1. Our promise to you
We are committed to maintaining our customers' privacy. We take great care to safeguard the personal information that we collect to ensure that our customers' privacy is maintained. We have provided this notice to you to describe our information collection and use practices at No7 Beauty Company. This notice also describes the choices you can make about the way your information is collected, used, and shared. This notice applies to any information collected by us through the use of our websites, mobile applications, and any other interactions with us as described below.
Your personal information is any information that can be used to directly or indirectly identify you. This includes information such as your name, date of birth, email address, mailing address and phone number. We may also collect personal information that does not directly identify you by name or contact information, but which may be used to identify that a specific computer or device has accessed our website or online services.
2. Who’s in control of your information?
You can also find lots of useful information about Data Protection, what it means to you as an individual and how it applies to companies like ours on the Information Commissioner’s website at http://ico.org.uk/ Office of Data Protection Commissioner for the Republic of Ireland https://dataprotection.ie
3. Collecting information about you
- Information we collect from you
We collect personal information about you whenever you visit our website or subscribe to our notifications. We also may capture information about your computer or device such as your IP address, or a cookie ID that may be used to identify you.
Information we collect from your use of our services
Log information refers to information that is automatically sent by your web browser or device (or otherwise automatically collected by us) each time you view or interact with our online services and ads. Log information may include the online service(s) requested; date and time of your request; referring URL (i.e., the website you came from); browser type; browser language; device operating system; device hardware and other characteristics; information regarding your use of our online services (e.g., pages viewed, features used, number of clicks, time spent on a particular page); and related device and usage data. Log information is automatically recorded by our servers each time you view or interact with our online services and ads.
Device information refers to device-specific information that we automatically collect when you view or interact with our online services and ads. Device information may include your device type and model; device operating system and version; unique device and advertising identifiers; mobile network information; and related device information. To learn more about the information your device may make available to us, please check the policies of your device manufacturer or software provider.
- Information we collect online: Cookies and Similar Technologies
Making our website work:
Certain Cookies are essential so that you can move around the site and log in to your Account. Without them you would be unable to take certain actions on our website or access your account.
Monitoring and improving the performance of the website:
Enabling the features of the website:
Marketing and advertising:
What are ‘Flash Cookies’ (or ‘Local Shared Objects’)?
If your browser does not support HTML5 player, we may deliver video content using Adobe Flash Player instead (although you may experience display problems if your browser is unsupported). Flash Cookies are stored on your device in a similar way to other types of Cookie, but they're managed differently by your browser, and if you wish to disable or delete them you can do this through Adobe Flash Player security settings.
Restricting or blocking Cookies
If you'd still prefer to restrict, block or delete Cookies from this website, you may do so in the cookie settings which can be accessed from the bottom of our home page
Disabling advertising Cookies
We may engage third party advertisers to provide interest-based advertising on our website, as well as other third party sites in order to display advertising that is relevant to you. These third parties may collect information about your use of our services over time and that information may be combined with information collected on different websites and online services.
If you are concerned about behaviourally targeted advertising Cookies (which serve you advertisements based on your use of this website and other websites), users based in the EU can visit the following websites to find out more and opt out of advertising Cookies:
Users based in the US can visit http://www.aboutads.info/choices/ to opt out of these third party Cookies.
Please Note: When you "opt-out" of receiving interest-based advertisements, this does not mean you will no longer see advertisements from us. It means that the online ads that you do see will not be tailored for you based on your particular interests. We may still collect information about you for any purpose permitted under the Policy, including for analytics.
Some of our online services may use Google Analytics, a web analytics service provided by Google. Google Analytics utilizes cookies and similar technologies to collect and analyze non-identified information (i.e., data that does not identify a specific individual) about the performance and use of our online services and ads. More information on Google Analytics can be found here. If you would like to opt-out of having your information collected and used by us and our online partners as described herein, please use the Google Analytics opt-out available here.
Your privacy and shared computers
If you log in to the website from a shared computer, such as in an internet cafe or from a colleague’s computer at work, Cookies may cause your email address to display in the login field to anyone who uses the site on that computer after you. You can avoid this by clearing the Cookies stored by the web browser. The option to do this can normally be found within your browser ‘tools’ preferences.
- Information we obtain from external companies
We collect data that is publicly available. For example, information you submit in a public forum (e.g., a blog, chat room, or social network) can be read, collected or used by us and others, and could be used to personalize your experience. You are responsible for the information you choose to submit in these instances.
From time to time we may supplement the information we hold about you with data from other commercially-available sources like the electoral roll and companies that collate and update data. This helps us keep our records up to date and learn more about our customers so we can continue to improve our products and services.
Occasionally, for marketing purposes, we may obtain lists of potential customers from external companies. We will only deal with reputable companies that take privacy and data protection as seriously as we do, and we will always let you choose not to receive further marketing material from us.
- Information from within our parent company
As you’ll have seen in ‘Who’s in control of your information’, The Boots Company PLC is part of the Walgreens Boots Alliance group of companies. If you are also a customer of Boots or other companies in our group, we may consolidate the information we hold about you across our group. This helps us build a better picture of our customers, develop our products and services and, with your consent, provide you with offers and information we think may interest you.
4. How we use your personal information
We use your personal information for a number of different purposes. Some are essential for us to provide the services you use or to fulfil our legal obligations; some help us run our business efficiently and effectively; and some enable us to provide you with more relevant and personalised offers and information. In all cases we must have a reason and a legal ground for processing your personal information. Some of the most common legal grounds we rely are briefly explained below;
|Reason for Processing||Detail||Examples||Your Rights|
|Consent||You will be asked to confirm that you are happy to provide your personal data and that you give your permission to No7 Beauty Company to process your personal data. All of the details such as why No7 Beauty Company wants your data, how it will be used and if your data will be shared will be provided at the time of asking you for your consent. Where No7 Beauty Company is relying on consent you will usually see a tick box.||No7 Beauty Company may use consent where we are asking you to confirm you marketing preferences to ensure we only contact you via the medium you have chosen i.e. text or email. You may also be asked to give your consent when you are entering any sort of competition or sweepstakes.||If some of your details have changed since the time you provided your consent you can update and amend your details at any time. You have the right to withdraw your consent at any time if you no longer want to be part of the processing activity. If you no longer want No7 Beauty Company to hold your data you can request for your data to be erased.|
|Legal Obligation||No7 Beauty Company will on occasion be under a legal obligation to obtain and disclose your personal data. Where possible No7 Beauty Company will notify you when processing your data due to a legal obligation however this may not always be possible.||In order to prevent criminal activity or help to detect criminal activity we may share information with forces such as the Police. This is done in a safe and secure manner. You may not be notified of this||It is essential that No7 Beauty Company complies with its legal, regulatory and contractual requirements. If you object to this processing No7 Beauty Company will not be able to offer you the service.|
|Legitimate Interest||No7 Beauty Company may also hold personal data for our own legitimate business interest. This relates to us managing our business to enable us to give you the best service/products and most secure experience. When we rely on this, we will carry out a legitimate interest assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. It can also apply to processing that is in your interests as well.||We may process your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure. We have an interest in making sure our marketing is relevant for you, so we may process your information to send you marketing that is tailored to your interests.||If you have any concerns about the processing, you have the right to object to processing that is based on our legitimate interests.|
- Providing our products and services
We use your personal information to provide our products and services, respond to queries and comments and provide you with the best possible level of customer service.
- Our own internal purposes
We use your personal information to improve the effectiveness of our services, conduct analysis, and to perform other business activities as needed.
- Learning more about you
If you are a customer of Boots, Walgreens (or other companies within the Walgreens Boots Alliance Group) as well as No7 Beauty Company, we may in future link or consolidate the information we hold about you across the companies in our group and the different channels you use to interact with us (such as website, stores, the Boots or Walgreen app, correspondence etc.). This helps us to build a clearer picture of our customers both as a group and as individuals. By understanding you better we can offer you a better, more personal experience. You can find out more about how Boots or Walgreens uses personal information in the privacy policies located on the Boots.com and Walgreens.com websites.
- Marketing and advertising
We may analyse your personal information, including the products you view and buy, your browsing habits and other ways you interact with us, to evaluate the effectiveness of our advertising and help us provide more relevant offers and content. Rest assured, however, that we will only send you marketing material if you’ve agreed that we can. Where you have agreed that we may send you marketing material, we may in future send you material from other companies within our group as well as from us. We will always make it easy for you to opt out of receiving further material. You can find out more about the companies in the Walgreens Boots Alliance group on our website. You can change your mind about receiving marketing material from us at any time by contacting us by telephone at contacting us by telephone on +44 (0)330 678 0358, +44 (0)115 949 4997, or 1 800 528 2148 for US residents. Alternatively, you can opt out of email marketing by clicking the link at the bottom of any email we have sent you. Please be aware that, as our marketing campaigns are prepared well in advance, you may still receive material from us for up to 10 business days.
From time to time we may invite you to take part in market research activities such as customer surveys, questionnaires or focus groups.
- Job applications
We use the personal information you provide to set up your No7 Beauty Company Boots Jobs account to notify you of suitable vacancies if you have asked us to do so and process any applications you make. If you apply for a job at No7 Beauty Company, we may use your information to carry out checks with external sources such as the DBS (Disclosure and Barring Service) and fraud prevention agencies to verify your identity and assess your suitability for certain roles.
For applications for a job in Ireland we will use the National Vetting Bureau to verify your identity and assess your suitability for certain roles. If you apply for a job with No7 Beauty Company, some of the information we ask you to provide may be sensitive in nature, such as information about your health. We will only ask for sensitive information where we have a specific need for it, and we will always tell you why we need it. We will not use your data in any other way or share it with unauthorised third parties. Examples include necessary adjustments for interviews and assessments, diversity and inclusion information including equal opportunities.
If your job application is successful, the information you give during the application process will form part of your employee record and will be used to administer your employment and manage your career at No7 Beauty Company.
If your application is unsuccessful, we will retain your information collected during the application process for 12 months, including interview notes and assessment results. If you are unsuccessful due to the level you attained on your online assessment, you may apply for alternative roles at any time, or the same role after a period of 12 months. If you have given us permission to do so, we may contact you during this time with details of other vacancies that we believe are suited to you and that you may be interested in. We may also contact you for feedback on our recruitment processes in order to enable us to make continuous improvements to our process.
We use profiling as part of our recruitment process. This helps us provide a fair and consistent recruitment process. You can find information about why we use profiling, including the logic involved, the mathematic and statistical procedures we use below. You can ask us to close your account at any time by contacting at email@example.com We will keep your personal information such as your online assessment results for a limited time after the account is closed to enable us to fulfil our legal and regulatory obligations, carry out internal validation and process any queries. If your No7 Beauty Company Jobs Boots account is inactive for 12 months, we will close it.
5. Sharing your information
- Companies that provide services on our behalf
We may share your personal information with companies who provide services on our behalf that are related to our business. These tasks may include analysing site data, customer service, electronic and postal mail service, and social and other media services. Third party service providers only receive your personal information as required to perform their role and we instruct them not to use it for any other purpose. Examples of the functions that may be carried out by external companies:
- Customer service centre
- Mailing houses
- Delivery services
- Manufacturers or suppliers
- Companies that cleanse data
- Payment providers
- Companies that do fraud and money laundering checks
- Companies that provide web hosting, content providers, competitions, and sweepstakes
- Data storage facilities
- IT services and support
We may work with other companies who place cookies, tags, and web beacons on our websites. These companies help operate our websites and provide you with additional products and services. We may also use third party advertising networks to serve advertisements on our behalf. The cookies received with the banner advertisements served by these networks may be used to collect and build behavioral profiles by these companies to deliver targeted advertisements on our website and unaffiliated websites.
- Recruitment agencies
- Sharing data outside of the European Economic Area (EEA)
The EEA comprise of Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden. Personal data can be transferred, processed and stored within these countries safely and securely as they offer an adequate level of protection to personal data in comparison to the UK.
There are number of additional countries that can also offer an adequate level of protection these are Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, the UK and Uruguay. Currently No7 Beauty Company shares information with the US. If your information is to be sent outside Europe, we make sure it will be subject to standards of protection and security that are as high as those used here in the UK. We take your data very seriously therefore we will always conduct a full review of all of our supplies processes and procedures including storage solutions for our data. In order to ensure adequacy when sending your data outside of the EEA or the UK we put in place contracts based on the Standard EU Model Contract Clauses which are designed by the European Commission to guarantee adequacy for any data transfer and processing of this nature, and subsequent to the Schrems II decision in July 2020 we also carry out due diligence. Can I opt out of having my data shared? As your data is stored safely and securely both inside and outside of the EEA we cannot offer alternative storage solution if you wish to opt out of having your data stored outside of the EEA you will need to close your account.
- Legal obligations
We may share your Personal Information with third parties where required or permitted by law, if we believe we need to do so to protect our rights and interests, or to comply with legal proceedings. In such cases, we will always do so legally and with due regard to your privacy.
- Changes to our business
If ownership of all or part of our business changes or we undergo a reorganisation (including a merger or transfer between Walgreens Boots Alliance companies), we will transfer your personal information to the new owner or successor company so we can continue to provide our services.
6. How long do we keep your personal information? We hold your personal information for as long as you remain a customer, or as required to meet our legal obligations or those of our parent group, resolve disputes or enforce our agreements. This may mean we need to keep some of your information for a period of time after you cease to be a customer but we will always store it securely and will not use it for any other purposes.
We may display targeted ads to you through social media platforms and other websites. These ads are sent to groups of people who share traits such as likely commercial interests and demographics. For example, we may target guests who have expressed an interest in shopping for cosmetics, skincare, etc.
If you have provided us with your email address and you consented to receive e-marketing, you may see ads that are tailored to your interests, based on the information we hold about you. For example, your age or the products you have browsed on our website. See the policies of each social media platform for additional information about these types of ads. 9. Social Media Plug-Ins Our online services may use social media plug-ins (e.g., the Facebook "Like" button, "Share to Twitter" button) to enable you to easily interact with certain social media websites (e.g., Facebook, Twitter, Instagram) and share information with others. When you visit our online services, the operators of the available social media plugins can place a cookie on your device enabling such operators to recognize individuals who have previously visited our online services. If you are logged into these social media websites while visiting our online services, the social media plugins allow the relevant social media websites to receive information that you have visited our online services or other information. The social media plugins also allow the applicable social media websites to share information about your activities on our online services with other users of the social media website. For example, Facebook Social Plugins allow Facebook to show your "Likes" and comments on our online services to your Facebook friends. Facebook Social Plugins also allow you to see your friends' Facebook activity on our online services. We do not control any of the content from the social media plugins. For more information about social media plugins from other social media websites, please refer to those websites' privacy and data sharing statements. 10. Our "Do Not Track" Policy We respect enhanced user privacy controls. We support the development and implementation of a standard "do not track" browser feature, which signals to websites that you visit that you do not want to have your online activity tracked. Please note that our website does not interpret or respond to "do not track" signals. However, you may set your Web browser to not accept new cookies or web beacons, be notified when you receive a new cookie, or disable cookies altogether. Please note that by disabling these features, your experience will not be as smooth and you will not be able to take full advantage of our website's features. Please see the Help section of your browser for instructions on managing security preferences. 11. Minors We recognise the importance of protecting children’s privacy online. Our website and services are intended for a general audience and are not directed at children. We do not knowingly collect personal information from children under the age of 13 in the UK and under 16 in Ireland. If you are under the age of 18 and are a registered user of the site, you may request that we remove content or information that you have posted on our site or in our community. Please note that responding to your request may not ensure a complete or comprehensive removal (e.g., if the content or information has been reposted by another user.) To request removal, please contact us at firstname.lastname@example.org 12. Staying in control of your information and your rights We respect the fact that your personal information is your information, and we will always make it easy for you to update or change your personal details or marketing permissions. Please help us to help you by letting us know at email@example.com if your contact details change or if you spot any errors in the information we hold about you.
- Your right of access:
If you would like a copy of the information No7 Beauty Company holds about you or have any queries about the way we handle your personal information, please contact our Customer Service Centre at firstname.lastname@example.org
- Your right to request deletion:
While you remain a customer we will process and retain your data as described in this Policy. Once you cease to be a customer we will hold your data as described in the data retention section. You do have a right to request that we delete your personal data we hold. This is not an automatic right, depending on the type of data that we hold about you will depend on what we are able to delete. Please email email@example.com to request you data to be deleted.
- Your right to processing;
You have to right to request that we stop certain data processing activates that involve processing your personal data, this can be processes such as collecting your name and address on your account to deliver services to you, among other examples given above. This is not an automatic right, depending on the type of data that we hold about you and why will depend on what we are able to do. Please contact our Customer Service Centre at firstname.lastname@example.org to exercise your right to object to our processing your data.
- Your right to portability:
You have the right to request that we transfer your personal data in a machine readable format. This is not an automatic right and will depend on the legal basis used to process your personal data. Please email email@example.com to make this request.
14. Profiling and Automated Decision Making as part of our recruitment process At Boots UK & ROI we use profiling in the recruitment process for some roles, particularly when we receive a high volume of applications, as we feel it’s the fairest and most consistent way to determine your suitability to join us. It also helps you to find out as quickly as possible if your application is being considered further. Some of our online assessments ask how you respond to challenges you are most likely to face in the role. Some also ask about your personality preferences in a workplace setting. These scenarios and questions have been selected because they link to the behaviours and personality traits shown to be most effective for the role. If you respond in similar way to high performing Colleagues, it is likely that you too will be a great fit for the role.
As part of our online assessments we may use automated decision making such as an automatic benchmark score to determine whether your application is progressed further. Candidate information (such as eligibility to work in the UK/ROI, availability to work the required hours etc.) along with a minimum overall role match score on your assessment profile, will also determine whether we move forward with your application. Of those who are progressed, candidates who most closely match the requirements for the role are prioritised for the next stage. We have experienced members of staff on hand throughout our recruitment process to perform checks to ensure all candidates are going through the same fair recruitment process, from reviewing role match scores, reviewing responses to questions, and during the interview process. A Hiring Manager will ultimately make a decision, based on your performance during a face-to-face assessment. Your right to object to the use of Automated Decision Making or complain to the ICO (UK) or DPC (ROI) Although we hope it never comes to this, you do have the right to complain to the ICO/DPC about any of the Boots data processing activates. You can contact the ICO office in the UK at firstname.lastname@example.org. Or contact the DPC office in the ROI at email@example.com
15. How To Contact Us: If you have questions or concerns about your privacy, you may contact our Data Protection Officer by telephone on +44 (0)330 678 0358, +44 (0)115 949 4997, or 1 800 528 2148 for US residents. Alternatively, you may write to us by post at The Boots Company PLC, 1 Thane Road West, Nottingham, Nottinghamshire, NG2 3AA. If you believe your privacy rights have been violated, you can file a complaint with the Data Protection Officer. You also have the right to complain to your local Data Protection Authority. If you are located in the UK, you may contact the UK ICO at firstname.lastname@example.org
EFFECTIVE DATE: 16/04/2021