Privacy Notice

Effective as of February 11, 2021

At e.l.f. Beauty (“we” or “us”), we believe in being clear and open about how we collect and use personal information related to you. In the spirit of transparency, this Privacy Notice provides you with information about the types of personal information we collect, how we use such personal information and to whom and under what circumstances we disclose it.

This Privacy Notice applies to personal information we collect from you, or that you provide to us, and communications from us, in connection with your use of our websites, our mobile applications (if available in your country), promotions in which we are involved, and social media. Please read this Privacy Notice carefully so that you understand your rights in relation to your personal information, and how we will collect, use, and process your personal information.

If you do not agree with this Privacy Notice in general or any part of it, you should not use our websites, or request material from us, as applicable.

If you are a California resident, please see the California Residents Privacy Addendum for additional information about our privacy practices and your rights as a California resident.

If you are resident of the European Economic Area (the “EEA”) or the United Kingdom, please see the EU/UK Privacy Addendum for additional information about our privacy practices and your rights as a resident of the EEA or the UK.

What INFORMATION DO WE COLLECT, HOW DO WE COLLECT IT, AND HOW DO WE USE IT?

We collect information about you in many ways from many places. Some of the information we collect may include information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your device (“personal information”). In some countries like those in the EEA or the UK or in states like California, things like IP address or cookie and mobile device identifiers may also be considered personal information. When we collect information from you, we indicate any information that you are required to provide to us, and the consequences of the failure to do so.

Whenever we use your personal information, we will have a reason to do this.

We use your personal information for one or more of the following business purposes:

to fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our brands or products, we will use that personal information to respond to your inquiry.
to provide, support, and develop our websites, products, and services;
to process your requests;
to provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;
to deliver requested news alerts via email (with your consent, where required by law);
to help maintain the safety, security, and integrity of our websites, mobile applications, products, and services, including to detect, prevent, or otherwise address fraud, security, or technical issues; and
to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users is among the assets transferred.

In particular, in the table below, we explain:

what activity or scenario you are involved in when we use or collect your personal information;
what categories of personal information we collect when you take part in a particular activity;
what we do with your personal information, and the purposes for collecting and using it; and
solely for purposes of the General Data Protection Regulation (the “GDPR”) (or UK equivalent) (which is only applicable to residents of the EEA or the UK, as applicable), our legal basis for using your personal information

What We Collect
News Alerts Identifiers that we collect, or you give us, when you sign up for our news alerts: your email address.

How We Use It
We use this personal information to: send you the requested news alerts; keep an up to date suppression list if you have asked not to be contacted; and run analytics, statistics, and research.

Our Legal Basis for Processing, Using, and Storing It for Purposes of the GDPR or the UK GDPR
We base this processing on: your consent to receiving the requested news alerts from us; and our legitimate interests—we have a legitimate business interest in improving our products and services.

What We Collect
Questions and Customer Service Identifiers that we collect, or you give us, when you communicate with us whether in person, through our websites, mobile applications, through via email, over the phone, through social media or via any other medium, including: your contact details including: your first and last name, mailing address, email address, social media account name, or whatever method you use to contact us; the details of your communications with us; and the details of our communications to you.

How We Use It
We use this personal information to: answer and manage your questions; and run analytics, statistics, and research.

Our Legal Basis for Processing, Using, and Storing It for Purposes of the GDPR or the UK GDPR
We base this processing on: performance of a contract—so that we can answer and manage your questions; and our legitimate interests—we have a legitimate business interest in (i) improving our products and services; and (ii) securing our tools.

What We Collect
Online Browsing Identifiers and internet or other electronic network activity that we collect through your use of our websites (which may be through cookies), including: Internet Protocol (IP) address; MAC address; browser type; operating system; device identifying personal information; the specific web pages visited during your connection; the domain name from which you accessed our websites; and your browsing behavior, such as the date and time you visit our websites, the areas or pages of our websites that you visit, the amount of time you spend viewing our websites, the number of times you return to our website, and other clickstream data. For more information on cookies, see “Cookies and Traffic Data” Section.

How We Use It
We use this information to: allow our websites to function properly (for example, to ensure the proper display of content); improve our websites (for example, by testing new ideas or layouts) ensure our websites are secure and safe, and to protect you against fraud or misuse of our websites or services (for example through performing troubleshooting); and run analytics, statistics, and research.

Our Legal Basis for Processing, Using, and Storing It for Purposes of the GDPR or the UK GDPR
We base this processing on: our legitimate interests—we have a legitimate business interest in (i) operating and improving our websites, products and services; (ii) preventing fraud; and (iii) securing our tools.

We obtain all of the above personal information directly from you.

Cookies and Traffic Data

Cookies

Certain cookies and web beacons that we employ are necessary for the operation of our website. Other cookies that we employ are not necessary for the operation of our websites but are employed to enhance your use of our websites and shopping experience.

Our cookies include session cookies (temporary cookies that identify and track users within our websites which are deleted when you close your browser or leave your session) or persistent cookies (cookies which enable our websites to “remember” who you are and to remember your preferences within our websites and which will stay on your computer or device after you close your browser or leave your session).

We use the following different types of cookies:

Strictly Necessary
These are cookies which are needed for our websites to function properly, for example, these cookies allow you to access secure areas of our websites or to remember what you have put into your shopping basket.

Performance
These cookies allow us to keep a record of traffic data, count visits, traffic sources, access rates, page hits and page views so we can measure and improve the performance of our website. They help us know which pages are the most and least popular and see how visitors move to and from and around our website.

You can find more general information about cookies and generally how to manage them at www.allaboutcookies.org and www.youronlinechoices.com.

Google Analytics

We use Google Analytics, which is a web analytics tool that helps us understand how users engage with our website. Like many services, Google Analytics uses first-party cookies to track user interactions, as in our case, where they are used to collect details about how users use our website. This information is used to compile reports and to help us improve our website. The reports disclose trends without identifying individual visitors.

Google Analytics services are provided in Europe by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and elsewhere by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and other affiliated Google entities.

Google Analytics uses cookies to collect information about visitors to our websites (data related to the user’s device/browser, IP address and on-site activity). They measure and report on user interactions on our websites. This includes details of the volume and nature of traffic to our websites (for example, which pages users visit first, which pages are most popular, how long users stay on the site, and geographical region of users). Google may also use data collected from these reports to improve their own services, for benchmarking purposes and to provide technical support.

You can find out more about how Google uses personal information here: https://policies.google.com/privacy.

For residents of the EEA or the UK that are subject to the GDPR, we base the use of Google Analytics on your consent.

You can opt out of Google Analytics without affecting how you visit our websites – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.

HOW WE SHARE YOUR PERSONAL INFORMATION?

For Business Purposes

We personal information collected from, and about, you for a business purpose with service providers who help us run our business, including news alerts providers, analytics service providers, cloud storage providers, and IT service providers. We share only the personal information needed for these service providers to complete the tasks we request.

With Your Consent

In certain circumstances and where required by law, we disclose personal information collected from, and about, you with companies, organizations or individuals with your express consent.

For Legal Reasons

We also share personal information collected from, and about, you with third-parties if we are legally required to do so, or if we have a good-faith belief that access, use, preservation or disclosure of the personal information is reasonably necessary to:

comply with any applicable federal, state, or local law, regulation, civil, criminal or regulatory inquiry, investigation legal process or enforceable governmental request;
respond to legal process (such as a search warrant, subpoena, summons or court order);
enforce our Terms of Use (or other terms of service for our websites or mobile applications), including investigation of potential violations;
detect, prevent or otherwise address security, fraud or technical issues;
cooperate with law enforcement agencies concerning conduct or activity that we reasonably and in good faith believes violate federal, state, or local law; or
exercise or defend legal claims, protect against harm to our rights, property or safety or the rights, property or safety of third-parties, our consumers, or the public as required or permitted by law (exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).

Affiliated Brands and Companies

We also share personal information collected from, and about, you with our corporate affiliates or other brands in the e.l.f. Beauty portfolio.

In Connection with a Sale or Merger

If we directly or indirectly undergo a business transition (including proposed transactions), like a merger, acquisition by another company, or sale of all or part of our assets, we may disclose or transfer personal information collected from, and about, you to the successor organization in the transition.

Aggregated, Non-Personally Identifiable Information

We share aggregate, non-personally identifiable information with our service providers in order for those service providers to enhance and optimize their services and for statistical analysis, research, and other purposes.

YOUR CHOICES

Withdrawing Your Consent for (Opting-Out of) News Alert Emails

If you do not wish to receive news alert communications from us, you can opt-out of receiving these communications by following the instructions contained in the messages you receive. You can also opt out of receiving these communications on the “Email Alerts” page of our website.

Withdrawing Your Consent for (Opting-Out of) Cookie Tracking

You can set your browser to reject cookies, warn you about attempts to place cookies on your computer or device, or limit the type of cookies you allow. You can also manually delete individual or all the cookies on your computer or device by following your browser’s or device’s help file directions. You can also set your browser or device to delete cookies every time you finish browsing. Please note that browser- and device-management tools for cookies are outside of our control and we cannot guarantee their effectiveness. Please also note that flash cookies operate differently than browser cookies and cookie management tools available may not remove flash cookies.

Please note that if you turn off cookies that are not necessary for the operation of our websites, your browser or device is set to reject cookies, or you manually delete cookies, some or all the features and functionality of our websites may not function properly (including features we add to our websites in the future).

SECURITY OF YOUR PERSONAL INFORMATION

We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized access, destruction, loss, alteration, disclosure or use.

COMPLAINTS

We strive to be transparent about the ways in which we collect and use personal information and welcome your questions and concerns. If you have any concern or complaint about the way we handle your personal information, please contact us using the contact information detailed in the “Contact Us” section.

To the extent you believe we have not addressed your concerns or otherwise choose to do so, you have the right to complain to a supervisory authority in the country where you reside. In the UK, contact details for the relevant supervisory authority are available here. In the EEA, contact details for the relevant supervisory authority are available here.

OUR POLICIES CONCERNING CHILDREN

Our websites are not directed to children, nor do we knowingly collect any personal information from, children under the age of 13 (or with respect to residents of the EEA, children under the age of 16) without verifiable parental or legal guardian consent.

THIRD PARTY WEBSITES

Our websites or mobile applications contain links to third-party websites, such as social media websites (for example, Instagram, Facebook, YouTube, TikTok, Pinterest, Twitter, and Snapchat), each of which have privacy policies that differ from this Privacy Notice. We are not responsible for the activities and practices that take place on these websites. Accordingly, we recommend that you review the privacy policy or privacy notice/statement posted on any external website before disclosing any personal information. Please contact those websites directly if you have any questions about their privacy policies.

CHANGES TO THIS PRIVACY NOTICE

We may change this Privacy Notice from time to time, including as required to keep current with rules and regulations, new technologies and security standards. When we do, we will post the change(s) on the applicable page of our website. For significant changes, we will notify you by posting a notice on the applicable website indicating at the top of the Privacy Notice when it was most recently updated or notify you in another appropriate manner. If you wish to review a copy of the privacy notice effective prior to the effective date of this Privacy Notice, please contact us using the contact information detailed in the “Contact Us” section.

CONTACT US

If you have questions or concerns about this Privacy Notice or how we collect and use the information of our consumers, please contact us by webform, by phone at (212) 239-1530 (Weekdays 9:30am-5:30pm EST) or by email at elfcare@elfcosmetics.com or elfcare.eu@elfcosmetics.com (for EEA residents).

You may also write to us at:

e.l.f. Beauty, Inc.
570 10th Street, 3^rd Floor
Oakland, CA 94607
ATTN: Legal Department
RE: Privacy Info

CALIFORNIA RESIDENTS PRIVACY ADDENDUM

Last Updated: February [], 2021

Please note that the California Residents Privacy Addendum only applies to California residents.

COLLECTION AND SHARING OF PERSONAL INFORMATION

Collection of Personal Information

During the 12-month period prior to the effective date of this California Residents Privacy Addendum, we have collected the personal information listed in the section “What Information Do We Collect, How Do We Collect It, And How Do We Use It?” in the Privacy Notice.

Sharing of Personal Information

In the table below, we explain the categories of personal information we have shared with third parties and the categories of third parties with whom we shared your personal information during the 12-month period prior to the last update of this California Residents Privacy Addendum.

What We Share
Identifiers, including your first and last name, billing address, mailing address, email address, and internet protocol address;

Who We Share It With
We share this information with: news alerts providers; analytics service providers cloud storage providers; IT service providers; and our affiliated entities and subsidiaries.

What We Share
Internet or other electronic network activity information, including browsing history, search history, and information regarding your interaction with our website

Who We Share It With
We share this information with: analytics service providers cloud storage providers; IT service providers; and our affiliated entities and subsidiaries.

Sale of Personal Information

We do not sell your personal information for monetary compensation.

During the 12-month period prior to the last update of this California Residents Privacy Addendum, we have not sold (for the purposes of the California Consumer Privacy Act (the “CCPA”)) your personal information.

We do not have actual knowledge that we sell personal information of individuals under the age of 16.

CALIFORNIA PRIVACY RIGHTS

Freedom from Discrimination

As a California resident, you have certain privacy rights such as the right to access your personal information, the right to deletion your personal information, and the right to opt out of the sale of your personal information. We will not discriminate against you because you have exercised any of these rights. In particular, unless permitted by law, if you exercise your rights, we will not:

deny you goods or services;
charge you a different price or rate for goods or services;
provide you a different level or quality of goods or services; or
suggest that you will receive a different price or level of quality of goods or services.

Right to Access

California residents, subject to verification, can request information from us about the information we collect, use, disclose and sell, from and about them, over the past 12 months, including:

the categories of personal information we have collected about you;
the categories of sources from which the personal information is collected;
the business or commercial purpose for collecting or selling your personal information;
the categories of third parties to whom we have disclosed or sold your personal information;
the specific pieces of personal information we have collected about you; and
the categories of personal information we disclosed or sold for a business purpose.

If you wish to access any personal information or if you wish to request information from us about the information we collect from and about you over the past 12 months, please contact us using the contact information detailed in the “Exercising Your California Privacy Rights” section.

Right to Delete

California residents, subject to verification, can request that we delete any personal information we have collected from them subject to a number of exceptions, including, but not limited to, if the information is necessary for us or our service provider to:

complete your transaction;
provide you a good or service;
provide you a good or service;
protect your security and prosecute those responsible for breaching it;
fix our system in the case of a bug;
protect the free speech rights of your or other users;
comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.);
engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws;
comply with a legal obligation; or
make other internal and lawful uses of the information that are compatible with the context in which you provided it.

If you wish to request that your personal information is deleted, please contact us using the contact information detailed in the “Exercising Your California Privacy Rights” section.

We will need to retain certain records, for example those relating to customer service matters, or for legal and accounting purposes.

Opting Out of the Sale of Personal Information

California residents can request that we do not sell their personal information. If you wish to request that we do not sell your personal information, please contact us using the contact information detailed in the “Exercising Your California Privacy Rights” section.

Other Rights

California law permits our consumers who are California residents to request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and can be made once a year using the contact information detailed in the “Exercising Your California Privacy Rights” section.

If you are under 18 years of age, reside in California, you have the right to request removal of unwanted information that you publicly post on our websites or mobile applications. To request removal of such information, please contact us using the contact information detailed in the “Exercising Your California Privacy Rights” section. Upon receiving such a request, we will make sure that the information is not publicly available on our websites or mobile applications, but the information will not be completely or comprehensively removed from our systems and databases.

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and/or across different websites. Because there is no standard interpretation or practice for Do Not Track signals, we don’t support Do Not Track requests at this time. However, to opt-out of cookie and web beacon tracking, please see the “Withdrawing Your Consent for (Opting-Out of) Cookie Tracking” section.

Exercising Your California Privacy Rights

To make any of the requests or exercise any of your California privacy rights, including your right to access or deletion, please contact us using one of following methods. Please note that you can only make a verifiable consumer request for access twice within a 12-month period.

To protect your information, we may need to verify your identity before processing any requests to exercise your right to access and right to request deletion. This will include verifying that the email address you provide in connection with your request matches the email address we maintain on file for you. In some cases, we may ask that you provide additional information to verify your identity.

You can exercise these rights yourself or you can designate an authorized agent to make these requests on your behalf. We will request that your authorized agent have written permission from you to make requests on your behalf (or that you otherwise directly confirm the agent has permission to submit the request) and will need to verify your identity.

Via the Internet. If you wish to exercise any of your California privacy rights via our website, please use the following link “Privacy Rights Request Form” (note that this link will take you to a request form for e.l.f. Cosmetics, Inc. (our main operating subsidiary). Please follow the instructions on the form to make your request.

By mail. If you wish to exercise any of your California privacy rights, you can write to us at the following address. Please include your full name, mailing address, and any email address associated with your activity with us, and let us know which California privacy right you are exercising and that you are exercising your California privacy rights with respect to e.l.f. Beauty so that we can process your request or exercising of your rights in an efficient manner.

e.l.f. Beauty, Inc.
570 10th Street, 3^rd Floor
Oakland, CA 94607
ATTN: Legal Department
RE: California Privacy Info

By telephone. If you wish to exercise your right to access or your right to deletion via telephone, please call us at the following toll-free number: (888) 315 9814. When you call us, please let us know that you are exercising your California privacy rights, which California privacy right you are exercising, and that you are exercising your California privacy rights with respect to e.l.f. Beauty so that we can process your request or exercising of your rights in an efficient manner.

CONTACT US

If you have questions or concerns about this California Residents Privacy Addendum, please contact us by webform, by phone at (212) 239-1530 (Weekdays 9:30am-5:30pm EST) or by email at elfcare@elfcosmetics.com

You may also write to us at:

e.l.f. Beauty, Inc.
570 10th Street, 3^rd Floor
Oakland, CA 94607
ATTN: Legal Department
RE: California Privacy Info

EU/UK PRIVACY ADDENDUM

Effective Date: February [], 2021

Please note that the EU/UK Privacy Addendum only applies to residents of the EEA and the UK.

WHO WE ARE

For purposes of data protection laws, regardless of where you reside, e.l.f. Cosmetics, Inc., a corporation registered in the state of Delaware, USA is the controller of the personal information you provide to us, or that is collected or processed by or for us. Contact information for e.l.f. Cosmetics, Inc. can be found here.

Our representative for purposes of Article 27 of the GDPR is Thilo Noack at SBS Data Protect GmbH. The address and contact information for SBS Data Protect GmbH is:

SBS Data Protect GmbH
Attention: Thilo Noack
Hans-Henny-Jahnn-Weg 49
22085 Hamburg, Germany
info@sbs-data.de
+49 40 7344086-0
+49 177 6422164

INTERNATIONAL OPERATIONS AND DATA TRANSFERS OUT OF EUROPEAN COUNTRIES

IMPORTANT: Your personal information will be sent to the United States and possibly other countries.

Our websites are hosted in the United States. If you are visiting one of our websites from outside the United States, your personal information will be transferred to, stored in, or processed in, the United States and transferred to, stored in, or processed in additional countries where our third-party service providers maintain facilities or operations. These countries include the United Kingdom, Ireland, the Netherlands, and Germany.

Where we transfer, store, or process your personal information outside of the EEA or the UK:

we do so to the extent such transfer, storage, or processing is needed to fulfil a contract between us; or
we rely on other methods to ensure an adequate level of data protection:

Adequacy Decisions: Some of our third-party service providers are based in countries that the European Commission has found to have adequate levels of protection for personal information; or
Model Clauses: We rely on the European Commission’s model contracts for the transfer of personal information to third countries (i.e. the standard contractual clauses) when transferring personal information to our third-party service providers who are located in countries that the European Commission has not found to have adequate levels of protection for personal information.

You can request a copy of the instruments we use by contacting us using the contact details provided in the “Contact Us” section.

Please note that the data protection and other applicable laws of the United States or other countries may not be as comprehensive as those laws or regulations in your country or may otherwise differ from the data protection or consumer protection laws in your country. Your personal information may be available to government authorities under lawful orders and law applicable in such jurisdictions.

HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?

How long we retain your personal information depends on why and how we collected it and how we use it. We will keep your personal information for as long as we need it to provide you with your requested service(s) or to meet our commercial or legal obligations as explained further below.

To determine the retention period of your personal information, we consider several criteria to make sure that we do not keep your personal information for longer than is necessary or appropriate. These criteria include:

the purpose for which we hold your personal information;
our legal and regulatory obligations in relation to that personal information, for example any financial reporting obligations or statutory retention obligations (for example, under commercial or tax law which usually last from seven years);
whether our relationship with you is ongoing;
any specific requests from you in relation to the deletion of your personal information; and
our legitimate business interests in relation to managing our own rights, for example the assertion or defense of any claims within the statutes of limitation, which is usually three years to the end of a calendar year but can be up to thirty years.

When we no longer need to retain your personal information, it will be deleted or be anonymized so that you can no longer be identified from it.

Please note, that, other than in response to a request to delete your personal information, we have no obligations to notify you when deleting your personal information and can do it at our sole discretion.

GDPR / UK GDPR PRIVACY RIGHTS

Accessing, Correcting, and Updating Your Personal Data

You have the right to access, correct, and update your personal information. If you wish to access, correct, or modify any personal information (or if you wish to know the purposes for which your personal information is processed, the categories of data processed, third party recipients, if any, of your personal information, or third party sources, if any, of your personal information), please contact us using the contact information detailed in the “Exercising Your GDPR Privacy Rights” section.

Requesting Copies of Your Personal Data (Portability Request)

You have the right to request copies of your personal information held by us in a structured, commonly used, and machine-readable format and/or request us to transmit this personal information to another service provider (where technically feasible). If you wish to request copies of your personal information held by us, please contact us using the contact information detailed in the “Exercising Your GDPR Privacy Rights” section.

Requesting We Delete Your Personal Data

You have the right to request that we delete your personal information. If you wish to request that your personal information is deleted, please contact us using the contact information detailed in the “Exercising Your GDPR Privacy Rights” section.

We will need to retain certain records, for example those relating to open orders, payments, or customer service matters, or for legal and accounting purposes.

Objecting to Processing of Your Personal Data

You have the right to object, for legitimate purposes, to the processing of personal information as provided under applicable law. If you wish to object to processing of your personal information, please contact us using the contact information detailed in the “Exercising Your GDPR Privacy Rights” section.

Requesting that We Restrict Processing

You have the right to request that we restrict processing of your personal information. If you wish to request that we restrict processing of your personal information, please contact us using the contact information detailed in the “Exercising Your GDPR Privacy Rights” section.

Withdrawing Consent

If you wish to withdraw your consent to receiving news alert emails, please follow the applicable procedure in the “Your Choices” section or, if not addressed, please contact us using the contact information detailed in the “Exercising Your GDPR Privacy Rights” section.

Please note that if you withdraw consent for a particular feature, we cannot provide or continue to provide certain services or communications to you and that withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Right to Give Us Postmortem Instructions (If Such Rights Exist in the Country Where You Reside)

If such rights exist in the country where you reside, you wish to give us guidelines regarding the retention, erasure and disclosure of your personal information after your death, please contact us using the contact information detailed in the “Contact Us” section. When you contact us, please be sure to note your country of residence and that you are giving us guidelines regarding the retention, erasure and disclosure of your personal information after your death in compliance with the law as well as that you are giving us instructions with respect to e.l.f. Beauty so that we can efficiently process request.

If you need assistance or if you have questions about your right to give us post mortem instructions, please contact us using the contact information detailed in the “Contact Us” section.

Exercising Your GDPR / UK GDPR Privacy Rights

To make any of the requests or exercise any of your GDPR / UK GDPR privacy rights, including your right to access or deletion, please contact us using one of following methods. We respond to all data protection requests we receive in accordance with applicable data protection laws.

Via the Internet. If you wish to exercise any of your GDPR / UK GDPR privacy rights via our websites, please use the following link “Privacy Rights Request Form” (note that this link will take you to a request form for e.l.f. Cosmetics, Inc. (our main operating subsidiary). Please follow the instructions on the form to make your request.

By mail. If you wish to exercise any of your GDPR / UK GDPR privacy rights, you can write to us at the following address. Please include your full name, mailing address, and any email address associated with your activity with us and let us know which GDPR / UK GDPR privacy right you are exercising and that you are exercising your GDPR / UK GDPR privacy rights with respect to e.l.f. Beauty so that we can process your request or exercising of your rights in an efficient manner.

e.l.f. Beauty, Inc.
570 10th Street, 3^rd Floor
Oakland, CA 94607
ATTN: Legal Department
RE: EEA/UK Privacy Info

By telephone. If you wish to exercise your right to access or your right to deletion via telephone, please call us at the following toll-free number: (888) 315 9814. When you call us, please let us know that you are exercising your GDPR / UK GDPR privacy rights, which GDPR / UK GDPR privacy right you are exercising, and that you are exercising your GDPR / UK GDPR privacy rights with respect to e.l.f. Beauty so that we can process your request or exercising of your rights in an efficient manner.

Other Methods. You may also contact us using the contact information detailed in the “Contact Us” section. When you contact us, please let us know that you are exercising your GDPR / UK GDPR privacy rights, which GDPR / UK GDPR privacy right you are exercising, and that you are exercising your GDPR / UK GDPR privacy rights with respect to e.l.f. Beauty so that we can process your request or exercising of your rights in an efficient manner.

CONTACT US

If you have questions or concerns about this EU/UK Privacy Addendum, please contact us by webform, by phone at (212) 239-1530 (Weekdays 9:30am-5:30pm EST) or by email at elfcare.eu@elfcosmetics.com.

You may also write to us at:

e.l.f. Beauty, Inc.
570 10th Street, 3^rd Floor
Oakland, CA 94607
ATTN: Legal Department
RE: EEA/UK Privacy Info