PRIVACY POLICY

 

1        IMPORTANT NOTICE

1.1        This is Penhaligon’s Privacy Notice, which sets outs how we (as defined thereafter) collect and process your personal information when you access and use our site penhaligons.com/me/en and penhaligons.com/me/ar (‘our site’). This Privacy Notice also provides certain information that is legally required and lists your rights in relation to your personal data.

1.2        We take our data protection responsibilities very seriously and we comply with all applicable Data Protection Legislation (as defined thereafter) in force from time to time. Any and all personal data sent to us through our site and/or the course of the purchase of products will be collected and/or processed by us pursuant to applicable laws in the United Arab Emirates for orders delivered to United Arab Emirates, and pursuant to applicable laws in Saudi Arabia for orders delivered to Saudi Arabia, without prejudice however to any applicable conflict of laws rules (together, “Data Protection Legislation”).

1.3       For the purposes of the Data Protection Legislation companies of the PUIG Group that may need to have access to and process the personal data collected on our site for one of the purposes listed below shall be considered as separated and independent controller of your personal data. In this context, the following companies (hereinafter, jointly referred as to the “we”, “us” or “our”) shall be classified as controller of your personal data with respect to the following data processing activities:

  • Marketing Purposes: Penhaligon’s Limited company with registered office at 1 Cathedral Piazza, SW1E 5BP London (United Kingdom), incorporated England Companies House under number 02110619 (hereinafter referred to as “Penhaligon’s”);
  • Online Sales (including Customer Services in conjunction with the Online sale):
    • Online-Shop for United Arab Emirates : Puig Emirates LLC- a United Arab Emirates entity whose head office is located at PO Box 30058, Building 10, Dubai Design District United Arab Emirates under number 988059 (hereinafter referred to as “Puig Emirates”);
    • Online-Shop for Kingdom of Saudi Arabia: Al Farida International Beauty Co. Limited LLC - a Saudi Arabia entity whose head office is located Real Building Sari Street, Al Zahra’a District P.O Box 248 Jeddah 21451 Saudi Arabia under number 4030144589 (hereinafter referred to as “Al Farida”).

 

We hereby undertake to treat all information provided online by you as strictly confidential.

This Privacy Policy relates to personal information identifying any user when accessing our site, using its services and/or filling in forms on our site with or without purchasing any product from the local Online-Shops. This Privacy Policy helps you understand how we collect and use your personal data and for which purposes and lists your rights in relation to your personal data.

For the accuracy of your provided personal data in our files, please communicate any changes to our Customer Service. Therefore, we can ensure that the information contained in our files is, always, up-to-date and accurate. We reserve the right to suspend or interrupt the provision of the requested services should you provide inaccurate personal data, without prejudice to any action allowed by law.

1.4        This Privacy Notice may vary from time to time so please check it regularly. These terms were most recently updated February 2023.[W,J1] 

2        THE PERSONAL DATA WE COLLECT ON YOU

We may collect and process your personal data for a variety of different purposes. The reasons for collecting personal data will be expressly listed in the information below.

We may collect the following personal data about you:

2.1        Personal data you provide to us via our site, including information that         you provide by filling in forms on our site. This includes information provided at the time of registering to use our site and when you make purchases from our site.  For example:

2.1.1        Your name and title;
2.1.2
       Your billing and delivery postal address, phone, fax and email             addresses;
2.1.3        Your gender (although this is not mandatory);
2.1.4        Your date of Birth
2.1.5        Where you have registered with us, your user name and password; and
2.1.6        How you heard about us.

2.2        Personal data you provide when you enter a competition or promotion sponsored by us, and/or when you report a problem with our site;

2.3        We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them;

2.4        Details of transactions you carry out through our site and of the fulfilment of your orders;

2.5        Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access;

2.6        Information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users' browsing actions and patterns, and does not identify any individual;

2.7        Personal data gathered using cookies – please see our Cookie Policy [JW2] for further information;

2.8        Personal data you provide when you request our marketing material or email newsletter or submit a query to us or which is collected via social media;

2.9        Personal data you provide when using interactive features of our site; and

2.10      Personal data you provide when apply for a job advertised or submit a speculative job application and/or your CV. 


3        KEY INFORMATION ABOUT YOUR PERSONAL DATA

3.1        Data controller and contact details  

3.1.1        Data Controllers are identified in clause 1.3 of this Privacy Policy.

3.1.2      If you have a concern or question regarding your privacy, you can contact us at:  

- United Arab Emirates: [email protected] / +97148167177; or

- Saudi Arabia: [email protected] / +966122257223 

3.2        Legal grounds for processing 

3.2.1        We collect and process your personal data for a variety of different purposes which are set out in further detail below.

3.2.2        In some cases, we will ask for your consent in order that we can process your personal data.  However, in certain circumstances Data Protection Legislation allows us to process your personal data, without needing to obtain your consent.  As examples, this may be because we need to use your personal data in order to provide you with the services or goods you have elected to receive from us (i.e. in the ordinary course of our business), to operate our site or for legitimate business or legal purposes.

 3.3        How we use your personal data – we collect your personal data for the following purposes:

(i)        For the performance of a contract to which the data subject is party (Online sales):

•           to allow us to process your orders and payment, let you know the status of your order,

•           to manage your account and to serve your requests in general,

(ii)       On the basis of the data subject's consent (Marketing purposes):

•           to send you our newsletters as well as details of our products, special offers or promotional offers that may be of interest to you,

•           to improve our understanding of your interests and concerns, to improve our understanding of your use of our products, for our internal marketing and demographic studies, which may involve profiling activities: we may use your information to make our site design and products/services better.

(iii)      To comply with our legal obligations (Online sales and Marketing purposes):

•           for security purposes: we may use information to protect our company, our clients, and our Website against fraud, theft or any wrongdoing which may affect our activity.

3.3.1        We may ask for your consent to contact you by telephone, SMS, post and/or email about other offers, products, promotions, developments or services which we think may be of interest to you and for other marketing purposes.  You can indicate your consent by ticking the relevant box.

3.3.2        We may ask for your consent to PUIG Group companies to contact you by telephone, SMS, post and/or email about other offers, products, promotions, developments or services which may be of interest to you and for other marketing purposes.  You can indicate your consent by ticking the relevant box.

3.3.3        We may ask for your consent to allow third parties to contact you by telephone, SMS, post and/or email about other third party offers, products, promotions, developments or services which may be of interest to you and for other marketing purposes.  You can indicate your consent by ticking the relevant box.

3.3.4        We also request consent for some cookies in accordance with our Cookie Policy[W,J3] .  

3.4        Withdrawing your consent

3.4.1        In the event that we rely on your consent, you may at any time withdraw the consent you give to our processing your personal data for those purposes set out in section 3.3 above by contacting us at:

- United Arab Emirates: [email protected] / +97148167177; or

- Saudi Arabia: [email protected] / +966122257223

3.4.2        If you want to stop receiving future marketing messages and materials at any time, you can do so alternatively by clicking the 'unsubscribe' link which is included in all of our email marketing messages.

3.4.3        Our Cookie Policy [JW4] sets out how to manage cookies.  

 

3.6        Who receives the personal data you provide to us  

We, and certain entities appointed by us, will process your personal data related to the Online Sales and the Marketing Purposes (hereinafter the "Processors").

The above-mentioned Processors have been chosen because of their experience in processing personal data and they provide sufficient guarantees regarding compliance with Data Protection Legislation (including the technical security measures governing the processing to be carried out). In processing your personal data for the Online Sales, the Processors shall act only under our instructions. We regularly check that our Processors comply with our instructions and that they continue to provide sufficient guarantees regarding their full compliance with Data Protection Legislation on personal data processing.

The Processors of your personal data are:

•           Customer service, for purposes related to the shipping, delivery and return of products purchased on our site and customer service to users of our site;

•           Computer services, for purposes related to the hosting of our servers;

•           Payment platforms, for purposes related to the payment method and its execution;

•           Logistic services, for purposes related to shipping and delivery and return of the products purchased on our site.

•           Marketing services, for the analysis of use of our site, sending communications, managing advertising content, etc.

Aside from the Processors appointed for personal data processing, your personal data will be made available also to third-parties, independent controllers, for purposes related to supplying services requested by you (for example, for purchase transactions) or for purposes of third parties.

Moreover, your personal data may be disclosed to the police or to judicial authorities, according to applicable laws and upon a formal request by such entities, for example in the event we need to prevent fraud on our site(anti-fraud services). 

3.7        Transfers of your personal data to other countries  


3.7.1        The personal data we collect from you is currently held within the United Arab Emirates or Saudi Arabia (depending on where the order is delivered) and will be shared with the United Kingdom and countries within the European Economic Area (“EEA”). However, it is possible that in the future such personal data may be transferred, stored and/or processed outside the EEA.

3.7.2        By submitting your personal data, you agree to this transfer, storing and/or processing. You should be aware that countries outside the EEA and UK may not offer the same level of data protection. However, we will take reasonable steps to ensure that your personal data is given equivalent protection in accordance with the Data Protection Legislation, by implementing adequate contractual conditions in our agreements with business partners dealing with transfer of personal data to ensure that personal data are processed according to our instructions, and in such a way to maintain their integrity and security.


3.8        How long we will hold your personal data for

3.8.1        We will only hold your personal data for so long as is necessary for us to do so, in accordance with the following criteria:

  1. The on-going business operation / relationship that we have with you;
  2. The completion of the purpose for which the personal data was given;
  3. Our legal obligations in relation to that personal data and other legal requirements;
  4. The type and size of the data held and whether any of it is deemed to be special category personal data; or
  5. Our accounting requirements in relation to that personal data.

We keep the length of time that we hold your personal data for under review.

3.8.2        Where we no longer need to process your personal data for the purposes set out in this Privacy Notice then we will delete your personal data from our system.  


3.9        Why should you provide us with personal data?  


3.9.1        Please be aware that we do need to use certain of your personal data in order to fulfil our contractual obligations to you and to provide you with the goods and services you have elected to receive. If you do not provide it then we may not be able to perform the contract to the level you expect or at all.  Please see our Terms and Conditions of Sale for further details. 

3.9.2        Where we ask for your consent to process your personal data, you are free to withdraw any consent you may give (see section 3.4 above). In addition you are entitled to object to any other processing of your personal data we carry out where we do so in accordance with our own legitimate interests, a list of which is set out in section 3.5 (please also see section 4.5 below for a list of your rights in this respect). Please note, however, that where you do withdraw your consent or otherwise object to our processing of your personal data then this may impact on our ability to provide you with goods and services or (in the case of cookies) affect the functionality of our site  


3.10        Automated decision making  


3.10.1        We use automated decision making tools in our processing of your personal data.

3.10.2        We employ the following logic in relation to such automated decision making:

(a)              Product recommendations based on previous shopping experience

3.10.3        We consider that the significance of such automated decision making and the consequences for you of our employing these techniques are as follows:

(a)  Different product recommendations being offered
 

3.11        Where we store your personal data  


3.11.1        All information you provide to us is stored on our secure servers.

3.11.2        We will keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.

3.11.3        Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

3.11.4        Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

3.11.5        Payment transactions are made using payments providers. All credit/debit card transactions on our site are processed using, a secure online payment gateway that encrypts your card details and cannot be accessed by us. 

 3.12        Accuracy of your personal information

It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you.  Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.


4        SUBJECT ACCESS RIGHTS 
 
4.1
        Your right to access your personal data in our possession.


4.1.1        You have the right in certain circumstances to obtain from us confirmation as to whether or not we are processing your personal data and, where that is the case, access such personal data and be made aware of the information set out in this Privacy Notice in relation to such data.

4.1.2        If you would like to exercise this right, please contact us using the contact details set out above in paragraph 3.1.2 of this Privacy Notice.

 

4.2        Your right to have inaccurate personal data rectified  

4.2.1        You have the right in certain circumstances to obtain from us the rectification of inaccurate personal data that we hold and which concerns you. This includes the right to request that incomplete personal data is completed (and you may submit a supplementary statement to us in order to do so).

4.2.2        We will rectify inaccurate personal data without undue delay, and will do the same in respect of incomplete personal data although in such instances we are entitled to take account of the nature of our processing of the data in assessing whether we are required to complete the missing information. If you would like to exercise this right, please contact us using the contact details set out above.  


4.3        Right to erasure (“right to be forgotten”)  

4.3.1        You have the right to obtain from us the erasure of personal data that we hold and which concerns you. This right applies in certain circumstances where:
(a)            the relevant personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b)            You withdraw your consent using the mechanism set out above and there is no other legal ground for our processing your personal data;

(c)            Where you object to our processing your personal data using the mechanism set out in section 4.5.1(a) below and there are no overriding legitimate grounds for our processing your personal data, or where you object to our processing your personal data using the mechanism set out in section 4.5.1(b) below;

(d)            Where we have processed your personal data unlawfully;

(e)            The relevant personal data have to be erased in order to comply with law; or

(f)             Where the personal data have been collected in relation to the offer of information society services directly to a child.

4.3.2        If you would like to exercise this right, please contact us using the contact details set out above. We will do this without undue delay unless there is a legal reason as to why we should not comply with your request.  
 

4.4          Right to restriction of processing  

4.4.1        You have the right to restrict the way we process your personal data in certain circumstances:
(a)            if you contest the accuracy of the relevant personal data, we will suspend our processing of your personal data for such a period as we require in order to verify the accuracy of such personal data;

(b)            Where the processing of the relevant personal data is unlawful and you would prefer that we restrict how we process it rather than erase the data altogether;

(c)            Where we no longer need the relevant personal data for the purposes of processing it, but the personal data are required by you for the establishment, exercise or defence of legal claims; or

(d)            Where you object to our processing your personal data using the mechanism set out in section 4.5.1(a)below, you may request that we restrict the way we process your personal data pending verification of whether our legitimate grounds for processing your personal data override yours.

4.4.2
        Except for storing the personal data, we will only process it with your consent or for limited reasons such as the establishment, exercise or defence of legal claims, for the protection of the rights of another person or for reasons of important public interest.

4.4.3        If you would like to exercise this right, please contact us using the contact details set out above.  
 

4.5        Right to object to processing of personal data  

4.5.1        In addition to your ability to withdraw your consent, you have the right:
(a)            To object, on grounds relating to your particular situation, at any time to our processing of your personal data where we consider that processing your personal data is necessary for: (i) the performance of a task carried out in the public interest or in the exercise of official authority vested in us; or (ii) the purposes of the legitimate interests pursued by us or by a third party, including in each case profiling based on those provisions. In such instances we will no longer process the relevant personal data unless we can demonstrate to you compelling legitimate grounds for our processing the relevant personal data which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims; and/or:

(b)            To object at any time to our processing your personal data for direct marketing purposes, which includes profiling to the extent related to such direct marketing. In such instances we will cease to process your personal data for such purposes.

4.5.2        If you would like to exercise these rights, please contact us using the contact details set out above.  
 

4.6        Right to data portability  

4.6.1        You have the right to receive from us the personal data concerning you which you have provided to us, in a structured, commonly used and machine readable format and have the right to transmit those data to another controller without hindrance from us. This right shall include the right to require us to transmit the relevant personal data to another controller on your behalf, where technically feasible. This right only applies to personal data that: (i) we gain your consent to process pursuant to section 3.3; or (ii) we obtain in order to perform our contractual obligations to you, and in each case to the extent we process your personal data by automated means.

4.6.2        If you would like to exercise this right, please contact us using the contact details set out above.  
 

4.7        Right to lodge a complaint about us to the Information Commissioner
 
You are entitled to exercise your right to lodge a complaint with a competent supervisory authority, in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes Data Protection Legislation.


5        LINKS TO OTHER WEBSITES

This policy only applies to Penhaligon’s Limited, Puig Emirates LLC and Al Farida International Beauty Co. Limited LLC. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy notices or policies and that we do not accept any responsibility or liability for any use of your personal data that is made by unconnected third-party websites. You should remember to read and understand those websites’ privacy notices or policies as well.