To ensure your privacy as far as possible, we adhere to the following core values:
Limited collection: We take great care to limit the information we collect and use to only that which is necessary for the purposes set out herein, including for selling our Products and/or providing our Services (as defined below). The means of collection will be lawful and fair.
Accuracy and duration of retention : We take practicable steps to ensure that personal data is accurate and is not kept longer than is necessary to fulfil the purpose for which the data is used.
Security: We take the appropriate measures to secure your personal data and require the same from the parties that use your data on our behalf. Rituals proactively tests on a continuous basis its websites and apps by means of an automated security scan.
Individuals’ rights: We respect your rights under applicable privacy laws (including the right to access, correct, or delete your personal data in accordance with such laws).
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
2. PERSONAL DATA WE COLLECT AND USE
The personal data we collect about you when you buy our Products or use our Services, include the following (hereinafter jointly referred to as: “Personal Data”):
Your contact details. Your name, postal address and other contact details, such as your telephone number and e-mail address, and any other contact details you provide to us (including delivery address when you purchase our Products online).
Your account data. To complete your account at Rituals (if applicable, e.g. MyRituals) (online or instore via the onboarding application), we use your name, gender, contact details, birthday month and other information you voluntarily provide to us, such as your favourite Rituals collection, additional interests and favourite categories or personal product advice (such as but not limited to soulwear, skincare, make up and haircare).
Your purchases in our stores. Only when you are a MyRituals member, we can link data from your purchases in our stores to your MyRituals profile based on the verification of your personal data at the counter that you provide (e.g., your MyRituals member card (number), email address and/or mobile telephone number), such as the amount and date of your purchases, the Product(s) or Service(s) you purchase, the location of the store, payment status, bank account details, (employee) discount, voucher code used (if any), gift with purchases (if applicable) and optional additional personal card or engraving data.
Your purchases online. To complete your online purchases via the official Rituals webshop or via other official social media-channels of Rituals, we use your name, gender, telephone number, contact details and all relevant information regarding your purchases, such as the amount and date of your purchases, the Product(s) or service you purchase, the device through which you make your purchases, payment method, payment status, bank account details, (employee) discount, voucher code used (if any), gift with purchases (if applicable), optional additional personal card or engraving data, delivery method and delivery address.
Your data when using our Rituals Perfume Diffuser device and app. If you make use of our Rituals Perfume Diffuser App we record your name and email address. In order to be able to use the device in combination with the App, information in relation to the device is automatically collected, such as Wifi strength, battery percentage, cartridge fill, scent, installed version, fan-information, online/offline status. We also collect and use other personal data you voluntarily provide to us, such as room size, and room name.
The personal data you share with us during the personalization-process when you buy a personalized Rituals product. If you personalize Rituals Products via us, we use your personalized data (e.g. the name you would like to be placed on the Rituals Products) in order to be able to handle your request and provide you our Services.
Your data when subscribing to our newsletter. To be able to provide you with the newsletter of Rituals containing inspirational and commercial content, (with your consent, where we are required by applicable law to do so) we use your email address and additional information if you add such to your profile, such as name, [birthday month and favourite store. If you have so consented (where required by laws) Rituals also sends out personalized newsletters, based on your personal preferences if you’ve provided us with those. You may unsubscribe at any time.
Recordings (CCTV, events and telephone recordings). Some of our stores use video surveillance systems (CCTV). When you enter such stores, you are recorded by our video surveillance systems. If you attend events or fairs that Rituals hosts or attends, you can also be recorded if we make video footage of such event or fair. If you call us with a question or complaint, your telephone calls to us will be recorded.
Your communication data. Any data shared by you when communicating with us via email, online, telephone, social media or any other form, such as questions, requests or complaints.
Your details regarding raffles, subscribe and win, lead generation campaigns, contests or sampling-activation. Any data shared by you when participating in a raffle, subscribe and win, lead generation campaign, contest or sampling-activation.
Your ratings and reviews and feedback. The opinions, experiences, preferences and interests and Product- or event reviews that you publish on our websites or share with us online or through social media.
3. PURPOSES OF USE PERSONAL DATA
The Personal Data we collect is exclusively used for the following purposes:
For the performance of our agreement with you: In order to carry out our obligations arising from any contracts entered into between you and us, and to provide you with the Products, Services and information that you request, including managing and handling your requests, inquiries or complaints. This also includes enabling you to make a purchase of our Products, to participate in our MyRituals program (if applicable in your location), to responding to your requests to provide customer service, respond to your inquiries, provide you with essential information regarding our Products and Services you request, etc.
For our legitimate commercial interests: With your consent (where required by applicable law), we use your Personal Data as described above (both on aggregated and on individual basis) for the purpose of advertising our Products and Services, to contact you via e-mail, regular mail, social media or otherwise for direct marketing or other commercial purposes. We also use your Personal Data for analysing and improving the quality of our Products and Services, such as providing you with customer services and aftersales, and to understand you as a customer (customer optimalization). This enables us to assess what may interest you, to measure or understand the effectiveness of advertising we serve to you and others and to deliver relevant advertising.
We may also use your Personal Data, for our other legitimate commercial interests such as to operate and expand our business activities; to develop and improve or modify our Products and Services; to generate aggregated statistics about the users of our Products and Services; to facilitate our business operations; to operate company policies and procedures; to enable us to make corporate transactions, such as any merger, sale, reorganization, transfer of Rituals’ assets or businesses, acquisition, bankruptcy, or similar event; or for other legitimate business purposes permitted by applicable law.
Use of information based on your consent:
If you haven’t purchased any Product from us, we will only send you direct marketing communications (such as newsletters, promotions, news on products or service updates) via email, other electronic means, via telephone or via hardcopy mail (such as flyers), after we have received your consent to do so.
Children under the age of 18 cannot legally give their consent. Instead, consent of their parent or legal guardian needs to be provided. If you have any concerns about your child's privacy, or if you believe that your child may have entered personal data onto our website, please contact us at email@example.com. We will take steps to delete the information as soon as possible should we learn that we have collected the personal data of a child without first receiving verifiable parental consent.
For providing direct marketing communications: based on your use of our Services and Products you purchased, and with your consent (if required by applicable law) we may target you with advertisement or other marketing materials that are customized to your personal preferences and experiences.
You can withdraw your consent at any time (see the section Your rights below).
To comply with our legal obligations: Any Personal Data we collect may be used to comply with a legal obligation to which we are subject, such as supervisory bodies, fiscal authorities or investigation bodies.
4. SOCIAL MEDIA
When you participate in various social media forums like Facebook, Twitter, Pinterest, Instagram, LinkedIn, etc., you should be familiar with and understand the tools provided by those sites that allow you to make choices about how you share the personal data in your social media profile(s).
Also, depending on the choices you have made regarding your settings on various social media sites (and/or in combination with your settings on the Rituals pages), certain personal data may be shared with Rituals about your online activities and social media profiles (e.g. interests, marital status, gender, user name, photo, comments and content you have posted/shared etc.).
5. SHARING YOUR PERSONAL DATA
We share your Personal Data with the following parties:
Third Party suppliers. We engage third parties, from time to time, to help us providing us our Products and Services, including:
- Business partners, suppliers (such as IT service providers) and sub-contractors;
- Contact centers, to assist us on the Consumer Service-department;
- Advertising and media companies that carry out marketing and media activities on our behalf;
- Analytics and search engine providers that assist us in the improvement and optimisation of our website and apps, such as Google Analytics.
In providing their services, they will access, receive, maintain or otherwise process Personal Data on our behalf. Our contracts with these service providers do not permit use of your Personal Data for their own (marketing) purposes. Consistent with applicable legal requirements, we take commercially reasonable steps to require such Third Party suppliers to adequately safeguard your Personal Data and only process it in accordance with our instructions.
Corporate transaction. In addition, Personal Data may be disclosed as part of any merger, sale or transfer of Rituals’ assets.
Third parties in case of legal requirement. We may also disclose your Personal Data to a third party, such as relevant regulator or court if we are required to do so under any applicable law, regulation, directive or order issued by a competent court, in each case in any relevant jurisdiction.
With consent. We may also disclose information about you, including Personal Data to any other third party, where you have consented or requested that we do so.
6. INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
In most cases your Personal Data will be processed in Hong Kong and/or within the European Union. However, please be informed that Rituals may transfer and process any Personal Data you provide to us to countries other than your country/ place of residence. The laws of these countries may not provide the same level of protection to your Personal Data. Rituals or Third Party suppliers we use will therefore seek to ensure that all adequate safeguards are in place and that all applicable laws and regulations are complied with in connection with such transfer. This means that we will enter into legally necessary contracts with recipients of your data, including using standard contractual clauses as approved by the European Commission or other supervisory authority where required, or otherwise take such other steps as are required by applicable laws to do so.
If the GDPR applies, you are entitled to receive a copy of any documentation showing the suitable safeguards that have been taken by making a request via firstname.lastname@example.org.
We will take reasonable steps to ensure that your Personal Data are properly secured using appropriate technical, physical, and organizational measures, so that they are protected against unauthorised or unlawful or accidental use, processing, erasure, alteration, unauthorised access or disclosure, accidental or wrongful destruction, and loss.
8. DATA RETENTION
We retain your Personal Data for as long as required to satisfy the purpose for which they were collected and used (for example, for the time necessary for us to provide you with customer service, answer queries or resolve technical problems), unless a longer period is necessary for our legal obligations or to defend a legal claim.
9. YOUR RIGHTS
Depending on the relevant applicable laws, and subject to the conditions set forth in the applicable law(s), you may have the following rights with regard to our processing of your Personal Data:
Right of access – You have the right to request confirmation if Rituals processes personal data about you, and if such is the case, access to the personal data and (in some circumstances) additional information. Upon request, we can also provide you with a copy of the personal data undergoing processing;
Right to rectification – You have the right to request that Rituals corrects, adjusts or completes your Personal Data if we have inaccurate or incomplete data relating to you. You can also correct, adjust or complete your personal data yourself by updating your profile. We also kindly request you to ensure that changes in personal circumstances (for example, change of address, bank account, etc.) are notified to Rituals so that we can ensure that your Personal Data is up-to-date. Rituals will take all reasonable steps to ensure that all Personal Data are correct;
Right to withdraw consent – You have the right to withdraw your consent to the processing of your Personal Data, and otherwise to revoke your consent for receiving marketing communications, at any time. You can unsubscribe from marketing communications by following the instructions in any marketing communication or by filling in the form as set out below. If we use your Personal Data based on your consent for other reasons than marketing communication, you can revoke your consent by filling the form as set out below;
Right to delete - You have the right to request deletion of any irrelevant Personal Data we hold about you when (i) the data is no longer necessary in relation to the purposes for which they are collected; (ii) you withdraw your consent and there is no other legal ground for processing; (iii) you object to the processing in case of direct marketing purposes, or – in any other case - there is no overriding legitimate ground for processing; (iv) we unlawfully processed your data. If you have such a request and all requirements are met, we shall make sure that Rituals erases the data of which we are not under a legal obligation to retain;
Right to restriction of data use - You have the right to restrict our use of your Personal Data where (i) you contest the accuracy of the Personal Data; (ii) the use is unlawful but you do not want us to erase the data; (iii) we no longer need the Personal Data for the relevant purposes, but you require them for the establishment, exercise or defence of legal claims; or (iv) you have objected to data use justified on our legitimate interests pending verification as to whether Rituals has indeed compelling interests to continue the relevant data use;
Right to data portability - to the extent that we use your Personal Data for the performance of an agreement with you, and that personal data is processed by automatic means, you have the right to receive all such Personal Data which you have provided to Rituals in a structured, commonly used and machine-readable format, and also to require us to transmit it to another data controller where this is technically feasible;
Right to object - to the extent that we are relying on our legitimate interests to use your Personal Data, you have the right to object to such use, and we must stop such processing unless we can either demonstrate compelling legitimate grounds for the use that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defence of legal claims. You also have the right to object to profiling activities conducted by Rituals;
For further information regarding your rights, or to exercise any of your rights, please complete this contact form, and do the following:
Select the option ’privacy request’ under “Choose subject”; and
Select the relevant subcategory; and
fill in all the e-mail address(es) that you use and have used for all related Rituals services in the comment box, such as but not limited to registration newsletter, account for the webshop, app for the Wireless Perfume Diffuser (where applicable) etc.
Upon receipt of all the information as set out above we shall respond to your request consistent with applicable law.
10. CHANGES TO THE POLICY
11. CONTACT US