Privacy Notice

Bluemercury & Bluemercury.com Notice of Privacy Practices

This Notice of Privacy Practices was updated in January 2023.

This Notice applies to Personal Information collected, processed, or stored by Bluemercury, bluemercury.com, m61labs.com or luneandaster.com. Personal information may be shared between or processed by any of these brands.



This Notice of Privacy Practices explains:


Your access to and use of our services means you agree to the terms in this Notice and our Terms and Conditions.

This Notice may be updated from time to time. Bluemercury will notify you of any changes by posting an updated Notice on this page. We encourage you to refer to this Notice periodically so that you understand our current privacy practices.

If you have any questions about this Notice, please contact our Customer Service department:

Via email at: privacymaster@bluemercury.com

By phone at 1-800-355-6000

By mail at:

Bluemercury Customer Service
ATTN: Privacy Office
7250 Woodmont Ave, Bethesda, MD 20814

Why We Collect & Use Information

We at Bluemercury understand that you entrust your data to us. We value that trust.

Your Personal Information will be retained only as long as necessary to carry out the purposes outlined in this Notice.

We may combine information collected from different sources. Below is a summary of the primary ways we collect and use information:

Primary Reasons for Data Collection Uses
Product and Service Fulfillment
(Fulfillment)
Fulfill, manage, and communicate with you about transactions.
Establish and service your profile on our websites.
Provide customer service and alert you to product or shipping information.
Provide personal services.
Manage loyalty programs (e.g., BlueRewards).
Marketing, Promotions and Advertising
(Advertising)
Deliver information about products, services, and promotions.
Provide interactive features on websites.
Identify product and shopping preferences using information we collect from you and about you.
Administer contests, sweepstakes, promotions, surveys, and focus groups.
Internal Operations (Operations) Improve the effectiveness of our websites, stores, merchandise assortment, and customer service.
Conduct business analysis, such as analytics, projections, and identifying areas for operational improvement.
Fraud Prevention, Security and Compliance
(Security)
Protect our assets and prevent fraudulent transactions.
Validate credentials and authenticate customers when logging into your online profile, or transacting in-store.
Protect the security and integrity of our services and our data.
Assist law enforcement and respond to legal/regulatory inquiries.
Back to top

Safeguarding Information

Bluemercury has implemented procedural, technical, and administrative measures to safeguard the information we collect and use. For your protection, we designed our technology-enabled services to accept orders only from secured web and mobile browsers.

No security safeguards or standards are guaranteed to provide 100% security. You should always use appropriate self-protection measures and practice safe browsing on all websites. For more information on how you can securely shop with us, the National Cybersecurity Alliance provides comprehensive information to stay safe online.

Back to top

Categories of Information and How we collect it

Bluemercury collects certain information from you and about you. Information is collected directly from your, or through other means.

We may collect or use the information made available to us through third-party platforms, online databases, and directories, or other means. We specify that data sourced from these third parties must be legitimately obtained. Note that this information may be governed by the privacy statement of the third party.

This may include:

Categories and Examples of Personal Information Collected Categories of Sources from which Personal Information is Collected Business or Commercial Purposes for Data Collection
Fulfillment Advertising Operations Security
Sensitive Personal Information
Driver’s license number, account log-in, password, debit/credit card number, geolocation, ethnic origin, health information
Sensitive Personal Information below is denoted with an asterisk (*).
Information you provide
Placing an order, taking advantage of other programs online or in-store such as visiting our Spa, completing surveys.
Identifiers
real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name
Information You Provide
Creating a profile, placing an order, creating a wish list, signing up for events, or taking advantage of other programs online or in-store.

Information We Collect Through Data Collection Technologies
When you visit our websites, shop in our stores, or interact with our other technologies. This information is either automatically collected or is customer-initiated.

Information From Other Sources
We may provide and receive information about you, with or from our service providers and vendors.
Commercial Information
products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
Information You Provide
Placing an order, creating a wish list, signing up for events, or taking advantage of other programs online or in-store.

Information From Other Sources
We may provide and receive information about you, with or from our service providers and vendors.
Biometric Information*
voice recordings, facial recognition
Information You Provide
Calling, chatting, emailing, or otherwise contacting our customer service team.

Information We Collect Through Data Collection Technologies
Fraud and security activities when visiting our stores or placing online orders.
Internet or Other Electronic Network Activity Information
browsing history, search history, information regarding a customer’s interaction with an Internet website application, or advertisement
Information We Collect Through Data Collection Technologies
When you visit our websites, shop in our stores, or interact with our other technologies, tagging Bluemercury on your social platforms, or interacting with our social platforms. This information is either automatically collected or is customer-initiated.
Geolocation Information We Collect Through Data Collection Technologies
When shopping on our website we collect geolocation data such as IP address.
Precise Geolocation* Information We Collect Through Data Collection Technologies
Shopping in-store, we collect location data when your device is set to provide location information or when you have notified the store that you have arrived to pick up your curbside order.
Back to top

Who We share your information with

We may share your information in the following ways:

Who We Share With Categories of Information Business or Commercial Purposes Sold/Share Y/N Disclosed Y/N
Internally with any Bluemercury Brand, Website, and Info You Post on our Social Media Identifiers, Commercial Information and Information you Post
Such as information you post in our reviews feature or share on your wish list
Offer products and services that may be of interest or to fulfill our obligations to you N/A N/A
Our Service Providers Identifiers, Commercial, Biometric Information, Internet or Other Electronic Network Activity, Sensitive Personal Information, or any information you post with third parties who facilitate operations and perform services on our behalf Provide services to Bluemercury so we can provide products and services to you N Y
Our Business Partners Identifiers, Commercial Information, Internet or Other Electronic Network Activity, Sensitive Personal Information Provide products and services that enhance our offering portfolio to help us serve you better N Y
Third Parties for Marketing Purposes Identifiers, Commercial, Internet or Other Electronic Network Activity Information, or Sensitive Personal Information Marketing purposes, including with third parties whose products or services we believe you may be interested in and for third parties’ own marketing purposes. These third parties may also share your information with others and may include delivery of Interest-based advertising. Y Y
Any Successors to All or Part of Our Business All Categories of Personal Information you have entrusted to Bluemercury If Bluemercury merges with, acquires, or is acquired by another business entity your Personal Information may be shared with the new company. This may include an asset sale, corporate reorganization, or other change of control. N/A N/A
Any Compliance or Legislative Organization, as Required All Categories of Personal Information you have entrusted to Bluemercury When responding to a court order or subpoena, if a government agency or investigatory body requests information, or when we are investigating potential fraud.
We may also share information if you are the winner of sweepstakes or other contests.
Y Y
Back to top

Our Use of Information Technologies

The following section describes technologies we use when you interact with us online, shop in our stores, or use our other technologies.

Bluemercury uses cookies, pixels, software development kits (SDKs) and other tracking technologies to deliver, monitor, and improve our websites, mobile-enabled web, and display content. Approved third parties may also place cookies on your web or mobile browser when you use our online services.

How Bluemercury Uses Automated Technologies:

Technology Description of Interaction Primary Area Utilizing This Tech
Fulfillment Advertising Operations Security
Cookies, Pixels, Tags, and SDKs We use these technologies to improve our services and provide you with the best possible experience including to:
  • identify you,
  • provide relevant, interest-based advertising,
  • remember your preferences,
  • secure your access,
  • know when content has been shown to you,
  • provide aggregated auditing, research, and reporting for advertisers,
  • understand and improve our online services,
  • identify you across devices, such as smartphones, tablets, computers, or related browsers, and
  • detect and defend against fraud and other risks.
Global Privacy Control (GPC) Bluemercury recognizes if you are broadcasting the global privacy control (GPC) signal. Please note that your use of our websites may still be tracked by Bluemercury and/or our service providers, however the GPC signal does opt out your information from being shared with third parties.
For more information on Global Privacy Control, please visit https://globalprivacycontrol.org
Website Optimization Services Bluemercury shares data with Google Analytics and Adobe Analytics to understand and optimize website performance and enhance website usability for our customers. These services are required to maintain data securely and are not permitted to share data collected with parties other than Bluemercury. Google Analytics may associate and group session visits to our websites from various browsers and devices.

Other information technologies:

Technology Description of Interaction Primary Area Utilizing This Tech
Fulfillment Advertising Operations Security
Interest-Based or Online Behavioral Advertising (OBA) Bluemercury uses third-party advertising companies to serve interest-based advertisements. These companies compile information from various online sources (including mobile-enabled browsers) to match user profiles with ads we believe will be relevant, interesting, and timely.
Social Networks and Tech Advertising Programs Bluemercury has relationships with several social networks and tech companies. These companies have specific interest-based ads programs that match customers that have shown interest in Bluemercury through our websites or other services with their individual profiles (such as on Facebook) and platforms (such as Facebook and Google). This matching allows us to deliver relevant, interest-based ads on those companies' networks.
In-Store Wi-Fi Services Bluemercury locations may offer free Wi-Fi services to customers. Examples of data automatically collected through our Wi-Fi service include information about your device, including a MAC Address, and telemetry data (such as signal strength and quality) related to your use of our Wi-Fi service.
Vendors automatically receive and analyze Wi-Fi data to provide operational insights such as foot traffic volumes, dwell times, and how customers move through our stores.
Wi-Fi data is anonymously collected or de-identified unless we receive consent to use Wi-Fi data in a manner that identifies you or your device(s).
Video Cameras We use cameras in our stores for security purposes, loss prevention, and asset protection. We also use cameras in our stores for operational purposes, such as traffic pattern analysis. Cameras may include technology to capture age range, gender, and dwell time.
We will not use cameras to personally identify you, without your consent, except when the identification is for security, anti-theft, or law enforcement purposes.
Voice-Enabled Services We may use voice-enabled services (‘VES’) to provide you greater functionality and easier shopping experiences with services such as voice search for products (i.e., "Show me M-61 Skincare"). VES will only be used to facilitate specific requests. Voice files are not used to personally identify an individual and will not be associated with any individual Bluemercury account. Voice files will be retained by Bluemercury and any third-party voice-enabled service providers.
Voice-enabled services are opt-in by use. If you do not wish to opt-in to VES, do not use those features. VES does not include phone answering machine messages.
Back to top

Managing Your Preferences

This section details how you may exercise your preferences regarding any Personal Information Bluemercury may collect about you or your communication preferences.

Request Type Guidance
Update Accounts and Online Profiles
  • If you are registered user of bluemercury.com, you can update your information in My Account.
  • Call Customer Service at 800-355-6000.
Opt Out of Mobile Marketing Campaigns To opt out of Bluemercury Marketing Messages (for example, "Bluemercury Promo Alerts") for a specific mobile number, reply "STOP" to 25666 on your mobile phone/wireless device. You will receive a confirmation text that you have been opted out. For customers with a Bluemercury online account, you may also opt out by signing into My Account on bluemercury.com, clicking on my profile, and indicating your opt-out preference.

Note on Opting-Out of Mobile Marketing: If you opt-out of mobile marketing using any means other than replying "STOP", please allow 3-5 business days after contacting us to process your request. We do not share your mobile number with any third parties for marketing purposes.
Unsubscribe from Specific Email Communications To update your preferences or categories of promotional or marketing emails you receive from Bluemercury at a specific email address, you may:
  • Use the unsubscribe link in the footer of any email sent by Bluemercury.com.
  • Unsubscribe by signing into My Account on Bluemercury.com, clicking on my profile, and indicating your opt-out preference.
It may take up to 10 business days to process your request.
Operational emails (e.g., shipping confirmation or product recall information) do not provide an opt-out option.
Technology-Enabled Collection and Use Preferences In-Store Wi-Fi Services
  • If you do not wish for us to use your Wi-Fi analytic data in a de-identified manner, please turn off your mobile device or refrain from using our Wi-Fi services. For more information, visit: https://smart-places.org.

Cookies and Pixel Tags
  • Managing cookie preferences differs from browser to browser so please refer to your browser for further information. If you would like to disable cookies, please use the help function in your web browser to restrict cookies from our websites.

Website Optimization Services
  • If you would like to opt-out of Google Analytics on a per browser basis, please Click Here to download the Google Analytics opt-out browser add-on. For more information on Google Analytics, Click Here.
  • If you would like to opt out of Adobe Analytics on a per browser basis, please Click Here. For more information on Adobe Analytics, Click Here.

Interest-Based or Online Behavioral Advertising (OBA)
  • If you would like to opt-out of interest-based advertising, please Click Here. Please note that you will be opted out of all interest-based advertising from all companies participating in the Digital Advertising Alliance’s “WebChoices” and/or “AppChoices” customer choice tools for that specific browser on that specific device. If you opt-out, you may continue to see or receive online advertising from Bluemercury; however, these ads may not be as relevant to you.

Social Networks and Tech Advertising Programs
You can manage your preferences for many of these advertising programs through the links provided below:
Back to top

California Residents

California Shine the Light Law: If you reside in California, you have the right to ask us one time each year if we have shared Personal Information with third parties for their direct marketing purposes. To make a request please submit an inquiry to the following address: bluemercury’s Customer Service, Attn: Privacy Office,7250 Woodmont Ave, Bethesda, MD 20814. In your request, please specify that you want a "Your bluemercury California Shine the Light Notice." Please allow 30 days for a response.

If you are a minor under 18 and have a profile on bluemercury.com, you may ask us to remove reviews or other content that you posted on the site by writing to privacy@bluemercury.com. We will begin to process your request within 30 days. Please note that processing your request does not ensure complete or comprehensive removal of the content that you posted.

California Privacy Rights Act: You have the right to request information about how Bluemercury collects, processes, and shares your Personal Information. There may be situations where Bluemercury cannot grant a request, for example to complete a transaction to you or comply with law. These options do not apply to publicly available information from government records nor to deidentified or aggregated information.

Customer Right Detailed Description
Right to Deletion You may request deletion of applicable Personal Information Bluemercury has collected about you.
Upon verification of your request, Bluemercury will notify third parties to whom Bluemercury has shared your Personal Information to delete your information as well.
Right to Correct Inaccurate Personal Information You have the right to correct inaccurate Personal Information collected by Bluemercury.
If you are a registered user of bluemercury.com, you can correct your information in the My Profile section of My Account.
Alternatively, use one of the contact methods outlined below.
Right to Know / Access What Personal Information is Collected You have the right to know Personal Information Bluemercury has collected about you during the previous 12 months, including:
  • Categories of Personal Information we collected about you
  • Categories of sources from which we collected the Personal Information
  • Business or commercial purpose(s) for collecting your Personal Information
  • Specific pieces of Personal Information we collected
Right to Know What Personal Information is Sold or Shared You have the right to know Personal Information Bluemercury has sold or shared about you during the previous 12 months, including:
  • Business or commercial purpose(s) for selling your Personal Information
  • Categories of third parties with whom we share the Personal Information
  • Categories of Personal Information we have sold and categories of third parties to whom the information was sold
  • Categories of Personal Information we disclosed about you for a business purpose
Right to Opt Out of Sale or Sharing You have the right to opt out of the sale or sharing of any Personal Information Bluemercury has collected about you.
Right to Opt Out of Automated Decision Making You have the right to opt out of automated decision making, including profiling, against any information Bluemercury has collected about you.
Right to Limit Use and Disclosure of Sensitive Personal Information You have the right to opt out of the disclosure of Sensitive Personal Information to a third party if Bluemercury uses that information for any purpose other than the designated purpose you agreed to.
Right to No Retaliation Bluemercury will never discriminate nor retaliate against you if you choose to exercise any of these privacy rights.
Back to top

To exercise your customer rights, you may submit your request through the following methods:

Authorized Agents. If you would like to enter a request on behalf of a California resident, please submit the request via the Bluemercury Privacy Portal. Upon submission, you will be required to upload documentation showing proof of written permission from the customer authorizing you to submit a request on their behalf. We reserve the right to require customers to confirm their request and/or identity.

Do Not Sell or Share My Personal Information Requests
You may submit your request through the following methods:

You can also change your online tracking preferences by using the Cookie Preferences link located at the bottom of the bluemercury.com homepage.
Upon submission of the request, you will be asked to provide your first name, last name, and email address. You will receive a verification email that will ask you to provide some additional information, such as an address, state, zip code and phone number. We will use the information provided to match the identifying information we have to verify your identity before processing the request.

Loyalty/Financial Incentives

Bluemercury offers BlueRewards, a customer loyalty program with three tiers. Silver members are those who spend between $0 and $299 annually, Sapphire members spend between $300 and $999 annually, and Platinum members spend more than $1,000 annually. To participate, you must provide an email (so we can send reward and program-related information), first name, last name, and provide a password or sign-in to your bluemercurty.com account. The purpose of the BlueRewards loyalty program is to encourage repeat business with Bluemercury and enhance your shopping experience.

The benefits provided to customers (or realized by Bluemercury) vary by customer depending upon the purchases made, whether items are bought in-store or online, which offers a customer uses, and many other factors. Bluemercury also incurs a variety of expenses related to loyalty benefits. Those may include, for example, costs associated with discounts on purchases and free shipping. The benefits are reasonably related to the value of the data you provide.

The benefits of the BlueRewards program are described Here. The terms and conditions are available Here.

We will not discriminate against you for exercising your rights under CCPA. BlueRewards members also remain free to opt-out of email, phone, and text marketing at any time.

We also offer customers a discount promotion code for signing up for marketing emails. The promotion code is provided in a confirmation email. However, customers may opt out at any time thereafter and still retain the ability to use the promotion code. We provide this incentive because we want to be able to send offers by email. The cost of sending an email is nominal.

2021 California Metrics

Request Type Received Rejected or Unverified Completed Avg # of Days to Respond
Opt Out 12 4 8 4.25
Delete 5 0 5 11.25
Disclose 3 0 3 0.5
Back to top

Managing Customer Privacy (NV/VA)

This section describes rights residents Nevada and Virginia have regarding the management of your Personal Information. There may be situations where Bluemercury cannot grant a request, for example to complete a transaction to you or comply with law. These options do not apply to publicly available information from government records nor to deidentified or aggregated information.

Identity Verification

As required by law, we may require you take steps to verify your identity and/or legal authority prior to processing any request Bluemercury receives from or about you. In response to all requests, we will send a message to the email address provided in the request. Please follow the instructions to verify your request. We will use the information provided to match the identifying information we have to verify your identity before processing the request. No action will be taken on requests not verified within 7 days.

Customer Request Detailed Description
Right to Deletion (VA only) You may request deletion of applicable Personal Information Bluemercury has collected about you.
Upon verification of your request, Bluemercury will notify third parties to whom Bluemercury has shared your personal information to delete your information as well.
Right to Correct Inaccurate Personal Information (VA only) You have the right to correct inaccurate Personal Information collected by Bluemercury
If you are a registered user of bluemercury.com, you can correct your information in My Account.
Right to Know / Access What Personal Information is Collected (VA only) You have the right to know Personal Information Bluemercury has collected about you during the previous 12 months, including:
  • Categories of Personal Information we collected about you
  • Categories of sources from which we collected the Personal Information
  • Business or commercial purpose(s) for collecting your Personal Information
  • Specific pieces of Personal Information we collected
Right to Know What Personal Information is Sold or Shared You have the right to know Personal Information Bluemercury has sold or shared about you during the previous 12 months, including:
  • Business or commercial purpose(s) for selling your Personal Information
  • Categories of third parties with whom we share the Personal Information
  • Categories of Personal Information we have sold and categories of third parties to whom the information was sold
  • Categories of Personal Information we disclosed about you for a business purpose
Right to Opt Out of Sale or Sharing You have the right to opt out of the sale or sharing of any Personal Information Bluemercury has collected about you.
Right to Opt Out of Automated Decision Making (VA only) You have the right to opt out of automated decision making, including profiling, against any information Bluemercury has collected about you.
Right to Appeal (VA Residents Only) Virginia residents have the right to appeal should Bluemercury be unable to take action on your privacy rights request.
Right to No Retaliation Bluemercury will never discriminate nor retaliate against you if you choose to exercise any of these privacy rights.

Contact Methods

You may submit your privacy request through the following methods:

You can also change your online tracking preferences by using the Cookie Preferences link located at the bottom of the bluemercury.com homepage.

Back to top

Ownership of Customer Data

If Bluemercury or any of its subsidiaries is sold to or otherwise acquired by a third party, all Bluemercury data assets will become the property of the acquiring party. Such a party will be subject to any consent(s), opt-outs, or other customer conditions on data. A change in data ownership may or may not include a notice on the primary online sites of Macy's, Inc., or the affected subsidiary sites.

Back to top

Additional Disclosures

  1. Information About Children Under 13

    • The Children's Online Privacy Protection Act imposes requirements on Web sites that collect personal information about children under 13 years old (for example - name, address, email address, social security number, etc.). Our current policy is not to collect any personal information on any person under 13 years old online. For this reason, our sweepstakes and other promotions conducted online are restricted to entrants who are at least 13 years old.
    • If this policy changes, we will revise this portion of our Notice of Privacy Practices and will comply with the requirements of the Children's Online Privacy Protection Act, which includes providing notice and choice to each child's parent or guardian before collecting any Personal Information.
  2. Opt-In Consent for Minors

    • bluemercury’s services are offered to the customers who are of the age 16 years and above. No programs, services or offerings are intended for children under the age of 16.
Back to top