Privacy Policy

This Privacy Policy was last updated February 22, 2023.

This Privacy Policy describes how Lush Internet Inc. and its related parties and affiliates doing business as Lush or Lush Fresh Handmade Cosmetics (“Lush”, “we”, “our” or “us”) collects, uses, and discloses information about you.

When does this Privacy Policy apply?

This Privacy Policy covers our business in the United States and applies to information we collect when you access or use our websites (such as www.lush.com) and mobile applications that link to this policy (collectively, our “Services”), or when you otherwise interact with us, such as in our retail stores, at an event, or on our social media. For more information about our privacy practices in another jurisdiction outside of the United States, please refer to the Privacy Policy available in our stores, or posted on our website, for that jurisdiction. We may also provide different or additional notices of our privacy practices with respect to certain products, services or activities, in which case those notices will supplement or replace the disclosures in this Privacy Policy.

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy. If we make material changes, we will provide you with additional notice (such as by adding a statement to the Services or sending you a notification). We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.

CONTENTS

What We Collect

The types of information we collect depend on the nature of your interactions with us. In this section, we describe the categories of information we collect and the sources of this information.

Information You Provide to Us

We collect information you provide directly to us, such as:

contact information, such as your name, billing address, shipping address, telephone number, and email address;

account information, such as username and password, age range, language preferences, and other demographic information;
information about your interests and preferences, such as wish lists and marketing preferences;
information submitted in connection with a product review or survey, such as photos and product feedback; and
your social media handle and other information you post if you choose to interact with us on social media.

If you make a purchase from us, we work with third-party payment processors to collect and process your payment information.

Information We Collect Automatically

We automatically collect certain information about your interactions with us or our Services, including:

Transactional Information: When you make a purchase or return, we collect information about the transaction, such as product details, purchase price, and the date and location of the transaction.
Device and Usage Information: We collect information about how you access our Services, including data about the device and network you use, such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, browser type, and app version. We also collect information about your activity on our Services, such as access times, pages viewed, links clicked, items placed in your cart and on wish lists, and the page you visited before navigating to our Services.
Audio and Video Recordings, Photos, and Chat Content: We capture photographs and video recordings in our stores for security and loss prevention purposes. We automatically collect certain information about your interactions with us or our Services, including:
Precise Geolocation Information: With your consent, we may collect information about the precise location of your device when you use our mobile applications. You may stop the collection of precise location information at any time (see the section below for details).
Information Collected by Cookies and Similar Tracking Technologies: We use tracking technologies, such as cookies, pixels, and SDKs to collect information about your interactions with the Services. These technologies help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. For more information about the cookies and other tracking technologies we use, and the choices available to you, see the and sections below.

Information We Collect from Other Sources

In some cases, we may receive information about you from someone else. For example, we receive your name, address, telephone number, and email address if someone purchases a gift or gift certificate for you.

We also obtain information from third parties to detect and prevent fraud, such as fraud risk information from payment verification providers and fraud prevention partners.

Information We Derive

We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your approximate location based on your IP address or infer that you are looking to purchase certain products based on your browsing behavior, wish lists, and past purchases.

How We Collect Your Personal Information

We collect personal information from you in a variety of ways when you interact with Lush or our Services. Some examples include, but are not limited to, situations when you:

create an account on our Services;
order, purchase, exchange, return, or cancel an order for any of our products or services, whether through our Services or in our retail stores;
contact us, make an inquiry about any of our products or services, or otherwise request information or assistance from us;
communicate with our customer service representatives;
sign up to receive notifications about an online order, including when the order will be delivered or ready for pickup in-store;
sign up to receive catalogs, newsletters, emails and/or SMS messages with information about new and limited edition products, special offers, events, or other news;
register and participate in our customer forums or other programs;
provide feedback or make other submissions to Lush;
participate in a contest, sweepstake, or other promotion;
participate in or respond to a consumer survey or other request for consumer opinions, concerns, or preferences regarding our products and services;
engage with us on social media; and
use certain features or interactive areas of our Services, such as forums where you can submit user-generated content.

How We Use Your Personal Information

Lush uses your personal information to provide the products and service you request, develop, maintain, and improve our products and services, manage our relationship with you, verify your identity and address, carry on our business operations, and as may otherwise be required or permitted by law or described in this Privacy Policy. We also use the information we collect to:

process and fulfill your orders and returns;
personalize your experience with us;
administer your account;
send you technical notices, security alerts, support messages, and other transactional or relationship messages;
contact you and respond to any requests or other communications from you, including claims or requests for customer service;
provide you with newsletters, catalogs, emails and/or SMS messages about products, special offers, events, or other news and information we think may interest you (for more information regarding how to opt out of these communications at any time, please see the section below);
conduct and administer surveys and contests, sweepstakes, and other promotions;
target advertisements to you on third-party platforms, websites, and apps (for more information, see the section below);
monitor trends, perform data analysis, and help us improve and customize our product and service offerings and customers’ experience;
troubleshoot problems with the Services;
enforce our Terms of Use and protect the security and integrity of our services and our business, including to detect and protect against error, theft, fraud, and other illegal activity, administer our loss prevention program, and protect the rights and property of Lush and others; and
comply with our legal and financial obligations.

Targeted Advertising and Analytics

We engage others to provide analytics, serve advertisements, and perform related services across the web and in mobile apps. These entities may use cookies, web beacons, SDKs, device identifiers, and other technologies to collect information about your use of our Services and other websites and mobile apps, including your IP address, web browser, mobile network information, pages viewed, time spent on pages, links clicked, and conversion information. This information is used to deliver advertising targeted to your interests on other companies’ sites or mobile apps and to analyze and track data, determine the popularity of certain content, and better understand your activity. In addition, some of our advertising partners enable us to translate your email address or phone number into an identifier that cannot be used to identify you personally. Our advertising partners then use that unique identifier to show ads that are more relevant to you across the web and in mobile apps. Some of the activities described in this section may constitute “targeted advertising,” “sharing,” or “selling” under certain privacy laws. To learn more about the choices available to you with respect to these practices, or to opt out of having your information used in this way, see the section below.

You can also learn more about interest-based ads or opt out of having your web browsing information used for behavioral advertising purposes by companies that participate in the Digital Advertising Alliance by visiting www.aboutads.info/choices.

How We Disclose Your Personal Information

We disclose personal information about you in the following circumstances:

Product Reviews and Content

If you provide a product review or otherwise post content on our Services, the public will be able to see this information.

Related Parties and Affiliates

We disclose personal information to other Lush Group entities, including our holding company, subsidiaries and affiliates, for the purposes identified in this Privacy Policy.

Service Providers and Vendors

We disclose or otherwise make available personal information to service providers, vendors, and consultants that support or facilitate our business operations or provide services on our behalf, such as for processing orders, sending marketing and transactional communications on our behalf, shipping, payment card processing, supporting the content, operation and maintenance of our Services, facilitating and collecting customer reviews, and conducting surveys, contests, sweepstakes, and other promotions. We also disclose personal information to our lawyers or other professional advisors to obtain advice or protect and manage our business.

Sale of Business

Lush may disclose personal information we have about you in connection with a potential or actual purchase, sale, lease, merger, amalgamation or other type of acquisition, disposition, or financing of all or part of our business or assets.

Legal Disclosure

Lush may disclose your personal information as required or permitted by law, including, without limitation, to comply with a subpoena, warrant or other legally valid inquiry or order or applicable law, or to report improper or unlawful activity. In addition, we disclose personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Lush or others.

Consent

We disclose personal information where we have your consent or where you direct us to do so.

Deidentified Information

We also disclose aggregated or de-identified information that cannot reasonably be used to identify you. Lush processes, maintains, and uses this information only in a de-identified fashion and will not attempt to reidentify such information, except as permitted by law.

Your Privacy Rights And Choices
1. Access, Correction, and Deletion

Depending on where you reside, you may have the right to (1) request to know more about and access your personal information, including in a portable format, (2) request deletion of your personal information, and (3) request correction of inaccurate personal information.

To request access, correction, or deletion of your personal information, please email us at customercare@lush.com or call our toll-free number at 1-888-733-5874. You can also access, correct, or delete certain information stored within your online account by logging into your account and updating your preferences. If you are not a registered user, you can contact us to update your information using the contact information in the section below regarding.

We may verify your request by asking you to provide information related to your recent interactions with us, such as product purchases, or account registration information. If we deny your request, you may appeal our decision by contacting us at customercare@lush.com. If you have concerns about the results of an appeal, you may contact the attorney general in the state where you reside.

Opting Out of Targeted Advertising, Sharing, and Sales

As described in the section above, we process certain personal information to understand and improve your experience with our Services and to serve you advertisements on non-Lush properties. Some of these activities may be considered “sales” or “sharing” of your personal information or “targeted advertising” under the law that applies to you.

Depending on where you reside, you may opt out of targeted advertising, sharing, and sales of your personal information. You can do so by following the prompts here

Nondiscrimination

We will not discriminate against you for exercising your privacy rights.

Precise Location Information

When you first launch any of our mobile apps that collect precise location information, you will be asked to consent to the app’s collection of this information. If you initially consent to our collection of such precise location information, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device.

Cookies and Similar Tracking Technologies

Lush uses cookies and similar tracking technologies to analyze visits to our websites and interactions with our communications to help us improve our website, services, and marketing campaigns. Most web browsers are set to accept cookies by default. If you prefer, you can usually adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of some of our Services. You can also adjust certain cookie settings here.

Communications Preferences

You may opt out of receiving promotional emails from Lush by following the instructions in those communications, by clicking on the “unsubscribe” link in any email marketing communication, or by contacting us using the contact information in the section below. You may also opt-out of receiving text messaging/SMS communications by following the instructions in those communications. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.

Mobile Push Notifications

With your permission, we may send push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.

Storage

Because our related parties, affiliates, and service providers may be located outside of the United States, your personal data may be processed in other jurisdictions. Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law.

Additional Disclosures For Individuals In California

The California Consumer Privacy Act (“CCPA”) requires us to explain some information using certain definitions and categories set out in that law. If you reside in California, this section applies to you and describes our data practices today and in the preceding 12 months.

Additional Disclosures

We collect the following categories of personal information and sensitive personal information: identifiers, characteristics of protected classifications under California or U.S. law, commercial information, Internet or other electronic network activity information, audio and visual data, inferences, and certain information deemed “sensitive” under California law, including precise geolocation information. For details about the information we collect and the categories of sources of such collection, please see the section above.

We collect personal information for the business and commercial purposes described in the section above.

In the preceding 12 months, we have disclosed personal information for the business and commercial purposes described in the section above. Specifically, we have disclosed the following categories of personal information to the following categories of recipients:

Category of Personal Information	Categories of Recipients
Identifiers, such as real name, delivery address, unique personal identifier, online identifier, IP address, email address, account name, social media handle, or other similar identifiers	The Lush Group, fraud prevention partners, data analytics providers, marketing partners, payment processors, fulfillment partners, customer support partners, Internet service providers, operating systems and platforms, customer interaction, feedback and review platforms, cloud service providers, events partners, gift card partners, accessibility reporting and compliance providers, professional advisers, and the public (for example, the first and/or last name if you choose to provide this in connection with a product review may be disclosed publicly).
Characteristics of protected classifications under California or U.S. law, such as age range	The Lush Group, customer feedback and review platforms, data analytics platforms, cloud service providers, and the public (for example, your age range may be disclosed publicly if you choose to provide this in connection with a product review).
Commercial information, such as records of products purchased	The Lush Group, fraud prevention partners, data analytics providers, marketing partners, payment processors, fulfillment partners, customer support partners, Internet service providers, operating systems and platforms, customer interaction, feedback and review platforms, cloud service providers, events partners, and professional advisers.
Internet or other electronic network activity information, such as information about your activity on our website	The Lush Group, fraud prevention partners, data analytics providers, marketing partners, payment processors, fulfillment partners, customer support partners, Internet service providers, operating systems and platforms, cloud service providers, and professional advisers.
Geolocation data, such as your city of residence	The Lush Group, data analytics providers, marketing partners, fulfillment partners, and professional advisers.
Audio and visual data, such as phone recordings when you contact customer service or photos submitted in connection with a product review	The Lush Group, fraud prevention partners, data analytics providers, customer support partners, Internet service providers, operating systems and platforms, cloud service providers, and certain photos may be shared publicly in some circumstances (such as in connection with a product review), and professional advisors.
Inferences, such as your shopping preferences	The Lush Group, fraud prevention partners, data analytics providers, marketing partners, operating systems and platforms, customer interaction, feedback and review platforms, cloud service providers, and professional advisors.
Precise geolocation information (received pursuant to your permission in connection with the Lush mobile applications)	The Lush Group, fraud prevention partners, data analytics providers, Internet service providers, operating systems and platforms, cloud service providers, and professional advisors.

As described in the section above, we process personal information that may be considered “sensitive” under California law, such as your precise geolocation information from your device if you use our mobile app and grant us permission to do so. We only collect this information with your consent or at your direction and for purposes permitted under California law. Please see the section above for more information about how to change these preferences.

We do not use or disclose sensitive personal information for the purpose of inferring characteristics about you.

While we do not sell or share your personal information with third parties in exchange for money, some of our advertising and analytics activities may constitute “sharing” or “selling” under California law. In order to advertise our products to you and better understand, improve, and personalize our interactions with you, we have shared and sold the following categories of personal information to the following categories of third parties:

Category of Personal Information	Category of Third Parties
Identifiers	Advertising networks and social networks.
Internet or other electronic network activity information	Advertising networks and social networks.

We do not knowingly sell or share personal information about consumers under the age of 16.

Your Privacy Rights

You have the right to opt out of sharing and sales at any time by clicking here. You can also opt out by visiting our Services with a legally-recognized universal choice signal enabled (such as the Global Privacy Control). Please note that, depending on which legally-recognized opt-out preference signal you use, our processing of the signal may be limited to the specific browser or device that you are using. You may need to renew your opt-out choice if you use a different browser or device to access our Services, or if you clear your cookies.

Please see the section above for more information about your privacy rights, how to exercise them, and how we will verify your requests.If you are submitting a rights request as an authorized agent, you are required to submit proof of your authorization to make the request, such as a valid power of attorney or proof that you have signed permission from the individual who is the subject of the request. Please do not provide any sensitive personal information in connection with this request, such as a driver's license or other government-issued ID. In some cases, we may contact the individual who is the subject of the request to verify his or her own identity or confirm you have permission to submit this request. If you are an authorized agent seeking to make a request, please contact our Privacy Officer at customercare@lush.com or 1-888-733-5874.

Retention

Lush will retain personal information for as long as necessary for the purposes identified, or as otherwise required or permitted by law. Lush has retention standards to satisfy legal requirements, including to destroy, erase, or render anonymous personal information that is no longer required for the purposes identified or as otherwise required by law.

CONTACT US

If you have any questions about this Privacy Policy, please contact Lush’s Privacy Officer using the contact information below.

Lush Fresh Handmade Cosmetics

8680 Cambie Street, Vancouver, British Columbia, Canada V6M 6P9

Attention: Privacy Officer customercare@lush.com

1-888-733-5874

Privacy Policy

Pick one delivery method