Lush respects your personal privacy. We believe ensuring the security of your personal information is an important part of our job, and we strive to protect any personal information you may provide us.
Lush is responsible for the personal information under its control. This includes personal information under our control, as well as personal information that we may transfer to our affiliates or third party service providers for processing or other purposes that facilitate our business operations. We use contractual or other appropriate means to require third parties that provide services on our behalf to maintain a level of privacy protection comparable to our own practices.
Collection, Use and Disclosure of Personal Information
Either before or when we collect personal information from you, we will explain how we intend to use and disclose it. We will limit the collection of personal information to that which is necessary to accomplish the identified purposes and will use and disclose it only for those purposes. If we wish to use or disclose your personal information for a new purpose, we will identify such purpose and obtain your consent prior to use or disclosure for such purpose, unless such consent is not required by law.
How We Collect Your Personal Information
We collect personal information from you in a variety of ways when you interact with Lush. Some examples include but are not limited to situations when you:
- create an account on our Website;
- order, purchase, exchange, return, or cancel an order for, any of our products or services, whether through our Website or in our retail stores;
- contact us, make an inquiry about any of our products or services or otherwise request information or assistance from us;
- communicate with our customer service representatives;
- sign up to receive catalogues and/or emails and information about new and limited edition products, special offers, events or other news;
- register and participate in our online customer forum;
- provide feedback or make other submissions to Lush;
- participate in a contest, sweepstake or other promotions;
- participate in or respond to consumer survey or requests for consumer opinions, concerns or preferences regarding our products and services;
- apply for employment with Lush;
- engage with us on social media; or
The personal information we collect may include information such as your name, username, password, billing address, shipping address, telephone numbers, email address, and credit and debit card information. In some cases, such as when you ask us to ship an order or you purchase a gift or gift certificate, we may collect information about someone other than you, such as the name, address, telephone number and email address of the recipient. You represent and warrant that you have the right and authority or have obtained all necessary consents to provide any information, including personal information of another individual, that is provided by you to Lush.
In most cases, we collect personal information directly from you. However, in some cases, we may obtain personal information about you from other sources. Unless there is a legal exception, we will obtain your consent to the collection of personal information about you from other sources.
We may also collect and use the following information when you visit our Website.
Aggregate Site Use Information
We record information about the pages viewed by all of our Website visitors. This data includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, connection speed, read time, display time, and number of clicks. We use this data, in aggregate form, to compile statistics and reports for Lush's use, and improve the online experience for all visitors. We may, on occasion, provide portions of this aggregate information to vendors, consultants, potential advertisers, or news agencies. Typical uses of the data in this fashion would be to gauge the amount of interest in our site, to plan for site infrastructure improvements and/or to plan and evaluate marketing initiatives.
Most web browsers automatically accept cookies. If you would prefer to prevent your computer from accepting Lush cookies, you may follow your Internet browser’s steps for doing so. Please note, however, that if you do disable cookies from your browser, you may not be able to shop on or access certain sections of our Website.
How We Use Your Personal Information
Lush uses your personal information to offer and provide products and services (including to process and track orders, shipping, payment, etc.), manage our relationship with you, verify your identity and address, carry on our business operations and as may otherwise be required or permitted by law. Some examples of how we may use your personal information include:
- to develop, enhance, market, sell or otherwise provide products, services or information;
- administer your account;
- to conduct commercial transactions including to process and administer purchases, exchanges, returns or other transactions that you may engage in with Lush, including at our stores or through our Website, and to communicate with you about those transactions;
- to contact you and respond to any requests or other communications that you may have had with us, including requests for customer service;
- to provide you with catalogues and emails about new and limited edition products, special offers, events or other news that you have subscribed for;
- to conduct and administer surveys and contests, sweepstakes and other promotions in which you have participated;
- to perform data analysis and help us improve and customize our service offerings and Website;
- to troubleshoot problems with the Website;
- to protect the security and integrity of our Website and our business;
- to detect and protect against error, theft, fraud and other illegal activity;
- to process and respond to applications for employment;
- to comply with any legal or regulatory requirements; and
- for any other purpose for which you consent.
How We Disclose Your Personal Information
Lush will not disclose your personal information to third parties for their direct marketing purposes without obtaining your prior affirmative consent. Lush will only disclose your personal information under the following circumstances or otherwise with your consent.
We may disclose or otherwise make available personal information to third party service providers that support our business operations or provide services on our behalf, such as third party shipping companies, payment card processing companies, companies who support the technical operation and maintenance of our Website, and companies who deliver surveys, contests, sweepstakes and other promotions, but we do not provide any more information than necessary for these purposes. We require all such service providers to keep your information confidential and secure, and to have privacy policies and practices with respect to personal information that are comparable to ours. In addition, we require that our service providers not use or disclose the personal information for any purpose other than providing the services to us or on our behalf, except as may be required by law.
Your personal information may be processed and stored in any country in which our affiliates or our service providers maintain facilities and may be accessible to the courts, law enforcement, and national security authorities of any such country through the laws of such country.
Sale of Business
Lush may disclose or transfer personal information we have about you in connection with a potential or actual purchase, sale, lease, merger, amalgamation or other type of acquisition, disposition or financing all or part of our business or assets.
Lush may disclose your personal information as required or permitted by law, including, without limitation, to comply with a subpoena, warrant or other legally valid inquiry or order. Lush reserves the right to co-operate with local, national, or international law enforcement or other authorities in the investigation of improper or unlawful activities and this may require the disclosure of personal information. If such an investigation requires disclosure of personal information kept in our records, we may be required by law to cooperate. We also reserve the right to report improper or unlawful user activities on our Website, which may require the disclosure of personal information relating to those individuals conducting such improper or unlawful activities.
E-News and Lush Times Sign-Up
Visitors to our Website or one of our retail stores may choose to opt in to receive Lush email and/or Lush Times catalogues. Lush e-news and catalogues are sent only to individuals who choose to provide us with their name, address and email address for such purpose(s). Our subscriber database is not sold, rented or loaned to any third parties for direct marketing purposes. Subscribers wishing to update their contact information, or opt out of receiving Lush e-news or catalogues, can do so at any time by using our online subscriber services in My Account or by using the unsubscribe link in any such electronic communication.
We collect aggregate information regarding open rates, page views, and generated sales from our HTML emails. Aggregate information does not personally identify individuals. Subscribers concerned about collection of aggregate information may unsubscribe in the manner described above.
Depending on the circumstances and the sensitivity of the information, we may obtain your consent to the collection, use and disclosure of your personal information in different ways. Express consent may be obtained verbally, online or in writing. Implied consent may be obtained when you approach us to obtain information, inquire about or order products or services from us, or through your use of a product, service or the Website.
You may withdraw your consent to our collection, use, and disclosure of your personal information at any time, on reasonable notice, subject to legal or contractual restrictions. We will inform you of the implications of doing so. For instance, withdrawal of consent may make it impossible for us to provide or to continue to provide certain products, services or information to you.
If you have subscribed to Lush e-news or the Lush Times catalogue and wish to opt out of receiving such electronic communications, you may unsubscribe by using our online subscriber services in My Account or by using the unsubscribe link included in any such electronic communication.
We will not refuse to provide a product or service to you if you choose not to provide us with your personal information, unless the failure to provide such information makes us unable to provide such product or service to you.
Retention of Personal Information
Lush will retain personal information for as long as necessary for the fulfilment of the identified purposes, or as otherwise required or permitted by law. Lush will take reasonable steps to destroy, erase or render anonymous personal information that is no longer required to fulfill the identified purposes.
Security of Personal Information
Lush has implemented security safeguards, appropriate to the sensitivity of the information, to protect personal information in our control against loss, theft, and unauthorized access, disclosure, copying, use, or modification. These security safeguards include organizational, technical and physical measures.
Any personal information you provide to Lush on the Website during the ordering process is exchanged on a secure server. We use an advanced security system, the Secure Sockets Layer (SSL) protocol, to encrypt, or encode, information you send to us in the order process. The encryption process protects information, such as your credit card number, and billing and shipping information by scrambling it before it is sent from your computer. Only once we receive your information is it decoded, and we use all reasonable efforts to ensure its security on our own systems.
If you create an account on the Website, your account information is protected by the password you use to access your online account. We strongly recommend that you do not disclose your password to anyone. Lush will never ask you for your password in any unsolicited communication (including unsolicited correspondence such as letters, phone calls or email messages).
Warning: Email is not a secure means to send personal information, as it is not encrypted. We strongly encourage you to use our secure ordering process when ordering online. Nevertheless, Internet or wireless communications are never completely private or secure and there is always a risk that any messages or information you send to or through the Website may be intercepted by others.
Accuracy of Personal Information
We strive to ensure that any personal information we use and retain is as accurate, complete and up-to-date as necessary for the purposes for which it was collected. We do not routinely update personal information unless necessary for these purposes. Nonetheless, if our records regarding your personal information are inaccurate or incomplete, we will amend that information at your request. Requests for correction of your personal information should be directed to the Lush Privacy Officer at the address below. Lush account holders and subscribers to Lush e-news or the Lush Times catalogue may also update their contact information at any time by using our online subscriber services in My Account to do so.
Access To Information
At your request, we will provide to you a statement explaining the extent to which we hold personal information about you and how that information has been used or disclosed by us. You may also request access to your personal information in our custody or control. In order to verify that the information is being released to the proper individual, you may be asked to provide suitable identification or to otherwise identify yourself. If we are unable to provide you with a list of organizations to which we have actually disclosed your personal information, we will provide you with a list of organizations to which we may have disclosed your personal information. In certain circumstances, access to personal information may be denied. If we deny your request for access, we will advise you of the reason for the refusal. Requests for access should be directed to the Lush Privacy Officer at the address below.
Contact our Privacy Officer
Lush Fresh Handmade Cosmetics
8680 Cambie Street, Vancouver, British Columbia, Canada V6M 6P9
Attention: Privacy Officer