Privacyverklaring
PRIVACY POLICY
Last updated: 1 July 2023
L'Oréal France strives to be an exemplary socially responsible company in order to help build a better world. We consider honesty and transparency to be essential qualities and work to establish a strong, lasting relationship with our customers, based on trust and mutual interest. Protecting and respecting your privacy and choices are part of this commitment. Your privacy is a key issue for us. Consequently, below you will find "Our undertaking regarding the protection of personal data" and our entire Privacy Policy.
OUR UNDERTAKING REGARDING THE PROTECTION OF PERSONAL DATA
- We respect your privacy and choices.
- We ensure that the protection of your personal data and security are central to everything we do.
- We only send you marketing communications if you give your consent, and you can change your mind at any time.
- We undertake not to share or sell your data.
- We are committed to securing and protecting your personal data. Consequently, we only work with trustworthy partners.
- We strive to be open and transparent about how we use your data.
- We undertake to only use your personal data for the purposes we have informed you of.
- We respect your rights and strive to satisfy your requests whenever possible, while respecting our own legal and operational responsibilities.
In order to shed light on our personal data protection and privacy practices, below we have explained the various types of personal data that we may collect from you, either directly or following your interaction with us, the way in which we may use this data, the persons with which we may share it, how we ensure data protection and security, and your rights regarding your personal data. Some of the situations presented may not apply to you. This privacy policy is intended to provide you with an overview of all situations in which we may interact.
The more you communicate with us and provide us with information, the better equipped we will be to offer you personalised services.
When you provide us with or we collect your personal data, we undertake to use it in accordance with this Policy. Carefully read this information and our Frequently Asked Questions page (FAQ) (if applicable). If you have any questions or concerns regarding your personal data, you can write to us at the following address: [email protected].
WHAT DOES THIS PRIVACY POLICY INCLUDE?
- About us
- What is personal data?
- What personal data do we collect from you and how do we use it?
-
- How do we collect or receive your personal data?
- Automated decision-making
- Profiling
- Who can access your personal data?
- Where do we store your personal data?
- For how long do we store your personal data?
- Is my personal data secure?
- Links to third-party websites and logging in to social media
- Social media and content generated by users
- Your rights and choices
- Contact
ABOUT US
L’Oréal France is responsible for the personal data that you share with us. The terms "L'Oréal France", "we", or "us" used herein refer to L'Oréal France. In accordance with applicable personal data protection regulations, L'Oréal France is the "data controller".
L’Oréal France, general partnership company (société en nom collectif) with a capital of 127,918,715 euros, whose registered office is at 30 rue d’Alsace 92300 Levallois-Perret, listed in the Nanterre trade and companies register under the number 919 434 894
Division : L'Oréal Luxe
Director of publication : Aglae De Beauregard
DPO Contact : [email protected]
WHAT IS PERSONAL DATA?
"Personal data" means any information allowing you to be identified directly (e.g. your surname) or indirectly (e.g. through pseudonymised data such as a unique identifier). This means that personal data includes information such as postal/email addresses, mobile telephone numbers, usernames, profile pictures, personal preferences and purchasing habits, content generated by users, financial data and information regarding your beauty/well-being. Personal data may also include unique numerical identifiers such as your computer's IP address or your mobile device's MAC address, as well as cookies.
WHAT PERSONAL DATA DO WE COLLECT FROM YOU AND HOW DO WE USE IT?
At L'Oréal we believe that consumers are central to everything that we do. We like receiving information from you, getting to know you and creating and providing products that you appreciate, and we know that many of you like to communicate with us. For these reasons, there are numerous ways in which you may share your personal data, and we may collect it.
How do we collect or receive your personal data?
We may collect or receive personal data from you via our websites, questionnaires, applications, devices, social media pages dedicated to L'Oréal products or brands, or any other means. In certain cases, you share your personal data directly (e.g. when you create an account, contact us, or make a purchase on our websites/applications or in a store/beauty salon). In other cases, we collect this data (e.g. using cookies in order to understand how you use our websites/applications) or the data in question is sent to us by third parties, including other entities in the L'Oréal Group.
When we collect data, we indicate mandatory fields with an asterisk. Some of the data we request is essential in order to:
- Perform the contract that we have entered into with you (e.g. in order to deliver products that you have purchased on our website/application)
- Provide a service that you have requested (e.g. to send you a newsletter)
- Comply with legal obligations (e.g. invoicing).
Failure to fill out the fields marked with an asterisk may affect our ability to provide you with products and services.
In the table below, you will find more detailed information and explanations on the following elements:
- Situations in which personal data may be provided or collected. This column lists the activities in which you engage or situations in which you find yourself, that may lead to us using or collecting your personal data. For example, if you are making a purchase, subscribing to a newsletter or browsing on a website/applications.
- Personal data we may obtain directly from you or following your interaction with us. This column indicates the type of personal data we may collect depending on the situation.
- How and why we use your data. This column explains what we may do with your data and for what purpose we collect it.
- Our legal basis for processing your personal data. This column explains our reasons for using your data. Depending on the purpose for which the data is used, the legal basis for processing your data may be:
- Your consent
- Our legitimate interests, which may include:
- o Improving our products and services, and more precisely our commercial interests, to help us to better understand your needs and expectations and, therefore improve our services, websites/applications/devices, products and brands for customers.
- o Preventing fraud, to ensure that payments are made and are not the target of fraud or misappropriation.
- o Improving the security of our tools, to ensure that the tools that we use (our websites/applications/devices) are protected and secure, function correctly and are constantly being improved.
- Performing a contract and more specifically providing the services you request.
- Legal obligations when applicable legislation requires data processing.
Overview of the information regarding your interactions with us and the consequences thereof for your personal data
Situations in which personal data may be provided or collected | Personal data we may obtain directly from you or following your interaction with us | How and why we use your data | Our legal basis for processing your personal data |
---|---|---|---|
Account creation and management Data collected when you create an account on the L'Oréal websites/applications or when you log in using social media or in-store. |
Depending on how frequently you interact with us, this personal data may include:
|
We use this data to:
|
Performing a contract To provide you with a service you have requested (e.g. creating an account, participating in a survey or buying a product). |
|
|
||
|
|
||
Subscription to newsletters and marketing communications | Depending on how frequently you interact with us, this personal data may include:
|
We use this data to:
|
|
|
|
||
|
|
||
Purchases and managing orders Data collected when a purchase is made on the L'Oréal website/applications/social media pages or in-store. |
Depending on how frequently you interact with us, this personal data may include:
|
We use this data to:
|
|
|
|
||
Browsing online Data collected by cookies or similar technologies (hereinafter "Cookies"*) when you browse on the L'Oréal website/applications or on a third-party website/application. For any information on specific Cookies installed by a specific website/application, see the table regarding cookies on the website/application in question. * Cookies are small text files that are saved on your device (computer, tablet or mobile telephone) when you browse online, including on L'Oréal Group websites. |
Depending on how frequently you interact with us, this personal data may include:
|
We use Cookies, as may be relevant, with other personal data that you have already shared with us (e.g. your previous purchases or if you subscribed/did not subscribe to our online newsletters) for the following purposes:
|
|
Promotional campaigns Data collected in the context of a contest, competition, promotional offer, sample request, participation in a survey. |
Depending on how frequently you interact with us, this personal data may include:
|
|
|
Content created by users Data collected when you post content on one of our social networks or when you post content on social media which you agree to us reusing. |
Depending on how frequently you interact with us, this personal data may include:
|
|
|
Use of applications and devices Data collected when you use our applications and/or devices. |
Depending on how frequently you interact with us, this personal data may include:
|
We use this data to:
|
|
Requests for information Data collected when you ask questions (e.g. via customer services) about our brands or products and use thereof. |
Depending on how frequently you interact with us, this personal data may include:
|
|
|
AUTOMATED DECISION-MAKING
In order to ensure the security of transactions on our websites/applications/devices and protect them against fraud and misappropriation, we use a solution developed by a third-party service provider.
The fraud detection solution uses the following methods in particular: simple comparisons, association rule learning, clustering, prediction and detection of outliers using intelligent agents, data fusion techniques and various data mining techniques.
This fraud detection process may be completely automated or may involve human intervention, with the final decision being taken by an individual. In any case, we take all the reasonable precautions and guarantees in order to limit access to your personal data.
The automatic fraud detection system may result in (i) the processing of your order/request being delayed while we analyse your transaction, and (ii) you being unable to benefit from a service, or access to a service being limited if a risk of fraud is detected. You are entitled to access the information on which our decision is based. Refer to "Your rights and choices" below.
PROFILING
When we send or display personalised communications or content, we may use certain techniques referred to as "profiling" (defined as any form of automatic processing of personal data which involves using this personal data to assess certain personal elements related to an individual, in particular in order to analyse or predict elements concerning the personal preferences, interests, financial situation, behaviour, location, health, reliability, or travel habits of said individual). This means that we may collect personal data in the various contexts mentioned in the table above. We centralise this data then analyse it to assess and predict your personal preferences and/or interests.
On the basis of this analysis, we send or display communications and/or content in keeping with your interests/needs.
In certain circumstances, you are entitled to object to the use of your data for profiling purposes. Refer to the section "Your rights and choices" below.
WHO CAN ACCESS YOUR PERSONAL DATA?
We may share your personal data within the L'Oréal Group in order to comply with our legal obligations, prevent fraud and/or ensure the security of our tools, improve our products and services, or after obtaining your consent.
Depending on the purposes for which your data was collected, and only if necessary, some of your personal data may be made accessible to entities in the L'Oréal Group around the world, if it is pseudonymised (direct identification is not possible) and if this is necessary in order to provide you with the services requested.
We may also share your personal data in pseudonymised form (direct identification is not possible) with scientists from the L'Oréal Research & Innovation division, including scientists outside your country, for research and innovation purposes.
If authorised, we may share certain personal data, including data collected using cookies, with our brands in order to harmonise and update information that you provide us with, compile statistics based on your specific characteristics and adapt our communications.
You can visit the L'Oréal Group website to obtain further information about the L’Oréal Group, its brands and websites.
We may share your personal data with third parties or L'Oréal group entities for prospecting purposes.
We will only share your personal data with third parties for prospecting purposes when you give your consent. In this context, your data is processed by the third party in question, acting as the data controller, and is subject to its terms and conditions and privacy policy. We recommend that you carefully verify said third parties' details, before consenting to the communication of your data.
Your personal data may also be processed on our behalf by trustworthy service providers.
We work with trustworthy third parties which carry out tasks and business operations on our behalf. We only provide them with the information they need to perform the service in question and ask them not to use your personal data for any other purposes. We take all the necessary measures to ensure that all of the third parties we work with preserve the confidentiality and security of your data. For example, we may ask the following entities to perform services requiring the processing of your personal data:
- Third parties to help us to provide digital and e-commerce services, such as social listening (monitoring on social media), localisation of stores, loyalty programmes, management of identities, management of reviews and comments, customer relationship management (CRM), web analytics (analysis of the audience) and search engines, content creation tools generated by users
- Advertising agencies, marketing agencies, social media and digital agencies to help us with advertising, marketing and commercial campaigns, to analyse the effectiveness of said campaigns and manage any contact you make and questions you ask
- Third parties that we need in order to provide and deliver a product, for example for postal/delivery services
- Third parties to help us to provide IT services, such as platform providers, hosting services and maintenance and technical support services for our databases, software and applications, which may include your personal data (these services may sometimes require access to your data in order to fulfil the tasks requested)
- Payment service providers and credit reference agencies in order to assess your solvability and verify your details when required before entering into a contract with you
- Third parties to help us with customer services and cosmetovigilance.
We may also share your personal data with third parties:
- In the event that we dispose of a business activity or assets, we may share your personal data with the potential buyer of said activity or assets. If L'Oréal or any of its assets is acquired by a third party, the personal data it holds regarding its customers, which is related to these assets, is one of the assets transferred. As may be relevant, in the latter case, the buyer, which will act as the new data controller, will process your data. This processing will be governed by its privacy policy.
- If we are obliged to disclose or share your personal data in order to comply with a legal obligation or ensure respect for or application of our conditions for use/sale, or any other conditions accepted by you, or to protect the rights, property or security of L'Oréal, its customers or employees.
- If we have your consent.
- Or if it is authorised by law.
We may share your personal data with our partners:
- If the service you subscribe to was created by L'Oréal in collaboration with a partner (e.g. a co-branded application). In this case, L'Oréal and the partner in question each process your personal data to fulfil their own purposes. Consequently, your data is processed:
- o by L’Oréal in accordance with this Privacy Policy.
- o by the partner, also acting as data controller, in accordance with its own terms and conditions and its own privacy policy.
- If you agree to receive marketing communications or prospecting messages from a L'Oréal partner through a dedicated subscription/opt-in procedure (e.g. via an application marketed by L'Oréal and made available to its partners). In this case, your data is processed by the partner, acting as data controller by virtue of its own conditions and in accordance with its privacy policy.
- We may publish content from social media on our other media. If you view content from social media on our website/applications, a Cookie from the social network in question may be saved on your device. For any additional information, you can read our Cookie Policy for these social networks.
- When we use Google advertising services on our websites/applications, Google will have access to and use your personal data. If you want to find out more about the way in which Google uses your personal data in this context, please view the Google Confidentiality Policies and conditions of use, available here, which govern these services and the corresponding data processing.
Information that Facebook collects and shares with us:
All Facebook features and services available on our websites/applications are governed by the Facebook Confidentiality Policy, which provides more information about your rights and possible settings.
When you use one of our websites/applications, you can:
- Sign up with your Facebook account. In this case, you agree to share certain data from your public profile
- Use Facebook's social plug-ins, for example "like", or "share" our content on Facebook
- Accept cookies from this website/application (also called "Facebook Pixel"), which will help us to understand your activities, including information from your device, how you use our services, the purchases you make and the advertisements that you look at, whether you have a Facebook account or not, or you log in through Facebook or not.
- When you use these Facebook features, we collect data that helps us to:
- Display advertisements on Facebook (or Instagram, Messenger or any other Facebook service) that may be of interest to you
- Measure and analyse the effectiveness of our websites/applications and our advertisements.
We may also use personal data that you have shared with us on this website/application (such as your full name, email address, gender and telephone number), to identify you on Facebook (or Instagram, Messenger, or any other Facebook service), in order to display more relevant advertisements for you. In this context, Facebook will not share your personal data and will quickly delete the data once this matching process is complete.
We do not give away or sell your personal data.
WHERE DO WE STORE YOUR PERSONAL DATA?
The data we collect from you may be transferred to, accessible from or stored in a country situated outside the Europe Economic Area (the "EEA"). It may also be processed by staff working outside the EEA, who work for us or one of our service providers.
L'Oréal only transfers personal data outside the EEA in a secure manure and in accordance with applicable legislation. As in certain countries there are no laws governing the use and transfer of personal data, we undertake to take all the necessary measures to ensure that the third parties concerned comply with the conditions provided for in this Policy. These measures can include verifying the standards applied by these third parties regarding personal data protection and security and/or the signing of appropriate contracts (on the basis of the template adopted by the European Commission available here).
FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?
We only keep your personal data for as long as necessary to fulfil the purpose for which we are holding said data, meet your needs or fulfil our legal obligations.
To determine the storage duration for your data, we apply the following criteria:- If you purchase products and services, we store your personal data for the entire duration of our contractual relations
- If you sign up to a loyalty programme, we store your personal data for the entire duration of your participation in the programme
- If you participate in a competition, we store your personal data for 3 months as from the end of the competition in question
- If you wish to be informed about the availability of a product, we store your personal data for 3 months as from the notification sent to you to this end
- If you participate in a beauty profile (for example, to receive information on a suitable skincare routine), we store your personal data for 3 months as from the sending of this information
- If you participate in a promotional offer, we store your personal data for the entire duration of the promotional offer in question
- If you contact us to make a request, we store your personal data for the entire duration necessary to process your request
- If you create an account, we store your personal data until you ask us to delete it or following a period of inactivity (no active interaction with the brands), defined in accordance with regulations and instructions at local level
- If you agree to receive prospecting messages, we store your personal data until you unsubscribe or ask us to delete your data, or following a period of inactivity (no interaction with the brands) of three years
- If cookies are saved on your computer, we only store your data for as long as necessary to achieve their purpose (e.g. for the duration of the session for cookies related to the contents of your basket or session cookies) and for any period defined in accordance with regulations and instructions at local level.
We may store certain personal data in order to fulfil our legal or regulatory obligations, exercise our rights (e.g. bring legal proceedings) or for statistical or historic purposes.
When we no longer need to use your personal data, we will remove it from our systems and files, or anonymise it so that you can no longer be identified.IS MY PERSONAL DATA SECURE?
We place a lot of importance on protecting your personal data and take all reasonable precautions to this end. We require that trustworthy third parties, managing your personal data on our behalf, do the same by means of a contractual undertaking.
We do everything in our power to protect your personal data at all times. When we receive your data, we apply strict security procedures and measures in order to prevent any unauthorised access. As online data transmission is not a completely secure process, we cannot guarantee the security of your data transmitted on our website. Consequently, any data transmission is made at your own risk.LINKS TO THIRD-PARTY WEBSITES AND LOGGING IN TO SOCIAL MEDIA
Our websites and applications can occasionally include links to websites that belong to our networks, advertisers and partner affiliates. If you click on a link to any of these websites, please note that these sites have their own privacy policies and that we cannot be held liable for said policies. We encourage you to familiarise yourself with these policies before sending any personal data to these websites.
We may also offer you the option of logging in using your social networks. We inform you that, if you decide to do so, information from your profile will be shared with us, depending on your social network settings. We encourage you to go to the social network in question and view the privacy policy in order to understand how your data is shared and used in this context.SOCIAL MEDIA AND CONTENT GENERATED BY USERS
Some of our websites and applications allow users to upload their own content. We remind you that any content communicated to one of the social networks we use can be accessed by the public. We encourage you to act prudently when communicating certain personal data such as financial data or your address. We cannot be held liable for any measures taken by third parties if you post personal data on one of our social networks and recommend that you do not communicate such information.
YOUR RIGHTS AND CHOICES
L'Oréal respects your right to privacy. It is important that you have control over your personal data. You have the following rights:
Your rights What this means The right to be informed You are entitled to obtain clear, transparent, understandable and easily accessible information about the way in which we use your personal data and your rights. This is why we provide you with the information in this Policy. The right to access You are entitled to access personal data that we hold regarding you (subject to certain restrictions).
We can require the payment of reasonable expenses, taking into account administrative costs borne by us in order to provide you with the information.
Requests which are clearly not founded, excessive or made repetitively, are likely to go unanswered.
In order to exercise your right to access data, you can contact us using the contact details below.The right to rectification You are entitled to demand the rectification of your personal data if it is inaccurate or out-of-date, and/or that it to be completed if it is incomplete.
In order to exercise the right to rectification, you can contact us using the contact details below. If you have an account, it can be simpler to change your own data using the "My Account" feature.The right to erasure/right to be forgotten In certain cases, you are entitled to have your personal data erased or forgotten. This is not an absolute right, given that we may be obliged to store your personal data for legal or legitimate reasons.
If you want us to delete your data, you can contact us using the contact details below.The right to object to prospecting, including profiling. You can unsubscribe or object to receiving our prospecting messages at any time. Simply click on the "Unsubscribe" link in any email or communication we send you. You can also contact us using the contact details below.
If you wish to object to profiling, you can contact us using the contact details below.The right to withdraw your consent for consent-based data processing at any time You can withdraw your consent to data processing if this processing is carried out based on your consent. Withdrawal of consent does not impact the lawfulness of consent-based processing carried out before withdrawal of said consent. You can view the table inserted in the What personal data do we collect from you and how do we use it?" section, in particular the column "On what legal basis do we process your personal data?", to find out if our processing is based on your consent.
If you wish to withdraw your consent, you can contact us using the contact details below.The right to object to the processing of data based on legitimate interests You can object to data processing at any time when such processing is based on legitimate interests. You can view the table inserted in the "What personal data do we collect from you and how do we use it?" section, in particular the column "On what legal basis do we process your personal data?" to find out if our processing is based on legitimate interests.
If you wish to exercise your right to object to data processing, you can contact us using the contact details below.The right to file a complaint with a supervisory authority You are entitled to bring any matter to and file a complaint with the data protection authority in your country, to object to L'Oréal's personal data protection and privacy practices.
You can contact us using the contact details below before filing any complaint with a competent data protection authority.The right to data portability You are entitled to move, copy or transfer your personal data from our database to another. This only applies to data that you have provided, when processing is carried out based on your consent or in accordance with a contract and is carried out using automated procedures. We encourage you to read the table inserted in the section "What personal data do we collect and how do we use it?", in particular the column "On what legal basis do we process your personal data?" to find out if our processing is carried out in accordance with a contract or based on your consent.
For more information, you can contact us using the contact details below.The right to restrict processing You are entitled to request the restriction of processing carried out on your data.
This right means that the processing we carry out on your data is restricted. We can store your data but cannot use it or process it. This right applies in specific circumstances provided for by the General Data Protection Regulation, namely:- if the data subject (i.e. you) challenges the accuracy of the personal data, for a period allowing the data controller to verify the accuracy of the personal data
- if processing is unlawful and the data subject (i.e. you) objects to the erasure of data and demands that use thereof be restricted
- if the data controller (i.e. L'Oréal) no longer needs the personal data for processing purposes but said data is still required by the data subject for the acknowledgement, exercise or defence of rights in court
- if the data subject (i.e. you) objected to processing based on legitimate interests pursued by the data controller, during verifications to determine whether the legitimate grounds pursued by the data controller should prevail over those of the data subject.
The right to disable Cookies You are entitled to disable Cookies.
Internet browsers are generally set by default to accept cookies, but this can easily be changed under your browser settings.
Many cookies are used to allow websites/applications to work and make them more user-friendly. Consequently, disabling cookies may prevent you from using certain sections of this website, as explained in the table regarding the corresponding cookies.
If you wish to restrict or block all cookies installed by our websites/applications (which may prevent you from using certain sections of the website) or other websites/applications, you can do so by changing your browser settings. The Help section of your browser will explain how you can do this. For more information, you can click on the following link:
http://www.aboutcookies.org/Before responding to your request, we may request proof of identity.
CONTACT
If you have any questions or comments about how we process and use your personal data, or you wish to exercise any of the above rights, please contact us at [email protected] or write to:
L’Oréal France
Déléguée à la protection des données
30 rue d’Alsace
92300 Levallois-Perret
SPECIFIC PROVISIONS FOR FRANCE
Please remember that, in accordance with the provisions of Article 85 of the French Data Protection Act 78-17 of 6 January 1978, you have the right to issue general instructions (to a trusted digital third party certified by the CNIL) or specific instructions (to a Data Protection Officer) regarding the storage, erasure and transmission of your personal data upon your death.