Privacy and Cookie Policy

We care about your personal data and we want you to trust that we use your data carefully. This Privacy policy will help you understand what personal data we collect, why we collect it and what we do with it.

This Privacy policy applies to personal data collected by Krystal Cosmetics in connection with the services and products we offer. This Privacy policy also applies to Krystal’s marketing content, including offers and advertisements for Krystal’s products and services, which we (or a service provider acting on our behalf) send to you on third-party websites, platforms and applications based on your site usage information. These third-party websites generally have their own Privacy policies and Terms and Conditions. We encourage you to read them before using those websites.

What Personal Data we collect?

Personal data means any information that can be used to identify directly or indirectly a specific individual. This definition includes personal data collected offline through our Consumer Engagement Centres, direct marketing campaigns, sweepstakes and competitions and online through our websites, applications and branded pages on third-party platforms and applications accessed or used through third-party platforms.

You may be asked to provide your personal data when you are in contact with us. Krystal Cosmetics may collect your personal data such as your name, address, email address, telephone number, date of birth and any identity proof and share with the employees to use it in a manner consistent with this Privacy Notice.  We may also combine it with other information to improve our products, services, content, and advertising.

You are not required to provide Krystal the personal data that we request, but if you choose not to do so, we may not be able to provide you with our products or services, or with a high quality of service or respond to any queries you may have.

How do we protect your personal data?

We take the security of your personal data very seriously. We take every effort to protect your personal data from misuse, interference, loss, unauthorized access, modification or disclosure.

Our measures include implementing appropriate access controls, investing in the latest Information Security Capabilities to protect the IT environments we leverage, and ensuring we encryptpseudonymise and anonymise personal data wherever possible.

Access to your personal data is only permitted among our employees and agents on a need-to-know basis and subject to strict contractual confidentiality obligations when processed by third-parties.

What purpose do we use your data?

We collect process and disclose your personal data for the following purposes:

  • To process your payments, if you purchase our products, to provide you with your order status, deal with your enquiries and requests, and assess and handle any complaints;
  • To process and answer your inquiries or to contact you to answer your questions and/or requests;
  • To develop and improve our products, services, communication methods and the functionality of our websites;
  • For the purposes of competitions or promotions that you have entered;
  • To communicate information to you and to manage your registration and/or subscription to our newsletter or other communications;
  • To manage our everyday business needs regarding your participation in our contests, sweepstakes or promotional activities or request;
  • To authenticate the identity of individuals contacting us by telephone, electronic means or otherwise;
  • For internal training and quality assurance purposes;
  • To understand and assess the interests, wants, and changing needs of consumers, to improve our website, our current products and services, and/or developing new products and services; and
  • To provide personalized products, communications and targeted advertising as well as product recommendations to you.

 

When we collect and use your personal data for purposes mentioned above or for other purposes, we will inform you before or at the time of collection.

Where appropriate, we will ask for your consent to process the personal data. Where you have given consent for processing activities, you have the right to withdraw your consent at any time.

In some cases, we rely on legitimate interest for processing your personal data. A legitimate interest could exist for example, when you sign up for a loyalty scheme with one of our brands and we use the personal data collected to conduct data analytics to improve our products or services. This ground will only be used where it is necessary to achieve a legitimate interest, for example to assist in the performance of a contract, or to optimize a service, and does not outweigh your rights as an individual. This legal basis will only be relied upon where there is no less intrusive way to process your personal data. We can assure you that if legitimate interest is used as a ground for processing your personal data, we will keep a record of this and you have the right to ask for this information.

We process your personal data to perform a contract to which you are or will be a party. For example, we need to process your personal data to deliver a product or a service you bought, to allow you to take part in one of our competitions, or to send you samples that you have requested.

We also process your personal data when we have a legal obligation (e.g., tax or social security obligations) to perform such processing. For example, a court order or a subpoena may require us to process personal data for a particular purpose, or we may be compelled to process personal data to report suspicious transactions under the local anti-money laundering rules.

Cookies

Cookies are small flies stored on a user’s computer. They are designed to hold a modest amount of data specific to a particular client or website, and can be accessed either by the web server or the client computer. This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and so is able to carry information from one website to another.

Security

We strive to secure and protect your personal information. We adopt adequate measures to prevent unauthorized access to your Personal Information. We conduct security review at any time to check the authenticity of your account and identity. You agree to provide us all the information that we request for the security review. If you fail to comply with any security request, we reserve the right to terminate your Account with us and prohibit your access to the Site. We shall not be responsible for any misuse of your personal information due to Force Majeure.

We will update this Privacy Notice when necessary to reflect customer feedback and changes in our products and services. When we post changes to this statement, we will revise the “last updated” date at the top of this Notice. If the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Privacy Notice changes). We will also keep prior versions of this Privacy Notice in an archive for your review.

We will not reduce your rights under this Privacy Notice without your consent.