Sharing of Personal Information

In the table below, we explain the categories of personal information we have shared with third parties and the categories of third parties with whom we shared your personal information during the 12-month period prior to the last update of this California Residents Privacy Addendum.

What We Share

Who We Share It With

Identifiers, including your first and last name, billing address, mailing address, email address, and internet protocol address;

We share this information with:

order management and shipping processors;

payment processors;

customer service providers;

shopping experience service providers;

customer relationship management service providers;

analytics service providers

advertisers, advertising publishers and marketing service providers (including for purposes of targeted advertising);

loyalty program providers;

product review program providers;

cloud storage providers;

IT service providers; and

our affiliated entities and subsidiaries.

Commercial information, including purchase and order management information;

We share this information with:

order management and shipping processors;

payment processors;

customer service providers;

shopping experience service providers;

customer relationship management service providers;

analytics service providers

advertisers, advertising publishers and marketing service providers (including for purposes of targeted advertising);

loyalty program providers;

product review program providers;

cloud storage providers;

IT service providers; and

our affiliated entities and subsidiaries.

Internet or other electronic network activity information, including browsing history, search history, and information regarding your interaction with our website

We share this information with:

order management and shipping processors;

payment processors;

customer service providers;

shopping experience service providers;

customer relationship management service providers;

analytics service providers

advertisers, advertising publishers and marketing service providers (including for purposes of targeted advertising);

loyalty program providers;

product review program providers;

cloud storage providers;

IT service providers; and

our affiliated entities and subsidiaries.

 

Sale of Personal Information

We do not sell your personal information for monetary compensation.

During the 12-month period prior to the last update of this California Residents Privacy Addendum, we have shared (which may be considered selling, for the purposes of the California Consumer Privacy Act (the “CCPA”)) the following categories of personal information with advertisers, advertising publishers, and marketing service providers to serve you targeted advertising (including cross-device marketing or advertising campaigns (where we can infer that a particular browser, device, or pseudonymous identifier belongs to you)):

  • email address, phone number, your IP address and your internet and electronic network activity including information regarding your interaction with our website.

You have the right to opt out of this sharing of your personal information. If you wish to request that we do not sell your personal information, please contact us using the contact information detailed in the “Exercising Your California Privacy Rights” section.

We do not have actual knowledge that we sell personal information of individuals under the age of 16.

CALIFORNIA PRIVACY RIGHTS

Freedom from Discrimination

As a California resident, you have certain privacy rights such as the right to access your personal information, the right to deletion your personal information, and the right to opt out of the sale of your personal information. We will not discriminate against you because you have exercised any of these rights. In particular, unless permitted by law, if you exercise your rights, we will not:

  • deny you goods or services;
  • charge you a different price or rate for goods or services;
  • provide you a different level or quality of goods or services; or
  • suggest that you will receive a different price or level of quality of goods or services.

Right to Access

California residents, subject to verification, can request information from us about the information we collect, use, disclose and sell, from and about them, over the past 12 months, including:

  • the categories of personal information we have collected about you;
  • the categories of sources from which the personal information is collected;
  • the business or commercial purpose for collecting or selling your personal information;
  • the categories of third parties to whom we have disclosed or sold your personal information;
  • the specific pieces of personal information we have collected about you; and
  • the categories of personal information we disclosed or sold for a business purpose.

You may access certain personal information by signing into your account. From there, you can correct, modify, or update that personal information (other than your order history). Please note that deleting any personal information in your account will not completely delete that information from our systems—to completely have your personal information deleted, you must follow the directions in the “Exercising Your California Privacy Rights” section.

If you wish to access any personal information that is not contained in your account profile, if you do not have an account and wish to access your personal information, or if you wish to request information from us about the information we collect from and about you over the past 12 months, please contact us using the contact information detailed in the “Exercising Your California Privacy Rights” section.

Right to Delete

California residents, subject to verification, can request that we delete any personal information we have collected from them subject to a number of exceptions, including, but not limited to, if the information is necessary for us or our service provider to:

  • complete your transaction;
  • provide you a good or service;
  • provide you a good or service;
  • protect your security and prosecute those responsible for breaching it;
  • fix our system in the case of a bug;
  • protect the free speech rights of your or other users;
  • comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.);
  • engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws;
  • comply with a legal obligation; or
  • make other internal and lawful uses of the information that are compatible with the context in which you provided it.

If you wish to request that your personal information is deleted, please contact us using the contact information detailed in the “Exercising Your California Privacy Rights” section.

Please note that if you are a member of our loyalty program and you request that your personal information is deleted, you will be removed from our loyalty program.

We will need to retain certain records, for example those relating to open orders, payments, or customer service matters, or for legal and accounting purposes.

Opting Out of the Sale of Personal Information

California residents can request that we do not sell their personal information. If you wish to request that we do not sell your personal information, please contact us using the contact information detailed in the “Exercising Your California Privacy Rights” section.

Other Rights

California law permits our consumers who are California residents to request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and can be made once a year using the contact information detailed in the “Exercising Your California Privacy Rights” section.

If you are under 18 years of age, reside in California, and have a registered account with us, you have the right to request removal of unwanted information that you publicly post on our websites or mobile applications. To request removal of such information, please contact us using the contact information detailed in the “Exercising Your California Privacy Rights” section. Upon receiving such a request, we will make sure that the information is not publicly available on our websites or mobile applications, but the information will not be completely or comprehensively removed from our systems and databases.

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and/or across different websites. Because there is no standard interpretation or practice for Do Not Track signals, we don’t support Do Not Track requests at this time. However, to opt-out of cookie and web beacon tracking, please see the “Withdrawing Your Consent for (Opting-Out of) Cookie Tracking” section, or to opt-out of website-based third-party interest-based or online behavioral advertising, please see the “Opting Out of Third-Party Tailored Advertising” section.

Exercising Your California Privacy Rights

To make any of the requests or exercise any of your California privacy rights, including your right to access or deletion, please contact us using one of following methods. Please note that you can only make a verifiable consumer request for access twice within a 12-month period.

To protect your information, we may need to verify your identity before processing any requests to exercise your right to access and right to request deletion. This will include verifying that the email address you provide in connection with your request matches the email address we maintain on file for you. In some cases, we may ask that you provide additional information to verify your identity.

You can exercise these rights yourself or you can designate an authorized agent to make these requests on your behalf. We will request that your authorized agent have written permission from you to make requests on your behalf (or that you otherwise directly confirm the agent has permission to submit the request) and will need to verify your identity.

Via the Internet. If you wish to exercise any of your California privacy rights via our website, please click the “Privacy Rights Request Form” link in the footer of our website. Please follow the instructions on the form to make your request. If you wish to request that we do not sell your personal information, please click the “Do Not Sell My Personal Information” link in the footer of our website.

By mail. If you wish to exercise any of your California privacy rights, you can write to us at the following address. Please include your full name, mailing address, and any email address associated with your activity with us (for example, the email you used to receive marketing emails or order confirmations, or the email you have used in connection with your account (if you are a member)), and let us know which California privacy right you are exercising and that you are exercising your California privacy rights with respect to e.l.f. Cosmetics so that we can process your request or exercising of your rights in an efficient manner.

e.l.f. Cosmetics
570 10th Street, 3rd Floor
Oakland, CA 94607
ATTN: Legal Department
RE: California Privacy Info

By telephone. If you wish to exercise your right to access or your right to deletion via telephone, please call us at the following toll-free number: (888) 315 9814. When you call us, please let us know that you are exercising your California privacy rights, which California privacy right you are exercising, and that you are exercising your California privacy rights with respect to e.l.f. Cosmetics so that we can process your request or exercising of your rights in an efficient manner.

CONTACT US

If you have questions or concerns about this California Residents Privacy Addendum, please contact us by webform, by phone at (212) 239-1530 (Weekdays 9:30am-5:30pm EST) or by email at elfcare@elfcosmetics.com

You may also write to us at:

e.l.f. Cosmetics
570 10th Street, 3rd Floor
Oakland, CA 94607
ATTN: Legal Department
RE: California Privacy Info

EU/UK PRIVACY ADDENDUM

Effective Date: October 12, 2020

Please note that the EU/UK Privacy Addendum only applies to residents of the EEA and the UK.

WHO WE ARE

For purposes of data protection laws, regardless of where you reside, e.l.f. Cosmetics, Inc., a corporation registered in the state of Delaware, USA is the controller of the personal information you provide to us, or that is collected or processed by or for us. Contact information for e.l.f. Cosmetics, Inc. can be found here.

Our representative for purposes of Article 27 of the GDPR is Thilo Noack at SBS Data Protect GmbH. The address and contact information for SBS Data Protect GmbH is:

SBS Data Protect GmbH
Attention: Thilo Noack
Hans-Henny-Jahnn-Weg 49
22085 Hamburg, Germany
info@sbs-data.de
+49 40 7344086-0
+49 177 6422164

INTERNATIONAL OPERATIONS AND DATA TRANSFERS OUT OF EUROPEAN COUNTRIES

IMPORTANT: Your personal information will be sent to the United States and possibly other countries.

Our websites are hosted in the United States. If you are visiting one of our websites from outside the United States, your personal information will be transferred to, stored in, or processed in, the United States and transferred to, stored in, or processed in additional countries where our third-party service providers maintain facilities or operations. These countries include the United Kingdom, Ireland, the Netherlands, and Germany.

Where we transfer, store, or process your personal information outside of the EEA or the UK:

  • we do so to the extent such transfer, storage, or processing is needed to fulfil a contract between us (for example, to manage your participation in our loyalty program or to fulfill your order); or
  • we rely on other methods to ensure an adequate level of data protection:
  • Adequacy Decisions: Some of our third-party service providers are based in countries that the European Commission has found to have adequate levels of protection for personal information; or
  • Model Clauses: We rely on the European Commission’s model contracts for the transfer of personal information to third countries (i.e. the standard contractual clauses) when transferring personal information to our third-party service providers who are located in countries that the European Commission has not found to have adequate levels of protection for personal information.

You can request a copy of the instruments we use by contacting us using the contact details provided in the “Contact Us” section.

Please note that the data protection and other applicable laws of the United States or other countries may not be as comprehensive as those laws or regulations in your country or may otherwise differ from the data protection or consumer protection laws in your country. Your personal information may be available to government authorities under lawful orders and law applicable in such jurisdictions.

HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?

How long we retain your personal information depends on why and how we collected it and how we use it. We will keep your personal information for as long as we need it to provide you with your requested service(s) or to meet our commercial or legal obligations as explained further below.

To determine the retention period of your personal information, we consider several criteria to make sure that we do not keep your personal information for longer than is necessary or appropriate. These criteria include:

  • the purpose for which we hold your personal information;
  • our legal and regulatory obligations in relation to that personal information, for example any financial reporting obligations or statutory retention obligations (for example, under commercial or tax law which usually last from seven years);
  • whether our relationship with you is ongoing;
  • any specific requests from you in relation to the deletion of your personal information; and
  • our legitimate business interests in relation to managing our own rights, for example the assertion or defense of any claims within the statutes of limitation, which is usually three years to the end of a calendar year but can be up to thirty years.

When we no longer need to retain your personal information, it will be deleted or be anonymized so that you can no longer be identified from it.

Please note, that, other than in response to a request to delete your personal information, we have no obligations to notify you when deleting your personal information and can do it at our sole discretion.

GDPR (OR UK EQUIVALENT) PRIVACY RIGHTS

Accessing, Correcting, and Updating Your Personal Data

You have the right to access, correct, and update your personal information. You can access certain personal information by signing into your account. From there, you can correct, modify, or update that personal information (other than your order history). Please note that deleting any personal information in your account will not completely delete that data from our systems—to completely have your personal information deleted, you must follow the directions in the “Requesting We Delete Your Personal Data” section.

If you wish to access, correct, or modify any personal information that is not contained in your account profile (or if you wish to know the purposes for which your personal information is processed, the categories of data processed, third party recipients, if any, of your personal information, or third party sources, if any, of your personal information), please contact us using the contact information detailed in the “Exercising Your GDPR Privacy Rights” section.

Requesting Copies of Your Personal Data (Portability Request)

You have the right to request copies of your personal information held by us in a structured, commonly used, and machine-readable format and/or request us to transmit this personal information to another service provider (where technically feasible). If you wish to request copies of your personal information held by us, please contact us using the contact information detailed in the “Exercising Your GDPR Privacy Rights” section.

Requesting We Delete Your Personal Data

You have the right to request that we delete your personal information. If you wish to request that your personal information is deleted, please contact us using the contact information detailed in the “Exercising Your GDPR Privacy Rights” section.

Please note that if you have a loyalty account and you request that your personal information is deleted, you will be removed from our loyalty program.

We will need to retain certain records, for example those relating to open orders, payments, or customer service matters, or for legal and accounting purposes.

Note that if you have multiple email addresses linked to your account (or you used multiple email addresses in connection with purchases) you will need to make a data deletion request with respect to each email address in order for us to fully delete your personal information.

Objecting to Processing of Your Personal Data

You have the right to object, for legitimate purposes, to the processing of personal information as provided under applicable law. If you wish to object to processing of your personal information, please contact us using the contact information detailed in the “Exercising Your GDPR Privacy Rights” section.

Requesting that We Restrict Processing

You have the right to request that we restrict processing of your personal information. If you wish to request that we restrict processing of your personal information, please contact us using the contact information detailed in the “Exercising Your GDPR Privacy Rights” section.

If you wish to withdraw your consent to promotional emails or third-party tailored advertising, please follow the applicable procedure in the “Your Choices” section or, if not addressed, please contact us using the contact information detailed in the “Exercising Your GDPR Privacy Rights” section.

If you wish to withdraw your consent to cookie tracking, you can turn off cookies that are not necessary for the operation of our website. You can turn off these cookies by using the “Cookie Settings” or “Manage Consent” link in the footer of our website (depending on which website you are visiting).

Please note that if you withdraw consent for a particular feature, we cannot provide or continue to provide certain services or marketing communications to you and that withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Right to Give Us Postmortem Instructions (If Such Rights Exist in the Country Where You Reside)

If such rights exist in the country where you reside, you wish to give us guidelines regarding the retention, erasure and disclosure of your personal information after your death, please contact us using the contact information detailed in the “Contact Us” section. When you contact us, please be sure to note your country of residence and that you are giving us guidelines regarding the retention, erasure and disclosure of your personal information after your death in compliance with the law as well as that you are giving us instructions with respect to e.l.f. Cosmetics so that we can efficiently process request.

If you need assistance or if you have questions about your right to give us post mortem instructions, please contact us using the contact information detailed in the “Contact Us” section.

Exercising Your GDPR (OR UK EQUIVALENT) Privacy Rights

To make any of the requests or exercise any of your GDPR (or UK equivalent) privacy rights, including your right to access or deletion, please contact us using one of following methods. We respond to all data protection requests we receive in accordance with applicable data protection laws.

You can exercise these rights yourself or you can designate an authorized agent to make these requests on your behalf. We will request that your authorized agent have written permission from you to make requests on your behalf (or that you otherwise directly confirm the agent has permission to submit the request) and we will need to verify your authorized agent’s identity.

Via the Internet. If you wish to exercise any of your GDPR (or UK equivalent) privacy rights via our websites, please click the “Privacy Rights Request Form” link in the footer of our website. Please follow the instructions on the form to make your request.

By mail. If you wish to exercise any of your GDPR (or UK equivalent) privacy rights, you can write to us at the following address. Please include your full name, mailing address, and any email address associated with your activity with us (for example, the email you used to receive marketing emails or order confirmations, or the email you have used in connection with your account (if you are a member)) and let us know which GDPR (or UK equivalent) privacy right you are exercising and that you are exercising your GDPR (or UK equivalent) privacy rights with respect to e.l.f. Cosmetics so that we can process your request or exercising of your rights in an efficient manner.

e.l.f. Cosmetics, Inc.
570 10th Street, 3rd Floor
Oakland, CA 94607
ATTN: Legal Department
RE: EEA/UK Privacy Info

By telephone. If you wish to exercise your right to access or your right to deletion via telephone, please call us at the following toll-free number: (888) 315 9814. When you call us, please let us know that you are exercising your GDPR (or UK equivalent) privacy rights, which GDPR (or UK equivalent) privacy right you are exercising, and that you are exercising your GDPR (or UK equivalent) privacy rights with respect to e.l.f. Cosmetics so that we can process your request or exercising of your rights in an efficient manner.

Other Methods. You may also contact us using the contact information detailed in the “Contact Us” section. When you contact us, please let us know that you are exercising your GDPR (or UK equivalent) privacy rights, which GDPR (or UK equivalent) privacy right you are exercising, and that you are exercising your GDPR (or UK equivalent) privacy rights with respect to e.l.f. Cosmetics so that we can process your request or exercising of your rights in an efficient manner.

CONTACT US

If you have questions or concerns about this EU/UK Privacy Addendum, please contact us by webform, by phone at (212) 239-1530 (Weekdays 9:30am-5:30pm EST) or by email at elfcare.eu@elfcosmetics.com.

You may also write to us at:

e.l.f. Cosmetics, Inc.
570 10th Street, 3rd Floor
Oakland, CA 94607
ATTN: Legal Department
RE: EEA/UK Privacy Info