Back

Single Sign-on Privacy Notice

Effective Date: XX-May-2025

The Estée Lauder Companies (“ELC”, “we”, “us”, “our”) respects your privacy and values the relationship we have with you. This Privacy Notice describes how ELC collects, uses, discloses and safeguards your personal information in relation to Single Sign-on (the “Platform”). If you are an employee, please review your local HR Privacy Policy for additional information on ELC's privacy practices.

For the purposes of this Privacy Notice, if you are an employee, the data controller will be your hiring entity and if you are a consultant, the data controller will be the entity having the contractual relationship with you.

HOW WE COLLECT & PROCESS PERSONAL INFORMATION

We may collect or process the following types of personal information about you in connection with the Platform.

Purpose Type of Data Sources
Authentication

  • Name

  • Employee ID or other identifier

  • Work or Personal Email

  • Active Directory username

  • Work or Personal Mobile Number

  • Job Title

  • Organization information

  • Work Location

  • Employee or Consultant Start and End dates

  • If you are an employee, your personal information will be obtained from the ELC HR system.

  • If you are a consultant or other third-party, your personal information will be obtained from your ELC business contact.
Authentication

  • Password

  • Directly from you

LEGAL BASIS OF PROCESSING

The legal basis upon which we rely to process your personal information varies based on applicable law and the country in which you reside. In connection with the Platform, we will process your personal information based on our employment or contractual relationship with you. Otherwise, we will process your personal information based on your consent.

HOW WE SHARE AND TRANSFER YOUR PERSONAL INFORMATION

We may transfer personal information to affiliates as well as service providers who perform services on our behalf based on our instructions. We do not authorize our service providers to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements. The primary service providers used in connection with the Platform are:

Name of service provider Services
Ping Identity Single Sign-On, Multi-factor authentication, and access management
Sailpoint Identity management and governance
Wipro Managed services

Our affiliates and service providers may transfer, store or process personal information in countries other than the country in which the information was originally collected. Those countries may not have the same data protection laws as your country of residence, and your personal information will be subject to applicable foreign laws. When we transfer your personal information to other countries, we will protect that information in the manner described in this Privacy Notice. We will also comply with applicable legal requirements providing adequate protection for the transfer of personal information, such as the conclusion of data transfer agreements, E.U. Standard Contractual Clauses, or other applicable data transfer mechanisms. For additional information or, where permitted under applicable local privacy laws, to receive a copy of the data transfer mechanism, please contact us as indicated below.

YOUR PRIVACY RIGHTS

Depending on local laws, you may have rights with respect to your personal information. For example, you may be able to request access to the personal information we maintain about you, update and correct inaccuracies in your personal information, and have the personal information deleted or transmitted to a third-party. For details on what rights apply to you and how to submit a data subject rights request, review your local HR Privacy Policy (if you are an employee) or submit a request through our Privacy Request Portal.

HOW WE USE COOKIES

Cookies are small text files that websites place on your Internet-connected device to uniquely identify your browser or to store information or settings in your browser. We use the following cookies in connection with the Platform:

Cookie Name Purpose
PF Authentication
Pingone Authentication

You can edit your cookie preferences through your browser settings. When editing your cookie preferences, please note that your settings only apply to the browser you use to submit your opt-out request, so if you use multiple browsers or devices, you must opt-out on each browser, on each device. Your opt-out is enabled using cookies so once you opt-out, if you delete your browser's saved cookies on a device, you will need to opt-out again on that browser on that device.

HOW WE PROTECT INFORMATION

We maintain administrative, technical, and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure, or use. We restrict access to personal information on a need-to-know basis to employees and authorized service providers who require access to fulfil their job requirements.

HOW LONG WE RETAIN INFORMATION

In general, we retain personal information in connection with the Platform as long as reasonably needed to achieve the purposes outlined in the Privacy Policy. If you are an employee, you can find additional information about our data retention policies by visiting your local HR Privacy Policy.

HOW TO CONTACT US

If you have questions or comments about this Privacy Notice, please submit a request through our Privacy Request Portal or review your local HR Privacy Policy.