Privacy & Cookies Policy
Choosing to shop with the Fabled.com site means you've placed a great deal of trust in us. You share and let us use personal information in order to enjoy a more streamlined and convenient shopping experience. Naturally, you want that personal information to be kept private as well as secure.
To reassure you that we take our responsibility very seriously, this Privacy & Cookies Policy explains how we will use the personal information you give us. It explains your data protection rights, including how you can opt-out of some uses of your personal information. For more information on your rights and how to exercise them, head straight to the Your choices and rights section.
This Privacy & Cookies Policy applies if you shop on fabled.com (the “Website”) or if you otherwise share your personal information with us on the Website, such as when you have not yet become our customer by purchasing a product but you have made an enquiry about a product. This policy also applies if you contact us or we contact you about the Website for a service reason, whether by telephone, email, SMS, post, push notifications or via third party digital platforms (including websites or social media platforms). In addition, this policy will be relevant to any marketing emails that we send to you (which we will only do with your consent).
Policy last updated: July 2019.
Who we are and what we collect
This section details what types of personal data we collect and who we are. When you shop you submit your personal information to Marie-Claire Beauty Ltd (also known as Fabled by Marie-Claire). Marie-Claire Beauty Limited is the “controller” of your personal information. A controller makes decisions about how and why your personal information is processed and is responsible for making sure it is used in accordance with data protection laws. When we say "us", "our" or "we" in this policy we are referring to Marie-Claire Beauty Limited.
Marie-Claire Beauty Limited is a 100% owned subsidiary of Next Group plc (“Next”). Marie-Claire Beauty Ltd will be the controller of your personal information until such time as this Privacy & Cookies Policy is updated to explain that Next has taken over as controller (expected early 2020). Where required by data protection law we will notify you of changes.
You may notice throughout this Privacy & Cookies Policy that we sometimes make reference to Ocado. This is because Ocado Operating Limited (“Ocado”) are going to help us provide services to you in relation to this Website. We are still the controller of your personal information; Ocado will just help us with certain things like taking care of the customer relationship including by dealing with customer complaints, orders and deliveries. This is why sometimes you may be contacting an “Ocado” email address or calling an Ocado telephone contact centre. We will make clear in this Privacy & Cookies Policy when you need to contact Ocado for things.
Remember that we only share data with Ocado for assistance with these services, and they cannot legally send you marketing (unless you ask them to). We will not share your personal information with Ocado for any direct marketing purposes. We will only ask you for consent to our own marketing.
Importantly – please note that if you wish to contact our Data Protection Officer you should use the email address or postal address which we set out below under the ‘Contact us’ section. You should not contact firstname.lastname@example.org for this.
We collect information from you when you visit and browse our Website, register for our services, use our apps, make purchases using our services, participate in prize draws and competitions, and when you communicate with us.
We will treat all information submitted by you in accordance with the terms of this Privacy & Cookies Policy (as updated and amended from time to time) and in strict compliance with UK and EU data protection legislation. We respect your privacy and will always work to keep your data safe and private.
At times we also receive information from third parties to help us better understand our customers. However, this Privacy & Cookies Policy does not cover any third-party websites, apps or services you use or access from our websites, apps or services. To find out how you can contact us please see the “Contact Us” section below.
Who we are
The Ocado Group
Third-party apps, websites and services
What we collect
Improving our services
The information we gather from customers through our websites, apps, products and services, or receive in any other way, helps us to continually improve the goods and services we offer. This includes tailoring the information we share with you to help ensure that it’s relevant, useful and timely.
We gather useful information in several key ways:
1. When you register with us on our Website, we ask for information such as your title, name, email address, delivery address, telephone number, and account login details (such as your username and password). We store this information to make your experience easier, so you do not need to re-enter your details each time you shop on our Website.
2. If you place an order on our Website, we hold information on the timing and location of your delivery to help us effectively manage resources to fulfil your order and plan the best delivery route. We will also ask you for your debit or credit card details in order to process your payment. We never store your payment details in full, we only store an encrypted token that represents your payment card.
3. We keep a record of electronic communications you receive from us. We also record interactions you have with our electronic communications. For example, whether an email has been opened and if you have clicked on any links within that email.
4. When we contact you or you take part in competitions, surveys or questionnaires about our products and services, we may collect your feedback and contributions. This includes direct messages you may send us through social media channels.
5. We keep a record of your purchases with us made on our Website (for example, what you bought and when) and how you browse and engage with our Website. This helps us decide which products, services and promotions may be relevant for you. It also helps us to improve your experience, assist you more efficiently if you have any questions or concerns about your order, and promote certain products, services and offers. We will do this for our legitimate interests.
6. We will keep a record of any email correspondence you send us. This helps us provide you with better customer service, and to improve the experience of our customers overall. Telephone calls made to us will be recorded for quality and monitoring purposes.
Special categories of personal data
We do not intentionally collect or store data that could reveal your racial or ethnic origin, physical or mental health or religious beliefs. However, if you choose to provide this information to us (such as in a conversation with us be telephone or in emails) then we will process this information during the course of our record keeping but only for the reasons relevant to our conversation (e.g. if you voluntarily tell us you have a disability meaning we are only to deliver at certain times when someone is in to help you) We will do this for legitimate interests and public interest reasons.
Information from third-party data sources
We receive information from third parties that may relate to you. This includes:
• Information providers that specialise in consumer profiling, such as Experian. These organisations provide demographic or other data to help better understand customers' demographics, lifestyles or shopping behaviours, usually linked to where people live.
• Voice controlled services, such as Amazon's Alexa or Apple’s Siri, provide us with details of the voice requests you have made in connection with your account. This is so we can fulfil the orders you place with us, understand your shopping experience and improve our related services.
How we use your personal information
Here we explain in detail how your personal information is used to benefit your online experience. We will use your personal information for our own legitimate interests. This allows us to improve our products and better understand customer preferences. We will use it to comply with the contract we will have with you if you make purchases on this Website. With your consent, we may send you email marketing. We may also use your personal data to comply with law when required.
In more detail
All the information we collect through our websites, apps, products, services, and through correspondence with you, is used by us because we are the controller of it. As at the date of this Privacy & Cookies Policy we do not share personal information with Next or the Next Group for shared services. It is Ocado who provides services to us at this time.
Purposes necessary for the performance of a contract with you
• To deliver our services, including dealing with orders and accounts for the supply of our goods, products and services and to help you shop with us on our Website.
• Enabling third parties to carry out technical, logistical or other functions on our behalf..
• Enabling a debt collection agency to collect payment from you should that be necessary.
Our legitimate interests
•To personalise and improve your experience.
•To develop new products and services.
•To inform you about products and services that may interest you.
• To ensure the Website and the services we offer you operate properly
Purposes for which you have provided us with your consent.
• To send you our marketing emails.
• To show you web advertising. By 'web advertising' we mean digital marketing that we intentionally send or display to you on third-party online platforms or websites. For example, you may see advertising for Fabled.com products and services on other websites you visit, or social media and other platforms you use (eg, Facebook and Google). These have been shown to you because we believed it would be relevant to your interests. ‘Web advertising' does not include advertising we have not intentionally targeted to you (such as banner ads that are randomly shown to any visitor of a third-party website), or any personalisation or recommendations we show on our own websites, apps and services
• To use ‘User Generated Content. By ‘User Generated Content’ we mean content created by you, and shared publicly (on social media for example) and which may showcase our brand or products.
Fulfilling our legal obligations.
• Allowing us to comply with any requirements imposed on us by law or court order, including disclosure to law or tax enforcement agencies or authorities or pursuant to legal proceedings.
• Maintaining records to meet regulatory and tax requirements.
• To collect and recover money that is owed to us.
• To investigate fraudulent activities that may occur on a customer’s account.
• To help us defend legal claims or to exercise legal rights.
• Contacting you in connection with product recalls or other similar product quality issues.
• To comply with our legal obligations in connection with the sale of age restricted products.
When we share your personal information
We only share your personal data as required for the purposes set out in this Privacy & Cookies Policy, to third parties who assist us with the provision of our services (including Ocado, who will in turn share it with delivery companies), to send related promotional communications to you, and to assist us in preventing the fraudulent use of our services.
Information about our customers is an important part of our business. However, there are circumstances where it is necessary for us to share personal information, for example, in order for us to provide our customers with our superior delivery service. Whenever we use or disclose your information, we put in place measures to keep it secure. We make sure it is protected in accordance with data protection laws. We have a written contract with Ocado about this.
The circumstances where we share some of your information with others are:
1. Other Next Group companies
Only if Next Group beings to provide some services to us.
2. Third-party service providers
We employ other companies or individuals and may work in partnership with selected third parties to perform any of the functions listed above (under the ‘How we use your Personal Information’ section) on our behalf. For example, Ocado help us to deliver the services to you, including by making deliveries on our behalf (they use a delivery company for this), or answering queries about your order. We only share information that allows them to provide their services to us or to facilitate them providing their services to you.
• Companies to analyse customer information to help us better understand how you use our services. Also to tailor products, services and offers that may be relevant for you.
• Companies to provide marketing and advertising assistance (including management of email marketing operations, mobile messaging services such as SMS, and services that deploy advertising on the internet or social media platforms, such as Facebook and Google) as well as analysis of the effectiveness of our advertising campaigns.
• Payment card processors to process credit and debit card payments.
• External companies to provide post or courier delivery services when selected by customers.
• General service companies such as printers and mailing houses.
• Companies that help us track and record the way you navigate our Website, so that we can understand your online experience and use it to improve our services and offer a personalised experience.
• Companies that help us to run surveys and get your feedback on our products and services.
• Other companies that help us provide our Website, improving functionality so that we can provide you with a high-quality experience whenever you shop with us.
3. Business transfer
If we or any of our assets are ever sold and purchased by another company it would typically be part of such a transaction for customer information to form part of the business assets being transferred. However, the information will remain subject to the obligations as outlined in this Privacy & Cookies Policy until such time as it is updated. We will share your personal information with Next when they take over as controller (expected early 2020).
4. Research companies
We may share personal details in a secure way to allow research companies and feedback providers to contact you directly on our behalf, in order to capture your opinions on our products and services, our websites and apps. We may ask these research companies to analyse the results so that we can better understand your online experience, which will help us to improve our services. We provide them with only the information they need to perform their function. This may take the form of a survey, where you may be asked to review a product or service you’ve bought. You will always have the choice about whether to take part in our market research or surveys.
We release account and other personal information when we believe release is appropriate to comply with the law, to enforce the Terms & Conditions, or to protect our rights, property or safety, our employees or customers, our business partners or others.
6. Fraud Prevention
Where we have reason to suspect fraud or the commission of any other criminal offence, we may share your data (such as your name, household information, details of failed payments and your orders placed with us) with crime prevention agencies and certain third parties for the purpose of detecting and preventing crime. Such third parties may include business partners, law enforcement bodies, providers of fraud prevention and detection services, and recipients of fraud prevention and detection services. If we think there is a risk of fraud, we may suspend activity on your account or refuse access to your account and/or cancel an order.
Security, data retention and international data transfers
We know how important it is to protect and manage your personal data. This section sets out some of the measures we have in place.
We take the security of your personal information seriously and employ technical and organisational measures to protect the integrity and privacy of your personal information. We only retain your personal information for clearly established periods.
Our websites use Secure Socket Layer (SSL) encryption technology to ensure that your information is protected. Our web pages will start with https and a padlock will be displayed in front of the web page name to show that we always encrypt the information that you send us.
We maintain and enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your personal information. However, whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the internet to us.
Our security procedures mean that we may need to request proof of identity before we disclose personal information to you, including in relation to a subject access request.
We are committed to ensuring the protection of your payment card details and are compliant with the Payment Card Industry's Data Security Standard (PCI-DSS). Payments made via our sites are processed and managed by specialist payment card companies which are not part of the Next Group. We only store and display the first six and last four digits of your payment card number, the card type and the card expiry date. The full payment card number is never stored on any of our systems and is only stored and processed by one of our payment card processing companies.
We keep an encrypted token to represent your card and this token is transmitted to the relevant payment card processing company during the order processing.
We use 3D Secure to provide additional fraud protection and to protect your payment card from unauthorised use. During the checkout process, you may be asked by 3D Secure to provide your Verified by Visa or Mastercard Secure Code password.
It is important to keep your password secure to prevent fraudulent use of your account. Never disclose your password to anyone else, and especially to anyone who requests it from you by telephone or email – we will never do this (more information below). You should avoid using the same password for other websites, because if their systems are hacked, the hackers will also be able to access your account.
Avoid using common terms for your password such as “password" or “123456"; hackers know the most popular passwords and will try to access accounts using these. Instead, try to use a combination of letters and numbers that means something to you so it’s easy to remember but difficult to guess.
Personal security and identity fraud
Using public wifi networks can be risky, and hackers may try to capture your online transactions and personal details. You should only connect to networks that you trust. If you use a shared computer, make sure that you log out once you have finished using the website.
Criminals and fraudsters create authentic looking but false or "spoof" websites and send phishing emails to steal confidential information. These emails pretend to be from a legitimate company and try to trick a person into giving away their personal details (such as user names and passwords) so that security details can be updated or passwords changed.
We will never ask you to provide your personal details via email. If you receive an email like this that claims to be from us and contains an embedded link and a request for you to enter any personal details, treat it as suspicious and do not enter any personal information, even if the page appears legitimate. If you suspect that your account details are subject to such fraudulent activities, please let us know. Ocado help us deal with this, so please contact email@example.com
We retain your personal information for as long as you are a customer and we need it in order to fulfil the purposes described above. After you stop being a customer, we may keep your data for a certain period of time, after which we take steps to delete your personal information or hold it in a form which no longer identifies you (as we may still need to use your data in an anonymised format for research and other business purposes).
We may keep your personal information for a number of reasons after you have stopped being a customer. This includes: to respond to any questions or complaints, for legal, regulatory or technical reasons, for research and analytics, to investigate fraudulent activities, and to show that we treated you fairly.
Keeping your information
We will keep your personal information for as long as you are a customer of the Website, and for a period of time afterwards if you stop doing so.
Here are our time periods for retaining customer personal information:
• Customers that have registered but never shopped: we keep your personal information for eight years after the date of first registration.
• Customers that have not shopped for an extended period of time: we keep your personal information for seven years after the date of your last shop. This is because you have the ability to bring a claim under the contract you have with us (as above)
• Customers who have asked for their accounts to be closed: we keep your personal information for seven years after the date your account was closed (for the reason above).
• Call recordings: we delete call recordings after three months unless we need the data to investigate fraud, to respond to questions or complaints or for legal reasons.
• Customer account notes: after two years we delete notes made on your account by our Contact Centre advisors, unless we need the data to investigate fraud, to respond to questions and complaints, or for legal reasons.
Sending information outside the European Economic Area
Our operations are based in the UK and the personal data that we collect from you is mainly processed, stored and used within the UK and other countries in the European Economic Area (EEA). However, in order to offer you the best service we can provide, we also work with service providers from other parts of the world. This means that the data we collect sometimes needs to be transferred, stored and used by companies operating outside the EEA who work for us or one of our service providers. We want you to know that we have taken steps to ensure there is an appropriate level of security for the processing carried out in these countries, such that data is protected in the same way as if it was being used within the EEA.
This includes using one of these safeguards:
• The use of European Commission-approved standard contractual clauses in contracts for the transfer of personal data to third countries.
• The transfer to organisations that are part of the EU-US Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA.
• Transfers to a non-EEA country with privacy laws that give the same protection as the EEA.
You can find out more about the above data protection safeguards on the European Commission Justice website.
For more information on how we safeguard transfers of your personal information, please email us at firstname.lastname@example.org who assist us with providing customers with further information about transfers related to the way the Website is operated.
Your choice and rights
This section explains the choices you have when it comes to receiving marketing communications from us and how you can exercise your individual rights in relation to your personal data.
You have certain rights in the information we hold about you, including the right to:
• Object to our use of your personal information.
• Request a copy of it, update it or to have it deleted.
These rights may be limited in some circumstances.
Requesting access to your personal data
You have the right to access a copy of the personal information we hold about you. You have the right to request that this information is provided in a machine readable format in the event that you wish it to be transferred to yourself.
What if you want us to stop using your personal information?
You can also object to certain processing activities which use your personal information, in particular where the processing is based on our legitimate interests. You can ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. You can also ask us to restrict the use of your personal information in certain circumstances. These rights are known as the ‘right to erasure’ and the ‘right to restrict processing’. We will keep a note of your name if you ask for your personal data to be erased. You will also need to use a different email address if you decide to re-register as a customer with us as your old email address will no longer be valid.
There may be reasons why the above rights may be limited in some circumstances. For example, we can refuse to provide information if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, have compelling legitimate interests to keep, or need to access in order to exercise our legal obligations. In such situations, we would only use your information for these purposes and not use or share your information in other ways. We will always ensure your privacy is protected and data will always be retained in accordance with the Data retention section of this policy.
You may be unable to continue using our services if you require us to stop using your personal information, since this information is necessary for us to accurately fulfil and provide our services.
How to withdraw your consent
Where we have asked for your consent, you may withdraw consent at any time, but this will not affect any processing that has already taken place.
Consent is relevant to our marketing. If we send you marketing we would do this by email. We would remind you in each email of how you can unsubscribe.
Please be aware that when we send you service communications – we do not do this based on your consent – we have to send you those communications because of the contract we have with you and for our legitimate interest in making sure we respond to your questions and requests.
You’re in control of your data – unsubscribing from our marketing communications
You can ask us to stop sending you marketing messages by contacting us at any time. Please see ‘Contact us’ below for how to do this.
You can ask us to stop sending you marketing messages by contacting us at any time. Please see ‘Contact us’ below for how to do this. If the information we hold on you is wrong or incomplete, then let us know what needs updating and we’ll correct it. This is your right. Email email@example.com Ocado will then be able to update its own records (these are relevant to the services they provide to us). Alternatively you can contact us directly. Please see ‘Contact us’ below for how to do this.
Cookies and similar technologies
When you use any of the Website or our related apps, we use our own and third-party cookies and similar technologies (such as pixels and tracking URLs) to identify your device. This enables us to personalise and improve your customer experience and, where appropriate, serve you relevant advertisements. All these technologies are together referred to in this policy as “cookies”.
Without certain cookies, it would be very difficult for a website to allow a visitor to fill up a shopping trolley or to remember the user's preferences or registration details for a future visit. Have I accepted cookies on this Website?
You can find out whether you have accepted the cookies on this Website in your browser settings. Note that necessary cookies and functional cookies will continue to operate without your consent unless you disable or block them (see ‘How can I control or delete cookies’ below).
For all other types of cookies listed, we need your consent. You can withdraw your consent at any time in relation to these cookies. In practice for these cookies this means deleting them through your device or web browser.
Here are the types of cookies we use on our websites, and the purposes for which they are used
• Strictly necessary cookies. These cookies are essential in order to enable you to move around our websites and use its features, including accessing secure areas. Without these cookies, any services on our websites you wish to access cannot be provided.
• Analytical/performance cookies. These cookies collect information about how you and other visitors use our websites. This can be anything like which pages you go to most often, and if you get error messages from web pages. We use data from these cookies to help test designs and to ensure a consistent look and feel is maintained on your visit to our websites. We also use third-party web analytics software on our websites and apps (such as Google Analytics).
• Functionality cookies. These cookies allow our websites to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember settings such as changes you have made to text size, fonts and other parts of web pages that you can customise.
• Targeting cookies. These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement, as well as help measure the effectiveness of an advertising campaign. They are usually placed by third parties (such as advertising networks or platforms) with the website operator’s permission. They remember that you have visited a website and this information is shared with the advertiser. We have enabled Google Analytics Data Collection for Advertising Features, including Remarketing and Advertising Reporting Features. These features enable us to make use of data from users who have chosen to allow Google to associate their web and app browsing history with their Google account in order to personalise the ads we may show in Google Search and Display Advertising. This helps us provide more relevant messaging to our users. This also provides us with demographic and interest information at an aggregate level that helps us to understand our users better.
• Social media extensions. These technologies allow you to share what you’ve been doing on our websites on social media, such as Facebook and Twitter. For example, by clicking the Facebook ‘Like’ icons that may appear on our product pages. Although we enable these tools to be displayed on our websites so that you may, if you wish, interact with them, they are not within our control. Please refer to the relevant third party privacy policies for how these functionalities work.
To find out more about cookies please visit: www.allaboutcookies.org or see www.youronlinechoices.eu which contains further information about behavioural advertising and online privacy.
To opt-out of Google Analytics for Display Advertising and customize Google Display Network ads please go to https://www.google.com/settings/ads or Google Analytics' currently available opt-outs for the web.
How can I control or delete cookies? Most internet browsers are initially set up to automatically accept cookies. You can change the settings to block cookies or to alert you when cookies are being sent to your device. Please refer to your browser settings to learn more about how to control or delete cookies. If you disable the cookies that we use, this may impact your experience while on the Website, in particular whilst navigating. The online feedback form will also be disabled. If you use different devices to view and access the Website (e.g. your computer, smartphone, tablet etc) you will need to ensure that each browser on each device is adjusted to suit your cookie preferences.
Updates and how to contact us
If you have any questions about this Privacy & Cookies Policy, would like to make a complaint, or find out how we notify you of any changes to the Privacy & Cookies Policy, further details can be found in this section.
Updates and changes to the Privacy & Cookies Policy
You may change your personal information retained by us at any time. Simply access your user profile on the Website.
We may change the terms of this Privacy & Cookies Policy from time to time and you should check it regularly. The date on which the Privacy & Cookies Policy was most recently amended will be displayed at the beginning of the policy. If we make any material changes to this Privacy & Cookies Policy we will take steps to call it to your attention.
If you have questions about your personal information and our Privacy & Cookies Policy, or wish to exercise any of your rights described in this policy, you can contact us by writing to Data Protection Officer Next Retail Limited, Desford Road, Enderby, Leicester, LE19 4AT or via firstname.lastname@example.org quoting Security and Privacy Enquiry.
How to complain
If you are not satisfied in the way we have dealt with your concerns, you have the right to complain to the Information Commissioner’s Office. Please go to https://ico.org.uk/make-a-complaint/
You can write to:
Information Commissioner's Office
You can telephone the ICO:
Tel: 0303 123 1113