For further information about the Supernova entities who act as controllers of your personal data, please see the Controller List section below.
We collect information from you via the Sites in several different ways including, for example, when you provide us with your information to register as a customer for our Sites, subscribe to our newsletter, receive information or mailings, buy a product or service from us, make a comment or enquiry or contact our Customer Services Team.
Site Visitors: when you visit one of our Sites, we collect various types of information, such as browser type, IP address, date and time of visit, average time spent on the Site, cookie ID, hyperlinks that you have clicked, and websites you visited before arriving at our Site. We also collect information such as, your name and email address when you contact our Customer Services Team.
Guest Checkout: when you place an order for goods via one of our Sites as a guest, we collect your name, contact details, order details, and tokenized payment details.
Account Holders: when you open an account with us and place an order for goods via one of our Sites as an account holder, we collect your name, contact details, passwords, transactional history, and tokenized payment details.
You may also provide us with personal data in other ways, such as if you communicate with us through social media or participate in our promotions.
Depending on how you interact with the Sites (i.e., depending on the services, products or functionalities you choose to use), we will process your personal data for the following purposes:
|When you visit our Site:|
|To provide support and to respond to your requests and enquiries||We have a legitimate interest to respond to your requests and enquiries for ongoing business administration|
|To personalize your visit to our Sites and to assist you while you use the Sites||
We have a legitimate interest to properly manage and administer our relationship with
you and to ensure that we are effective and efficient as we can be
|To improve the Sites by helping us understand who uses the Sites|
|For fraud prevention and detection and to comply with applicable laws, regulations or codes of practice||To comply with our legal or regulatory obligations|
|To contact you to tell you about products and services offered by us as well as other promotions and competitions, which we believe may interest you unless you advise us that you do not wish to receive marketing or market research communications from us||
If applicable law requires that we receive your consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your consent.
If you wish to stop receiving marketing or market research communications from us you can unsubscribe via the link at the bottom of the relevant marketing e-mail or contact us using the contact details below.
We have a legitimate interest to carry out direct marketing
|For tailored advertising on third party sites either because of the website you are viewing, or based on your interests which we have inferred from your information.||
With your consent, if required by applicable law.
If you no longer wish to see tailored advertising, you can amend your cookie preferences (see section: COOKIES / TRACKING TECHNOLOGY / LOGFILES).
|When you open an account with us and/or purchase goods online:|
|To provide goods or services to you||
To manage and perform our contract with you
We have a legitimate interest to properly manage and administer our relationship with you and to ensure that we are effective and efficient as we can be
|To manage and maintain our relationships with you and for ongoing customer service|
|To enforce or defend our rights, ourselves or through third parties to whom we delegate such responsibilities|
|To share data with police, law enforcement, tax authorities or other government and fraud prevention agencies where we have a legal obligation, including screening transactions, reporting suspicious activity and complying with production and court orders||To comply with our legal or regulatory obligations|
|To report tax related information to tax authorities|
|To investigate and resolve complaints and manage regulatory matters, investigations and litigation|
|To monitor electronic communications for investigation and fraud prevention purposes, crime detection, prevention and investigation|
|To comply with any of our applicable legal, or regulatory obligations. For example, if you are a business customer we need to process your information to verify your identity and undertake necessary due diligence checks.|
The day to day running and management of the business including to:
We have a legitimate interest to manage our business including for legal, personnel, administrative and management purposes and for the prevention and detection of crime provided our interests are not overridden by your interests
To comply with our legal or regulatory obligations
Your Right to Object - If you are located in the European Economic Area (“EEA”) and/or you are a customer of Supernova UK Pty Ltd, you have a right to object to the processing of your personal information where that processing is carried out for our legitimate interest or for direct marketing purposes.
Where we require your personal data to comply with legal requirements, failure to provide this information means we may not be able to accept you as a customer and/or may be unable to process your purchases. We will tell you when we ask for your information whether it is a statutory or contractual requirement to give us the information and the consequences of not providing the information.
Like many websites, the Site employs cookies and web beacons (also known as clear GIF technology or “action tags”) to speed up your navigation of the Site, recognize you and your access privileges, and track your Site usage.
Web beacons assist in delivering cookies and help us determine whether a web page on the Site has been viewed and, if so, how many times. For example, any electronic image on the Site, such as an ad banner, can function as a web beacon.
We may use third-party advertising companies to help tailor site content to users or to serve ads on our behalf. These companies may employ cookies and web beacons to measure advertising effectiveness (such as the web pages visited or products purchased and in what amount). Any information that these third parties collect via cookies and web beacons is not linked to any personal data collected by us.
As an example, Facebook collects certain information via cookies and web beacons to determine which web pages are visited or what products are purchased. Please note that any information collected by Facebook via cookies and web beacons is not linked to any customer's personal data collected by us.
We may share your personal data within the Supernova Group to allow us to provide our goods and services to you and to market products sold by other Supernova Group entities, including to the entities on the Controller List.
We may use trusted third parties to provide us with services (e.g., technical support for the Sites, fulfilment of your order, payment processing, marketing, data analyses firms, web-hosting companies, and support services) who may have access to your personal data. All service providers are permitted to use data only for the purpose of performing services on our behalf.
We may share your personal data with competent authorities, courts and bodies in response to a court order, summons or subpoena, regulatory requests, or as permitted or required by law when we reasonably believe it is necessary or appropriate to investigate, prevent or take action against illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person.
We may also disclose your personal data to any third party that acquires, or is interested in acquiring, all or part of our assets or shares, or that succeeds us in carrying on all or part of our business.
If you are located in the EEA and/or you are a customer of Supernova UK Pty Ltd, please note that some of the recipients above to which we transfer your personal data are located in countries outside of the EEA including in Singapore and the U.S., and which are not considered by the European Commission to provide an adequate level of data protection.
Where we transfer your personal data to such recipients, we will enter into an EU-style data transfer agreement with the recipient or seek assurances from the recipient that they are EU-U.S. Privacy Shield certified or have Binding Corporate Rules in place.
To protect your personal data, we take reasonable precautions and follow the industry’s best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. Your personally identifiable information is kept secure and encrypted during the type of transmission.
For payments we are using a certified payment gateway provider. All credit card details are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). All payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. We therefore do not see or keep your credit card information.
While we use industry-standard precautions to safeguard your personal data, we cannot guarantee complete security. 100% complete security does not presently exist anywhere online or offline.
We will retain your personal data as necessary for the provision of the goods/services, internal analytical purposes, or to comply with our legal obligations, resolve disputes and enforce agreements (e.g. settlement). The criteria used to determine the retention periods include:
If you are located in the EEA and/or you are a customer of Supernova UK Pty Ltd, and certain requirements are fulfilled, you have the right to:
All such requests should be made using the contact details set out below. Please be advised that if you request that your personal data be deleted, you may no longer be able to access or use certain parts of the Sites. You may also, at any time, request for the modification or deletion of your account or personal details such as name, surname, address, country of residence, and payment card details.
We will respond to your request in writing, or orally if requested, as soon as practicable and in any event not more than within one month after receipt of your request. In exceptional cases, we may extend this period by two months and we will tell you why. We may request proof of identification to verify your request. For more details in relation to your rights, including how to exercise them, please contact us using the contact details below.
You also have the right to lodge a complaint about the processing of your personal data with the relevant data protection authority.
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act (“CCPA”).
For more details about the personal information we have collected over the last 12 months, including the categories of sources, please see the Collection of Information section above. We collect this information for the business and commercial purposes described in the Use of Information section above. We share this information with the categories of third parties described in the Sharing of Information section above. We do not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). Please note that we do use third-party cookies for our advertising purposes as further described in the Cookies/ Tracking Technology/ Logfiles section above.
If you are a California consumer, subject to certain limitations you have the right under the CCPA to:
California consumers may make a request pursuant to their rights under the CCPA by contacting us at firstname.lastname@example.org. We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorised agent to exercise these rights on their behalf.
You must be aged 16 or over to use the Sites and our other digital offerings. We do not solicit or knowingly collect personal data from children aged 16 and under. If we are made aware that we have received such information, or any information in violation of our policy, we will use reasonable efforts to locate and remove that information from our records.
Supernova UK Pty Ltd of Suite 1, 3rd Floor, 11-12 St James’ Square, London SW1Y 4LB, UK
Supernova Pte. Ltd. of 20 Martin Road, #10-01 Seng Kee Building, Singapore 239070
Supernova AU Pty Ltd of Lvl 2, Duckboard House, 91-93 Flinders Lane, Melbourne 3000, Australia
Supernova USA Inc. of 4th floor, 12655 W Jefferson Blvd, Los Angeles, CA 90066, USA
Supernova North America Enterprises Ltd of 1700-1075 West Georgia Street, Vancouver, BC, Canada V6E 3C9
Supernova (India) Private Limited of B183, Sector 14, Noida Uttar Pradesh, India 201301
Skinnymint Pte. Ltd. of 6001 Beach Road, #22-01 Golden Mile Tower, Singapore 239070
Sand & Sky Pty Ltd of Lvl 2, Duckboard House, 91-93 Flinders Lane, Melbourne 3000, Australia
Coco & Eve Limited of Suite 1, 3rd Floor, 11-12 St James’ Square, London SW1Y 4LB, UK
Last updated January 2020
We promise we only share the good stuff - think exclusive offers and beauty tips to help you get the most from your skincare.
Start reaping the benefits now! Learn how can you can earn even more points!Tell me how!