Privacy Policy

Last updated 1 November 2019

We invite you to read this Policy, which explains how your personal data are collected, processed and used by the applicable Nescens AU companies listed in the Data Controllers and Contact section below (Section 7) (“Nescens AU”, “we”, “us”).


It also tells you how you can access and update your personal data and where applicable, make certain choices about how your personal data is used including to object to some of the processing (including personalized marketing) we carry out or where we rely on your consent, a right to withdraw this consent. More information about your preferences and rights you may have is set out in Section5 and 6 below.

This Policy covers our data collection activities, including personal data we collect through our various channels online (such as websites, apps, and social networks) and offline (such as at points of sale, customer service and events). It also explains how we collect information through the use of cookies and related technologies on our websites and apps. Certain sections may not be applicable to you depending on how you provide your personal data to us or interact with Nescens AU. Please note that we combine personal data that we collect via one channel (e.g. Nescens AU website) with personal data we collect via another channel (e.g. a Nescens AU event-in-store) which can include combining personal data that were originally collected by different Nescens AU companies. More information about these activities is set out below.

We reserve the right to make changes to our practices and this Policy at any time. We invite you to check our Platforms from time to time for any updates or changes to this Policy. If we change the way we handle your personal data, we will update this Policy and notify you, usually by placing an updated Policy on our websites. If we make significant changes that materially alter our privacy practices, we may also notify you by other means, such as sending an email prior to the changes taking effect. Where required by applicable privacy laws we will obtain your consent to such changes.

We may also provide you with additional information when we collect personal data where we feel it would be helpful to provide relevant and timely information.

Where a copy of this Privacy Policy is provided to you in your local language, the English version shall prevail to the extent there is any conflict.

We obtain personal data from or about you from various online and offline sources including when you: (i) interact with our websites listed on or mobile sites/applications (together “the Platforms”); (ii) interact with us on our social media pages, chat services, forums or blogs; (iii) visit one of our boutiques, stores or counters; (iv) participate in our events and demonstrations, loyalty or other client programs, competitions, promotions or surveys; or (v) participate in beauty consultations or interact with our beauty advisors and customer service.

Our products are sold through various authorized retailers. Unless otherwise indicated at the time that you provide your personal data, any personal data that our retail partners collect is not provided to us and this Policy does not apply to such personal data.

We collect the following personal data:

Information provided by you (for example, by creating a web account with us, signing up to our loyalty or other client programmes, or by providing information about yourself to us at one of our boutiques, stores or counters):

Contact information (such as your name, phone number (home and mobile), home address and email address);

Age, date of birth, gender, nationality, preferred language, interests and lifestyle;

Billing information (including delivery address and payment details). We reserve the right to request additional evidence or proof of billing information where, in our reasonable opinion, this is necessary. Please note we do not keep your payment card details on file (except where required for refund purposes). We use a third party data controller to process payment details;

Website registration credentials (including username and password). By creating an account, you can securely store your debit and credit card information (held by our third party service provider) for easier and faster checkout, store and edit your delivery addresses and billing information and review your previous purchases and order history;

Expressed personal preferences (such as communication and language settings);

Interactions with us (such as your transaction history or information about your physical characteristics and skincare concerns obtained through a beauty consultation or survey or when you visit our social media pages, blogs or forums or interact with customer service or our chat service); and/or

Correspondence and communication between us and you.

In addition, we sometimes run promotions or events where you can tell us about someone known to you who may be interested in our products and services. If you have provided this person with a copy of this Policy and this person gives you their consent to provide us with their details for this purpose, then we will only use their information for that reason and not to send them any other unrelated offers. We may also mention that it was you who made the referral in the message that we send to them.

We do not knowingly collect information about minors.

Information automatically collected from your use of our Platforms, social media pages or interaction with our online adverts.

We automatically collect the following information:

technical information, including your device’s IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, unique device identifiers and advertising identifiers; and

information about your visit, including the URL clickstream to, through and from our Platforms (including date and time); products you viewed or searched for, the content (and any ads) that you view or interact with, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Some of this information is collected using cookies and related technologies. To learn more, please see Section 3 on “Cookies and related technologies”.

Information collected from third party sources

From time to time (where permitted by applicable law), we collect information such as your preferences, interests and other demographic data from trusted third party sources that are either publicly or commercially available (e.g. business and retail partners, payment and delivery services, social media networks, advertising networks, analytics providers, and search information providers) which will be used for the purposes outlined in this Policy.

We also receive personal data you provide to authorised distributors of our products and services which will be used for the purposes outlined in this Policy.

When you pay for your products (either in-store or online), we get information from our payment processing service provider who will carry out credit and antifraud checks on you and the payment method you provide in order to verify your identity, to validate your credit or debit card, to obtain an initial credit or debit card authorization and/or to authorize individual purchases.

In order to ensure data accuracy and to offer you a better customer experience, we link or combine the information that we collect from the different sources and channels outlined above to provide personalized services, content, targeted communications and advertising. (e.g. we combine data about your online purchases with information gathered from our boutiques, stores and counters such as details from a beauty consultation so that we can provide you with personalized offers and skincare recommendations in accordance with your communication preferences). This includes combining personal data collected by different Nescens AU companies.

You do not have to provide personal data to access the Platforms but if you do not provide personal data marked as mandatory certain functionalities (such as being able to buy our products via the website) will not otherwise be available to you, or we may not be able to provide you with our products and services, or otherwise communicate with you. You may however choose whether or not to receive marketing communications from us and we will only send you such communications where we have the appropriate consent to do so. For more information on your preferences regarding how we use your personal data, please see Section 5 below.

You must not provide information about anyone else unless you have provided them with a copy of the Policy and obtained their permission to do so.

We process and use your personal data for the reasons set out below:

To fulfil a contract or take steps linked to a contract: this is relevant where you make a purchase from us: This includes:

setting up and managing your online account on our Platform;

fulfilling orders and processing your transactions (including the processing of your payment details, credit card checks and fraud prevention activities); these checks may be required, amongst other things, to verify your identity, to validate your credit or debit card, to obtain an initial credit or debit card authorization and/or to authorise individual purchases; and

send service-related communications and to respond to your enquiries

Where this is necessary for the following purposes. Where you are in the EEA or Switzerland the below purposes are considered as being in our, or third parties, legitimate interests:

to allow you to participate in the interactive features of the website;

to ask your opinion or to take part in market research;

o to provide you with personalized services, content, targeted communications and advertising both on our Platforms and other selected partner websites, loyalty and other client programmes. We may do this by linking or combining the information that we collect from the different sources and channels outlined above or by creating segments based on various factors such as your age and gender or your inferred interests. We work with data management platform providers to assist with this process. Some of these activities may involve the use of cookies and other similar technologies (See Section 3 for more information);

to monitor your account to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime in accordance with applicable law;

to investigate any complaints received from you or from others about our Platforms or our products and services and

to monitor use of our Platforms and use your information to help us monitor, improve and protect our products, content, services and Platforms, both online and offline and your experiences with us including via research and demographic studies; analytics and data cleansing and measuring the effectiveness of our advertising campaigns;

o to use personal data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such personal data in connection with legal process or litigation) or to enforce or apply our Terms of Use or any other agreements; or to protect the rights, property, or safety of Nescens AU, our customers, or others;

for our internal corporate reporting purposes.

Where you give us consent:

where you ask us to tell you about our products, services, promotions and events by telephone, post, SMS, e-mail or online or via our applications or to send you samples, gifts and rewards in accordance with your communications preferences and to the extent permitted by applicable laws. This includes being contacted by any of our group companies for these purposes (please see Section 5 below about how you can control these updates);

where you give us consent to place cookies and related technologies in accordance with Section 3 below;

on other occasions where we ask for your consent, for the purpose for which we explain at the time.

For purposes which are required by law

In response to requests by government or law enforcement authorities conducting an investigation.

Disclosure of your personal data

In addition to the Nescens AU companies mentioned in the Data Controllers & Contact section below, we may share your personal data: (where permitted in accordance with applicable privacy laws) with:

In certain jurisdictions, and where required by applicable data protection laws to do so, we will not collect, process or disclose your personal data for the above purposes without your consent. Furthermore, unless permitted by applicable laws, we will obtain consent from you if we wish to use your personal data for purposes other than those stated in this Policy.

other companies in our group for the purposes outlined above. A full list of our group companies can be found here;

authorized distributors for the purposes outlined above;

banks and our payment services provider for the purpose of transaction processing;

third parties, where we have your permission to do so (e.g. social networks providers, concierge service or our retail partners). Your personal data will become subject to the privacy policies of those third parties when your personal data is shared with them;

prospective or eventual buyers of our business (if we or substantially all of our assets are acquired by or merged with a third party including through bankruptcy);

any law enforcement agency, court, regulatory, government authority or other third party where in our reasonable opinion this is necessary to comply with a legal or regulatory obligations or otherwise to enforce or apply ourTerms of Use or any other agreements; or to protect the rights, property, or safety of Nescens AU, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; or

our third party service providers (as well as group companies) who perform services on our behalf based on our instructions. We do not authorize these parties to use or disclose the information except as necessary to perform services on our behalf or to comply with legal requirements. Examples of these parties include companies that fulfill orders and manage refunds, and provide data hosting and support, content personalization, advertising and marketing services (including digital and personalized advertising) and data cleansing, management, segmentation and analysis

In certain jurisdictions, and where required by applicable data protection laws to do so, we will not collect, process or disclose your personal data for the above purposes without your consent. Furthermore, unless permitted by applicable laws, we will obtain consent from you if we wish to use your personal data for purposes other than those stated in this Policy.

We also share information with third parties including social media and search engine partners:

We aggregate your personal data with the information of other customers, creating a dataset of information about the usage of our Platforms, purchase of our products, and other general, grouped information about our customers. Although this dataset is aggregated and anonymised, meaning it cannot directly identify you as an individual, it provides a valuable insight into the use of our Platforms and we will share it with select third parties. These parties include our group companies (as outline above).

We also transfer information about you to ad technology providers and our social media and search engine partners (including Facebook, Google and Twitter) so that they may recognize your devices and deliver interest based content and advertisements. The information can include your name, postal address, email, device ID, or other identifier in encrypted form. The providers often process the information in hashed or de-identified form. These providers can collect additional information from you, such as your IP address and information about your browser or operating system; combine information about you with information from other companies in data sharing cooperatives in which we participate; and may place or recognize their own unique cookie on your browser. The third parties that generate these cookies have their own privacy policies and we have no access to read or write these cookies.

In certain jurisdictions, and where required by applicable data protection laws to do so, we will not collect, process or disclose your personal data without your consent.

Data Transfers

Your personal data may be used or processed in the below geographical area:

your jurisdiction;

the jurisdiction where one of the Nescens AU companies are located; and

any jurisdiction where recipients as described in this Policy are located.

If you are based in the Russian Federation, the personal data that you provide through our Platforms may be stored on servers in the US.

If you are based in the European Economic Area (EEA) and Switzerland the personal data that you provide through our Platforms is stored on servers in the US and supported from the US. We also transfer personal data about you (whether collected online or offline) to our group companies and other service providers who perform functions on our behalf which are based around the world including in countries outside of the European Economic Area (EEA) and Switzerland and this information may be stored and processed in those countries which may have different data protection standards to those which apply in your country of residence. For a list of the countries in which we operate, please see

For European and Swiss individuals, where your personal data is transferred outside the EEA and Switzerland, and where this is to a group company or service provider in a country that is not subject to an adequacy decision by the EU Commission, we will take steps to ensure your information is adequately protected either by EU Commission or Swiss approved standard contractual clauses, an appropriate Privacy Shield certification or through Binding Corporate Rules. A copy of the relevant mechanism can be obtained for your review on request by using the contact details provided in Section 7. To the extent that the above mechanisms have not been put in place then you consent to these data transfers by providing us with your personal data and interacting with our Platforms.

If you are based in a jurisdiction which is not listed above, we may share, transfer or store your personal data outside the jurisdiction in which you are based, or where you provided the personal data. If we do so, we will ensure that a comparable level of protection is in place to protect the integrity and security of the personal data and ensure that at least one of the following safeguards is in place:

– we will only transfer to countries that have been approved by the relevant data protection regulatory authority as providing an adequate level of protection for personal data; and/or

– ensure we have in place appropriate contractual protections with the entity we are transferring the personal data to as required under applicable data protection laws, which may include entering into standard contractual clauses or data processing agreements.

In certain jurisdictions, and where required by applicable data protection laws to do so, we will not collect, process or disclose your personal data without your consent.

Data Retention

Your personal data will be retained for a certain period of time based on the following criteria: (i) as long as necessary to fulfil the purposes outlined in this Policy; (ii) any applicable legal requirements; or (iii) any request for deletion from you in applicable situations. Personal data used to provide you with personalized communications and services will be kept for a duration permitted by applicable laws.

Where required by applicable laws, Nescens AU will adopt technically reasonable measures to make personal information irrecoverable or irreproducible when destroying the personal information such as using appropriate technical methods to irrecoverably delete electronic files containing electronic files, and shred or incinerated any other records, print-outs, documents, or any other recording media.

For more information, please contact us using the details in Section 7.

We use and allow third party service providers to use cookies, web beacons and other similar technologies on our Platforms, social media pages and communications. We do this to understand your use of our services, improve your user experience and enable personalized features and content; optimize our advertising and marketing and to enable third party advertising companies to assist us in serving ads specific to your interests across the Internet.

What are cookies?

Cookies are small text files that websites send to your computer, mobile device or other Internet-connected device to uniquely identify your browser or to store information or settings in your browser.

Our cookies and what they do:

The cookies that we use can be categorised as follows:

Strictly necessary cookies

These cookies are essential for your use of the website and its features, such as storing your product selections to your shopping bag whilst you continue to shop and/or navigate to different pages of the website and accessing secure areas of the website. We have to use these cookies to make the website work as it should, whether or not you agree to such cookies being used.

Analytical / Performance cookies

These cookies collect information about how you use our website and services, in order to enhance your performance and develop them according to the preferences of our customers and visitors. For example, cookies and web beacons may be used to:

– test different designs and to ensure that we maintain a consistent look and feel across our websites;

– track and provide trend analysis on how you interact with our websites and communications;

– track errors and measure the effectiveness of our promotional campaigns.

The data collected will generally be aggregated to provide trends and usage patterns for business analysis, site/platform improvement and performance metrics. Our cookies or the resulting analysis may be also shared with our business partners. The type of information we collect includes how many visitors visit our websites, how many customers log in, when they visited, for how long and which areas of our websites and services but is generally not used to identify you individually. We may also receive similar information about visitors to our partner websites. We use Google Analytics, run by Google Inc for this purpose. To opt out of being tracked by Google Analytics, visit

Functionality cookies

These cookies allow the website to remember you in order to provide enhanced customised features (e.g. language preferences). These cookies can also be used to remember changes you have made to the text size, fonts and other parts of the website pages you can customize. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.

Social media cookies

These cookies are used when you share information using a social media sharing button or “like” button on the website or engage with us on or through social networking websites such as Facebook, which may link your use of our Platforms to targeting/advertising activities. We do not control how these social networks use cookies. Interactions with these features are governed by the privacy policy of the company providing it.

Targeting/advertising cookies

These cookies are used to deliver advertising more relevant to you and your interests both on our websites, websites of our group companies and on our partner websites. We carry out targeted advertising on our existing customer base as well as target other individuals who we think will be interested in our products and services. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaigns. They allow us to understand and evaluate clicks on our adverts so that we can improve the service you receive. They are usually placed by advertising networks with our permission. They remember that you have visited a website and this information is shared with other organizations such as advertisers. Advertisers and other third parties (including the ad networks, ad-serving companies, and other service providers they may use) may assume that users who interact with or click on a personalized ad or content are part of the group that the ad or content is directed towards.

To opt out of cookies relating to targeted advertising, you can visit . However, this will not opt you out of seeing advertisements altogether – opting out simply means the adverts will not be targeted to you. Please note that there are many more networks listed on this site than we use our website.

We use the following third party advertising cookies on our Platforms:

Company Description


GA Audiences cookie enables us to deliver interest-based advertisements on the web and within apps. The cookie lifecycle is a maximum of 13 months.


DataXu’s cookie offers us to reach you via advertisings broadcasted on DataXu’s websites network. The cookie lifecycle is a maximum of 13 months.


Criteo cookie enables us to reach you via advertisements once you have visited our Platforms or interacted with a different advertisement in the past. The cookie lifecycle is a maximum of 13 months.


Facebook cookie enables us to deliver to you interest based advertising on the online social network. The cookie lifecycle is a maximum of 13 months.

DoubleClick and DoubleClick floodlight (Google)

DoubleClick cookies enables us to identify the type of advertisements you might like to see from what you are browsing. The cookie lifecycle is a maximum of 13 months.


Yahoo! Audiences cookie enables us to deliver interest-based advertisements on the web and within apps. The cookie lifecycle is a maximum of 13 months.

Baidu Analyzes Audiences

Baidu Analyzes Audiences cookie enables us to deliver search behavior-based advertisements and interest-based advertisements on the web and within apps, the cookie will be stored no time limitation but the user can request to delete it. 

Web server logs and web beacons

In conjunction with obtaining information through cookies, our web servers may log details such as your operating system type, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone in which your device is located. The web server logs also may record information such as the address of the web page that linked you to our site and the IP address of the device you use to connect to the Internet. This information helps us to troubleshoot errors, improve performance and maintain the security of our Platforms. To control which web servers collect this information, we may place tags on our web pages called “web beacons.” These are computer instructions that link web pages to particular web servers and their cookies. We may also use cookies and similar technologies (such as web beacons) to allow us to tell if an email we have sent you has been opened and acted upon and whether our mailing tools are working correctly or, to measure performance and to provide content and ads that are more relevant to you.

Can I opt out of cookies and similar technologies?

If you do not want to allow cookies at all, or only want to allow the use of certain cookies, please refer to your browser settings. You can also use your browser settings to withdraw your consent to our use of cookies at any time and delete cookies that have already been set. To find out more about cookies, visit: By rejecting or disabling cookies, certain website content or functionality may not be available to you. Details of how to opt out of Google Analytics and cookies relating to targeted advertising are set out in the previous sections.

Because web beacons are the same as any other content request included in the recipe for a web page, you cannot opt out or refuse them. However, you may be able to disable web beacons in email messages by not downloading images contained in messages you receive (this feature varies depending on the email software used on your personal computer). However, doing this may not always disable a web beacon or other similar technologies in the email message due to specific email software capabilities. For more information about this, please refer to the information provided by your email software or service provider. Web beacons may also be rendered ineffective in some circumstances by opting out of cookies or amending your cookie settings in your browser.

We are committed to protecting the personal data we collect and keeping your personal data secure is very important to us. We take steps to ensure that your personal data is protected against unauthorized or unlawful processing and against accidental loss, erasure, use, leakage, damage or destruction or disclosure and we limit access to your personal data to persons who reasonably need access to it, to provide products or services to you.

Any data transmitted from your browser to our Platforms via online forms, our store locator or shopping cart is secured via SSL (secure socket layer) technology. SSL is a cryptographic protocol that ensures data privacy and data integrity between two authenticated communicating parties.

Our Platforms may contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or how those third parties may use your personal data. Please check these policies before you submit any personal data to these websites.

If you create an account with us, you will be asked to provide an account user name and password as part of our security procedures. You must treat such information as confidential and you must not disclose it to any third party.

We strive to provide you with choices regarding the personal data that you provide to us. The following mechanisms give you control over your personal data:

Advertising, marketing and personalization (offline and online): If you wish to be notified about our products and services, events, loyalty and other client programmes as well as other promotional activities, you can indicate your consent through the relevant checkbox(es) on our Platforms or client cards instore or by answering the question(s) presented by our beauty advisors or store representatives (as we may not do so in some jurisdictions without your consent). Some of our activities and communications may be personalized to your specific interests and preferences (which will be done with your permission, if required by law).

In certain jurisdictions, we may also share your personal data with other entities within the Nescens AU Group, in order to notify you about our products and services, events, loyalty and other client programmes as well as other promotional activities. Again, you can indicate your consent through the relevant checkbox(es) on our Platforms or client cards instore or by answering the question(s) presented by our beauty advisors or store representatives (as we may not do so in some jurisdictions without your consent).

If you wish to stop receiving our marketing communications (and/or you wish opt out of personalized marketing communications), simply let us know at any time by following the opt-out instructions in the relevant communication or using the details in Section 7. Please note that this will not stop you from receiving service messages (i.e. non-marketing communications, such as e-mail updates on your order status or notifications about your account activities) from us.

Cookies/Similar Technologies and Interest Based Advertising: You can set your browser to refuse all or some browser cookies or to alert you when cookies are being used or you can use the opt-out tools provided. You also have choices in respect of interest based advertising. Please see Section 3 above.

In accordance with applicable law, you may be entitled to ask us for a copy of your personal data, to review your personal data, to correct it, erase or suspend or restrict its collection, processing or use, or to ask us to transfer some of this personal data to other organisations. You may also have rights to object to some processing and, where we have asked for your consent to process your personal data, to withdraw this consent. Where you are in the EEA or Switzerland and where we process your personal data because we have a legitimate interest in doing so (as explained above), you also have a right to object to this. These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement or contractual obligation to process your personal data. In some instances, this may mean that we are able to retain your personal data even if you withdraw your consent. In such a case, we will apply appropriate measures and safeguards to protect your personal data. Where permitted by applicable privacy laws, we may charge a reasonable fee for responding to your request, but will advise of this at the time.

If you wish to exercise any of these rights, please contact us by using the details in Section 7.

If you have any questions about this Policy or privacy matters generally or to make a complaint about our compliance with applicable privacy laws, please contact us using the Contact us page of our website and our customer services team will be happy to assist you.

You can also use this Contact us if you wish to exercise your preferences and rights as detailed above.

We will acknowledge and investigate any complaint you make (including a complaint that we have breached your rights under applicable privacy laws). We hope that we can satisfy queries but if you have unresolved concerns you may also have the right to contact the relevant data protection authority in your country of residence or place of the alleged infringement.