Notice to Our Customers

Bluemercury was acquired by Macy’s Inc. (also the parent company of Bloomingdale’s) in March 2015. We will continue to offer the world’s most innovative skin and beauty products as well as unparalleled technical product knowledge, expert advice and friendly service. Our integration into Macy’s greatly expands our reach, depth and unique capabilities to deliver our signature luxury beauty products and spa services.

As part of our integration, we may share customer data with Macy’s. Our commitment to you is, and has always been, to give you a choice about your data entrusted to us. Below, you will find our updated Notice of Privacy Practices, which becomes effective April 27, 2016. We encourage you to read it.  

We believe that joining the Macy’s family opens up truly exciting new possibilities to surprise and delight our customers. But because this is a new development we are providing this option for you to opt-out of having your Bluemercury data shared with Macy’s by using our Contact Us Form. If you choose to opt-out, we will not share your data with Macy’s and its affiliates. Please note this opt-out only applies to sharing data with Macy’s and not with Bluemercury. This opt-out link is available for the next 30 days; after which time you can always refer to the Contact Us section under Customer Service for opt-out options. Thank you for your time.  We look forward to the next chapter as your trusted partner in beauty.

Sincerely,

Marla and Barry Beck, Co-Founders

BLUEMERCURY AND BLUEMERCURY.COM NOTICE OF PRIVACY PRACTICES

This Notice of Privacy Practices was updated on April 27, 2016.

Here’s a summary of what we’ve updated:

  • Re-organized this Notice to better explain why, what, and how we collect and process customer information;
  • Updated subsidiary, affiliate and other partner information, including the Macy’s, Inc. acquisition of Bluemercury;
  • Changed our third party sharing policies;
  • Expanded scope of technology-enabled collection services such as Interest-Based Advertising, Beacons, In-Store Wi-Fi, RFID, and Video Cameras;
  • Updated information on additional disclosures such as California Privacy Rights;
  • Expanded scope on how to Manage Your Preferences that includes updates on your choices related to technology-enabled collection services.

This Notice of Privacy Practices (“Notice”) applies to information collected, processed or stored by Bluemercury, online at bluemercury.com, and via bluemercury.com accessed through your mobile device) (Collectively, “Services”). This Notice describes the extent of data collection and use for these Bluemercury Services. 

This Notice of Privacy Practices explains:

Your access to and use of our Services means you agree to the terms in this Notice and our Terms & Conditions. We encourage you to refer to this Notice periodically so that you understand our current privacy practices.

If you have any questions about this Notice, please contact our Customer Service department:

       Bluemercury Customer Service
       ATTN: Privacy Office
       1010 Wisconsin Avenue NW, Suite 700
       Washington, DC 20007

 



WHY WE COLLECT & USE INFORMATION

We at Bluemercury understand that you entrust your data to us. We value that trust. Our collection and use of customer data is guided by our corporate principle of Customers First and subject to our Responsible Information Management program.

We may use the information we collect for the following primary reasons:

(1)    Product & Service Fulfillment (FUL)

(2)    Marketing, Promotions & Advertising (ADV)

(3)    Internal Operations (OPS)

(4)    Fraud Prevention, Security & Compliance (SEC)

We may combine information collected from different sources (see section on What We Collect & Share). Below is a summary of some of the ways we collect and use information:

1. Product & Service Fulfillment (FUL)

  • To complete, fulfill, manage, and communicate with you about transactions;
  • To establish and service your online profile on one of our websites;
  • To provide customer service and alert you to product or shipping information;
  • To provide personal services; and
  • To administer rewards programs.

2. Marketing, Promotions & Advertising (ADV)

  • To deliver information about our products, services, and promotions (e.g., personalized offers delivered to your home, email, or mobile devices);
  • To provide interactive features on our websites (e.g., product ratings and reviews, real-time offers, and location-based services such as store maps);
  • To identify product preferences and shopping preferences (e.g., services and promotions of possible interest); and
  • To administer contests, sweepstakes, promotions, surveys, and focus groups.

3. Internal Operations (OPS)

  • To improve the effectiveness of our websites, stores, merchandise assortment, and customer service;
  • To conduct research and analytics related to our operations; and
  • To perform other logistics and operation activities as needed.

4. Fraud Prevention, Security and Compliance (SEC)

  • To protect our assets and prevent fraudulent transactions;
    • To validate credentials and authenticate customers when logging into your online profile or transacting in store;
    • To protect the security and integrity of our Services and our data; and
    • To assist law enforcement and respond to legal/regulatory inquiries.

The rest of this Notice refers to the collection and use codes above (FUL; ADV; OPS; SEC). This is so you can better understand why we collect and use different types of information in accordance with our privacy practices and our Responsible Information Management program.

  



WHAT WE COLLECT & SHARE

We collect information from a variety of sources, including: information provided by you, transaction information, technology-enabled collections, and information we collect about you from third party sources. The following are select examples of the types of information we may collect and share:

  • Information you provide: (FUL, ADV, OPS, SEC)
    • We collect various information when you create a profile, place an order, create a registry or take advantage of other programs online or in store.  Information we may collect includes:   NameAddress (billing and shipping)Zip codee-mail addressTelephone number(s)Cellular phone number(s)Credit card number(s)Birth dateand Security question answers. (To express your preferences related to information you provide, go to the Manage Your Preferences section below).
  • Technology-Enabled Collections: (FUL, ADV, OPS, SEC)
    • We collect data when you visit our websites, shop in our stores, or interact with our wireless services and other technologies. This information is either automatically collected or is customer initiated. (For more details, see Our Use of Information Technologies section below).
  • Transaction Information: (FUL, ADV, OPS, SEC)
    • Transaction Information includes items purchased and date and time of your transaction, for in-store or online purchases. 
    • When you make a purchase or create a Wish List, we may share information about you and your transaction with other companies necessary to process your transaction or offer you products or services that may be of interest.
  • Affiliate & Subsidiary Sharing: (FUL, ADV, OPS, SEC)
    • Bluemercury, a division of Macy’s Inc., may share your information within the Macy’s Inc. organization including with subsidiaries and affiliates, such as Bloomingdale’s. This Notice does not cover the privacy practices of Macy’s or Bloomingdale’s.
  • Third Parties: (FUL, ADV, OPS, SEC)
    • We may receive your updated shipping information from a third party carrier.
    • We may collect or use information made available to us through third party platforms, online databases and directories, or other means. We specify that data sourced from a third party must be legitimately and legally obtained. Some or all of this information may be governed by the privacy statements of the third party.
    • We may share information with third parties who provide services to us or who work with us to offer products or services online or in our stores. Bluemercury also may share information with third parties so that they may directly offer their products or services to you if we think they may be of interest to you.
    • We participate in consortiums with partners to share information or match (look alike or similar) customer data. When shared, this information is de-identified and anonymized.  

 



OUR USE OF INFORMATION TECHNOLOGIES

The following section describes various types of technologies we use when you interact with us online, through our mobile applications, shop in our stores, or use our wireless services, and your choices regarding those technologies: 

Cookies, Pixel Tags, and Flash Cookies (FUL, ADV, OPS, SEC)

On our websites and other digital platforms we use Cookies, Pixel Tags, and more limitedly, Flash Cookies.  This section briefly describes each:

A Cookie is a small piece of computer code sent by a website and stored on the hard disk of your computer. A pixel tag (also known as a tracking pixel, web beacon, or clear GIF) is an embedded image on a website that may register a user's website activity. A Flash Cookie (also known as a Local Shared Object) is a data file stored on your computer by the websites that you visit (click here for more details). Flash Cookies provide similar functionality as Cookies, but are based on different technology, provide richer data collections, and are persistent; they do not go away when you exit your browser and generally cannot be deleted through your browser option tools.

At Bluemercury we use two kinds of Cookies: session cookies and persistent cookies. Session cookies exist only for as long as your browser remains open. We use session cookies, for example, to manage items added to your shopping bag. Persistent cookies last from visit to visit; they do not go away when you exit your browser. We use persistent cookies to enable an easier log-in process, give you a more personalized shopping experience, or help you navigate our website more efficiently. For example, we use persistent cookies to show you items you have previously browsed. From time to time, we may use Flash Cookie(s) on our website(s), for example, to enable or control richer Flash-based content.

For options to manage your Cookie Preferences, click hereIf you block cookies from bluemercury.com, you will not be able to make purchases on our websites.

Website Optimization Services (ADV, OPS)

Bluemercury shares data with Google Analytics tools to understand and optimize website performance and enhance site usability for our customers.  Google Analytics runs in the background of our sites analyzing site usage information. Google Analytics is required to maintain data securely and confidentially. Credit card or password data is not collected through Google Analytics.

Please click here to download the Google Analytics opt-out browser add-on. To learn more about Google Analytics Privacy click here.

Interest-Based or Online Behavioral Advertising (OBA) (ADV, OPS)

Bluemercury uses third-party advertising companies to serve interest-based advertisements. These companies compile information from various online sources (including mobile-enabled browsers and applications) to match user profiles with ads we believe will be most relevant, interesting and timely based on that user profile.

For additional information on interest-based advertising and options for managing preferences, click here.

Do Not Track (DNT) (ADV, OPS)

Bluemercury does not currently recognize and process Do Not Track signals from different web browsers. Customers may manage their preferences for tracking across sites in the Interest-Based Advertising section above. For more information on Do Not Track please visit http://www.allaboutdnt.org/.

Beacons (FUL, ADV, OPS, SEC)

Beacons are small appliances that we use to enhance and make the Bluemercury in-store experience more interactive. Beacons broadcast a Bluetooth signal that can be received by Bluetooth-enabled devices, such as a mobile phone, when those devices are within proximity of a beacon. Beacons do not collect or pull in personal data; they only push out radio signal pulses to map nearby Bluetooth-enabled devices, much in the same way radar works. In-app permissions, such as permission to access location and accept Push Notifications (sometimes shown as ‘PNS’ on your devices), must be enabled for a Beacon to interact with your specific Bluetooth-enabled device. Interactions with and notifications delivered to your device may include customer service information, in-store directions, offers and advertisements from applications and advertisers.

Beacon Preferences are managed through your device (Bluetooth, Location, and PNS settings).

In-Store Wi-Fi Services (FUL, ADV, OPS, SEC)

Many Bluemercury locations offer free Wi-Fi Services to visitors. Wi-Fi routers capture certain data from devices that interact with the router. Some examples of data automatically collected through our Wi-Fi Service include:

  • Information about your device, including a MAC Address, and telemetry data (such as signal strength and quality) related to your use of our Wi-Fi service.
  • Vendors that analyze Wi-Fi data automatically collected to provide operational insights such as foot traffic volumes, dwell times, and how costumers move through our stores.

Unless we receive consent to use Wi-Fi data in a manner that identifies you or your device(s), Wi-Fi data is anonymously collected or de-identified.  

RFID (FUL, OPS, SEC)

Radio Frequency Identification (RFID) tags consist of a small chip and antenna that provide a unique identifier for objects. RFID serves the same purpose as a bar code and must be scanned by a specific type of reader in close proximity to the tag to retrieve tag data. Bluemercury uses RFID for inventory management (such as locating shoes in the stock room) and logistics support. RFID is not used to track or monitor any items once you leave our stores.

Video Cameras (FUL, OPS, SEC)

We use cameras in our stores for security purposes, loss prevention, and asset protection. We also use cameras in our stores for operational purposes, such as such as traffic pattern analysis. Cameras may include technology to capture demographic information, such as age, gender and dwell time.   

We will not use cameras to personally identify you, without your consent, except when the identification is for security or law enforcement purposes.



MANAGING YOUR PREFERENCES

This section details, in one place, how you may express preferences including electing to opt-out of some data collections or uses.

Access to Accounts, Online Profiles, and Orders

  • If you are a registered user of bluemercury.com, you can update your information in My Account.
  • If you have questions about your order, you may check your order status online in My Order.
  • If you have any additional questions, please call our Customer Service department at 1-800-355-6000.

Data Sharing Preferences

If you prefer that we not share your information with third parties for marketing purposes, you can contact us:

  • By mail at:

       Bluemercury Customer Service
       ATTN: Privacy Office
       1010 Wisconsin Avenue NW, Suite 700
       Washington, DC 20007

  • If you choose to write to us, please include your name, address, phone number, and state "NO THIRD PARTY SHARING" in your request.
  • By phone at 1-800-355-6000

Email Communications

  • Promotional or Marketing Emails: To opt-out of receiving promotional or marketing e-mails from Bluemercury at a specific email address, you may:
    • Use the unsubscribe link in the footer of any e-mail sent by bluemercury.com.
    • Unsubscribe by signing into your account on bluemercury.com, clicking on my profile and indicating your opt-out preference.
    • Or contact us:
      • By mail at:

                          Bluemercury Customer Service
                          ATTN: Privacy Office
                          1010 Wisconsin Avenue NW, Suite 700
                          Washington, DC 20007

Note: It may take up to 10 business days to process your request.

  • Customer Survey Emails: We may separately send surveys, via e-mail, to our customers in order to collect opinions and feedback about their shopping experiences. To opt-out of receiving survey emails from Bluemercury, you may use the unsubscribe link at the bottom of any survey emails.
  • Specialized Email Programs. You may have signed up for one of our specialized email programs. To opt-out of receiving emails from one of those specialized programs, you may use the unsubscribe link at the bottom of any of these emails.

Note: Operational emails (e.g. shipping confirmation or product recall information) do not provide an opt-out option.

Direct Mail or Telemarketing

  • Direct Mail or Telemarketing: To opt-out of receiving direct mail or telemarketing calls, you may contact us:
    • By phone at 1-800-355-6000
    • By mail at:

 Bluemercury Customer Service
 ATTN: Privacy Office
 1010 Wisconsin Avenue NW, Suite 700
 Washington, DC 20007

  • If you choose to write to us, please include your name, address, phone number, and state one of the following:
    • "NO MAIL OFFERS" (if you don't want to receive offers by mail)
    • "NO PHONE OFFERS" (if you don't want to receive offers by phone); or
    • "NO PHONE OR MAIL OFFERS" (if you don't want to receive either)

Note on Opting-Out of Direct Mail: Because direct mailings are often prepared well in advance (12-16 weeks, in some cases) you may, for a period of time, continue to receive some physical mail after you send us your request.

Website & Online Services Preferences

  • Cookies & Flash Cookies: Managing cookie preferences differs from browser to browser so please refer to your browser for further information. If you would like to disable cookies and web beacons, please use the help function in your web browser to restrict cookies from our website(s). If you block cookies from bluemercury.com, you will not be able to make purchases on our website.  To manage the Flash Cookie settings and preferences for your computer, mobile phone or wireless device please click here and you will be directed to the Settings Manager on Adobe's website. You may also be able to manage Flash Cookies from your browser, depending on the version of your browser.
  • Website Optimization Services:  Please click here to download the Google Analytics opt-out browser add-on. To learn more about Google Analytics Privacy click here.
  • Interest-Based Adverting: If you would like to opt-out of interest-based advertising, please click here. Please note that you will be opted out of all interest-based advertising from all business members of the Network Advertising Initiative for that specific browser on that specific device. If you opt-out, you may continue to see or receive online advertising from Bluemercury; however, these ads may not be as relevant to you.

Note: To opt-out of interest-based advertising in mobile applications, you can turn off mobile device ad tracking or reset the advertising identifier in your device settings.

Technology-Enabled Collection & Use Preferences

  • In-Store Wi-Fi Services: If you do not wish for us to use your Wi-Fi analytic data in a de-identified manner, please turn off your phone or refrain from using our Wi-Fi Services. For more information, visit: https://smart-places.org 

 



OWNERSHIP OF CUSTOMER DATA

If Bluemercury, its parent company or any of its subsidiaries is sold to or otherwise acquired by a third party, all Bluemercury data assets will become the property of the acquiring party. Such a party will be subject to any consent(s), opt-outs or other customer conditions on data.  A change in data ownership may or may not include a notice on the primary online sites of Bluemercury or affected subsidiary sites.

 



ADDITIONAL DISCLOSURES

Information About Children Under 13
The Children's Online Privacy Protection Act imposes requirements on Web sites that collect personal information about children under 13 years old (for example - name, address, email address, social security number, etc.). Our current policy is not to collect any personal information on any person under 13 years old online. For this reason, our sweepstakes and other promotions conducted online are restricted to entrants who are at least 13 years old.

If this policy changes, we will revise this portion of our Notice of Privacy Practices and will comply with the requirements of the Children's Online Privacy Protection Act, which includes providing notice and choice to each child's parent or guardian before collecting any personal information.

Your California Privacy Rights
Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice describing what categories of personal information we share with third parties or corporate affiliates for those third parties or corporate affiliates' direct marketing purposes. That notice will identify the categories of personal information shared with third parties and used for direct marketing purposes and the name and address of the third parties that received such personal information. If you are a California resident and want a copy of this notice, please submit a written request to the following address: Bluemercury Customer Service, ATTN: Privacy Office, 1010 Wisconsin Avenue NW, Suite 700, Washington, DC 20007. In your request, please specify that you want a "Your Bluemercury California Privacy Rights Notice." Please allow 30 days for a response.

If you are a minor under 18 and have a profile on bluemercury.com, you may ask us to remove reviews or other content that you posted on the site by writing to privacy@bluemercury.com.  We will begin to process your request within 30 days.  Please note that processing your request does not ensure complete or comprehensive removal of content that you posted.

 



SAFEGUARDING INFORMATION

Bluemercury has put various procedural, technical, and administrative measures in place to safeguard the information we collect and use. We designed our technology-enabled services to accept orders only from Web and mobile browsers that permit communication through a Secure Socket Layer (SSL). SSL is an encryption standard that provides a layer of security while information is being transmitted over the Internet.

As a matter of policy, we do not disclose details regarding our security measures as this could be beneficial information to criminals and other bad actors.

Be advised, no security safeguards or standards are guaranteed to provide 100% security. You should always use appropriate self-protection measures and practice safe browsing on all websites. For more information on how you can securely shop with us, the National Cybersecurity Alliance also provides comprehensive information to stay safe online.