L'ORÉAL LA ROCHE-POSAY PRIVACY POLICY
L’Oréal’s ambition is to be an exemplary corporate citizen. To help make the world a more beautiful place. We place great value on honesty and clarity and we are committed to building a strong and lasting relationship with you based on trust and mutual benefit. Part of this commitment means safeguarding and respecting your privacy and your choices. Respecting your privacy is essential to us. This is why we set out “Our Privacy Promise” and our full Privacy Policy below.
OUR PRIVACY PROMISE
For more information about our privacy practices, below we set out what types of personal data we might collect or hold about you, how we use it, who we share it with, how we protect it and keep it secure, and your rights around your personal data.
When you share personal data with us or when we collect personal data about you, we will use it in line with this Policy. Please read this information [and our FAQs page carefully. If you have any questions or concerns about your personal data, please contact us at [email protected].
LA ROCHE-POSAY is responsible for the personal data that you share with us. When we say “L’Oréal”, “us”, “our” or “we”, this is who we are referring to. L’Oreal is the“data controller” for the purposes of applicable data protection laws.
LA ROCHE-POSAYRepresentative:
SUELVES Jean-François,Digital Medical Director
larocheposaypro.com
“Personal data” means any information or pieces of information that could identify you either directly (e.g. your name) or indirectly (e.g. through pseudonymized data, such as. a unique ID number). This means that personal data includes things like email/home addresses, usernames, profile pictures, personal preferences and shopping habits, user generated content, financial information, and health information. It could also include unique numerical identifiers like your computer’s IP address or your mobile device’s MAC address, as well as cookies.
This Policy covers all personal data collected and used by L'Oréal.
How do we collect or receive your data?
We might collect or receive data from you via our websites, forms, apps, devices, L’Oréal products or brands pages on social media or otherwise. Sometimes you give this to us directly (e.g. when you create an account, when you contact us, when you purchase from our websites or stores), sometimes we collect it (e.g. using cookies to understand how you use our website) or sometimes we receive your data from other third parties, including other L’Oréal Group entities.
We set out further details in the table below, explaining:
The legal basis for the processing of your data can be:
When we collect data, we will indicate the mandatory fields via asterisks. Some of the data we request from you are either necessary for us to:
If you do not provide the data marked with an asterisk, this may affect the goods and services that we can provide.
In which context is your data collected? |
What personal data may we hold about you? |
How and why we may use it? |
What is our legal basis for processing your data? |
Account Creation and management Information collected during the creation of an account on L’Oréal websites/apps, through a social media login, or in store. |
|
To:
|
|
Newsletter and commercial communications subscription |
|
To:
|
|
Online browsing Information collected by cookies or similar technologies (“Cookies”*) as part of your browsing on L’Oréal website/apps or on third-party website/apps. For information on specific Cookies placed through a given website/app, please consult the cookie table available on such website/app. * Cookies are small text files stored on your device (computer, tablet or mobile) when you are on the Internet, including on L’Oreal Group’s websites. |
Data related to your use of our websites:
Technical information: A unique identifier granted to each visitor and the expiration date of such identifier. |
We use Cookies, where relevant, with other personal data you have already shared with us (such as previous purchases, or whether you’re signed up to our email newsletters) or the following purposes:
|
|
Promotional operations |
|
|
|
User Generated Content Information collected when you submitted some content on one of our social platforms or accepted the re-use of content you posted on social media platforms by us. |
|
|
|
Use of Apps and devices Information collected as part of your use of our Apps and/or devices |
|
To:
|
|
Enquiries Information collected |
|
|
|
Cosmetovigilance* Information collected when you declare any undesirable effect in connection with your use of our product. * Cosmétovigilance is the ongoing and systematic monitoring of the safety of cosmetics in terms of human health |
|
|
To comply with the legal obligation to monitor undesirable effects of its products. |
Automated Decision Making
For purposes of securing transactions placed through our websites / Apps /devices against fraud and misappropriation we use a third party provider’s solution to protect against fraud.
The method of fraud detection is based on, for example, simple comparisons, association, clustering, perdition and outlier detections using intelligent agents, data fusion techniques and various data mining techniques.
This fraud detection process may be completely automated or may involve human intervention where the final decision is taken by a person.
We take all reasonable precaution and safeguards to limit access to data.
As a result of automatic fraud detection, you may (i) experience delay in the processing of your order / request whilst your transaction is being reviewed by us; and (ii) be limited or excluded from the benefit of a service if a risk of fraud is identified.
In any case, as mentioned in section “Your Rights and Choices”, you have the right to access information on which we base our decision.
Profiling
When we send or display personalised communications or content , we may use some techniques that qualify as “profiling” (i.e. any form of automated processing of personal data consisting of using those data to evaluate certain
personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location
or movements). This means that we may collect personal data about you in the different scenarios mentioned in the table above. We centralize this data and analyse it to evaluate and predict your personal preferences and/or interests.
Based on our analysis, we send or display communications and/or content tailored to your interests/needs.
You may have the right to object at any time to the use of your data for “profiling”. Please see “Your Rights and Choices” section below.
Who may access your Personal data?
We may share your personal data within L’Oréal Group.
Some of your personal data may be accessed within L’Oréal, and by any member of the L’Oréal Group, but it will only be done on a need-to-know basis and where necessary to provide you with requested services. This means that we may share your personal data with our subsidiaries worldwide, and our ultimate holding company and its subsidiaries worldwide.
We may also share your personal data in a pseudonimized way (not allowing direct identification) with L’Oréal Research & Innovation scientists, including those located outside of your country, for research and innovation purposes.
Where permitted, we may also share some of your personal data including those collected through Cookies between our brands to harmonize and update the information you share with us, to perform statistics based on your characteristics and to tailor our communications.
Please visit the L’Oréal group website, for further details on the L’Oréal Group, its brands and its locations.
We may share your personal data for marketing purposes with third party or entities of the L’Oréal Group.
We only share your personal data with third parties for direct marketing purposes with your consent. In this context, your data will be processed by such third party, acting as a data controller, and its own terms and conditions and privacy notice will apply. You should carefully check that information before consenting to the disclosure of your information to that third party.
Where you have agreed to receive marketing and promotional emails from the L’Oréal Group(“Group opt-in”), your personal data will be shared by all L’Oréal brands for such purposes.
Your personal data may also be processed on our behalf by our trusted third party suppliers.
We rely on trusted third parties to perform a range of business operations on our behalf. We only provide them with the information they need to perform the service, and we require that they do not use your personal data for any other purpose. We will always use our best efforts to ensure that all third parties we work with will keep your personal data secure. We may, for instance, entrust services which require the processing of your personal data to:
We may also disclose your personal data to third parties:
We may disclose your personal data to our partners:
We do not sell your personal data.
Where we Store your Personal data
The data that we collect from you may be transferred to, accessed in, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our service providers.
Where L’Oréal transfers personal data outside of the EEA, this will be done in a secure and lawful way. As some countries may not have laws governing the use and transfer of personal data, we will take steps to make sure that third parties adhere to the commitments set out in this Policy. These steps may include reviewing third parties’ privacy and security standards, and/or entering into appropriate contracts (on the basis of the template adopted by the EU Commission available here).
For further information, please contact us as per the “Contact” section below.
How Long Do We Keep Your Personal data
We will only keep your personal data for as long as we need it to meet your needs, the purpose for which we hold your personal data, or our legal obligations.
To determine the data retention period of your data, we use the following criteria:
When we no longer need to use your personal data, it will be removed from our systems and records or be anonymised so that you can no longer be identified from it.
We may retain some personal data to comply with our legal or regulatory obligations, as well as to allow us to manage our rights (for example to assert our claims in Courts) or for statistical or historical purposes.
Is my Personal data Secure?
We are committed to keeping your personal data secure, and taking all reasonable precautions to do so. We contractually require that trusted third parties who handle your personal data for us do the same.
We always do our best to protect your personal data and once we have received your personal data, we use strict procedures and security features to try to prevent unauthorised access. As the transmission of information via the internet is not completely secure, however we cannot guarantee the security of your data transmitted to our site although. As such, any transmission is at your own risk.
Links to Third Party Sites and Social Login
Our websites and Apps may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We may also offer you the opportunity to use your social media login. If you do so, please be aware that you will be sharing your profile information with us. The personal data that is shared will depend on your social media platform settings. Please visit the relevant social media platform and review its privacy policy to understand how your personal data is shared and used in this context.
Social Media and User Generated Content
Some of our websites and Apps allow users to submit their own content. Please remember that any content submitted to one of our social media platforms can be viewed by the public, and you should be cautious about providing certain personal data e.g. financial information or address details. We are not responsible for any actions taken by other individuals if you post personal data on one of our social media platforms and we recommend that you do not share such information.
YOUR RIGHTS AND CHOICES
L’Oreal respects your right to privacy: it is important that you are able to control your personal data. You have the following rights:
Your rights |
What does this mean? |
||||
The right to be informed |
You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data, and your rights. This is why we are providing you with the information in this Policy. |
||||
The right of access |
You have the right to access, and a copy of, personal data we hold about you (subject to certain restrictions). To do this, please contact us using the details below. For further information, please contact us at the details below. |
||||
The right to rectification |
You have the right to have your personal data rectified if it is incorrect or outdated and/or completed if it is incomplete. If you want to correct your personal data, please contact us at the details below. If you have an account, it may be easiest to correct your own data via your “Profile” function. |
||||
The right to erasure/right to be forgotten |
In some cases, you have the right to have your personal data erased or deleted. Note this is not an absolute right, as we may have legal or legitimate grounds for retaining your personal data. . If you would like for us to delete your personal data, please contact us at the details below. |
||||
The right to object to direct marketing, including profiling |
You can unsubscribe or opt out of our direct marketing communication at any time. It is easiest to do this by clicking on the “unsubscribe” link in any email or communication we send you. Otherwise, you can contact us using contact detail below. If you would like to object to any profiling please contact us at the details below. |
||||
The right to withdraw consent at any time for data processing based on consent |
You can withdraw your consent to our processing of your data when such processing is based on consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. We refer to the table inserted in section “what data do we collect from you and how do we use it” especially the column “What is our legal basis for processing your data?” to identify where our processing is based on consent. If you would like to object to withdraw your consent, please contact us at the details below. |
||||
The right to object to processing based on legitimate interests |
You can oppose at any time to our processing of your data when such processing is based on the legitimate interest. We refer to the tables inserted in section “what data do we collect from you and how do we use it” especially the column “What is our legal basis for processing your data?” to identify where our processing is based on legitimate interests. To do so, please contact us at the details below. |
||||
The right to lodge a complaint with a supervisory authority |
You have the right to contact the data protection authority of your country in order to lodge a complaint against the data protection and privacy practices of L’Oréal. Do not hesitate to contact us at the details below before lodging any complaint with the competent data protection authority. |
||||
The right to data portability |
You have rights to move, copy or transfer data from our database to another. This only applies to data that you have provided, where processing is based on a contract or your consent, and the processing is carried out by automated means. We refer to the tables inserted in section “what data do we collect from you and how do we use it” especially the column “What is our legal basis for processing your data?” to identify where our processing is based on the performance of a contract or on consent. For further details, please contact us at the details below. |
||||
The right to restriction |
This right means that our processing of your data is restricted, so we can store it, but not use nor process it further. It applies in limited circumstances listed by the General Data Protection Regulation which are as follow:
If you would like to request restriction, please contact us at the details below. |
||||
The right to deactivate Cookies |
The settings from the Internet browsers are usually programmed by default to accept Cookies, but you can easily adjust it by changing the settings of your browser. Many cookies are used to enhance the usability or functionality of a website; therefore disabling cookies may prevent you from using certain parts of this website as detailed in the cookie policy table. If you wish to restrict or block all the cookies which are set by our website (which may prevent you from using certain parts of the site), or indeed any other website, you can do this through your browser settings. The Help function within your browser should tell you how. For more information please consult the following links: |
Note that we may require proof of your identity and full details of your request, before we process your requests above.
CONTACT
If you have any questions or concerns about how we treat and use your personal data, or would like to exercise any of your rights above, please contact us at [email protected] or by writing to us at:
LA ROCHE-POSAYContact for privacy questions
For any questions related to the processing of your personal data, please contact: SUELVES Jean-François.
COOKIE POLICY TABLE