Privacy policy at LUSH

Protecting your personal data (your “Data”) is a serious matter for LUSH, the Luxury Sustainable Hotels and Retreats International Association, hereinafter referred as “LUSH”. This privacy policy (the “Privacy Policy”) explains how we collect and use your Data, in compliance with applicable legislation. We also encourage you to read our Cookie Policy. 

1.  Who is the controller of your data?

Whenever dealing with one of LUSH companies (the “Company”), the controller of your Data will be the Company that decides how and why your Data is processed.  

For the management of the Group website, the controller of your Data is LUSH. 

Where this Privacy Policy refers to “we”, “our” or “us” below, this shall mean the particular Company that is the controller of your Data.

2.  What does this privacy policy apply to?

This Privacy Policy applies to all your Data collected by LUSH, whether through LUSH websites or by any other means. If your local legislation requires so, this Privacy Policy may be supplemented by local specifications that we invite you to read carefully. 

LUSH websites or applications may contain links to the websites of our partner networks and/or affiliates. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. 

This Privacy Policy may occasionally be updated. Please refer to the latest version online. 

3. Which data do we collect from you?

We may collect Data that you provide us with through various channels, including websites, social media, events, telephone contacts, email or otherwise. Such Data may include: 

– Identification information (e.g. name, surname, date of birth); 
– Contact details (e.g. postal address, e-mail address, phone number);
– Job title/position in your company, if you are acting in a professional context;
– Records of correspondence with the Company and responses to our surveys.  

We may also collect your Data by automatic means, including cookies and other tracking devices. Please note that your IP address will never be used to identify you as a physical person but will simply enable us to determine the city from where you are connected. See our Cookie Policy  for more information. 

We may obtain your Data from external sources, for example from third party companies or publicly available sources. This Privacy Policy applies to any of these Data and, whenever possible, we will inform you of the source from which we have obtained them. 

4. For what purpose do we use your data?

We mainly use your Data for the purpose of managing our customer/prospect relationships, notably when:

– Processing orders and delivering products;
– Responding to your requests, 
– Managing products claims;
– Sending you news and information about our products that may interest you;
– Managing loyalty programs;
– Conducting surveys to improve our services and products;
– Organizing contests;
– Generating statistics for marketing analysis.

We may process your Data for any other specific purpose indicated at the time of Data collection.

5. On which legal grounds do we use your data?

Taking into consideration the purpose, your Data are processed on the following legal grounds:

– Where it is required for the performance of a contract we have with you;
– Where it is necessary to pursue our legitimate interests, including:
– network and information security to protect your Data against loss, damage or unauthorized access
– assess our services through recordings of calls with our contact centers
– direct marketing activities (other than where we rely on your consent);
– where it is necessary to comply with a legal obligation, notably to assist a public authority or an investigation body;
– where you have given your explicit consent for specific and determined purposes.​

6.   Who do we share you data with?

We may share your Data with: 

– other entities within LUSH for internal administrative purposes;
– our trusted third party suppliers to perform a range of business services on our behalf, such as hosting and maintenance services;  
– third parties that may offer services in relation to our own products and services;
– judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law.

In all cases, we will only share your Data on a “need-to-know” basis to fulfill the purposes defined above. 

7. Where do we store your data?

Your Data are stored either in our database or in the database of our service providers. 

Due to the international dimension of LUSH, and in order to optimize the quality of our services, your Data may be transferred outside of your home country. In case of transfer to countries located outside of the European Economic Area (the “EEA”), we will use appropriate legal safeguards to ensure your Data will be handled in compliance with the terms of this Privacy Policy. 

To obtain a copy of these safeguards or details of where you can access these documents, you can send us a written request as set out in section 10 of the Privacy Policy.

8. How do we ensure security and confidentiality of your data?

We are committed to ensuring the security of your Data. To this end, we maintain appropriate technical and organizational measures to avoid, as far as possible, any accidental or unlawful destruction, loss, alteration, or unauthorized access.

9. For how long do we keep you data?

We will retain your Data for the period of time necessary to achieve the purpose for which they were collected, within the limits provided by applicable law. In some circumstances, we may keep your Data for a longer period of time in order to satisfy legal, accounting or reporting requirements.

10.  What are your rights and how can you exercise them?

Subject to applicable law, you may have the right:

– To access your Data;
– To correct and update your Data;
– To erase your Data;
– To restrict the processing of your Data;
– To object to the processing of your Data, mainly when the processing is based on our legitimate interests;
– To withdraw your consent at any time;
– To request the return of your Data in a structured data file, either to you or to a third party, where technically feasible (data portability);
– To lodge a complaint with the competent data protection authority.

Please note that we may require proof of your identity and full details of your request before processing it.

The data will only be used to verify your identity and will not be stored for longer than needed for this purpose.  

We will reply in a reasonable delay, in accordance with the applicable regulations.

The above policy applies to

Exciting News! LUSH is Now REGENERA

We’re thrilled to announce our rebrand as REGENERA, Regenerative Luxury Hotels & Retreats Global Association. Join us as we embark on this exciting journey to redefine luxury and sustainability in hospitality. Discover what REGENERA has to offer and be part of a transformative movement in the industry.