PRIVACY POLICY

LAST UPDATED: January 28, 2019

This Privacy Policy ("Privacy Policy" or "Policy") tells you how Shiseido (Canada) Inc. ("NARS", "we," or "our") collects, uses, shares, and protects information obtained from and about our customers ("you"). It also tells you how you can access and update your information and make certain choices about how your information is used. This Policy covers both our online and offline data collection activities, including information that we collect through our various websites and applications, as well as our offline programs and events. By using a NARS website or by otherwise giving us your information, you agree to the terms of this Policy. If you do not agree to this Policy, you must not use our websites or applications or give us any of your information.

If we want to change the way we handle your information, we will post those changes in this Privacy Policy, so we encourage you to review it periodically. For material changes (i.e., substantially new practices you wouldn’t expect from us or that we didn’t previously tell you about), we may decide to notify you more prominently and/or give you prior choice. We reserve the right to make changes to our practices and this Policy at any time, provided that we follow the procedures above.

THIS PRIVACY POLICY ANSWERS THE FOLLOWING QUESTIONS:

Q: How do we collect information from you?

This Privacy Policy applies to information that we, NARS, collect from or about our customers through the methods described below. We may combine information collected via one method (e.g., a NARS website) with information collected via another method (e.g., a NARS store counter). We do this to get a more complete view of our customers, which, in turn, allows us to serve you better and with more personalization. Also note that not all of the methods listed below may be relevant to you.

NARS websites and applications

We may collect information from you through one of our Canadian or international websites or applications. This could include (a) any site that we own and control under our own domain (such as www.narscosmetics.ca, or some other domain name that redirects you to one of these sites), or (b) any site or web application that we may develop and run on a third party social network such as Facebook. This could also include any site or application that we specifically design for use on a cell phone or other mobile device, such as a mobile-enabled site (i.e., WAP site) or mobile application (e.g., iPad/iPhone app). This Policy will only apply if it is posted or linked to on the website or application which you are using.

NARS store counters

We may collect information from you at one of our store counters located within department stores. This may take the form of a printed registration card or electronic registration, or other information collected during checkout. Our store counters are available in the Canada and in some locations outside the Canada In some instances, these store counters may be found within other department stores.

NARS text messaging programs

We may collect information from you through one of our inbound text messaging programs. For example, periodically we may allow customers to send us inbound text messages using a short code that we create and advertise in connection with a special offer or promotion. These programs might be advertised in one of our store counters or on one of our websites or applications. If you choose to participate in one of these programs, information about your physical geo-location may be collected and used for marketing purposes (see "Marketing Communications" under "How do we use your information?" below for more information). This Policy will only apply if the NARS text messaging program indicates it applies or refers you to our website to view the relevant privacy policy.

Call center orders

We may collect information from you through our call centers, for example if you place an order over the phone, by email, or through live chat to our customer service department. These methods of ordering are available in the Canada and in some locations outside the Canada Our call centers may also collect information from you to respond to your question or comment or other follow-up request.

Email correspondence

We may collect information from you if you correspond with us via email. For example, if you send an email to our customer service department, we may obtain certain information about you (such as your contact email address) and use it to follow up.

Data collected from other sources

Occasionally, we may obtain information about you from other sources. For example, we may hire a third party data aggregator or vendor to provide us additional information about our existing customers (this is known as "data appending"), including information from your profile or postings on a third party social network. We may also receive information from third party co-sponsors who we may partner with occasionally to run special promotions or giveaways. We may also receive information about customers in the event we acquire other companies. We may also receive information from other methods that are not inconsistent with this Policy.

Q: What information do we collect from you?

Depending on how you interact with NARS (online, in-store, on the phone, etc.), we may collect from you various types of information, which are described in more detail below. In some instances (and unless we say otherwise below), we may combine one type of information with another type of information, and store them together in our records. In all cases, however, we strive to limit the amount of information we collect and store to that which is necessary to provide you the relevant services.

Personal contact information

This includes any information that would allow us to personally contact you, such as your name, home or mailing address, phone number, or email address. In some cases, this could include information that you give us about someone else (for example, if you ask us to ship a NARS product to a friend). We typically collect personal contact information in connection with a variety of activities, including account registration, product orders, customer service, contests and promotions, and customer feedback. If you create an account with us, some of your personal contact information may be stored under your account profile. To review or edit this information, go to the relevant "My Account" section of our site or contact Customer Service.

Payment information

This includes any information that you use to make a purchase, such as your credit card details (cardholder name, card number, expiration date, etc.), gift card information, check or other forms of payment (if such are made available). This also includes the billing name and address associated with your form of payment. We only collect payment information for purchases (whether your purchase is made in-store, online, or by phone). If you create an account with us, your payment information (along with your purchase history and other related preferences) may be stored under your account profile. To review or edit this information, go to the relevant "My Account" section of our site or contact Customer Service.

Account login information

This refers to any information that is required for you to establish a unique account with us or for us to give you access to your specific account information. Examples include customer number, login ID, screen name, password, and/or security question and answer. Certain login information, such as your customer number, may be generated by us and then sent to you. We only collect (or create for you) unique login information for those activities that require an account. Your unique login information, especially your password, should always be kept confidential and should never be shared with anyone else. To change your account password, go to the relevant "My Account" section of our site or contact Customer Service.

Demographic information

This includes any information that describes demographic or psychographic characteristics. Examples may include your date of birth, age or age range, gender, facial attributes (e.g., hair color, eye color, skin type, skin tone, etc.), general geographic location (e.g., postal code or city and province), favorite products, hobbies and interests, or lifestyle information. We typically collect demographic information in connection with a variety of activities, including account registration, contests and promotions, and customer surveys. If you create an account with us, you may be allowed to modify certain demographic information stored under your account profile. To do so, go to the relevant "My Account" of our site or contact Customer Service. For demographic information associated with your profile on a third party social network (e.g., Facebook), see separate paragraph on "Social network information" below.

Technical computer info

This includes any information about the computer system or other technological device that you may be using to access one of our websites or applications. We typically collect this information through the use of automated technologies such as cookies and web beacons. For more on cookies, see the section "Do we use cookies to gather information?" below. Examples of technical computer information that may be collected include your computer’s IP address, operating system type, and web browser type. If you access a NARS website or application via a mobile device such as a smartphone, the collected information may also include your phone’s unique device ID, location, and other similar mobile device data. Technical computer information is not typically associated with your personal contact information.

Website usage information

This includes information about how you use and navigate our websites and applications, including which links you click on, which pages or content you view, and other similar information or statistics about your interactions with our websites or applications (e.g., date and time of visit, which site you came from, etc.). This information is captured using automated technologies such as cookies and web beacons, and may be collected regardless of the device you may be using (computer, smartphone, tablet, etc.). This information may also be collected using third party analytics services (such as Google Analytics) that collect data in aggregate (such as number of visits to a particular page or the amount of time spent on a site). We may also use these technologies, such as web beacons, to capture information about how users respond to certain email campaigns (e.g., time the email is opened, where users link to from that email, etc.). Website usage information may be associated with your personal contact information. For more on cookies, see the section "Do we use cookies to gather information?" below.

Customer feedback

This includes information that you voluntarily share with us about your experience in using our products or services, including our beauty products, websites and applications, and store counters. Examples may include comments and suggestions, testimonials, or other feedback you send us about what you may have liked (or disliked) about your experience in using our products or services. We typically collect this information in the form of customer surveys, feedback forms, and email correspondence

Customer-generated content

This refers to any content that you create and then share with us (and perhaps others) by uploading it to one of our websites or applications, such as our Facebook fan pages or applications. Examples may include photos, videos, personal stories, or other similar media or content. We mostly collect customer-generated content in connection with contests and promotions, website community features, customer engagement, and third party social networking.

Social network information

This refers to any information that is part of your profile on a third party social network (such as Facebook) and that you allow the third party social network to share with us or that you post publicly. Examples may include your basic account information (e.g., name, email address, profile picture, gender, birthday, current city, user ID, list of friends, etc.) and any other additional information or activities that you permit the third party social network to share with application developers or that you post publicly on a NARS social networking page. For example, we may receive your social network information (or parts of it) when you download or interact with a NARS application on a social networking site (such as Facebook) or use a third party social networking feature that is integrated within a NARS site (such as Facebook Connect). To learn more about how your social network information may be obtained by NARS (or other application developers), please visit the website of the relevant third party social network.

Other information (depending on context)

This refers to any other information that we might need to collect for a specific NARS form, feature, or other service that you use or request. What this information might include will vary depending on the method of collection and the specific purpose(s) for which the information is being collected. Please see the section "How do we use your information?" below for more specific examples.

Q: How do we use your information?

The following paragraphs describe the various purposes and features for which we might collect and use your information, and the different types of information that might be collected for each. Please note that not all of the uses listed below will be relevant to every customer.

Order fulfillment

We may collect and use your information to process and ship your orders, to inform you about the status of your orders, and to follow up with you about your satisfaction with the ordered products. Depending on how you make a purchase (e.g., online, in-store, call center, etc.), this could involve the collection and use of certain personal contact information, payment information, account login information, and/or information related to your purchase (such as products ordered). This could also involve the ongoing storage of your payment information to allow for easier checkout on future purchases.

Please note that there are many independent e-commerce sites that sell NARS products but that are not controlled or operated by NARS. Because these sites may have different privacy and security practices than we do, we recommend that you read their privacy policies before making any purchases on those sites.

Account maintenance

We may use your information to maintain your accounts with us, including administering any customer loyalty or rewards programs associated with such accounts. This typically involves the use of the information that was originally collected to set up your account (e.g., personal contact information, payment information, account login information, demographic information, etc.).

Customer service

We may collect and use your information to provide you customer service, including responses to your inquiries. This typically requires the collection and use of certain personal contact information (such as your name, email address) and information regarding the reason for your inquiry (e.g., order status, technical issue, product question, general question, etc.). Customer service may be provided through various forms of communication, such as email correspondence and call center support.

Product improvement and customization

We may collect and use your information so we can constantly improve our products, tailor them to your needs, and come up with new product ideas. This mostly involves the collection and use of demographic information and customer feedback.

Personalized product recommendations

We may use your information to provide you with NARS product recommendations, offers, and rewards that are tailored to your interests and profile . This mostly involves the use of your previous order history (including online, counter, and call center purchases), as well as certain demographic information (such as your favorite look, unique facial attributes, birth date, etc.).

Contests and Promotions

We may collect and use your information to administer a contest, sweepstakes, giveaway, competition, or other similar marketing campaign or promotion. These events typically require the collection and use of personal contact information (for prize fulfillment), limited demographic information (for eligibility), and, in some cases, customer-generated content. Some promotions with customer-generated content or a social networking component will be run on third party social networks such as Facebook (e.g., on NARS’ Facebook fan page or application). To comply with contest laws, we may publish or share limited information about promotion winners (such as name and city of residence). For more information about our contests and other promotions, please see the official rules or details posted with each promotion.

Marketing Communications

We may collect and use your information to send you marketing communications, such as email communications, mobile messages (including text and/or push notifications), and postal mailings. These communications may inform you about new products, store events, special discounts and coupons, beauty tips, and other news and special offers. On occasion, these communications may also contain information or offers about third party products.

Sending you marketing communications mostly requires the collection and use of certain personal contact information and/or demographic information. In some instances (such as for mobile messages), this may involve the use of technical information or precise geo-location information obtained from your mobile device. This allows us to send you messages directly to your mobile device, including offers and coupons based on your location.

You can always opt-out from receiving marketing communications either by following the unsubscribe instructions provided in each such communications or by updating your device settings for mobile messages. If you have an online account with us, you may be given the option to change some of your communication preferences under the relevant "My Account" section of our site or by calling Customer Service. Please note that even if you opt-out from receiving marketing communications, you may still receive other communications from us, such as order confirmations, notifications about account activities (e.g., account confirmations, password changes, website community postings, etc.), and other important announcements (e.g., product recalls, privacy policy changes, etc.).

Website personalization and convenience

We may collect and use your information to personalize your experience and save you time when you visit our websites and applications. This is typically done through the use of automated technologies (such as cookies) that collect and remember certain account login information, technical information, and/or previous website usage information. For example, we might remember your login ID or username so you can quickly login the next time you visit our site or so you can easily retrieve the items you previously placed in your shopping cart. Based on this type of information, we might also show you specific NARS content or offers that are more relevant to your interests.

Website community features

We may collect and use your information to give you access to our website community features, such as features that may allow you to upload and share ratings, reviews, questions/answers, stories, pictures, videos, or other content. This typically involves the collection, use, and (in some instances) public display of certain personal contact information, account login information, demographic information, and/or customer-generated content. Because these types of features are "communal" in nature, information you post in these areas may be visible to others. Please use caution when using these features or uploading content to a NARS site or application. For some community features, you may have the ability to control whether some parts of your profile can be seen by others and whether we send you notifications about certain community activities (like the fact that one of your questions has been answered). To access these settings, go to the "My Account" section of our site and login to the relevant community account. For community features that are integrated with third party social networks such as Facebook, see separate section on "Third party social networking" below.

Website viral features (e.g., tell-a-friend)

Where permissible under applicable law, we may request and use your information so you can use our website viral features, such as tell-a-friend. These features allow you to easily share certain NARS’ news, product information, promotions, wish list items, or other content with family members and friends. These features typically require the collection and use of certain personal contact information (such as email addresses and names) so that the selected message or content can be delivered to the proper recipients. In some instances, this information may be stored in our records so we can track and reward our customers for their referrals. For tell-a-friend or other viral features offered by third party social networks (such as Facebook "Share" and "Like" features), see separate paragraph on "Third party social networking" below.

Third party social networking

We may collect and use your information when you interact with third party social networking features, such as Facebook Connect, Facebook Like, Pinterest, and Instagram. These tools may be embedded into our sites or applications for the purpose of running contests, allowing you to share content (such as beauty tips, articles, stories, etc.), allowing you to sign up for certain NARS accounts, or for other stated purposes. If you use these tools, we may have the ability to obtain certain information about you from your social networking profile (see the section "Social network information" above). You can learn more about how these features work, and the profile data we may obtain about you, by visiting the website of the relevant third party social network.

Third party online advertising

We may allow third party ad networks, such as Facebook and Google, to collect and use your information to show you ads that are targeted to reach people (or people similar to people) who have visited our website or are identified in one or more of our databases ("Matched Ads"), including NARS’ ads on our sites or on other sites. This is done by NARS uploading a customer list to the third party ad network or incorporating a pixel from the third party ad network on our website, and the third party ad network matching common factors between our data and their data. Some of these ads may entice you to come back and revisit our site for new offers and promotions. This type of advertising typically involves an ad network collecting and tracking certain technical information (such as your IP address) and website usage information (such as your browsing history) on our sites and across many other sites on the Internet. To opt-out of receiving Matched Ads, please contact the applicable third party ad network, or you can opt-out from this type of third party tracking at any time by going to: https://www.networkadvertising.org/managing/opt_out.asp. If we use Facebook Custom Audiences to serve Matched Ads on Facebook services, you should be able to hover over the box in the right corner of such Facebook ads and find out how to opt-out. We are not responsible for such third party ad network’s failure to comply with your opt-out instructions.

Other general purposes (e.g., website security, internal research)

We may collect and use your information for other general business purposes, such as to maintain the day-to-day operation and security of our websites and applications and to conduct internal marketing and demographic studies. These activities mostly require the collection and use of certain personal information, demographic information, technical computer information, website usage information, and customer feedback.

Q: Do we use cookies to gather information?

We use cookies on some of our websites. A cookie is a small file of letters and numbers that we put on your device when you visit our website and which allows us to recognize your computer when you come back to our site at a later time. Cookies allow us to enhance your website experience in several ways. For example, we use cookies to remember the items that you place in your shopping cart and to assess how visitors are using our site. We may also use cookies to personalize certain website features and to show you content and ads more relevant to your interests. By accessing and using our website(s), you consent to our use of cookies.

You can learn more about cookies and how they work at www.allaboutcookies.org or www.youronlinechoices.eu. You can always disable cookies through your browser settings. Doing so, however, may disable certain features on our websites, such as online ordering.

To opt-out from third party cookies that are used for advertising purposes, you can do so on the NAI website at https://www.networkadvertising.org/managing/opt_out.asp.

We may use third party web analytics services on our websites or applications, such as Google Analytics. The service providers that administer those services use technologies such as cookies, web server logs and web beacons to help us analyze how visitors use the site. The information collected through these means (including IP address) is disclosed to these service providers, who use the information to analyze use of our websites and applications. You may deactivate the ability of these analytics services to analyze your browsing activities on our websites and applications. To learn more about web analytics services, and exercise your choice with respect to their collection of information on our websites or applications:

- To disable Google Analytics, please download the browser add-on for the deactivation of Google Analytics provided by Google at https://tools.google.com/dlpage/gaoptout?hl=en, To learn more about privacy and Google Analytics, please consult the Google Analytics overview provided by Google.

Q: With whom do we share your information?

We may share your information with the types of companies or in the situations described below. We do not rent or sell your information to third party companies for their own marketing use.

Third party vendors

These are outside vendors, agencies, or contractors we hire to help us run our business (e.g., fulfill orders, operate our websites, run promotions and marketing campaigns, operate our call center, etc.). The information shared with our vendors could include personal contact information, payment information, demographic information, or other types of information depending on the service being provided by the vendor. For some vendors, we may need to transfer your information to locations outside your home country, such as to the Canada. Our vendors are only allowed to use your information for the specific tasks we’ve hired them to do, and for no other purpose. They’re also required to keep your information confidential and secure.

Legal disclosures (when necessary)

This is when we may need to share your information for law enforcement or other legal purposes. This type of sharing may be necessary in connection with a lawsuit, claim or investigation, governmental inquiry, court order, enforcement of legal rights (e.g., contract terms, intellectual property rights, etc.), safety issue, or other similar legal or security matter. Sharing your information for these reasons is not a regular event, but could arise from time to time. We will strive to limit the types and amount of information we may need to share for legal purposes to that which is reasonably necessary.

Business transfers (e.g., sale or acquisition of company)

We may share (or receive) information about you, including personal contact information, in the event of an acquisition, merger, sale, corporate restructuring, bankruptcy, or other similar event that involves NARS or its parent or affiliated companies. If such an event occurs, we will take reasonable steps to require that your information be handled in accordance with this Privacy Policy, unless it is not practicable or permissible to do so.

Affiliated Brands and Companies

We may share (or receive) information about you, including personal information, with our corporate affiliates, including our parent company, Shiseido Americas Corporation, or other brands in the Shiseido portfolio. For additional information regarding our corporate affiliates or other brands, please see https://www.shiseidogroup.com.

Q: How do we protect your information?

We use a variety of standard methods (described below) to keep customer information confidential and secure. Please note, however, that these protections do not apply to any information you choose to share in public areas such as our website community features or other social areas.

Secure operating environments

We store your information in secure operating environments that are protected from the public and that we only allow authorized NARS employees and agents/contractors to access on a need-to-know basis.

Encryption for payment info

We use industry-standard encryption to provide greater protection for sensitive financial information, such as your credit card information or other payment information, when such information is sent to us over the web. For example, encryption is used when you make payments through our online store, as well as if you choose to have your payment information stored with us for future online purchases.

Other security measures

In addition to the methods above, we may take other measures to protect your information, depending on the sensitivity of the data and other considerations (such as how the information is collected and where it is stored). These measures may include (among other things) additional access restrictions, password requirements, and physical protections (e.g., secure data centers, etc.).

Measures you can take

Despite all of our efforts, no security safeguards or standards are guaranteed to provide 100% security. It is also important for you to play a role in keeping your information safe and secure. When signing up for an online account, please be sure to choose an account password that is hard for others to guess and never to reveal it to anyone else. If you use a shared or public computer, never choose to have your login ID or password remembered and make sure to log out of your account every time you leave the computer.

Q: Other important policy information?

This section provides additional information that is important for you to know about this Policy or our practices.

Your information may be transferred outside your home country

Because NARS is headquartered in the Canada, we may have a need to transfer information collected from our non-Canada customers to the Canada We may also have a need to transfer our customer information (regardless of where you live) to other countries or places in which we or our agents/contractors maintain offices or facilities. By using a NARS website or application or by otherwise doing business with NARS, you are agreeing to allow us to transfer your information outside your home country and to process it inside the Canada or elsewhere for the purposes stated in this Privacy Policy.

We do not collect information from children

We do not solicit or collect any type of information from a person known to be under the age of 13. If we discover that we have accidentally collected information from a child, we will remove that information from our records as soon as feasibly possible (or obtain the necessary parental permission to retain it).

We are not responsible for third party sites/features

Our websites and applications may provide links to, or features from, other third party sites (such as third party social networks) that we do not own or control. If you click on such links or use such features, you do so at your own risk. We are not responsible for the content or practices of any third party site, application, or feature.

Q: How can you contact us with questions?

For any questions or concerns regarding this Privacy Policy, any personal information you have submitted to us, or if you would like to:
• access personal information that you have already provided to us so that you can correct or update it, or request that it be deleted;
• request the deletion of personal information regarding your minor child; or
• report any violation of this Privacy Policy;

NARS Cosmetics
c/o Shiseido (Canada) Inc.
303 Allstate Parkway
Markham, Ontario
L3R 5P9
Attn: Legal Department

(866) 880-NARS (6277)
customercare@narscosmetics.ca or
privacy@sac.shiseido.com