Privacy Policy

Bluemercury & Notice of Privacy Practices

This Notice of Privacy Practices was updated December 11, 2020.

Here’s a summary of what we’ve updated:

  • Re-organized this Notice to better explain thecustomer information we collect, and how and why we use that information;

  • Reviseded our third-party sharing policies;

  • Updated information for California residents under California Consumer Privacy Act (CCPA) and how to exercise their rights under CCPA.

This Notice of Privacy Practices (“Notice”) applies to information collected, processed or stored by Bluemercury in its stores or on (Collectively, “Services”). This Notice describes the extent of data collection and use for these Bluemercury Services.

This Notice of Privacy Practices explains:

Your access to and use of our Services means you agree to the terms in this Notice and our Terms & Conditions. We encourage you to refer to this Notice periodically so that you understand our current privacy practices.

If you have any questions about this Notice, please contact our Customer Service department:

By email at:

By phone at 1-800-355-6000

By mail at:

Bluemercury Customer Service
ATTN: Privacy Office
1010 Wisconsin Avenue NW, Suite 700
Washington, DC 20007

Why We Collect & Use Information

We at Bluemercury understand that you entrust your data to us. We value that trust. Our collection and use of customer data is guided by our corporate principle of Customers First and is subject to our Responsible Information Management program.

We may use the information we collect for the following primary reasons:

  1. Product & Service Fulfillment (FUL)

  2. Marketing, Promotions & Advertising (ADV)

  3. Internal Operations (OPS)

  4. Fraud Prevention, Security & Compliance (SEC)

We may combine information collected from different sources (see section on What We Collect & Share). Below is a summary of some of the ways we collect and use information:

  1. Product & Service Fulfillment (FUL)

    • To complete, fulfill, manage, and communicate with you about transactions;

    • To establish and service your online profile;

    • To provide customer service and alert you to product or shipping information;

    • To provide personal services; and

    • To administer rewards programs.

  2. Marketing, Promotions & Advertising (ADV)

    • To deliver information about our products, services, and promotions (e.g., personalized offers delivered to your home, email, or mobile devices);

    • To provide interactive features on our websites (e.g., product ratings and reviews, real-time offers, and location-based services such as store maps);

    • To identify product preferences and shopping preferences (e.g., services and promotions of possible interest); and

    • To administer contests, sweepstakes, promotions, surveys, and focus groups.

  3. Internal Operations (OPS)

    • To improve the effectiveness of our websites, stores, merchandise assortment, and customer service;

    • To conduct research and analytics related to our operations; and

    • To perform other logistics and operation activities as needed.

  4. Fraud Prevention, Security and Compliance (SEC)

    • To protect our assets and prevent fraudulent transactions;

      • To validate credentials and authenticate customers when logging into your online profile or transacting in store;

      • To protect the security and integrity of our Services and our data; and

      • To assist law enforcement and respond to legal/regulatory inquiries.

The rest of this Notice refers to the collection and use codes above (FUL; ADV; OPS; SEC). This is so you can better understand why we collect and use different types of information.

What We Collect & Share

We collect information from a variety of sources, including: information provided by you, transaction information, technology-enabled collections, and information we collect about you from third party sources. The following are examples of the types of information we may collect and share:

  • Information you provide: (FUL, ADV, OPS, SEC)

    • We collect various information when you create a profile, place an order, or take advantage of other programs online or in store. Information we may collect includes: Name, Address (billing and shipping), Zip code, e-mail address, Telephone number(s), Cellular phone number(s), Credit card number(s), Birth date, and Security question answers. (To express your preferences related to information you provide, go to the Manage Your Preferences section below).

  • Technology-Enabled Collections: (FUL, ADV, OPS, SEC)

    • We collect data when you visit our websites, shop in our stores, or interact with our wireless services and other technologies. This information is either automatically collected or is customer initiated. (For more details, see Our Use of Information Technologies section below).

  • Transaction Information: (FUL, ADV, OPS, SEC)

    • Transaction Information includes items purchased and date and time of your transaction for in-store or online purchases.

    • When you make a purchase or create a Wish List, we may share information about you and your transaction with other companies necessary to process your transaction or offer you products or services that may be of interest.

  • Affiliate & Subsidiary Sharing: (FUL, ADV, OPS, SEC)

    • Bluemercury, a division of Macy’s Inc., may share your information within the Macy’s Inc. organization including with subsidiaries and affiliates, such as Bloomingdale’s. This Notice does not cover the privacy practices of Macy’s or Bloomingdale’s.

  • Third Parties: (FUL, ADV, OPS, SEC)

    • We may receive your updated shipping information from a third-party carrier.

    • We may collect or use information made available to us through third-party platforms, online databases and directories, or other means. We specify that data sourced from a third party must be legitimately and legally obtained. Some or all of this information may be governed by the privacy statements of the third party.

    • We may share information with third parties who provide services to us or who work with us to offer products or services online or in our stores. Bluemercury also may share information with third parties so that they may directly offer their products or services to you if we think they may be of interest.

    • We participate in consortiums with partners to share information or match (look alike or similar) customer data. When shared, this information is de-identified and anonymized.

Our Use of Information Technologies

The following section describes various types of technologies we use when you interact with us online, through our mobile applications, shop in our stores, or use our wireless services, and your choices regarding those technologies:

Cookies, Pixel Tags, and Flash Cookies (FUL, ADV, OPS, SEC)

On our websites and other digital platforms we use Cookies, Pixel Tags, and more limitedly, Flash Cookies. This section briefly describes each:

A Cookie is a small piece of computer code sent by a website and stored on the hard disk of your computer. A pixel tag (also known as a tracking pixel, web beacon, or clear GIF) is an embedded image on a website that may register a user's website activity. A Flash Cookie (also known as a Local Shared Object) is a data file stored on your computer by the websites that you visit "(click here for more details). Flash Cookies provide similar functionality as Cookies, but are based on different technology, provide richer data collections, and are persistent; they do not go away when you exit your browser and generally cannot be deleted through your browser option tools.

At Bluemercury, we use two kinds of Cookies: session cookies and persistent cookies. Session cookies exist only for as long as your browser remains open. We use session cookies, for example, to manage items added to your shopping bag. Persistent cookies last from visit to visit; they do not go away when you exit your browser. We use persistent cookies to enable an easier log-in process, give you a more personalized shopping experience, or help you navigate our website more efficiently. For example, we use persistent cookies to show you items you have previously browsed. From time to time, we may use Flash Cookie(s) on our website(s), for example, to enable or control richer Flash-based content.

For options to manage your Cookie Preferences, click here. If you block cookies from, you will not be able to make purchases on our websites.

Website Optimization Services (ADV, OPS)

Bluemercury shares data with Google Analytics tools to understand and optimize website performance and enhance site usability for our customers. Google Analytics runs in the background of our sites analyzing site usage information. Google Analytics is required to maintain data securely and confidentially. Credit card or password data is not collected through Google Analytics.

Please click here to download the Google Analytics opt-out browser add-on. To learn more about Google Analytics Privacy click here.

Interest-Based or Online Behavioral Advertising (OBA) (ADV, OPS)

Bluemercury uses third-party advertising companies to serve interest-based advertisements. These companies compile information from various online sources (including mobile-enabled browsers and applications) to match user profiles with ads we believe will be most relevant, interesting and timely based on that user profile.

For additional information on interest-based advertising and options for managing preferences including oppt-outs, click here.

Do Not Track (DNT) (ADV, OPS)

Bluemercury does not currently recognize and process Do Not Track signals from different web browsers. Customers may manage their preferences for tracking across sites in the Interest-Based Advertising section above. For more information on Do Not Track please visit

Beacons (FUL, ADV, OPS, SEC)

Beacons are small appliances that we use to enhance and make the Bluemercury in-store experience more interactive. Beacons broadcast a Bluetooth signal that can be received by Bluetooth-enabled devices, such as a mobile phone, when those devices are within proximity of a beacon. Beacons do not collect or pull in personal data; they only push out radio signal pulses to map nearby Bluetooth-enabled devices, much in the same way radar works. In-app permissions, such as permission to access location and accept Push Notifications (sometimes shown as ‘PNS’ on your devices), must be enabled for a Beacon to interact with your specific Bluetooth-enabled device. Interactions with and notifications delivered to your device may include customer service information, in-store directions, offers and advertisements from applications and advertisers.

Beacon Preferences are managed through your device (Bluetooth, Location, and PNS settings).

In-Store Wi-Fi Services (FUL, ADV, OPS, SEC)

Many Bluemercury locations offer free Wi-Fi Services to visitors. Wi-Fi routers capture certain data from devices that interact with the router. Some examples of data automatically collected through our Wi-Fi Service include:

  • Information about your device, including a MAC Address, and telemetry data (such as signal strength and quality) related to your use of our Wi-Fi service.

  • Vendors that analyze Wi-Fi data automatically collected to provide operational insights such as foot traffic volumes, dwell times, and how costumers move through our stores.

Unless we receive consent to use Wi-Fi data in a manner that identifies you or your device(s), Wi-Fi data is anonymously collected or de-identified.


Radio Frequency Identification (RFID) tags consist of a small chip and antenna that provide a unique identifier for objects. RFID serves the same purpose as a bar code and must be scanned by a specific type of reader in close proximity to the tag to retrieve tag data. Bluemercury uses RFID for inventory management (such as locating products in the stock room) and logistics support. RFID is not used to track or monitor any items once you leave our stores.

Video Cameras (FUL, OPS, SEC)

We use cameras in our stores for security purposes and asset protection. We also use cameras in our stores for operational purposes, such as such as traffic pattern analysis. Cameras may include technology to capture demographic information, such as age, gender and dwell time.

We will not use cameras to personally identify you, without your consent, except when the identification is for security or law enforcement purposes.

Managing Your Preferences

This section details, in one place, how you may express preferences including electing to opt-out of some data collections or uses.

Access to Accounts, Online Profiles, and Orders

If you are a registered user of, you can update your information in My Account.

Sign into your account and then click on your order number. Once your order has shipped, you will see a link to at the top in green. Click this link to see the latest order status.

If you have any additional questions, please call our Customer Service department at 1-800-355-6000.

Data Sharing Preferences

If you prefer that we not share your information with third parties for marketing purposes, you can contact us:

      • By Email at:

      • If you choose to email us, please include your name, address, phone number, and state "NO THIRD-PARTY SHARING" in your request.

      • By phone at: 1-800-355-6000

Email Communications

      • Promotional or Marketing Emails: To opt-out of receiving promotional or marketing e-mails from Bluemercury at a specific email address, you may:

        • Use the unsubscribe link in the footer of any e-mail sent by

        • Unsubscribe by signing into your account on, clicking on my profile and indicating your opt-out preference.

        • Or contact us by email at:

Note: It may take up to 10 business days to process your request.

      • Customer Survey Emails: We may separately send surveys, via e-mail, to our customers in order to collect opinions and feedback about their shopping experiences. To opt-out of receiving survey emails from Bluemercury, you may use the unsubscribe link at the bottom of any survey emails.

      • Specialized Email Programs. You may have signed up for one of our specialized email programs. To opt-out of receiving emails from one of those specialized programs, you may use the unsubscribe link at the bottom of any of these emails.

Note: Operational emails (e.g. shipping confirmation or product recall information) do not provide an opt-out option.

Direct Mail or Telemarketing

      • Direct Mail or Telemarketing: To opt-out of receiving direct mail or telemarketing calls, you may contact us:

      • If you choose to email us, please include your name, address, phone number, and state one of the following:

        • "NO MAIL OFFERS" (if you don't want to receive offers by mail)

        • "NO PHONE OFFERS" (if you don't want to receive offers by phone); or

        • "NO PHONE OR MAIL OFFERS" (if you don't want to receive either)

Note on Opting-Out of Direct Mail: Because direct mailings are often prepared well in advance (12-16 weeks, in some cases) you may, for a period of time, continue to receive some physical mail after you send us your request.

Website & Online Services Preferences

      • Cookies & Flash Cookies: Managing cookie preferences differs from browser to browser so please refer to your browser for further information. If you would like to disable cookies and web beacons, please use the help function in your web browser to restrict cookies from our website(s). If you block cookies from, you will not be able to make purchases on our website. To manage the Flash Cookie settings and preferences for your computer, mobile phone or wireless device please click here and you will be directed to the Settings Manager on Adobe's website. You may also be able to manage Flash Cookies from your browser, depending on the version of your browser.

      • Website Optimization Services: Please click here to download the Google Analytics opt-out browser add-on. To learn more about Google Analytics Privacy click here.

      • Interest-Based Adverting: If you would like to opt-out of interest-based advertising, please click here. Please note that you will be opted out of all interest-based advertising from all business members of the Network Advertising Initiative for that specific browser on that specific device. If you opt-out, you may continue to see or receive online advertising from Bluemercury; however, these ads may not be as relevant to you.

Note: To opt-out of interest-based advertising in mobile applications, you can turn off mobile device ad tracking or reset the advertising identifier in your device settings.

Technology-Enabled Collection & Use Preferences

In-Store Wi-Fi Services: If you do not wish for us to use your Wi-Fi analytic data in a de-identified manner, please turn off your phone or refrain from using our Wi-Fi Services. For more information, visit:

Ownership of Customer Data

If Bluemercury, its parent company or any of its subsidiaries is sold to or otherwise acquired by a third party, all Bluemercury data assets will become the property of the acquiring party. Such a party will be subject to any consent(s), opt-outs or other customer conditions on data. A change in data ownership may or may not include a notice on the primary online sites of Bluemercury or affected subsidiary sites.

Additional Disclosures

Information About Children Under 13

The Children's Online Privacy Protection Act imposes requirements on Web sites that collect personal information about children under 13 years old (for example - name, address, email address, social security number, etc.). Our current policy is not to collect any personal information on any person under 13 years old online. For this reason, our sweepstakes and other promotions conducted online are restricted to entrants who are at least 13 years old.

If this policy changes, we will revise this portion of our Notice of Privacy Practices and will comply with the requirements of the Children's Online Privacy Protection Act, which includes providing notice and choice to each child's parent or guardian before collecting any personal information.

California Residents

Under the California Shine the Light Law, California residents are entitled to ask us for a notice describing what categories of personal information we share with third parties or corporate affiliates for those third parties or corporate affiliates' direct marketing purposes. That notice will identify the categories of personal information shared with third parties and used for direct marketing purposes and the name and address of the third parties that received such personal information. If you are a California resident and want a copy of this notice, please submit a written request to the following address: Bluemercury Customer Service, ATTN: Privacy Office, 1010 Wisconsin Avenue NW, Suite 700, Washington, DC 20007. In your request, please specify that you want a "Your Bluemercury California Privacy Rights Notice." Please allow 30 days for a response.

If you are a minor under 18 and have a profile on, you may ask us to remove reviews or other content that you posted on the site by writing to We will begin to process your request within 30 days. Please note that processing your request does not ensure complete or comprehensive removal of content that you posted.

California Consumer Privacy Act (CCPA) of 2018. Effective January 1, 2020, if you reside in California then you have the following rights:

  • You have the right to opt-out of bluemercury’s sale of your Personal Information.

  • You have the right to request the deletion of your Personal Information.

  • You have the right to request us to disclose to you the following, no more than twice in a 12-month period:

    • Categories of Personal Information we collected about you during the preceding 12 months.

    • Categories of sources from which we collected the Personal Information during the preceding 12 months.

    • Business or commercial purpose(s) for collecting or selling your Personal Information during the preceding 12 months.

    • Categories of third parties with whom we share the Personal Information during the preceding 12 months.

    • Specific pieces of Personal Information we collected about you during the preceding 12 months.

    • Categories of Personal Information we have sold and categories of third parties to whom the information was sold to during the preceding 12 months.

    • Categories of Personal Information we disclosed about you for a business purpose during the preceding 12 months.

We will not discriminate against you because you exercised your rights under this section of our Notice.

You may submit your request through the following methods:

In order for your request to be processed, you must specify what action, as described above, you would like taken (Opt-out, Delete, Disclose), and provide your first name, last name, email address, phone number, street address, state, and zip code. We will use the information provided to match the identifying information we have to verify your identity before processing the request.

Safeguarding Information

Bluemercury has put various procedural, technical, and administrative measures in place to safeguard the information we collect and use. We designed our technology-enabled services to accept orders only from Web and mobile browsers that permit communication through a Secure Socket Layer (SSL). SSL is an encryption standard that provides a layer of security while information is being transmitted over the Internet.

As a matter of policy, we do not disclose details regarding our security measures as this could be beneficial information to criminals and other bad actors.

Be advised, no security safeguards or standards are guaranteed to provide 100% security. You should always use appropriate self-protection measures and practice safe browsing on all websites. For more information on how you can securely shop with us, the National Cybersecurity Alliance also provides comprehensive information to stay safe online.