Privacy Policy
Last Update: December 30, 2022
The Estée Lauder Companies respects your privacy and values the relationship we have with you.
The Estée Lauder Companies has a diverse portfolio of prestige brands. You can find a list of these brands on
ELCompanies.com, each referred to in this Privacy Policy as a “Brand”.
This Privacy Policy describes how the Estée Lauder Companies brands in the US (“ELC”, “we”, “us”, “our”)
collect, use, disclose and safeguard your personal information. Unless otherwise indicated, all Brands in the
US follow this Privacy Policy.
TABLE OF CONTENTS
INFORMATION WE PROCESS
We may collect or process the following types of information about you. The specific information we
collect about you will vary depending on how you interact with us.
- Contact information and personal identifiers, such as your name, address, email
address, telephone number, and username or social media handle.
- Device identifiers, such as information about your device like your MAC address, IP
address, or other online identifiers.
- Demographic information, such as your age, sex, ethnicity, and gender.
- Physical characteristics, such as your hair type and color, skin type, and eye color.
- Biometric information, such as facial geometry if you use certain of our virtual
try-on applications.
- Commercial information, such as the products or services you have purchased, returned
or considered, and your product preferences.
- Payment information, such as your method of payment and payment card information
(including payment card number, delivery address and billing address).
- Identity verification information, such as photo identification for in-store pick-ups
at one of our retail stores, loyalty member ID, and authentication information (like passwords).
- Online or network activity information, such as information regarding your
interaction with our websites, mobile applications, digital properties, and advertisements, information
about your browsing and search history on our websites or mobile applications, and log file information
like your browser type and webpages you visit.
- Geolocation information, such as information that can help identify your physical
location (like your GPS coordinates or the approximate location of your device).
- Audio and visual information, such as recordings of your voice when you call our
customer service and images we record through video surveillance in our retail stores.
- Professional or employment-related information, such as professional licenses or
certifications in connection with our professional programs.
- Health and medical information, such as skincare concerns, diagnoses, medical reports
and history.
- User Content, such as your communications with us and any other content you provide
(including photographs and images, videos, reviews, articles, survey responses, and comments).
- Inferences drawn from or created based on any of the information identified above.
HOW WE COLLECT INFORMATION
We may collect personal information about you from various sources. For example:
- Directly from you, such as when you make a purchase on one of our websites or in one
of our retail stores, contact us with a question or complaint, use one of our mobile applications or
virtual try on experiences, chat with an automated virtual agent or live person on one of our websites,
create an account on one of our websites, register for one of our brand loyalty programs or marketing
lists, respond to a survey, participate in a contest or other promotion, make an appointment or sign-up
to attend an event.
- From your friends or family members, such as when your friend or family member sends
you a gift or makes a referral.
- When you interact with our websites or emails. When you visit our websites, or when
you open or click on emails we send you, we (and third parties we work with) may automatically collect
information from your browser or device, such as device identifiers and online and other network
activity information using technologies such as cookies, pixel tags, and similar technologies. Cookies
are small text files that websites place on your Internet-connected device to uniquely identify your
browser or to store information or settings in your browser. Pixel tags are small images which are
embedded into our websites or emails. We use pixel tags to collect information about your browser or
device, how you interact with our websites, or whether you open or click on the emails we send you.
Pixel tags also enable us (and third parties we work with) to place cookies on your browser.
- Through in-store and other offline technologies, such as video surveillance, traffic
counting devices and WiFi technology in and around our retail stores, and call recording technology when
you speak to customer service.
- From our business partners and service providers, such as demographic companies,
analytics providers, advertising companies and networks, third-party retailers or distributors, and
other third parties that we choose to collaborate or work with.
- From social media platforms and networks, such as Facebook, Instagram, Twitter,
Pinterest, and Google. For example, we may obtain your information from a social media platform or
network if you interact with us on social media or choose to log-in to our websites using your social
media credentials.
- From other ELC Brands that you have interacted with.
We may combine the information we obtain from the above sources. For example, we may combine information
we collect in our stores with information we collect online.
HOW WE USE INFORMATION
We may use the information we have about you:
- To provide products and services to you, such as fulfilling orders and processing payments, creating,
servicing and/or maintaining your account or loyalty program membership, identifying concerns and
assisting with product recommendations, providing real time support via our automated virtual agent and
live person chat feature on one of our websites and maintaining a transcript of the chat, and managing
current or past purchases.
- To communicate with you, including to respond to your inquiries or complaints, and to help you place
an order.
- To administer your participation in special events, contests, sweepstakes, surveys or promotions.
- For marketing and advertising, such as to send you postal mail, text messages, email, push
notifications or other messages, show you advertisements for products and/or services tailored to your
interests on social media and other websites.
- To operate and understand your use of our websites and mobile applications, such as to remember your
information so you do not have to re-enter it, understand your preferred method of purchasing with us;
determine what browser and devices you use to visit our websites or mobile applications; and to evaluate
and improve our services, advertisements, websites and mobile applications. For example, we use Google
Analytics on our websites. For specific details on how Google collects and uses your personal
information when we use its services, please visit: How Google Uses
Information From Sites Or Apps That Use Our Services.
- To operate and improve our business, including to conduct analytics, provide quality assurance and
process adverse event or product related claims, conduct research and development, and perform
accounting, auditing and other internal business functions.
- For legal and security purposes, such as to detect, prevent, and prosecute harmful, fraudulent, or
illegal activity, loss prevention, identify and repair bugs on our websites or mobile applications, and
to comply with applicable legal requirements, relevant industry standards and our policies.
We also may use your information in other ways for which we provide specific notice at the time of
collection.
HOW WE SHARE INFORMATION
We may share your personal information with:
- Our Brands. When you interact with a Brand, we may share your personal information
with other Brands. Those other Brands may use your personal information for marketing and advertising
and other purposes identified in this Privacy Policy.
- Our Subsidiaries and Affiliates. We may transfer your personal information to our
subsidiaries and affiliates on a need-to-know basis for the purposes identified in this Privacy Policy.
- Service Providers. We may transfer personal information to service providers who
perform services on our behalf based on our instructions. We do not authorize these service providers to
use or disclose the information except as necessary to perform services on our behalf or comply with
legal requirements. Examples of these service providers include entities that process credit card
payments, fulfill orders, and that provide website and application functionality, hosting, analytics,
customer support including through automated virtual agent and live person chat, advertising and
marketing services.
- Parties to a corporate transaction. We also reserve the right to transfer personal
information we have about you in the event we sell or transfer all or a portion of our business or
assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture,
dissolution, or liquidation).
- Advertising Companies. We work with third party advertising companies (such as
advertising networks) to serve advertisements on our behalf. For additional information, see the How We Use Information to Advertise section.
- Other third parties. In addition, we may disclose personal information about you (i)
if we are required to do so by law or legal process, (ii) to law enforcement authorities or other
government officials, (iii) when we believe disclosure is necessary or appropriate to prevent physical
harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or
illegal activity, (iv) when disclosure of your personal information is otherwise required or permitted
by law, or (v) with your consent (such as third-party salons and spas).
HOW YOU CONTROL YOUR INFORMATION
You have rights and choices in connection with the personal information we have about you.
- Data Subject Rights: Depending on local laws, you may have rights with respect to
your personal information. For example, you may be able to request access to the personal information we
maintain about you, update and correct inaccuracies in your personal information, and have the personal
information deleted or transmitted to a third-party. You may request to access, change, or delete your
personal information through our Privacy Request Portal. We may take reasonable steps to verify your identity when
you make a request. You may also have the right to lodge a complaint with a data protection authority.
- Marketing & Advertising Preferences: Your online account may offer you the
ability to edit your marketing preferences. You can also opt-out of receiving marketing communications
(such as email, postal mail or text messages) by following the unsubscribe instructions sent within
those communications or you can make a request through our Privacy Request Portal. When you unsubscribe from our marketing communications, we
will no longer use the related personal information (such as your email address or phone
number) for targeted advertising purposes.
- Mobile Device & Browser Preferences: Depending on your mobile device or web
browser, we may request your location or request to send you push notifications. You can edit your
preferences using the settings on your device.
- Cookie Preferences: You can choose how certain cookies are used in connection with
our websites. You can edit your cookie preferences at any time by editing your browser settings or
selecting the “Manage Cookies” or “Do Not Sell or Share My Personal Information / Target Ads” link
available at the bottom of our Brand websites. For additional details see the How We Use
Cookies section.
HOW WE USE COOKIES
Cookies are small text files that websites place on your Internet-connected device to uniquely identify
your browser or to store information or settings in your browser which allows us to remember you when you
come back to our websites and provide you with personalized experiences and advertisements. We use
different types of cookies on our websites, which may include strictly necessary cookies, performance
cookies, functional cookies and targeting cookies.
You can edit your preferences by accessing the “Manage Cookies” or “Do Not Sell or Share My Personal
Information / Target Ads” link at the bottom of each of our Brand websites or by editing your browser
settings. When editing your cookie preferences, please note that your settings only apply to the browser
you use to submit your opt-out request, so if you use multiple browsers or devices, you must opt-out on
each browser, on each device. Your opt-out is enabled using cookies so once you opt-out, if you delete
your browser’s saved cookies on a device, you will need to opt-out again on that browser on that device.
Our websites are not designed to respond to “do not track” signals from browsers.
HOW WE USE INFORMATION TO ADVERTISE
We may use, disclose or otherwise process your personal information to advertise our products and
services in different ways, including targeted advertising. We work with third party advertising companies
(such as advertising networks) to serve advertisements on our behalf. These advertising companies may use
cookies, pixel tags and similar technologies to collect device identifiers, online or network activity
information, commercial information, or inferences, such as information about the websites you visit over
time and the advertisements you click on to deliver advertisements that are targeted to you. You can
opt-out of cookie-based advertising based on your visits to our sites by editing your cookie preferences
as described in the How We Use Cookies section. Please note that even if you opt-out,
you may still see ads from us, but the ads will not be targeted based on the websites you visit over time
and the advertisements you click on and may therefore be less relevant to you and your interests.
We also work with third-party platforms, including platforms operated by social networks, to show you
advertisements or measure the effectiveness of our advertisements. We may convert your email address,
telephone number, or other information into a unique value and have these third-party platforms match this
unique value with a user on their platform or with other data they may have. This matching enables us to
deliver advertisements to you and others on these platforms. You also can request that we refrain from
using your personal information in this way by contacting us through our Privacy Request Portal.
INTERNATIONAL TRANSFERS
In offering and providing our products and services, your personal information may be transferred, stored
or processed in countries other than the country in which the information was originally collected (such
as the United States). Those countries may not have the same data protection laws as your country of
residence, and your personal information will be subject to applicable foreign laws. When we transfer your
personal information to other countries, we will protect that information in the manner described in this
Privacy Policy. We will also comply with applicable legal requirements providing adequate protection for
the transfer of personal information, such as the conclusion of data transfer agreements, E.U. Standard
Contractual Clauses, or other applicable data transfer mechanisms. If you have questions about our data
transfers or would like to receive a copy of any applicable data transfer agreements (where required by
law), you can submit a request through our Privacy Request Portal.
HOW WE PROTECT INFORMATION
We maintain administrative, technical, and physical safeguards designed to protect the personal
information you provide against accidental, unlawful or unauthorized destruction, loss, alteration,
access, disclosure, or use. We restrict access to personal information on a need-to-know basis to
employees and authorized service providers who require access to fulfil their job requirements.
HOW LONG WE RETAIN INFORMATION
In general, we retain personal information as long as reasonably needed to
achieve the purposes outlined in this Privacy Policy. There are many factors that we use to determine
how long personal information is retained, such as:
- the purposes for which the personal information was collected, including to provide our products and
services;
- your marketing preferences and how you engage with our Brands;
- any legal or regulatory requirements that apply to the personal information; and
- whether the personal information may be relevant to us in protecting our own rights (e.g. applicable
limitation periods).
For additional information about data retention policies, please submit a request through our Privacy Request Portal.
HOW WE TREAT CHILDREN’S INFORMATION
Our products and services are designed for a general audience and are not intended for or directed to
children.
UPDATES TO OUR PRIVACY POLICY
This Privacy Policy may be updated periodically and without prior notice to you to reflect changes in our
personal information practices. We will post a notice on our websites to notify you of any significant
changes to our privacy practices and indicate at the top of the Privacy Policy when it was most recently
updated.
HOW TO CONTACT US
If you have any questions or comments about this Privacy Policy or if you would like to exercise your
rights, you can contact us by submitting a request through our Privacy Request Portal or by emailing us at privacy@estee.com.
If we need, or are required, to contact you concerning any event that involves your personal information,
we may do so by postal mail, telephone, email or through a notice on our websites.
STATE-SPECIFIC DISCLOSURES
California Residents
This section applies solely to California residents and supplements our Privacy Policy above.
Collection and Disclosure of Personal Information
We may collect and disclose or may have collected and disclosed your personal information to certain
categories of third parties, as described below.
Category |
Disclose to Third Parties |
Contact information and personal identifiers |
We may disclose or may have disclosed this information to:
- Our Brands
- Our Subsidiaries and Affiliates
- Service Providers
- fraud detection providers
- law enforcement authorities or other government officials where required or permitted by law
|
Device Identifiers |
We may disclose or may have disclosed this information to:
- Our Brands
- Our Subsidiaries and Affiliates
- Service Providers
- fraud detection providers
- law enforcement authorities or other government officials where required or permitted by law
|
Demographic information |
We may disclose or may have disclosed this information to:
- Our Brands
- Our Subsidiaries and Affiliates
- Service Providers
- law enforcement authorities or other government officials where required or permitted by law
|
Physical characteristics |
We may disclose or may have disclosed this information to:
- Our Brands
- Our Subsidiaries and Affiliates
- Service Providers
- law enforcement authorities or other government officials where required or permitted by law
|
Biometric information |
We may disclose or may have disclosed this information to:
|
Commercial information |
We may disclose or may have disclosed this information to:
- Our Brands
- Our Subsidiaries and Affiliates
- Service Providers
- fraud detection providers
- law enforcement authorities or other government officials where required or permitted by law
|
Payment information |
We may disclose or may have disclosed this information to:
- Our Brands
- Our Subsidiaries and Affiliates
- Service Providers
- fraud detection providers
- law enforcement authorities or other government officials where required or permitted by law
|
Identity verification information |
We may disclose or may have disclosed this information to:
- Our Brands
- Our Subsidiaries and Affiliates
- Service Providers
- fraud detection providers
- law enforcement authorities or other government officials where required or permitted by law
|
Online or network activity information |
We may disclose or may have disclosed this information to:
- Our Brands
- Our Subsidiaries and Affiliates
- Service Providers
- fraud detection providers
- law enforcement authorities or other government officials where required or permitted by law
|
Geolocation information |
We may disclose or may have disclosed this information to:
- Our Brands
- Our Subsidiaries and Affiliates
- Service Providers
- fraud detection providers
- law enforcement authorities or other government officials where required or permitted by law
|
Audio and visual information |
We may disclose or may have disclosed this information to:
- Our Brands
- Our Subsidiaries and Affiliates
- Service Providers
- law enforcement authorities or other government officials where required or permitted by law
|
Professional or employment related information |
We may disclose or may have disclosed this information to:
- Our Brands
- Our Subsidiaries and Affiliates
- Service Providers
- law enforcement authorities or other government officials where required or permitted by law
|
Health and medical information |
We may disclose or may have disclosed this information to:
- Our Brands
- Our Subsidiaries and Affiliates
- Service Providers
- law enforcement authorities or other government officials where required or permitted by law
|
User Content |
We may disclose or may have disclosed this information to:
- Our Brands
- Our Subsidiaries and Affiliates
- Service Providers
- law enforcement authorities or other government officials where required or permitted by law
|
Inferences |
We may disclose or may have disclosed this information to:
- Our Brands
- Our Subsidiaries and Affiliates
- Service Providers
- law enforcement authorities or other government officials where required or permitted by law
|
In addition to the purposes set forth in the How We Use Information and How We Share Information sections set forth and above, we collect and may disclose this
personal information for the following business or commercial purposes:
- To audit our interactions with you to ensure compliance with applicable law and to measure the
effectiveness of our products, services, and advertisements;
- To detect, prevent, and prosecute harmful, fraudulent, or illegal activity;
- To identify and repair bugs on our websites or mobile applications;
- To provide services, such as customer service, order fulfillment, and payment processing, which we
either conduct or engage service providers to conduct on our behalf;
- For research and development;
- To further our business goals, including to advertise our products and services; and
- For quality assurance.
Collection and Use of Sensitive
Personal Information
We may collect certain categories of personal information that may be used to infer characteristics about
consumers. Some of these categories used to infer characteristics about consumers may be considered
“sensitive personal information” under California law, such as health and medical information like your
skincare concerns, and demographic information like your ethnicity. In addition to the purposes set forth
above, we use this information to further our business goals, such as to advertise our products and
services or provide personalized product recommendations.
Sale or Sharing of Personal
Information
We do not sell or share your personal information for monetary consideration. Certain advertising
practices, such as those described in the How We Use Information to Advertise section,
may be considered a “sale” under California law when the personal information is exchanged for
non-monetary consideration. You have the right to opt out of these types of disclosures of your
information. We may “sell” or “share” (or may have “sold” or “shared”) the following categories of
personal information to the third parties listed below:
Category |
Sold to or shared with Third Parties |
- Contact Information and personal Identifiers
- Device identifiers
- Online or network activity information
- Commercial information
- Inferences
|
We may sell or share or may have sold or shared this information to:
- Advertising companies
- Our Brands
|
We do not have actual knowledge that we sell or share the personal information of minors under 16 years
of age. We do not sell or share sensitive personal information.
Financial Incentives
We may offer you various financial incentives such as discounts and special offers when you provide us
with contact information and identifiers such as your name and email address. When you sign-up for one of
our brand loyalty programs, email lists or other discounts and special offers, you opt-in to a financial
incentive. You may withdraw from a financial incentive at any time by opting out from the brand emails you
initially signed-up for, or closing your brand loyalty member account. Generally, we do not assign
monetary or other value to personal information, however, California law requires that we assign such
value in the context of financial incentives. In such context, the value of the personal information is
related to the estimated cost of providing the relevant financial incentive(s) for which the information
was collected.
Your Rights
If you are a California resident, you have the right to:
- Request, twice in a 12 month period, access to the personal information we have collected, used,
disclosed, and sold or shared about you,
- Deletion of the personal information we have collected from you (subject to certain exceptions),
- Correction of the personal information we maintain about you, if that information is inaccurate,
- Limitation of our use and disclosure of sensitive personal information used for inferring
characteristics about you,
- Opt-out of the sale of your personal information or sharing of your personal information for
cross-context behavioral advertising purposes.
You can exercise your rights by submitting a request through our Privacy Request Portal. Before processing your request, we will take reasonable
steps to verify your identity, which will include verifying that the email address from which you submit
the request matches the email address we maintain on file for you. To ensure you are the owner of the
email address, you must respond to a confirmation email that we will send to such email address. In some
cases, we may ask that you provide additional information to verify your identity. You may also designate
an authorized agent to make a request on your behalf. The authorized agent may submit the request through
our Privacy Request Portal and will be required to provide proof that they have been
authorized to act on your behalf. If the authorized agent does not provide such proof, you will be
required to confirm your identity and the authenticity of the request.
To opt-out of the sale or sharing of your personal information for cross-contextual behavioral
advertising purposes, you must also edit your preferences using the “Do Not Sell or Share My Personal
Information / Target Ads” link at the bottom of each our Brand websites. You may also use the Global
Privacy Control signal. For more information about the Global Privacy Control, visit https://globalprivacycontrol.org/.
We will not discriminate against you on account of your exercise of your California privacy rights.
If you would like us to read this Privacy Policy to you, please contact us at 1.800.588.0070.
Colorado, Connecticut and Virginia
Residents
This section applies solely to Colorado, Connecticut, and Virginia residents and supplements our Privacy
Policy above.
If you are a Colorado, Connecticut, or Virginia resident, you have the right to:
- request access to, or correction or deletion of, your personal information; or
- opt out of the processing of your personal information for targeted advertising purposes or the sale
of your personal information. Certain advertising practices, such as those described in the How We Use Information to Advertise section, may be deemed targeted advertising or a
“sale” under some state laws.
You can exercise your rights by submitting a request through our Privacy Request Portal. Before processing your request, we will take reasonable
steps to verify your identity, which will include verifying that the email address from which you submit
the request matches the email address we maintain on file for you. To ensure you are the owner of the
email address, you must respond to a confirmation email that we will send to the email address. In some
cases, we may ask that you provide additional information to verify your identity. You may appeal our
decision with respect to a request you have submitted by contacting us at privacy@estee.com.
To opt-out of the processing of your personal information for targeting advertising purposes or the sale
of your personal information, you must also edit your preferences using the “Do Not Sell or Share My
Personal Information / Target Ads” link at the bottom of each our Brand websites.
Illinois Residents
This section applies solely to Illinois residents and supplements our Privacy Policy above.
As indicated in our Privacy Policy, we may collect biometric information such as facial geometry if you
use certain of our virtual try-on applications. For Illinois residents who provide us with biometric
information (such as during use of our virtual try-on apps), in accordance with Illinois state law, we
will retain biometric information only until the occurrence of the first of the following:
- The initial purpose for collecting or obtaining such biometric information has been satisfied, or
- Three years following your last interaction with us.
Utah
Residents
This section applies solely to Utah residents and supplements our Privacy Policy above.
If you are a Utah resident, you have the right to:
- request access to your personal information;
- request the deletion of personal information you have provided to us;
- opt-out of the processing of your sensitive information; or
- opt out of the processing of your personal information for targeted advertising purposes or the sale
of your personal information. Certain advertising practices, such as those described in the How We Use Information to Advertise section, may be deemed targeted advertising.
You can exercise your rights by submitting a request through our Privacy Request Portal. Before processing your request, we will take reasonable
steps to verify your identity, which will include verifying that the email address from which you submit
the request matches the email address we maintain on file for you. To ensure you are the owner of the
email address, you must respond to a confirmation email that we will send to the email address. In some
cases, we may ask that you provide additional information to verify your identity.
To opt-out of the processing of your personal information for targeting advertising purposes or the sale
of your personal information, you must also edit your preferences using the “Do Not Sell or Share My
Personal Information / Target Ads” at the bottom of each our Brand websites.