We have selected stores offering Order & Collect
Read more here

Privacy & Cookies

UPDATED SEPTEMBER 2020


PRIVACY NOTICE

Neal’s Yard Remedies is committed to protecting our customer's privacy. Please take the time to review this notice which explains what information we collect about you, how we use it, and yourrights. Neal’s Yard (Natural Remedies) Limited a company registered in England and Walesunder company number 01597194, whose registered office is at Peacemarsh, Gillingham,Dorset, SP8 4EU, with our main trading address at Neal's Yard, Covent Garden, London, WC2H9DP (“Neal’s Yard Remedies”, “we” or “us”) is the data controller of the personal data collectedvia or in connection with www.nealsyardremedies.com and any associated App (the “Site”).


What personal data do we collect about you?

We collect personal data from you when you provide it to us directly and through your use of the Site. This information may include:

• Information you provide to us when you use our Site (e.g. your name, contact details, gender, product reviews, and any information which you add to your account profile);

• Transaction and billing information, if you make any purchases from us or using our Site (e.g. credit/debit card details and delivery information);

• Records of your interactions with us (e.g. if you contact our customer service team, interact with us on social media);

• Information you provide us when you enter a competition or participate in a survey;

• Information collected automatically, using cookies and other tracking technologies (e.g. which pages you viewed and whether you clicked on a link in one of our email updates). We may alsocollect information about the device you use to access our Site; and

• Other information necessary to provide the Site, for example we may access your location if you give us your consent.

If you also shop in one of our stores, we may combine information you give us in-store (e.g. if you make a purchase or join our mailing list in-store) with the information above.


Interactive Tools

Certain features on our Site and App may give you an opportunity to interact with us and others. For example, we may use a third-party ‘HERO®’ chat feature. Use of this feature means HERO®will process the data you submit (such as your name, location, e-mail address and any otherinformation you provide) which will enable us to provide the service and review your browsingbehaviour or App and/or Site usage. This information will be used to improve functionality andyour customer experience. If you interact and use this feature, your data will be processed inaccordance with the HERO® Privacy Policy for the purposes of carrying out and administeringthe services which they offer. They cannot export this data without our approval or use it foranything other than processing your data to improve our service to you.We strongly discourage you from disclosing any sensitive Personal Information (such as healthor credit card information) through these features as we cannot be held responsible for theinformation you choose to submit. Use of these features may also mean that the information youprovide will remain on the Site and/or App even after you cease using the Site and/or App.


What do we use this personal data for?

Depending on how you use our Site, your interactions with us, and the permissions you give us, the purposes for which we use your personal data include:

• To fulfil your order and maintain your online account.

• To manage and respond to any queries or complaints to our customer service team.

• To personalise the Site to you and show you content we think you will be most interested in, based on your account information, your purchase history and your browsing activity.

• To improve and maintain the Site, and monitor its usage.

• For market research, e.g. we may contact you for feedback about our products.

• To send you marketing messages and show you targeted advertising, where we have your consent or are otherwise permitted to do so.

• For security purposes, to investigate fraud and where necessary to protect ourselves and third parties.

• To comply with our legal and regulatory obligations.

We rely on the following legal basis, under data protection law, to process your personal data:

• Because the processing is necessary to perform a contract with you, or take steps prior to entering into a contract with you (e.g. where you have made a purchase with us, we use yourpersonal data to process the payment and fulfil your order).

• Because we have obtained your consent (e.g. where you contact us with a query, where you add optional information to your account profile, or if you consent to receive marketing from us).

• Because it is in our legitimate interests as an e-commerce provider to maintain and promote our services. We are always seeking to understand more about our customers in order to offer thebest products and customer experience. We use information about you to tailor your view of theSite, to make it more interesting and relevant in respect of the products and offers on view.

Our Site may allow you the option of adding additional information to your account profile, such as information about your, skin type, hair type and hair condition. We treat this information withparticular sensitivity, as we understand it can reveal information about your health or ethnicity, forexample. You do not have to provide this information to us, and can delete it or update it at anytime.


Marketing

We love to communicate with our customers and so, depending on your marketing preferences, we may use your personal data to send you marketing messages by email, phone (includingSMS) or post. Some of these messages may be tailored to you, based on your previousbrowsing or purchase activity, and other information we hold about you.If you no longer want to receive marketing communications from us (or would like to opt back in),you can change your preferences at any time by contacting us (details below), clicking on the‘unsubscribe’ link in any email, or updating your settings in your account. If you unsubscribe frommarketing, please note we may still contact you with service messages from time to time (e.g.order and delivery confirmations, and information about your legal rights).You may also see ads for our Site on third party websites, including on social media. These adsmay be tailored to you using cookies (which track your web activity, so enable us to serve ads tocustomers who have visited our Site). Where you see an ad on social media, this may becausewe have engaged the social network to show ads to our customers, or users who match thedemographic profile of our customers. In some cases, this may involve sharing your emailaddress with the social network. If you no longer want to see tailored ads you can change yourcookie and privacy settings on your browser and these third party websites.


Who do we share this personal data with?

We share customers’ personal data with third parties in the following circumstances:

• With other companies in our group of companies, as necessary to operate the Site.

• With our suppliers and service providers working for us, e.g. as necessary to operate the Site, including payment processors and delivery companies.

• With our professional and legal advisors.

• With third parties engaged in fraud prevention and detection.

• With law enforcement or other governmental authorities, e.g. to report a fraud or in response to a lawful request.

• In the event that we sell any business assets, the personal data of our customers may be disclosed to a potential buyer. In this event, we will make reasonable attempts to ensure thebuyer will be bound by the terms of this Privacy Policy.

• Otherwise where we have your consent or are otherwise legally permitted to do so.


Storage and Retention

We use service providers based around the world. Consequently, your personal data may be processed in countries outside of Europe, including in countries where you may have fewer legalrights in respect of your data than you do under local law. If we transfer personal data outside theEuropean Economic Area we will, as required by applicable law, ensure that your privacy rightsare adequately protected by appropriate safeguards, in particular the EU’s standard contractualclauses. Please contact us if you would like more information about these safeguards.We will keep your personal data for as long as we need it for the purposes set out above, and sothis period will vary depending on your interactions with us. For example, where you have madea purchase with us, we will keep a record of your purchase for the period necessary for invoicing,tax and warranty purposes. We may also keep a record of correspondence with you (for exampleif you have made a complaint about a product) for as long as is necessary to protect us from alegal claim. Where we no longer have a need to keep your information, we will delete it. Pleasenote that where you unsubscribe from our marketing communications, we will keep a record ofyour email address to ensure we do not send you marketing emails in future.


Security

This Site ensures that data is encrypted when leaving the Site. This process involves the converting of information or data into a code to prevent unauthorised access. This Site followsthis process and employs secure methods to ensure the protection of all credit and debit cardtransactions. Encryption methods such as SSL are utilised to protect customer data when intransit to and from this Site over a secure communications channel.Whilst we do everything within our power to ensure that personal data is protected at all timesfrom our Site, we cannot guarantee the security and integrity of the information that has beentransmitted to our Site.


Children

Our Site is not intended for, and should not be used by, children under the age of 18. We do not knowingly collect personal data from children under 18.


Cookies

Our Sites uses cookies and similar technologies to provide certain functionality to the Site, to understand and measure its performance, and to deliver targeted advertising. Please see ourCookie Policy here for further information about the cookies we use and how to amend yourcookie settings.


Retail Stores

ORDERING

We will keep details of purchases made through our till system and the fulfilment of your orders. This may include payment details, your name, email address and the items ordered. We willcollect details of your visits to store and your order history if you use your loyalty card. We willask you for your email address and postcode for us to communicate and gather demographiclocations on our store customers, this will be explained to you when asked for your details at thepoint of ordering and you can choose not to give this information at any time.With your permission you may provide us with your name, address, email, phone number andbusiness card (if applicable) for skin consultations, in-store events, out of stock notifications orour VIP customer list. This information will be kept and then destroyed securely once it has beenused for the purpose you provided it to us.


IN STORE IMAGES AND RECORDING

We may use CCTV images, recorded in our stores, premises or other buildings to help maintain the safety of anyone working or visiting them, and for the prevention, detection and prosecutionof criminal offences. We may also rely on the images to establish, exercise, or defend our legalrights.Our store staff may have access to tools which enable the direct online interaction with ourcustomers and images may be taken of information and products in-store for the sole purpose ofenhancing that customer's shopping experience. Every effort will be taken to avoid imagesfeaturing other individuals in-store, however we are unable to guarantee against this happening.You must notify us immediately in-store if you have any concerns.


Therapies

BOOKING A THERAPY

When you book a therapy, we will ask for: full name, contact telephone number, email address (optional). How we save your information may depend on whether you book a therapy in store oronline, this can be saved in paper form (diary) or in our third-party supplier booking systemssoftware, MindBodyOnline.We use MindBodyOnline to provide a Therapy Rooms booking app. If you download and use theTherapy Rooms booking app, your data will be processed in accordance with theMindBodyOnline privacy policy for the purposes of carrying out and administering the serviceswhich they offer. Please see the App store for more details.We will give the information that you have provided in your therapy booking to the relevanttherapist who will be providing you with the therapy. This information is shared on the basis thatwe have a legitimate interest in sharing this information with the therapist for the provision of thetherapy services to you. If you have a specific requirement for the therapist to fulfil your treatmentthen we may make a note of this, such as requiring downstairs toilet access. This won't includemedical information, this will be discussed, if necessary, in your private session with yourtherapist.

Please note that therapists are independent third parties and data controllers in their own right.The personal data you provide to your therapist is not shared with us without a legitimatebusiness reason to do so or your consent. We may process your personal data on behalf of thetherapist, for example, where we process your therapy booking or where you pay for the therapyat our store till point.Paying for the therapy: Payment can be made in cash directly to the therapist or by card/cash atour store till point (see Retail Store section for more information on this).


CONTACTING YOU

Occasionally we may need to contact you regarding your booking for example regarding a change in the booking, a complaint or if we require additional information from you. We will usethe telephone number given or email provided to us at time of booking.If you have any general queries regarding your data when you make or have made a therapyroom booking with us, please email therapies@nealsyardremedies.com


Education / Courses / Workshops

BOOKING A COURSE OR WORKSHOP

When you make a booking, we take the course/workshop details, your name, address, email address, telephone, allergies (if relevant), qualification details if needed and payment. Paymentcan be made via our Site, App or by telephone.


BOOKING A DIPLOMA COURSE

When booking a Diploma Course, we take the following details; name, address, email address, date of birth, next of kin, allergies (if relevant), payment status (not details) and exam results. Please note that we may contact the IFPA by email to confirm your exam results.If you submit case studies during your course by email or post, this information is retained forevidence of you completing the work. On each case study we ask only for your case studyclient’s initial or first name plus course module/title.


ONLINE COURSES

Your online course will start and be delivered through MindBodyOnline. You will be asked to register to take your course. You will be asked to set-up a username (your email address) andpassword to start.This data is stored in MindBodyOnline to allow you to login and monitor progress on yourenrolled course. We will remove you from the platform once you inform us that you wish to beremoved, however this will also revoke access to any courses you may be signed up to.


CONTACTING YOU

Occasionally we may need to contact you regarding your course or workshop booking, we will do this via telephone or email using the details you have provided to us.We may contact you by email about other training services that you may find of interest. You canopt-out by clicking on the unsubscribe link on the email.Once your course is completed you will receive the necessary qualification certificate (fordiploma and CPD courses only), this will feature your name, the course you completed andwhen. We keep a record the certificate has been sent but not a copy of the certificate.


Loyalty Programme

When you join our in-store loyalty programme the following details are collected from the form you fill in: name, address, email address, date of birth (optional), time and location of signing upfor your loyalty card, marketing opt-in preference and acceptance of our terms and conditions.We use a third-party supplier to support our loyalty programme. We will delete your data from ourloyalty database after 2 years of inactivity on your loyalty card. For more information on the termsand conditions for our loyalty card please read our Loyalty Terms and Conditions.


Prize Draws, Promotions and Surveys

When entering our prize draws or promotions, you may be required to provide us with your name, email address and mailing address. We use a third party provider, PromoVeritas, tochoose a winner at random. Name and email address data is passed to PromoVeritas to carrythis service out and deleted once the winner has received their prize. If you win, we will notify youas described in the prize draw/promotion terms and will send the prize to the address youprovide to us. When you enter a prize draw or promotion, you are also able to opt-in to hear fromus by email or post and be the first to know about our prize draws, offers and news. You mayunsubscribe from this by following the unsubscribe instructions in any email received.We will only contact you following a prize draw / promotion if you opted-in to do so. Unless youhave opted-in to receiving marketing communications, your data will be deleted after 3 months.Occasionally, we run joint prize draws / promotions with other likeminded companies where datawill be collected on entry, we collect this data but do not distribute it. It’s used for our ownmarketing purposes and will only be shared with the partner company with your expresspermission.We use third party providers such as SurveyMonkey and Mention Me to carry out surveys andpromotions on our behalf. If you agree to take part, your data will be processed in accordancewith their privacy notices as appropriate for the purposes of carrying out and administering theservices which they offer. The responses and data you provide will be used by us for researchand marketing purposes which will enable us to improve and enhance the services andexperiences we offer to you. For example, we may publish a quote/review on our Site, App or acatalogue, that you have provided about a product.We use internal analytics software to run business analysis on customer transactional data, thisimports from our Site, tills, payment gateways and databases. The data includes name,addresses and email of those who have placed an order including the related transactional data.This is so we can ensure we offer the best promotions, offers and discounts.


Special Category Data

Generally, we do not seek to collect special category data that is, information relating to: race or ethnic origin; political opinion; religious or other similar beliefs; trade union membership; physicalor mental health; sexual orientation; criminal records. We recommend that you do not providesuch information to us. If you choose to do so for any reason, this will mean that you have given(and we accept) your explicit consent for us to use that information for the reasons described inthis notice, or as explained at the time you provide the information.


Your rights

You have certain rights in respect of your personal data, including the right to access, portability, correct, and request the erasure of your personal data.You also have the right to object to your personal data being used for certain purposes, includingto send you marketing. See ‘Marketing’ above, for more details of how to opt-out of marketing.We will comply with any requests to exercise your rights in accordance with applicable law.Please be aware, however, that there are a number of limitations to these rights, and there maybe circumstances where we are not able to comply with your request. To make any requestsregarding your personal data, or if you have any questions or concerns regarding your personaldata, you should contact us using the details below. You are also entitled to contact your localsupervisory authority for data protection.


Contact Us

If you have any queries on any aspect of our Privacy Policy, please contact us on the details below:

Telephone: 0800 470 3245

Last updated 22/10/2020


YOUR CALIFORNIA PRIVACY RIGHTS

Consumers residing in California are afforded certain additional rights with respect to their personal data under the California Consumer Privacy Act (“CCPA”). If you are a California resident, this section applies to you. Collection and Use of Personal Data: In the preceding 12 months, we have collected thefollowing categories of personal data: identifiers (such as name and contact information),commercial information (such as products purchased or returned), internet or other electronicnetwork activity information (such as browsing behavior), geolocation data, audio information(such as customer support call recordings), and inferences we make based on the personal datawe collect about you. For more details about the personal data we collect and the sources ofsuch collection, please see “What personal data do we collect about you?” in the privacy policyabove. We use the personal data we collect for the business and commercial purposesdescribed in “What do we use this personal data for?” in the privacy policy above.Disclosure of Personal Data: In the preceding 12 months, we have disclosed the categories ofpersonal data listed above to third parties for business or commercial purposes. Please see“Who do we share this personal data with?” in the privacy policy above, for details.Sale of Personal Data: California law requires that we provide transparency about personal datawe “sell,” which for purposes of the CCPA broadly means scenarios in which we have sharedpersonal data with third parties in exchange for monetary or other valuable consideration. We donot, and will not, sell your identifying information such as your name, email address, phonenumber or postal address. As described above in the “Marketing” and “Cookies” sections in theprivacy policy above, we do share identifiers such as cookies and, where applicable, theadvertising identifier associated with your mobile device with our advertising partners so that theycan show advertisements that are targeted to your interests. In order to opt out of disclosures tothese third parties for purposes of showing you targeted advertisements, please follow the optout instructions in the “Marketing” section of the privacy policy above.

Your Rights: Subject to certain limitations, you have the right to request: more information about the categories and specific pieces of personal data we have collected and disclosed for a business purpose in the last 12 months; deletion of your personal data; and that we stop selling your personal data. You may make these requests by emailingcustomer.experience@thehutgroup.com or visiting this page. Once we receive your request, we will verify it by asking you to provide information related to your account or your recent interactions with us, such as information regarding a recent purchase. If you would like to use an authorized agent to exercise your rights, we may request evidence that you have provided such agent with power of attorney or that the agent otherwise has valid written authority to submit requests on your behalf. We will not discriminate against you if you exercise your rights under the CCPA.


COOKIE INFORMATION

We collect information about our customers via server logs, cookies, order forms and competitions. Cookies are small text files that are placed on your computer by websites that youvisit. They are widely used in order to make websites work, or work more efficiently, as well as toprovide information to the owners of the site.The information collected in this way can be used to identify you unless you modify your browsersettings. None of our cookies store any credit/debit card information nor password details.The tables below explains the cookies we use and why.


STRICTLY NECESSARY

These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, services youhave asked for, like shopping baskets or e-billing, cannot be provided.

COOKIE NAME

PURPOSE

locale_V6

This is used to remember what language the user is viewing the website in.

currency_V6

This is used to remember what currency

ElysiumBasketNeal’s Yard

Remediesgroup_V6

This is used to access what the user has already put in their basket in that session or a previous visit.

NSC_[followed by name of relevant server]

This acts as a load balancer between the various servers we use on our website i.e. it ensures the user's interaction with the website is uninterrupted when the user transfers across servers.

_EDOFC_V6

This is used to store information relating to the contents of the user's basket.

VisitorId_Neal’s Yard

Remediesgroup_V6

during a session or from a previous visit. This is used to access the user's details

JSESSIONID

This is used for the purposes of session management in our application server.

PERFORMANCE COOKIES

These cookies collect information about how visitors use our website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies do notcollect information that identifies a visitor. All information these cookies collect is aggregated andtherefore anonymous. It is only used to improve how our website works. By using our website,you agree that we can place these type of cookies on your device.

COOKIE NAME

PURPOSE

_utma

_utmb

_utmc

_utmz

(Google analytics)

These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Click here for an overview of privacy at Google

To opt out of being tracked by Google Analytics across all websites visit

http://tools.google.com/dlpage/gaoptout.

_vis_opt_s

_vis_opt_exp_1_combi

_vis_opt_test_cookie

_vis_opt_test_cookie

(Visual Website Optimiser)

These cookies are placed by our current multivariate testing tool, Visual Website Optimiser. It enables us to create different versions of our websites and landing pages, so that we can monitor which our customers prefer. management in our application server. This is used for the purposes of session

affil_V6

We use this cookie to track sales that have come in via an affiliate network link.

FUNCTIONALITY COOKIES

These cookies allow our website to remember choices that you make (such as your user name, language, or the region you are in), and provide enhanced, more personal features. They mayalso be used to provide services you have asked for such as watching a video or commenting ona blog. By using our website, you agree that we can place these type of cookies on yourdevice.

COOKIE NAME PURPOSE

COOKIE NAME

PURPOSE

VisitorId_Neal’s Yard

Remediesgroup_V6

RememberMe_Neal’s Yard

Remediesgroup.v6

This is used to remember your log‐in details on the website.

SLI1_112

SLI2_112

SLI4_112

SLIBeacon_112

SLI_Neal’s Yard Remediesgroup_V6

These cookies are used to facilitate the product search engine contained on thewebsite.

chumewe_user

This is used to give a user a unique identifier.

chumewe_sess

This is used to give a user's session a unique identifier.

TARGETING AND ADVERTISING COOKIES

These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure theeffectiveness of the advertising campaign. They are placed by advertising networks or affiliateswith our permission. They remember that you have visited a website and that this information isshared with other organisations such as advertisers.By using our website, you agree that we can place these type of cookies on your device.If you would like to disable any of these cookies, please see the table below and the sectionbelow headed 'How to Restrict or Block Cookies' for further details.

COOKIE NAME

PURPOSE

VisitorId_Neal’s Yard

Remediesgroup_V6

RememberMe_Neal’s Yard

Remediesgroup.v6

These cookies are used to track sales that have come in via an affiliate network link operated by our partner Affiliate Window and also to support the delivery of targeted marketing and advertising communications. For further information about how Affiliate Window address data privacy, please follow the link below:

https://www.affiliatewindow.com/

c_user

datr

lu

s

sct

x-src

xs

(Facebook)

Facebook is a social networking website that has millions of users worldwide. You register and create a profile. You can add friends to your profile and exchange information with your friends. Facebook also allows people to start groups and fan pages as well as bookmarking other web pages. This website uses Facebook plug-ins to allow you to 'like' the page and products. These plug-ins store third party Facebook cookies on your machine which we do not have any control over. For further information about how Facebook address data privacy, please follow the link below:

http://www.facebook.com/about/privacy/.

_utma

_utmb

_utmz

guest_id

k

pid

(Twitter)

Twitter is a social networking website. This website uses Twitter plug‐ins to allow you to tweet about the page and products. These plug‐ins store third party Twitter cookies on your machine which we do not have any control over. For further information about how Twitter address data privacy, please follow the link below:

https://twitter.com/privacy

ysm_bbk18TA4F8D6DA

L4O7S4UB3AIDQ8EC

(Yahoo)

This cookie is used to support the delivery of targeted marketing and advertising communications. For more information about Yahoo's privacy policy and for details of how to opt‐out of receiving advertising from Yahoo, please follow the link below:

http://info.yahoo.com/privacy/uk/yahoo/opt_out/targeting/details.html

HOW TO RESTRICT OR BLOCK COOKIES

If you wish to restrict or block the cookies which are set by our website, or indeed any other website, you can do this through your browser settings. The 'Help' function within your browsershould tell you how. To find out more about cookies, including how to see what cookies havebeen set and how to manage and delete them, visit www.allaboutcookies.org.You may also wish to visit www.youronlinechoices.com/uk/your-ad-choices to learn more aboutthe cookies on your device set by other companies, and opt out of them if you wish.However, if you use your browser settings to block all cookies (including strictly necessarycookies) you may not be to access all or parts of our site. Unless you have adjusted yourbrowser setting so that it will refuse cookies, our system will issue cookies as soon you visit oursite.

Duomai Cookies

COOKIE NAME

PURPOSE

"duomai_euid_V6" and

"duomai_mid_V6"

(Duomai)

These cookies are used to track sales that have come in via an affiliate network link operated by our partner Duomai and also to support the delivery of targeted marketing and advertising communications. For further information about how Duomai address data privacy, please follow the link below:https://www.duomai.com/en/privacy.html

Privacy and Cookies


www.nealsyardremedies.com (‘Site’) and the Neal’s Yard Remedies mobile app (‘App’) are operated by Neal’s Yard Remedies. We collect information that you provide to us by using our online features, filling in forms on our Site or via our App. This includes information provided at the time of registering to use our Site and App (where applicable), subscribing to our services (where applicable), ordering products and services through our Site and App, personalising our Site and App with your preferences, posting material, through in-store interactions or requesting further services.


In addition, we may also collect non-personally identifiable information, such as location data, pages viewed, computer type, screen resolution, operating system version, internet browser type and version, information collected through cookies, pixel tags, web beacons, and other technologies, and other data. Because this non-personal information does not personally identify you, we may collect, use and disclose this for any purpose and will be retained only for so long as to fulfil a legitimate business need.


PLACING AN ORDER

We keep details of the transactions you make through our Site and App and the fulfilment of orders. This includes payment details, your name, billing and postal addresses, the items you ordered and your email and telephone number.


If you checkout as a guest we will store your order details; name, email address, billing and shipping address, order details and payment method.


We collect details of your visits to our Site and App including, but not limited to, if applicable which URL you used to get to our Site, searches you make, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access. We collect these details to better understand how our customers arrive on and use our Site and App and enable us to improve them.


If you purchase a Gift Card the details of both the sender (you) and the recipient (if applicable) are stored in your order history.


PAYMENT OF AN ORDER

We use a third-party supplier, Sagepay, to provide our payment gateway and to record our order fulfilment. This includes name, billing and shipping address and order amount which will check if your payment passes fraud security.


If PayPal is chosen as the payment method, you will be taken to the PayPal Site to complete payment by logging into your PayPal account and confirming payment is to be made.


All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology.


DISPATCHING YOUR ORDER

We use Parcelforce to fulfil our order delivery. We pass your name, telephone and postal address plus order value (for insurance purposes) to Parcelforce so that they can track and deliver your parcel and communicate with you via telephone to provide the delivery time details.


If you are logged into your account whilst on the Site, the Site will track purchase choices made and record them in your ‘My Account’ order history. These choices are then fed into our cloud based predictive intelligence engine which in turn will suggest other related products that may complement and add value to your existing purchase choices, known as personalised sorting rules or product recommendations. If you create a wish list on the Site or App, these details will be stored in your account profile on the Site or within the App. These will not be made public unless you specifically choose to do this in the wish list settings if available.

If you are a member of our Loyalty programme, both your online and in-store purchase history will be stored in your accounts ‘Loyalty’ history.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site and our Site via our App, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Although kept on your account, your password is not visible to us.


Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our Site and App, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access and require our suppliers to do the same.


If you are using our App or certain features on our Site your GPS and/or log in information (IP address) may be used to assist us in enriching/customising your experience and provide additional functionality in locating your nearest Neal’s Yard Remedies store or Therapy Room. If you wish to use this location data service, you will be asked to consent to your data being used for this purpose upon registering to use the App or prior to your connection to the online chat system.. You can withdraw your consent at any time by turning off the location services settings for the App on your device.



Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our Site and App, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access and require our suppliers to do the same.


Our Site and App tracks and gathers data using a third-party app by Google called Google Analytics. This stores information anonymously on Google’s servers. It gathers information such as a visitor’s country of origin, the device used, pages visited and basket value. We use these stats to identify any pinch points for our customer journeys and then use it to improve their journey through our Site and App. These statistics help us to identify the most common devices used to visit our Site or App, so we can target specific roadmap improvements for those commonly used platforms (mobile, iPad etc.). Google Analytics only reflects the code update being applied to anonymize your IP address therefore the user’s identity cannot be tracked back to their online account details.



We use a third-party service integrator to support the maintenance and development of the Site and App. This means that they can see and access live customer data if required. This only happens if we are making improvements to areas such as your account functionality, improvements in ordering or other areas that interact with customers and their data. They cannot export this data without our approval or use it for anything other than providing us support to improve our service to you.


What are cookies?

Cookies are tiny text files containing letters and numbers that are stored on your computer or mobile phone. With your permission and to help us to provide important features and functionality we use cookies on our Site and App and use these to improve your customer experience. You are free to manage this via your browser or mobile app settings at any time. To learn more about how we use the cookies please read the information in this section.


Our cookies

At Neal’s Yard Remedies we use cookies to keep track of what you have in your basket, and to remember you when you return to our Site and App. To order products from the Neal’s Yard Remedies Site and via our App, you need to have cookies enabled. If you don’t wish to enable cookies, you’ll still be able to browse the Site and App and use it for research purposes.


We don’t store personally identifiable information such as credit card details in the cookies we create, but we do use encrypted information gathered from them to help improve your experience of the Site and App. For example, they remember the items you have in your basket and also recommend related products to show you when you’re browsing.


Here’s a list of the main cookies we use, and what we use them for.


Cookie Name


Type


Purpose


__cq_dnt, cqcid, cquid, dw, dwanonymous_xxxx, dw_dnt, dwsecuretoken_xxxx, dwsid, dwac_xxxx, sid,


Session


Session cookies are temporary cookies which only exist during the time you use the Site or App (or more strictly, until you close the browser after using the Site or App). Session cookies help our Site and App remember what you chose on the previous page, avoiding the need to re-enter information.


__cfduid, _cd_bc, __cq_seg, __cq_uuid, _ga, _gat, _gid, uuid


Performance


Performance cookies allow us to capture information about how people use our Site or App, for example, which pages are viewed the most and how people move around our Site or App. This information is then used to make improvements to our Site, App and services.


Third Party Cookies

When you visit the Site or App you may notice some cookies that aren’t related to us. If you go on to a web page that contains embedded content, for example from YouTube, you may be sent cookies from these websites. We don’t control the setting of these cookies, so please check the third-party websites for more information about their cookies and how to manage them.


Google – These cookies help us collect and analyse visitor information such as browser usage, new visitor numbers and response to marketing activity. That information helps us to improve the Site, App and your shopping experience, and to make our marketing campaigns relevant.

Affiliate Window – These cookies show us how you found our Site and which website you came from. This helps us know which of our online marketing channels is most effective and enable us to reward some external websites for directing you to us.

YouTube – These cookies allow us to display video content from YouTube on our Site.

Snap Widget – This cookie allows us to display content from our social media channels on our Site.

New Relic, Pingdom & CloudFlare – These cookies are used to monitor website, mobile app performance and customer experience to inform improvements to our Site and App.

Interactive Tools – These cookies allow us to provide interactive features to enhance your shopping experience. For example we use a ‘HERO®’ feature to help you speak directly with our in-store staff, for real-time advice, recommendations and store availability. The HERO® Cookie Policy can be viewed here.

Sharing content

If you take the opportunity to ‘share’ content from Neal’s Yard Remedies content with friends through social networks – such as Facebook and Twitter - you may be sent cookies from these websites. We don’t control the setting of these cookies, so please check the third–party websites for more information about their cookies and how to manage them.


More information about cookies

If you'd like to learn more about cookies in general and how to manage them, aboutcookies.org (opens in a new window). If you'd like to opt out of cookies, please go to the Network Advertising Initiative website (opens in a new window).


Changes to our cookies notice

Any changes we may make to our Cookies Notice in the future will be posted on this page.


ORDERING

We will keep details of purchases made through our till system and the fulfilment of your orders. This may include payment details, your name, email address and the items ordered. We will collect details of your visits to store and your order history if you use your loyalty card. We will ask you for your email address and postcode for us to communicate and gather demographic locations on our store customers, this will be explained to you when asked for your details at the point of ordering and you can choose not to give this information at any time.


With your permission you may provide us with your name, address, email, phone number and business card (if applicable) for skin consultations, in-store events, out of stock notifications or our VIP customer list. This information will be kept and then destroyed securely once it has been used for the purpose you provided it to us.


IN STORE IMAGES AND RECORDING

We may use CCTV images, recorded in our stores, premises or other buildings to help maintain the safety of anyone working or visiting them, and for the prevention, detection and prosecution of criminal offences. We may also rely on the images to establish, exercise, or defend our legal rights.


Our store staff may have access to tools which enable the direct online interaction with our customers and images may be taken of information and products in-store for the sole purpose of enhancing that customer's shopping experience. Every effort will be taken to avoid images featuring other individuals in-store, however we are unable to guarantee against this happening. You must notify us immediately in-store if you have any concerns.


Certain features on our Site and App may give you an opportunity to interact with us and others. For example, we may use a third-party ‘HERO®’ chat feature. Use of this feature means HERO® will process the data you submit (such as your name, location, e-mail address and any other information you provide) which will enable us to provide the service and review your browsing behaviour or App and/or Site usage. This information will be used to improve functionality and your customer experience. If you interact and use this feature, your data will be processed in accordance with the HERO® Privacy Policy for the purposes of carrying out and administering the services which they offer. They cannot export this data without our approval or use it for anything other than processing your data to improve our service to you.


We strongly discourage you from disclosing any sensitive Personal Information (such as health or credit card information) through these features as we cannot be held responsible for the information you choose to submit. Use of these features may also mean that the information you provide will remain on the Site and/or App even after you cease using the Site and/or App.


BOOKING A THERAPY

When you book a therapy, we will ask for: full name, contact telephone number, email address (optional). How we save your information may depend on whether you book a therapy in store or online, this can be saved in paper form (diary) or in our third-party supplier booking systems software, MindBodyOnline.


We use MindBodyOnline to provide a Therapy Rooms booking app. If you download and use the Therapy Rooms booking app, your data will be processed in accordance with the MindBodyOnline privacy policy for the purposes of carrying out and administering the services which they offer. Please see the App store for more details.


We will give the information that you have provided in your therapy booking to the relevant therapist who will be providing you with the therapy. This information is shared on the basis that we have a legitimate interest in sharing this information with the therapist for the provision of the therapy services to you. If you have a specific requirement for the therapist to fulfil your treatment then we may make a note of this, such as requiring downstairs toilet access. This won't include medical information, this will be discussed, if necessary, in your private session with your therapist.


Please note that therapists are independent third parties and data controllers in their own right. The personal data you provide to your therapist is not shared with us without a legitimate business reason to do so or your consent. We may process your personal data on behalf of the therapist, for example, where we process your therapy booking or where you pay for the therapy at our store till point.


Paying for the therapy: Payment can be made in cash directly to the therapist or by card/cash at our store till point (see Retail Store section for more information on this).


CONTACTING YOU

Occasionally we may need to contact you regarding your booking for example regarding a change in the booking, a complaint or if we require additional information from you. We will use the telephone number given or email provided to us at time of booking.


If you have any general queries regarding your data when you make or have made a therapy room booking with us, please email therapies@nealsyardremedies.com


BOOKING A COURSE OR WORKSHOP

When you make a booking, we take the course/workshop details, your name, address, email address, telephone, allergies (if relevant), qualification details if needed and payment. Payment can be made via our Site, App or by telephone.


BOOKING A DIPLOMA COURSE

When booking a Diploma Course, we take the following details; name, address, email address, date of birth, next of kin, allergies (if relevant), payment status (not details) and exam results. Please note that we may contact the IFPA by email to confirm your exam results.


If you submit case studies during your course by email or post, this information is retained for evidence of you completing the work. On each case study we ask only for your case study client’s initial or first name plus course module/title.


ONLINE COURSES

Your online course will start and be delivered by a Moodle website (http://nealsyardremedies.education), this is a commonly used for online course delivery. You will be asked to register on the Site to take your course. You will be asked to set-up a username (your email address) and password to start.


We use WebAnywhere and Moodle to deliver our online courses. You will be asked to set up a username (your email address) and password. We pass this information to WebAnywhere and Moodle to setup your access to the online course. This data is stored in Moodle to allow you to login and monitor progress on your enrolled course. We will remove you from the platform once you inform us that you wish to be removed, however this will also revoke access to any courses you may be signed up to.


CONTACTING YOU

Occasionally we may need to contact you regarding your course or workshop booking, we will do this via telephone or email using the details you have provided to us.


We may contact you by email about other training services that you may find of interest via MailChimp. You can opt-out by clicking on the unsubscribe link on the email.


Once your course is completed you will receive the necessary qualification certificate (for diploma and CPD courses only), this will feature your name, the course you completed and when. We keep a record the certificate has been sent but not a copy of the certificate.


When you join our loyalty programme the following details are collected from the form you fill in: name, address, email address, date of birth (optional), time and location of signing up for your loyalty card, marketing opt-in preference and acceptance of our terms and conditions.

We use a third-party supplier to support our loyalty programme. We will delete your data from our loyalty database after 2 years of inactivity on your loyalty card. For more information on the terms and conditions for our loyalty card please read our Loyalty Terms and Conditions.


Facebook: We use Facebook advertising. Facebook’s own Data policy can be found here: https://www.facebook.com/policy.php. This data is used for targeted advertising to potential or existing customers based on similar demographics. We market products, offers, news and brand messages or context targeting based on previously viewed content. Facebook uses cookies to gather this data. Facebook has multiple opt-out options under your account settings to opt out of its advertising.


Instagram: We use Instagram to post marketing activity, we occasionally use the paid advertising service to target users based on demographics. We promote products, offers, news and brand messages – this is all run through the Facebook Advertising platform.


Mention Me (Refer a Friend): We use Mention Me to operate our Refer a Friend program. Mention Me process customer email addresses and certain order data for the purposes of: Enrolling customers onto our refer-a-friend programme; Monitoring the programme and safeguarding against gaming or fraudulent use of the programme; Communicating with customers in connection with operation of the programme and delivery of rewards; Reporting on the performance of the programme. Mention Me’s own data policy can be found here: https://mention-me.com/help/privacy_policy_s


When entering our prize draws or promotions, you may be required to provide us with your name, email address and mailing address. We use a third party provider, PromoVeritas, to choose a winner at random. Name and email address data is passed to PromoVeritas to carry this service out and deleted once the winner has received their prize. If you win, we will notify you as described in the prize draw/promotion terms and will send the prize to the address you provide to us. When you enter a prize draw or promotion, you are also able to opt-in to hear from us by email or post and be the first to know about our prize draws, offers and news. You may unsubscribe from this by following the unsubscribe instructions in any email received.


We will only contact you following a prize draw / promotion if you opted-in to do so. Unless you have opted-in to receiving marketing communications, your data will be deleted after 3 months.


Occasionally, we run joint prize draws / promotions with other likeminded companies where data will be collected on entry, we collect this data but do not distribute it. It’s used for our own marketing purposes and will only be shared with the partner company with your express permission.


We use third party providers such as SurveyMonkey and Mention Me to carry out surveys and promotions on our behalf. If you agree to take part, your data will be processed in accordance with their privacy notices as appropriate for the purposes of carrying out and administering the services which they offer. The responses and data you provide will be used by us for research and marketing purposes which will enable us to improve and enhance the services and experiences we offer to you. For example, we may publish a quote/review on our Site, App or a catalogue, that you have provided about a product.


We use internal analytics software to run business analysis on customer transactional data, this imports from our Site, tills, payment gateways and databases. The data includes name, addresses and email of those who have placed an order including the related transactional data. This is so we can ensure we offer the best promotions, offers and discounts.


If you have consented to us sending you marketing information you have the right to change your mind and ask us not to send you marketing information any more. We will always ask you (before collecting your information) if you would like to receive information from us for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your information.


Catalogue Mailings / Postcards: Please email mailorder@nealsyardremedies.com with your full name, customer no. (if you have one) and your postal address and we will remove you from our postal mailings.


Emails: If you would like to unsubscribe from any email newsletters you can also click on the ‘unsubscribe’ button at the bottom of the email newsletter. It may take up 72 hours for this to take place. Or contact mailorder@nealsyardremedies.com


If you contact our Customer Care or store team by email, phone or letter, we will hold this data to deal with your enquiry. Information is retained in line with our Data and Records Management Policy.


Generally, we do not seek to collect special category data that is, information relating to: race or ethnic origin; political opinion; religious or other similar beliefs; trade union membership; physical or mental health; sexual orientation; criminal records. We recommend that you do not provide such information to us. If you choose to do so for any reason, this will mean that you have given (and we accept) your explicit consent for us to use that information for the reasons described in this notice, or as explained at the time you provide the information.


We do not sell our customer lists and we will never pass your details on to third parties for any purpose unless you have consented to us doing so or it is for the following reasons:


in the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets;

in the event we outsource any of our business functions under which we collect or store your information (including the hosting and maintenance of our Site, email marketing, catalogues and postal mailings and statistical reports and analysis) in which case we will ensure that any such service provider keeps your information confidential and adheres to at least the same obligations of security with regard to your information as undertaken by us; or

we have a legitimate business reason to do so; or

if we are under a duty to disclose or share your personal information in order to comply with any legal or contractual obligation, or

in order to enforce or apply our Terms and Conditions and other agreements; or

to protect our rights, property, or safety of our employees, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.



Under the Data Protection Legislation, you have a number of important rights. In summary, those include rights to:


fair processing of information and transparency over how we use your use personal information;

access to your personal information and to certain other supplementary information that this Privacy and Cookies Notice is already designed to address;

require us to correct any mistakes in your information which we hold;

require the erasure of personal information concerning you in certain situations;

receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;

object at any time to processing of personal information concerning you for direct marketing;

object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;

object in certain other situations to our continued processing of your personal information;

otherwise restrict our processing of your personal information in certain circumstances;

you can claim compensation for damages caused by our breach of any data protection laws.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.


If you would like to exercise any of those rights, please:


email privacy@nealsyardremedies.com

let us have enough information to identify you full name, address and if you’re an existing customer

let us have proof of your identity and address a copy of your driving licence or passport and a recent utility or credit card bill

let us know the information to which your request relates including any invoice or customer number, if you have them


The information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services (i.e. management of survey processes etc.). Such countries do not have the same data protection laws as the United Kingdom and EEA. Any transfer of your personal data will be subject to appropriate contractual arrangements that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information. By submitting your personal information to us, you agree to this transfer, storing or processing.


We may transfer your personal information to the following which are located outside the EEA as follows:


Salesforce who provide our ecommerce platform

MailChimp who provide our Education email marketing service

Astound who provide some of our software integration services

SurveyMonkey who administer some surveys on our behalf

MindBodyOnline who provide and administer our Therapy Rooms booking app

Salesforce, MailChimp, Astound, SurveyMonkey Inc. and MindBodyOnline all participate in and have certified its compliance with the EU-U.S. Privacy Shield framework set out by the U.S. Department of Commerce and the European Union and will transfer your personal data as part of its delivery of its service to us.


For more information on the EU–U.S. Privacy Shield, please visit the U.S. Department of Commerce’s Privacy Shield website at www.privacyshield.gov


The third party service provider list above will be updated from time to time.


If you would like further information please contact us at privacy@nealsyardremedies.com


We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.


We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.


If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.


We hope that our Customer Care Team mailorder@nealsyardremedies.com can resolve any query or concern you raise about our use of your information.

Data Protection Legislation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.