🚚 Free standard delivery on orders $65+

💚 Lush x Shrek is here! Shop Now

Skip to content

Privacy Policy

    This Privacy Policy was last updated on MARCH 15, 2024.

    This Privacy Policy describes how Lush Internet Inc. and its related parties and affiliates doing business as Lush or Lush Fresh Handmade Cosmetics (“Lush”, “we”, “our” or “us”) collects, uses, and discloses information about you.

    When does this Privacy Policy apply?

    This Privacy Policy covers our business in Canada and in the United States and applies to information we collect when you access or use our websites (such as www.lush.com) and mobile applications that link to this policy (collectively, our “Services”), or when you otherwise interact with us, such as in our retail stores, at an event, or on our social media. For more information about our privacy practices in another jurisdiction outside of Canada and the United States, please refer to the Privacy Policy available in our stores, or posted on our website, for that jurisdiction. We may also provide different or additional notices of our privacy practices with respect to certain products, Services or activities, in which case those notices will supplement or replace the disclosures in this Privacy Policy.

    We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy. If we make material changes, we will provide you with additional notice (such as by adding a statement to the Services or sending you a notification). We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.

    For your convenience, the websites may contain links to other sites and advertisements that are not controlled or operated by Lush. This Privacy Policy does not apply to those sites or advertisements. We are not responsible for, and this Privacy Policy does not apply to, the privacy practices or policies of other websites or third parties. Lush encourages you to review the privacy policies of any third parties before disclosing your personal information to such parties or when visiting such third-party websites. 

    CONTENTS

    What We Collect

    How We Use Your Personal Information

    Targeted Advertising and Analytics

    How We Disclose Your Personal Information

    Your Privacy Choices

    Storage and transfer of information

    Retention

    How to contact our privacy officer

    Additional Information for Specific Jurisdictions

    What we collect

    The types of information we collect depend on the nature of your interactions with us. In this section, we describe the categories of information we collect and the sources of this information.

    Information you provide to us

    We collect information you provide directly to us, such as:

    • contact information, such as your name, billing address, shipping address, telephone number, and email address;
    • account information, such as username and password, age range, language preferences, and other demographic information;
    • information about your interests and preferences, such as wish lists and marketing preferences;
    • information submitted in connection with a product review or survey, such as photos and product feedback; 
    • your social media handle and other information you post if you choose to interact with us on social media; and
    • information contained in a resume, cover letter or similar employment-related materials, or any applicable pre-screening questions, if you apply for an employment opportunity with us. 

    If you purchase from us, we work with third-party payment processors to collect and process your payment information.

    Information we collect automatically

    We automatically collect certain information about your interactions with us or our Services, including:

    • Transactional Information: When you make a purchase or return, we collect information about the transaction, such as product details, purchase price, and the date and location of the transaction.
    • Payment Information: such as method of payment, credit and debit card information, amount paid, and signature.
    • Device and Usage Information: We collect information about how you access our Services, including data about the device and network you use, such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, browser type, and app version. We also collect information about your activity on our Services, such as access times, pages viewed, links clicked, items placed in your cart and on wish lists, and the page you visited before navigating to our Services.
    •  If you contact customer service through our chat feature, email, or by phone, we and our service and software providers may monitor and retain transcripts of those conversations, including for analytics and training purposes.
    • Audio and Video Recordings, Photos, and Chat Content: We capture photographs and video recordings in our stores for security and loss prevention purposes
    • Precise Geolocation Information: With your consent, we may collect information about the precise location of your device when you use our mobile applications. You may stop the collection of precise location information at any time (see the Precise Location Information section below for details).
    • Information Collected by Cookies and Similar Tracking Technologies: We use tracking technologies, such as cookies, pixels, and SDKs to collect information about your interactions with the Services. These technologies help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. For more information about the cookies and other tracking technologies we use, and the choices available to you, see the Opting Out of Targeted Advertising, Sharing, and Sales and Cookies and Similar Tracking Technologies sections below.

    Information we collect from other sources

    In some cases, such as when you ask us to ship an order or you purchase a gift or gift certificate, we may collect information about someone other than you, such as the name, address, telephone number and email address of the recipient. You represent and warrant that you have the right and authority or have obtained all necessary consents to provide any information, including personal information of another individual, that is provided by you to Lush. 

    We also obtain information from third parties to detect and prevent fraud, such as fraud risk information from payment verification providers and fraud prevention partners.

    Information we derive

    We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your approximate location based on your IP address or infer that you are looking to purchase certain products based on your browsing behaviour, wish lists, and past purchases.

    How we collect your personal information

    We collect personal information from you in a variety of ways when you interact with Lush or our Services. Some examples include, but are not limited to, situations when you:

    • Create an account on our Services;
    • Order, purchase, exchange, return, or cancel an order for any of our products or Services, whether through our Services or in our retail stores;
    • Contact us, make an inquiry about any of our products or Services, or otherwise request information or assistance from us;
    • Communicate with our customer service representatives;
    • Sign up to receive notifications about an online order, including when the order will be delivered or ready for pickup in-store;
    • Sign up to receive catalogs, newsletters, emails and/or SMS messages with information about new and limited edition products, special offers, events, or other news;
    • Register and participate in our customer forums or other programs;
    • Provide feedback or make other submissions to Lush;
    • Participate in a contest, sweepstake, or other promotion;
    • Participate in or respond to a consumer survey or other request for consumer opinions, concerns, or preferences regarding our products and Services;
    • Apply for employment with Lush; 
    • Engage with us on social media; or
    • Use features of a website that may be offered from time to time and may require such information in order to use the feature (including but not limited to submitting user-generated content as described in the Terms of Use). 
    • Use certain features or interactive areas of our Services, such as forums, where you can submit user-generated content.

    How we use your personal information

    Lush uses your personal information to provide the products and Services you request (including to confirm, process and track orders and order status, shipping, payment, etc.), develop, maintain, and improve our products and Services, manage our relationship with you, verify your identity and address, carry on our business operations, and as may otherwise be required or permitted by law or described in this Privacy Policy. We also use the information we collect to:

    • conduct commercial transactions including to process and administer purchases, exchanges, returns or other transactions that you may engage in with Lush, including at our stores or through our websites, and communicate with you about those transactions;
    • develop, enhance, improve, personalize, market, sell, or otherwise provide products, services or information; 
    • administer your account;
    • send you technical notices, security alerts, support messages, and other transactional or relationship messages;
    • contact you and respond to any requests or other communications from you, including claims or requests for customer service;
    • provide you with newsletters, catalogs, emails and/or SMS messages about products, special offers, events, or other news and information we think may interest you (for more information regarding how to opt out of these communications at any time, please see the Communications Preferences section below);
    • conduct and administer surveys and contests, sweepstakes, and other promotions;
    • target advertisements to you on third-party platforms, websites, and apps (for more information, see the  Targeted Advertising and Analytics section below);
    • monitor trends, perform data analysis, and help us improve and customize our product and service offerings and customers’ experience;
    • troubleshoot problems with the Services;
    • enforce our Terms of Use and protect the security and integrity of our Services and our business, including to detect and protect against error, theft, fraud, and other illegal activity, administer our loss prevention program, and protect the rights and property of Lush and others; 
    • to troubleshoot problems with the websites; 
    • to process and respond to applications for employment; and 
    • comply with our legal and financial obligations.

    From time to time we may supplement the information you give us with information from other sources, such as information validating your address or other information you have provided to us. This is to help us maintain the accuracy of the information we collect and to help us provide better service. 

    Targeted advertising and analytics

    We engage others to provide analytics, serve advertisements, and perform related Services across the web and in mobile apps. These entities may use cookies, web beacons, SDKs, device identifiers, and other technologies to collect information about your use of our Services and other websites and mobile apps, including your IP address, web browser, mobile network information, pages viewed, time spent on pages, links clicked, and conversion information. This information is used to deliver advertising targeted to your interests on other companies’ sites or mobile apps and to analyze and track data, determine the popularity of certain content, and better understand your activity. In addition, some of our advertising partners enable us to translate your email address or phone number into an identifier that cannot be used to identify you personally. Our advertising partners then use that unique identifier to show ads that are more relevant to you across the web and in mobile apps. Some of the activities described in this section may constitute “targeted advertising,” “sharing,” or “selling” under certain privacy laws. To learn more about the choices available to you with respect to these practices, or to opt out of having your information used in this way, see the Opting Out of Targeted Advertising, Sharing, and Sales section below.

    You can also learn more about interest-based ads or opt out of having your web browsing information used for behavioural advertising purposes by companies that participate in the Digital Advertising Alliance by visiting www.aboutads.info/choices.

    How we disclose your personal information

    We disclose personal information about you in the following circumstances:

    Product reviews and content

    If you provide a product review or otherwise post content on our Services, the public will be able to see this information.

    We disclose personal information to other Lush Group entities, including our holding company, subsidiaries and affiliates, for the purposes identified in this Privacy Policy.

    Service providers and vendors

    We disclose or otherwise make available personal information to service providers, vendors, and consultants that support or facilitate our business operations or provide Services on our behalf, such as for processing orders, sending marketing and transactional communications on our behalf, shipping, payment card processing, supporting the content, operation and maintenance of our Services, facilitating and collecting customer reviews, and conducting surveys, contests, sweepstakes, and other promotions. We also disclose personal information to our lawyers or other professional advisors to obtain advice or protect and manage our business. 

    Sale of business

    Lush may disclose personal information we have about you in connection with a potential or actual purchase, sale, lease, merger, amalgamation or other type of acquisition, disposition, or financing of all or part of our business or assets.

    Lush may disclose your personal information as required or permitted by law, including, without limitation, to comply with a subpoena, warrant or other legally valid inquiry or order or applicable law, or to report improper or unlawful activity. In addition, we disclose personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Lush or others.

    We disclose personal information where we have your consent or where you can direct us to do so.  By using this Site, you acknowledge and accept this Privacy Policy and consent to the collection, use and disclosure of your data and User Generated Content in accordance with all of the terms in this Privacy Policy and the Terms of Use.

    Anonymized information

    We also disclose aggregated or de-identified information that cannot reasonably be used to identify you. Lush processes, stores and uses this information only in an anonymized manner and will not attempt to re-identify this information except as permitted by law.

    Your privacy choices

    Updating your account information

    You can review and modify your online account information at any time. To access your online account, simply click "Sign In" at the top of any web page and sign in when prompted. You can also update your account information by emailing us at [email protected] or call our toll-free number at 1-888-733-5874. 

    Cookies and similar tracking technologies

    Lush uses cookies and similar tracking technologies to analyze visits to our websites and interactions with our communications to help us improve our website, Services, and marketing campaigns. We also use cookies to assist with anonymous site traffic analysis, which includes tracking the time/date of visits, pages viewed, and referring URLs. 

    Most web browsers are set to accept cookies by default. If you prefer, you can usually adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of some of our Services. If you are located in the US, you can also adjust certain cookie settings here.

    Communications preferences

    In certain circumstances, we may send you email or SMS communications. For example, when you sign up or are subscribed to receive our e-newsletter, you may receive email or SMS marketing communications about our products, Services, special offers, events, new website features, changes to this Privacy Policy or other terms and conditions, changes to any of our programs in which you might be enrolled, or other news. Similarly, when you sign up or are subscribed to receive notifications about an online purchase, we may send you email or SMS communications about the status of your purchase, including when the purchase will be ready for pickup in-store.

    You may opt out of receiving promotional emails from Lush by following the instructions in those communications, by clicking on the “unsubscribe” link in any email marketing communication, or by contacting us using the contact information in the “How to Contact our Privacy Officer” section, below.  You may also opt out of receiving text messaging/SMS communications by replying to the SMS communication with the word “STOP”. Please allow up to ten (10) days for your “unsubscribe” request to be processed. Even if you opt out of receiving email marketing or SMS communications from us, we may still contact you by email for transactional or account-related purposes like confirming or following up on a purchase, order or service request, responding to customer service inquiries, or notifying you of product recall information. 

    Mobile push notifications

    With your permission, we may send push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.

    Precise location information

    When you first launch any of our mobile apps that collect precise location information, you will be asked to consent to the app’s collection of this information. If you initially consent to our collection of such precise location information, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device.

    Access, correction and deletion

    You have the right to (1) request to know more about and access your personal information, including in a portable format, (2) request deletion of your personal information, and (3) request correction of inaccurate personal information. 

    At your request, we will provide you with a statement outlining the personal information we have about you in our records and how that information has been used or disclosed by us. You may also request access to your personal information in our custody or control. In order to verify that the information is being released to the proper individual, you may be asked to provide suitable identification or to otherwise identify yourself. In certain circumstances, access to personal information may be denied. If we deny your request for access, we will advise you of the reason for the refusal. Requests for access should be directed to the Lush Privacy Officer using the contact information set out below in the section regarding “How to Contact our Privacy Officer”. 

    If any of your personal information in our records is inaccurate or incomplete, we will amend that information at your request, subject to any exceptions prescribed by law. Requests for correction of your personal information should be directed to the Lush Privacy Officer using the contact information set out below in the section regarding “How to Contact our Privacy Officer.  

    If you create an account on one of our websites, you can access and change your online account profile yourself. If you are not a registered website user, you can contact us to update your information using the contact information in the section below regarding “How to Contact our Privacy Officer

    To request access, deletion, or correction of your personal information, please contact the Lush Privacy Officer by emailing us at [email protected]. You may also call 1-888-733-5874 to submit a request. Once we receive the request, we will validate the information that you provide and send a message to the email address you provided in the request. Please follow the instructions in that email to verify your email address and/or provide any additional information that may be needed to process your request. 

    Storage and transfer of information

    Our related parties, affiliates and third-party service providers may be located outside of your province or state of residence. This effectively means that personal information collected by Lush may be stored or processed outside of your province or state of residence. Therefore, your personal information may be accessible to law enforcement, courts, and regulatory authorities in accordance with the laws of such foreign jurisdictions. 

    Retention

    Lush will retain personal information for as long as necessary for the purposes identified, or as otherwise required or permitted by law. Lush has retention standards to satisfy legal requirements, including to destroy, erase, or render anonymous personal information that is no longer required for the purposes identified or as otherwise required by law.

    Security

    Lush takes reasonable steps to protect personal information in our control against loss, theft, and unauthorized access, disclosure or misuse with administrative, technical and physical safeguards appropriate to the sensitivity of the personal information. 

    Unfortunately, despite these efforts, no security measures are perfect and hackers and other malicious actors may attempt to intercept or access the personal information described in this Privacy Policy. If you have any reason to believe that your account, transaction or information is no longer secure, please contact us using the contact information in the section below regarding “How to Contact our Privacy Officer”. In the wrong hands, your personal information could be used to commit identity theft, steal from you, or cause you other harm. It may also reveal information about your spending habits and other sensitive personal attributes. 

    Internet or wireless communications are never completely private or secure and there is always a risk that any messages or information you send to or through a website or by email may be intercepted by others. 

    If you create an account on a website, you will need to set a password to access your online account. We strongly recommend that you set a strong password including a combination of letters (including a mix of upper and lower case), numbers and special characters, and do not disclose your password to anyone. Lush will never ask you for your password in any unsolicited communication (including unsolicited correspondence such as letters, phone calls or email messages). 

    You should also be aware that certain aspects of the websites are not confidential and are available for public viewing. For example, any submissions that you post to any publicly available online forum or blogs or other publicly available features of the websites are not confidential and may be viewed by other users of the websites. By making personal information publicly available where the websites allow you to do so, you consent to such publication by Lush or its service providers. Please refer to the Terms of Use for additional provisions relating to user submissions that may apply to you. 

    Nondiscrimination

    We will not discriminate against you for exercising your privacy rights. 

    Appeals

    If we deny your request, you may appeal our decision by contacting us at [email protected]. If you have concerns about the result of an appeal, you may contact the attorney general in the state where you reside.

    Authorized Agents

    If you are submitting a rights request as an authorized agent, we may ask you to submit proof of your authorization to make the request, such as a valid power of attorney or proof that you have signed permission from the individual who is the subject of the request. Please do not provide any sensitive personal information in connection with this request, such as a driver’s license or other government-issued ID. In some cases, we may contact the individual who is the subject of the request to verify their own identity or confirm you have permission to submit this request. 

    How to contact our privacy officer

    If you have any questions, comments or concerns about this Privacy Policy or our privacy practices, please contact Lush’s Privacy Officer using the contact information below. All complaints will be investigated.  

    In Canada and the USA: 

    Lush Fresh Handmade Cosmetics  
    8680 Cambie Street, Vancouver, British Columbia, Canada V6M 6P9 

    Attention: Privacy Officer 
    [email protected] 
    1-888-733-5874 

    For additional information regarding the use of our website please see our Terms of Use posted on the website. 

    Additional information for specific jurisdictions

    Certain states like California, Colorado, Connecticut, Utah, and Virginia have enacted consumer privacy laws that grant their residents certain rights and require additional disclosures (“State Laws”). If you are a resident of one of these states, this section applies to you.

    Our Privacy Policy explains how we collect, use, and disclose information about you, as well as our targeted advertising and analytics practices. As required by certain State Laws, below we use two different tables to explain this same information, including the categories of personal information we collect (and have collected over the preceding 12 months), the types of entities to which we disclose such information, and the ways we use each category of information. 

    Collection, use, and disclosure of personal information for business purposes

    Categories of Personal Information & recipients

    Identifiers, such as real name, delivery address, unique personal identifier, online identifier, IP address, email address, account name, social media handle, or other similar identifiers.

    Recipients: 

    The Lush Group, fraud prevention partners, data analytics providers, marketing partners, payment processors, fulfillment partners, customer support partners, Internet service providers, operating systems and platforms, customer interaction, feedback and review platforms, cloud service providers, events partners, gift card partners, accessibility reporting and compliance providers, professional advisers, and the public (for example, the first and/or last name if you choose to provide this in connection with a product review may be disclosed publicly).

    Characteristics of protected classifications under California or U.S. law, such as age range.

    Recipients: 

    The Lush Group, customer feedback and review platforms, data analytics platforms, cloud service providers, and the public (for example, your age range may be disclosed publicly if you choose to provide this in connection with a product review).

    Commercial information, such as records of products purchased.

    Recipients: 

    The Lush Group, fraud prevention partners, data analytics providers, marketing partners, payment processors, fulfillment partners, customer support partners, Internet service providers, operating systems and platforms, customer interaction, feedback and review platforms, cloud service providers, events partners, and professional advisers.

    Internet or other electronic network activity information,  such as information about your activity on our website

    Recipients: 

    The Lush Group, fraud prevention partners, data analytics providers, marketing partners, payment processors, fulfillment partners, customer support partners, Internet service providers, operating systems and platforms, cloud service providers, and professional advisers.

    Geolocation data, such as your city of residence.

    Recipients:

    The Lush Group, data analytics providers, marketing partners, fulfillment partners, and professional advisers.

    Audio and visual data, such as phone recordings when you contact customer service or photos submitted in connection with a product review.

    Recipients:

    The Lush Group, fraud prevention partners, data analytics providers, customer support partners, Internet service providers, operating systems and platforms, cloud service providers, and certain photos may be shared publicly in some circumstances (such as in connection with a product review), and professional advisors.

    Inferences, such as your shopping preferences.

    Recipients:

    The Lush Group, fraud prevention partners, data analytics providers, marketing partners, operating systems and platforms, customer interaction, feedback and review platforms, cloud service providers, and professional advisors.

    Precise geolocation information (received pursuant to your permission in connection with the Lush mobile applications).

    Recipients:

    The Lush Group, fraud prevention partners, data analytics providers, Internet service providers, operating systems and platforms, cloud service providers, and professional advisors.

    Use of Personal Information

    • Provide, develop, maintain, and improve our products and Services; 
    • Manage our relationship with you; 
    • Verify your identity and address; 
    • Carry out our business operations; 
    • Process and fulfill your orders and returns;
    • Personalize your experience with us;
    • Administer your account;
    • Communicate with you, such as by sending you technical notices, security alerts, support messages, and other transactional or relationship messages; 
    • Respond to your comments, questions, and requests and provide customer service;
    • Provide you with newsletters, catalogs, emails and/or SMS messages about products, special offers, events, or other news and information we think may interest you;
    • Conduct and administer surveys, contests, sweepstakes, and other promotions;
    • Target advertisements to you on third-party platforms, websites, and apps;
    • Analyze trends and statistics, and help us improve and customize our product and service offerings and customers’ experience;
    • Troubleshoot problems with the Services;
    • Enforce our Terms of Use and protect the security and integrity of our Services and our business, including to protect the rights and property of Lush and others; and
    • Comply with our legal and financial obligations.

    Personal information that we “share,” “sell,” or use for “targeted advertising

    We disclose the following categories of personal information to third parties for the purpose of engaging in targeted advertising and other marketing activities, including to expand the reach and effectiveness of our own marketing campaigns and for the third parties’ own marketing purposes. These disclosures may be considered “sales” or “sharing” or use of personal information for “Targeted Advertising” under certain State Laws.

    Categories of Personal Information “Shared,” “Sold,” or used for Targeted Advertising 

    Identifiers & Internet or other electronic network activity information

    Categories of Third Parties

    Advertising networks and social networks.

    Other details about our information practices

    • We collect personal information directly from you (for example, when you place an order from our website or make a purchase at one of our stores), or automatically when you access or use our Services or shop in our stores, each described in more detail in the "What We Collect" section above.
    • We do not knowingly collect, sell, or share personal information about consumers under the age of 16.
    • We generally do not collect information that is considered “sensitive” under State Laws. In the limited circumstances that we do, as described in the What We Collect section above, we process personal information that is designated as “sensitive” under the California Consumer Privacy Act, such as your precise geolocation information from your device if you use our mobile app and grant us permission to do so. We only collect this information with your consent or at your direction and for purposes permitted under California law, and we do not use or disclose sensitive personal information for the purpose of inferring characteristics about you.
    • We retain personal information for as long as necessary to carry out the purposes for which we originally collected it and for other purposes described in the Retention section below.

    Opt-out of sales, sharing, targeted advertis

    Some of the activities described in the “Targeted Advertising and Analytics” section above may be considered “sales” or “sharing” of your personal information or use of your information for “targeted advertising” under applicable State Laws. You may opt out of these activities by following the prompts here, or, if you are a resident of California or Colorado, by visiting our Services with a legally recognized opt-out preference signal enabled, such as the Global Privacy Control. 

    In addition, we disclose your information to other entities for marketing purposes as described in How We Disclose Your Personal Information above. Such disclosures may constitute “sales” of your personal information under the State Laws, and you may opt out of such activities by following the instructions here. 

    Homepage - Privacy Policy