PRIVACY AND COOKIE POLICY

PURPOSE

This policy describes how PZ Cussons Beauty LLP trading as Sanctuary Spa process personal information from our website uk.sanctuary.com. We respect the privacy of every individual who visits our site. We take your right to privacy seriously and want you to feel comfortable when using this site. If we ask you to provide personal information when using this site, you can be assured that it will only be used in accordance with this privacy policy.

Please note that we may update and amend this privacy policy from time to time and any changes will be posted on our site. We will notify you of any significant changes to how we use your personal information.

IDENTITY OF DATA CONTROLLER

For the purpose of data protection law, the data controller is PZ Cussons Beauty LLP (company number OC364213) and have our registered address at 19-20 Berners Street, Fitzrovia, London GB, W1T 3NW. Our VAT number is GB 145 2422 92.

WHAT DO WE COLLECT AND WHEN DO WE COLLECT IT?

We may ask you to provide the following types of personal information when you buy a product, sign up for a newsletter or competition, create an account or use our site:

  • your name;

  • contact information;

  • information regarding your personal or professional interests relevant to our products

  • demographics such as your date of birth, address, and gender

  • photographic images, (only where needed for a competition or social media promotion); or

  • experiences with our products

Our primary goal in collecting information from you is to provide a smooth, efficient and customized experience for you while using our site and in order to provide you with further information about our products, services and competitions.

We will collect your personal information:

  • when you register to use our site or set up an account with us;

  • when you enter a competition or promotion;

  • when you participate in a survey or piece of market research;

  • when you contact us to ask a question, make a suggestion, report a problem or for any other reason;

  • when you use interactive services on our site (such as bulletin boards, forums and features that allow you to post reviews or other materials);

  • when you place an order

When you visit our site, if you give us permission to use cookies (more information on this is below) we will also collect:

  • details of your visits such as how long you have visited the site, pages you have viewed and resources accessed, how long you have visited particular areas of the site , how you have used any interactive features; including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access; and/or

  • information about your device or computer, including, where available, your location, your IP address, operating system and browser type.

If you are aged under 18, please get your parent or guardian’s permission before you provide any personal information to us. Users under 18 without this consent will not be allowed to provide us with personal information.

WHAT DO WE DO WITH YOUR PERSONAL INFORMATION?

We may use your personal information to:

  • Provide products and services–we use information to provide you with products and services you have requested, and to communicate with you about them. This information may include your product selection, your name, delivery address, payment information, your contact details and any further information needed to fulfil your order (including special delivery instructions). Without some of this information we will be unable to provide you with products and services.

  • Site Registration and Activity – we use information you give us to register you as a user of our site and administer your site accounts. If you have activated cookies – we use this information to remember you on our site and provide you with a better experience on our site, such as pre-populating fields with your preferences (this might include your location). We also use information about how you use your account and our site to improve our site and better under understand user behaviour on our site. We may also report statistical information about browsing activity to our advertisers (this information does not identify you as an individual)

  • Communicate promotions, competitions, surveys and market research – we use contact details you have given us, along with any other information we have about previous products and services you have bought or used, to provide you with information about our products, promotions, offers and events that we think will be of interest to you. We will also communicate with you to request your input into surveys about how you use our products, and for market research purposes. This includes messages delivered through email, SMS, instant messaging and social media.

  • Respond and process enquiries, suggestions and complaints; if you make and enquiry, suggestion or complaint, or return a product, we will use that information to provide you with an appropriate solution and to improve our products, services and communications. Sometimes we need to use the information to comply with contractual and regulatory requirements.

  • Legal and regulatory purposes – we may use personal data that we have gathered from you or third parties (such as law enforcement or credit reference agencies), comply with our legal obligations or for other legal reasons – for example to report fraudulent activity.

MARKETING

We want to ensure that information you receive from us is relevant to you. We may use the information you provide to us to send promotional emails which we think you may be interested in.

We will use the following types of information in order to tailor our marketing to you.

MARKETING EMAILS

When you sign up to receive our marketing emails, we will ask you to provide certain personal information such as your name, age, postal address, telephone number, email addressand date of birth. By providing us with this information, we can send you information which we think is relevant to you such as special offers, prize promotions or competitions, and birthday offers.

PLACING AN ORDER

When you purchase a product from our site, we will retain information such as your name, postal address, email address, telephone number and your selected product. By doing this we can send you promotional emails about similar products and/or new products which you may be interested in. If you add an item to your basket but do not proceed to checkout and complete a purchase, we may keep that item in your basket the next time that you return to the site.

SOCIAL MEDIA

If you interact with us on our social media pages for example by following us or entering into a promotion/competition, we may use the information you have publicly available on your social media page to contact you through your social media page in respect of promotions/competitions and/or recommend products which we think are relevant to you.

We will only send you marketing communications where there is a legal basis for us to do so. You have the right to withdraw your consent for us to use your personal information at any time. To unsubscribe from marketing communications click on the ‘unsubscribe’ link in any marketing email which you receive from us.

We will only send you marketing communications where there is a legal basis for us to do so. You have the right to withdraw your consent for us to use your personal information at any time. To unsubscribe from marketing communications click on the ‘unsubscribe’ link in any marketing email which you receive from us.

WHAT IS OUR LEGAL BASIS FOR USING YOUR PERSONAL INFORMATION?

We only use your personal information where that is permitted by laws that protect your privacy rights.

We will only use your personal information where:

  • we have your consent (if consent is needed);

  • we need to use the information for legal purposes

  • we need to use the information to perform a contract with you;

  • it is fair to use the personal information either in our interests or someone else’s interests, where there is no disadvantage to you (what is known as a ‘legitimate interest’) – this can include where it is in our interests to market additional products or services to you.

HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION FOR?

We will never retain your personal data for longer than is necessary. We will only retain your personal information for as long as we need to fulfil the purposes we collected it for as set out above, including for the purposes of satisfying any legal, or reporting requirements.

SHARING YOUR PERSONAL INFORMATION

We may share your personal information with the following categories of third parties:

  • our service providers where necessary to make the products and services available to you such as suppliers of IT services;

  • to promote our products and services to you, such as marketing agencies and social media platforms who may send targeted and automated messages to you;

  • where we or our group or substantially all of its assets are acquired by a third party, personal information held by us will be one of the transferred assets and your personal information will be transferred to the new owner, to be used for the purposes set out in this privacy policy;

  • where necessary to protect the rights, property, or safety of our group of companies, our customers, or others we may share personal information with law enforcement agencies.

YOUR RIGHTS

You have the right to ask us for access to your information, and to change, delete or move your personal information. To exercise these rights please contact us via the form or phone number on our ‘Contact Us’ page.Further information on your rights is set out below.

THE RIGHT TO ACCESS INFORMATION WE HOLD ABOUT YOU

At any point you can contact us to request access to a copy of the information we hold about you as well as why we have that information, who has access to the information and where we got the information. You can make a request for access by contacting us as noted below.

THE RIGHT TO CORRECT AND UPDATE THE INFORMATION WE HOLD ABOUT YOU

If the personal information we hold about you is out of date, incomplete or incorrect, you can inform us and we will ensure that it is updated.

THE RIGHT TO HAVE YOUR INFORMATION ERASED

You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.

THE RIGHT TO OBJECT TO PROCESSING OF YOUR PERSONAL INFORMATION

You have the right to request that we stop processing your personal information. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If personal data is no longer processed, we may continue to hold your personal information to comply with your other rights.

THE RIGHT TO WITHDRAW CONSENT

If you have given us your consent to use your personal information to send you marketing emails, you can withdraw your consent at any time by clicking the ‘unsubscribe’ link in any marketing email which you receive.

THE RIGHT TO DATA PORTABILITY

You have the right to request that we transfer your personal information to another controller. Once we have received your request, we will comply where it is feasible to do so.

MAKE A COMPLAINT

You have the right to make a complaint about how we have used your personal information to us by contacting as noted below, or to a supervisory authority – for the UK this is the Information Commissioner’s office at https://ico.org.uk/.

INFORMATION SECURITY

To protect your information, we have policies and procedures in place to make sure that only authorized personnel can access the information, that information is handled and stored in a secure and sensible manner and all systems that can access the information have the necessary security measures in place. To accomplish this, all employees, contractors and sub-contractors have roles and responsibilities defined in those policies and procedures.

To make sure all employees, contractors and subcontractors understand these responsibilities they are provided with the necessary training and resources they need.

In addition to these operational measures, we also use a range of technologies and security systems to reinforce the policies.

To make sure that these measures are suitable, vulnerability tests are run regularly. Audits to identify areas of weakness and non-compliance are routinely scheduled. Additionally, all areas of the organisation are constantly monitored and measured to identify problems and issues before they arise.

TRANSFERS OF YOUR INFORMATION OUT OF THE EEA

The personal information that we collect from you may be transferred to, and stored at, a destination outside of the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. We shall ensure that any such transfers are lawful by putting in place appropriate contractual undertakings, and that your personal information is kept secure in accordance with data protection legislation. For more information on how we do this please contact us as noted below.

There are some circumstances where the law allows us to retain your information, or does not permit us to provide information to you or delete information about you. In the event we determine an exception to your request applies, we will inform you of the legal basis for denying your request, unless prohibited from doing so by applicable law.

GOOGLE ANALYTICS

We use Google Analytics to help operate our website and offer our service more efficiently, to gather demographic and other information, and to monitor the level of activity of our websites. For information on how Google uses data shared through Google Analytics, see https://www.google.com/policies/privacy/partners/ (or other relevant URL that Google may provide from time to time).

To prevent the use of Google Analytics while using our website, download and install the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=en.

COOKIES

WHAT ARE COOKIES?

Cookies are small text files which are stored on your browser or your computer’s hard drive when you visit our website. The file is added to your browser or hard drive and the cookie allows the server to recognize you when you order a product or when you revisit.

Please note that cookies can’t harm your computer. Cookies cannot be used by themselves to identify you.

We don’t store personally identifiable information such as email address in cookies we create, but we do use encrypted information gathered from them to help improve your experience of the site.

OUR USE OF COOKIES

To make full use of the online shopping and other personalized features on our website, you will need to accept cookies: accepting these cookies is the only way we can provide you with a fully functional tailored service.

The cookies we may use are detailed below:

COOKIE NAME

COOKIE PURPOSE & BENEFIT

Olapic

__olapicU

This cookie is associated with the Olapic social images sharing widget, owned by Olapic Inc, and USA based company. It tracks user actions for the purpose of enabling interaction with users of social media platforms.

Constant Commerce

cc_a_h,cc_a_s

This cookie is set by Constant Commerce to remember the selected store and cart items on product pages.

Google Analytics

utma /utmb /utmc /utmt /utmz /ga / gat /gid

Analytics are used by almost every website to track visitors to a website in order to understand how the website is being used and to identify points that require improved user experience. We use a third party tool created by Google to do this.

et-pb-recent-items-colors

This cookie allows for integration of Blog “share” buttons with Google Analytics.

tk_ai

Gathers information for our own, first-party analytics tool about how our services are used. A collection of internal metrics for user activity, used to improve user experience.

WPEngine

__cfduid, __reff,wpe_test_group, _tcSessInfo,wpe_is_consent_required,opt_in_consent,portal_user

We use WPEngine,Inc to host our website. This service uses cookies to improve the performance and speed of our website. You can viewthe privacy policy of this service provider at wpengine.com/legal/privacy.

Additional cookies that may be used are detailed in the table below:

Cookie Name

Description

ADRUM

(Strictly Necessary)

AppDynamics – browser performance management tool usesthis cookies to collect web performance data and IP addresses.Lets us monitor page load speeds and bad sessions

ADRUM_BT*

(Strictly Necessary)

AppDynamics – error tracking

preservedReferer_V6

(Strictly Necessary)

Keeps track of the referrer used on the site… – required for validation of affiliate referrer (for offers)

ElysiumBasket{{sitename}}_V6

(Strictly Necessary)

Used to store a users basket

CheckoutHandoverToken_V1

(Strictly Necessary)

Used for security purposes to verify the checkout handover token

{{subsite}}_chosenSubsite_V6

(Strictly Necessary)

This is used to keep the user on a subsite once they have select it from the international overlay

{{subsite}}_currency_V6

(Strictly Necessary)

Used to keep track of the current currency the user is using

{{subsite}}_shippingCountry_V6

(Strictly Necessary)

Used to track shipping country preferences

locale_V6

(Strictly Necessary)

Used to keep track of the locale the user is using

user_id_V6

(Strictly Necessary)

This contains an encrypted value which is used to keep a customer logged in on site

csrf_token

(Strictly Necessary)

Used to prevent cross site request forgery, forms will not submit without it

co_redirect

(Strictly Necessary)

Used to redirect the user on an error

nc_clr

(Strictly Necessary)

Checkout locale for templates

nc_s

(Strictly Necessary)

Checkout Session ID

Wtid

(Strictly Necessary)

Used for Fraud checking

RELOAD_BASKET

(Strictly Necessary)

Set by checkout to clear the users basket after a successful order

DECACHE_CUSTOMER

(Strictly Necessary)

Set by checkout to remove the customer from cache, no longer used

cookieNoticeShown

(Strictly Necessary)

This cookie is used to prevent the cookie notice from continuously showing one dismissed

emailReEngagementCookie

(Strictly Necessary)

This cookie is used to prevent the email signup popup from continuously showing once dismissed.

_dc_gtm_UA-121623538-1

(Strictly Necessary)

This cookie is associated with sites using Google Tag Manager to load other scripts and code into a page. Where it is used it may be regarded as Strictly Necessary as without it, other scripts may not function correctly. The end of the name is a unique number which is also an identifier for an associated Google Analytics account.

NSC_*

(Strictly Necessary)

This cookie name is associated with the Netscaler load balancing service from Citrix. This is a pattern type cookie with the root being NSC_ and the rest of the name being a unique encrypted alpha numeric identifier for the virtual server it originated from. The cookie is used to ensure traffic and user data is routed to the correct locations where a site is hosted on multiple servers, so that the end user has a consistent experience.

JSESSIONID

(Strictly Necessary)

General purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.

affil_V6

Used to track sales that have come in via an affiliate network link.

_ED0FC_V6

Used for logging destroyed sessions en-route to checkout

chumewe_sess

columboChase.sessionKey

chumewe_user

columboChase.userKey

thgUserId

Used to unify sessions that happen accross a single user if they are not logged in

user_transaction_ids

Used to dedupe the transaction event so that GA and Google Ads to not count the same transaction twice

_ga

This cookie name is associated with Google Universal Analytics – which is a significant update to Google’s more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.

_gid

This cookie name is associated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2017 no information is available from Google. It appears to store and update a unique value for each page visited.

_gat_UA-121623538-1

This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.

mobile_V6

Used to help with transitioning between mobile and desktop sessions

RememberMe_{{sitename}}_V6

Once the user logs out, when they return to the login page the username field will remain populated

allow-restricted

Track whether a user can view restricted content. Without this, a customer will be unable to access restricted areas of the site even when eligible.

LPSID-nnnnnnnn

This is a pattern type cookie associated with software from LivePerson which enables online chat functionality with site visitors. This cookie appears to be a unique session identifier.

LPVID

This cookie name is associated with software from LivePerson, which enables website owners to add online chat functionality to communicate directly with visitors. This cookie is believed to be a unique visitor identifier.

LPSessionID

This domain is owned by LivePerson. The main business activity is: Online Chat/Customer Data

lpTestCookiennnnnnnn

This cookie name is associated with the LivePerson chat software used to enable live chat on a website. It is a pattern type cookie which uses a unique identifier for each page. It appears to test whether or not the browser is set to accept first party cookies.

LPVisitorID

This domain is owned by LivePerson. The main business activity is: Online Chat/Customer Data

__cfduid

Pingdom is used to provide up time analysis and response times for the site

You may notice some cookies on our website that aren’t related to our brand. If you go on to a web page that takes you to a third party’s site you may be sent cookies from these websites. Examples of third-party cookies we use are in relation to Facebook, Twitter and EMV Post click, the latter being used to track sales from our emails. We do not control the dissemination of these cookies and you should check the relevant third party websites for more information about the use of these third party cookies.

THIRD PARTY USE OF COOKIES

MANAGING COOKIES

Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon as you enter our site. You can block cookies by following the instructions on your browser (usually located within the ‘Help’, ‘Tools’ or ‘Edit’ facility).

You can manage your cookies via the settings of your browser.

Browser
Mac
Windows
Chrome (Google)

Select settings by clicking on the ‘3 dots’ icon in the top right corner and then selecting settings

Select ‘show advanced settings’

Click on the content settings button in the privacy section

You can manage your cookies here

Select settings by clicking on the ‘3 dots’ icon in the top right corner and then selecting settings

Select ‘show advanced settings’

Click on the content settings button in the privacy section

You can manage your cookies here

Safari (Apple)

Select preferences from the safari menu

Select the security icon

Select cookie settings

You can manage your cookies here

Select preferences from the safari menu

Select the security icon

Select cookie settings

You can manage your cookies here

Internet Explorer (Windows)

Go to Preferences form explorer menu

Select receiving files options

Select cookies

You can manage your cookies here

Select tools

Then select internet options

Click on the privacy tab

You can manage your cookies here

CONTACT DETAILS

If you have any queries relating to this privacy policy, need further information or wish to lodge a complaint, please contact us via the form or phone number on our ‘Contact Us’page.

Please note that cookies can’t harm your computer.

Newsletter image

Sign up to our newsletter

":" indicates required fields

DD slash MM slash YYYY

Check out our Terms & Conditions and Privacy Policy