PRIVACY POLICY

This privacy policy was last updated September 10, 2014.

This privacy policy discloses the privacy practices and policies of LUSH Internet Inc., doing business as LUSH or LUSH Fresh Handmade Cosmetics (“LUSH”) and describes how and why we collect your personal information and how we use, disclose, safeguard and otherwise manage your personal information.

LUSH respects your personal privacy. We believe ensuring the security of your personal information is an important part of our job, and we strive to protect any personal information you may provide us.

Scope

This privacy policy applies to personal information we collect in the course of operating our business in Canada, including at our Canadian retail stores and online through LUSH’s website www.lush.ca (“Website”). This privacy policy does not apply to any information that is exempted from the definition of “personal information” in applicable federal or provincial privacy legislation.

The Website contains links to other sites and advertisements that are not controlled or operated by LUSH. This privacy policy does not apply to information collected by other websites or third parties. We are not responsible for the privacy practices and policies of other websites or third parties. LUSH encourages you to review the privacy policies of any third parties before disclosing your personal information to such parties or when visiting such third party websites.

Accountability

LUSH is responsible for the personal information under its control. This includes personal information under our control, as well as personal information that we may transfer to our affiliates or third party service providers for processing or other purposes that facilitate our business operations. We use contractual or other appropriate means to require third parties that provide services on our behalf to maintain a level of privacy protection comparable to our own practices.

LUSH has designated a Privacy Officer who is accountable for the handling of personal information under our control and for ensuring that the principles set out in this privacy policy and applicable privacy legislation are complied with. Contact information for our Privacy Officer is set out below.

Collection, Use and Disclosure of Personal Information

Either before or when we collect personal information from you, we will explain how we intend to use and disclose it. We will limit the collection of personal information to that which is necessary to accomplish the identified purposes and will use and disclose it only for those purposes. If we wish to use or disclose your personal information for a new purpose, we will identify such purpose and obtain your consent prior to use or disclosure for such purpose, unless such consent is not required by law.

How We Collect Your Personal Information

We collect personal information from you in a variety of ways when you interact with LUSH. Some examples include but are not limited to situations when you:

  • create an account on our Website;
  • order, purchase, exchange, return, or cancel an order for, any of our products or services, whether through our Website or in our retail stores;
  • contact us, make an inquiry about any of our products or services or otherwise request information or assistance from us;
  • communicate with our customer service representatives;
  • sign up to receive catalogues and/or emails and information about new and limited edition products, special offers, events or other news;
  • register and participate in our online customer forum;
  • provide feedback or make other submissions to LUSH;
  • participate in a contest, sweepstake or other promotions;
  • participate in or respond to consumer survey or requests for consumer opinions, concerns or preferences regarding our products and services;
  • apply for employment with LUSH;
  • engage with us on social media; or
  • use other features of the Website that may be offered from time to time and may require such information in order to use the feature (including but not limited to submitting user-generated content as described in the Terms of Use).

The personal information we collect may include information such as your name, username, password, billing address, shipping address, telephone numbers, email address, and credit and debit card information. In some cases, such as when you ask us to ship an order or you purchase a gift or gift certificate, we may collect information about someone other than you, such as the name, address, telephone number and email address of the recipient. You represent and warrant that you have the right and authority or have obtained all necessary consents to provide any information, including personal information of another individual, that is provided by you to LUSH.

Visitors who choose to register and use our free online customer forum are bound by the user-provided content guidelines set out in our Terms of Use.

In most cases, we collect personal information directly from you. However, in some cases, we may obtain personal information about you from other sources. Unless there is a legal exception, we will obtain your consent to the collection of personal information about you from other sources.

We may also collect and use the following information when you visit our Website.

Aggregate Site Use Information

We record information about the pages viewed by all of our Website visitors. This data includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, connection speed, read time, display time, and number of clicks. We use this data, in aggregate form, to compile statistics and reports for LUSH's use, and improve the online experience for all visitors. We may, on occasion, provide portions of this aggregate information to vendors, consultants, potential advertisers, or news agencies. Typical uses of the data in this fashion would be to gauge the amount of interest in our site, to plan for site infrastructure improvements and/or to plan and evaluate marketing initiatives.

Cookie Use

A cookie is a small text file stored on a user's hard drive. When you visit our Website we use cookies to maintain a record of your visit. Cookies help us improve the Website and deliver more personalized service. We also use cookies to assist with anonymous site traffic analysis, which includes tracking the time/date of visits, pages viewed, and referring URLs.

Most web browsers automatically accept cookies. If you would prefer to prevent your computer from accepting LUSH cookies, you may follow your Internet browser’s steps for doing so. Please note, however, that if you do disable cookies from your browser, you may not be able to shop on or access certain sections of our Website.

How We Use Your Personal Information

LUSH uses your personal information to offer and provide products and services (including to process and track orders, shipping, payment, etc.), manage our relationship with you, verify your identity and address, carry on our business operations and as may otherwise be required or permitted by law. Some examples of how we may use your personal information include:

  • to develop, enhance, market, sell or otherwise provide products, services or information;
  • administer your account;
  • to conduct commercial transactions including to process and administer purchases, exchanges, returns or other transactions that you may engage in with LUSH, including at our stores or through our Website, and to communicate with you about those transactions;
  • to contact you and respond to any requests or other communications that you may have had with us, including requests for customer service;
  • to provide you with catalogues and emails about new and limited edition products, special offers, events or other news that you have subscribed for;
  • to conduct and administer surveys and contests, sweepstakes and other promotions in which you have participated;
  • to perform data analysis and help us improve and customize our service offerings and Website;
  • to troubleshoot problems with the Website;
  • to enforce our Terms of Use or comply with this privacy policy;
  • to protect the security and integrity of our Website and our business;
  • to detect and protect against error, theft, fraud and other illegal activity;
  • to process and respond to applications for employment;
  • to comply with any legal or regulatory requirements; and
  • for any other purpose for which you consent.

How We Disclose Your Personal Information

LUSH will not disclose your personal information to third parties for their direct marketing purposes without obtaining your prior affirmative consent. LUSH will only disclose your personal information under the following circumstances or otherwise with your consent.

Affiliates

We may share personal information that we collect within our affiliated group of companies for the purposes identified in this privacy policy.

Service Providers

We may disclose or otherwise make available personal information to third party service providers that support our business operations or provide services on our behalf, such as third party shipping companies, payment card processing companies, companies who support the technical operation and maintenance of our Website, and companies who deliver surveys, contests, sweepstakes and other promotions, but we do not provide any more information than necessary for these purposes. We require all such service providers to keep your information confidential and secure, and to have privacy policies and practices with respect to personal information that are comparable to ours. In addition, we require that our service providers not use or disclose the personal information for any purpose other than providing the services to us or on our behalf, except as may be required by law.

Your personal information may be processed and stored in any country in which our affiliates or our service providers maintain facilities and may be accessible to the courts, law enforcement, and national security authorities of any such country through the laws of such country.

Sale of Business

LUSH may disclose or transfer personal information we have about you in connection with a potential or actual purchase, sale, lease, merger, amalgamation or other type of acquisition, disposition or financing all or part of our business or assets.

Legal Requirements

LUSH may disclose your personal information as required or permitted by law, including, without limitation, to comply with a subpoena, warrant or other legally valid inquiry or order. LUSH reserves the right to co-operate with local, national, or international law enforcement or other authorities in the investigation of improper or unlawful activities and this may require the disclosure of personal information. If such an investigation requires disclosure of personal information kept in our records, we may be required by law to cooperate. We also reserve the right to report improper or unlawful user activities on our Website, which may require the disclosure of personal information relating to those individuals conducting such improper or unlawful activities.

E-News and LUSH Times Sign-Up

Visitors to our Website or one of our retail stores may choose to opt in to receive LUSH email and/or LUSH Times catalogues. LUSH e-news and catalogues are sent only to individuals who choose to provide us with their name, address and email address for such purpose(s). Our subscriber database is not sold, rented or loaned to any third parties for direct marketing purposes. Subscribers wishing to update their contact information, or opt out of receiving LUSH e-news or catalogues, can do so at any time by using our online subscriber services in My Account or by using the unsubscribe link in any such electronic communication.

We collect aggregate information regarding open rates, page views, and generated sales from our HTML emails. Aggregate information does not personally identify individuals. Subscribers concerned about collection of aggregate information may unsubscribe in the manner described above.

Consent

Depending on the circumstances and the sensitivity of the information, we may obtain your consent to the collection, use and disclosure of your personal information in different ways. Express consent may be obtained verbally, online or in writing. Implied consent may be obtained when you approach us to obtain information, inquire about or order products or services from us, or through your use of a product, service or the Website.

By submitting personal information to LUSH or its service providers, you agree that LUSH may collect your personal information and you consent to the use, disclosure and transfer of your personal information in accordance with this privacy policy and as permitted or required by law.

You may withdraw your consent to our collection, use, and disclosure of your personal information at any time, on reasonable notice, subject to legal or contractual restrictions. We will inform you of the implications of doing so. For instance, withdrawal of consent may make it impossible for us to provide or to continue to provide certain products, services or information to you.

If you have subscribed to LUSH e-news or the LUSH Times catalogue and wish to opt out of receiving such electronic communications, you may unsubscribe by using our online subscriber services in My Account or by using the unsubscribe link included in any such electronic communication.

We will not refuse to provide a product or service to you if you choose not to provide us with your personal information, unless the failure to provide such information makes us unable to provide such product or service to you.

Retention of Personal Information

LUSH will retain personal information for as long as necessary for the fulfilment of the identified purposes, or as otherwise required or permitted by law. LUSH will take reasonable steps to destroy, erase or render anonymous personal information that is no longer required to fulfill the identified purposes.

Security of Personal Information

LUSH has implemented security safeguards, appropriate to the sensitivity of the information, to protect personal information in our control against loss, theft, and unauthorized access, disclosure, copying, use, or modification. These security safeguards include organizational, technical and physical measures.

Any personal information you provide to LUSH on the Website during the ordering process is exchanged on a secure server. We use an advanced security system, the Secure Sockets Layer (SSL) protocol, to encrypt, or encode, information you send to us in the order process. The encryption process protects information, such as your credit card number, and billing and shipping information by scrambling it before it is sent from your computer. Only once we receive your information is it decoded, and we use all reasonable efforts to ensure its security on our own systems.

If you create an account on the Website, your account information is protected by the password you use to access your online account. We strongly recommend that you do not disclose your password to anyone. LUSH will never ask you for your password in any unsolicited communication (including unsolicited correspondence such as letters, phone calls or email messages).

Warning: Email is not a secure means to send personal information, as it is not encrypted. We strongly encourage you to use our secure ordering process when ordering online. Nevertheless, Internet or wireless communications are never completely private or secure and there is always a risk that any messages or information you send to or through the Website may be intercepted by others.

You should also be aware that certain aspects of the Website are not confidential and are available for public viewing. For example, any submissions that you post to any publicly available online forum or blogs or other publicly available features of the Website are not confidential and may be viewed by other users of the Website. By making personal information publicly available where the Website allows you to do so, you consent to such publication by LUSH or its service providers. Please refer to the Terms of Use for additional provisions relating to user submissions that may apply to you.

LUSH has arranged with PowerReviews, Inc. (d/b/a Buzzillions) ("Power Reviews") to facilitate the collection of customer product reviews on products sold by LUSH. When you submit a product review to LUSH, you are also subject to PowerReviews' terms of use and privacy policies. Accordingly, you should review those policies prior to submitting a review. Also, reviews you submit may be posted on both Buzzillions.com and www.lush.ca.

Accuracy of Personal Information

We strive to ensure that any personal information we use and retain is as accurate, complete and up-to-date as necessary for the purposes for which it was collected. We do not routinely update personal information unless necessary for these purposes. Nonetheless, if our records regarding your personal information are inaccurate or incomplete, we will amend that information at your request. Requests for correction of your personal information should be directed to the LUSH Privacy Officer at the address below. LUSH account holders and subscribers to LUSH e-news or the LUSH Times catalogue may also update their contact information at any time by using our online subscriber services in My Account to do so.

Access To Information

At your request, we will provide to you a statement explaining the extent to which we hold personal information about you and how that information has been used or disclosed by us. You may also request access to your personal information in our custody or control. In order to verify that the information is being released to the proper individual, you may be asked to provide suitable identification or to otherwise identify yourself. If we are unable to provide you with a list of organizations to which we have actually disclosed your personal information, we will provide you with a list of organizations to which we may have disclosed your personal information. In certain circumstances, access to personal information may be denied. If we deny your request for access, we will advise you of the reason for the refusal. Requests for access should be directed to the LUSH Privacy Officer at the address below.

Changes to this Privacy Policy

LUSH reserves the right, in its discretion, to change this privacy policy at any time and from time to time. All changes will be posted to the Website and will apply to any personal information collected on or after the date posted. LUSH will treat your continued use of the Website following any such posting as your acceptance of the revised terms. All changes will remain in compliance with applicable federal and provincial privacy legislation. We encourage you to check this privacy policy regularly for changes.

Contact our Privacy Officer

If you have any questions, comments or concerns about this privacy policy or our privacy practices, or wish to challenge our compliance with this privacy policy, please contact LUSH’s Privacy Officer using the contact information below. All complaints will be investigated. If LUSH finds a complaint to be justified, appropriate measures will be taken, including if necessary, amending our policies and practices.

LUSH Fresh Handmade Cosmetics
8680 Cambie Street, Vancouver, British Columbia, Canada V6M 6P9
Attention: Privacy Officer
customercare@lush.com
1-888-733-5874

For additional information regarding the use of our Website please see our Terms of Use posted on the Website.