L'Oréal UK & Ireland

L'ORÉAL (UK) LIMITED PRIVACY POLICY

FOR OUR BUSINESS CUSTOMERS

L’Oréal’s ambition is to be an exemplary corporate citizen to help make the world a more beautiful place. We place great value on honesty and clarity, and we are committed to building a strong and lasting relationship with you based on trust and mutual benefit. Part of this commitment means safeguarding and respecting your privacy and your choices. Respecting your privacy is essential to us. This is why we set out “Our Privacy Promise” and our full Privacy Policy below.

This Privacy Policy covers how we use personal data shared with us by our customers operating in a business capacity, for example salons, pharmacists, influencers, retailers, or other third party vendors. If you engage with L’Oréal as a consumer, please see our Consumer Privacy Policy for further information.

OUR PRIVACY PROMISE

  1. We respect your privacy and your choices.
  2. We make sure that privacy and security are embedded in everything we do.
  3. We will not send you marketing communications unless you have asked us to. You can change your mind at any time.
  4. We will never sell your personal data.
  5. We are committed to keeping your personal data safe and secure. This includes only working with trusted partners.
  6. We are committed to being open and transparent about how we use your personal data.
  7. We will not use your personal data in ways that we have not told you about.
  8. We respect your rights, and will always try to accommodate your requests as far as is possible, in line with our own legal and operational responsibilities.

For more information about our privacy practices, below we set out what types of personal data we might collect or hold about you, how we use it, who we share it with, how we protect it and keep it secure, and your rights around your personal data.

Note that all of the information set out below may not apply to you. We have explained below an overview of all possible situations in which we could interact together, and one or more of these may apply to you depending on how you have interacted with us. For example, if you have not provided us with a photo for your account, then these details will not apply to you. 

When you share personal data with us or when we collect personal data about you, we will use it in line with this Privacy Policy. Please read this information carefully. If you have any questions or concerns about your personal data, please contact us at [email protected].

Please note that you must be at least 13 years old or older to use our services, or older where the terms for a specific service require this.

 

WHO WE ARE

L’Oréal (UK) Limited is responsible for the personal data that you share with us. When we say “L’Oréal”, “us”, “our” or “we”, this is who we are referring to. L’Oréal is the “data controller” for the purposes of applicable data protection laws.

Please see the “Contact Us” section for our contact details.

L’Oréal represents several different brands and products. For more information on L’Oréal, and the brands it represents, please see http://www.loreal.co.uk/.

L’Oréal is part of the L’Oréal Group, which operates in 140 countries around the world. For details on the L’Oréal Group, please see http://www.loreal.com/group

 

WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU AND HOW DO WE USE IT?

“Personal data” means any information or pieces of information that could identify you either directly (e.g. your name) or indirectly (e.g. through pseudonymised data, such as a unique ID number). This means that personal data includes things like email/home addresses, usernames, profile pictures, personal preferences and shopping habits, user generated content, financial information, and health information. It could also include unique numerical identifiers like your computer’s IP address or your mobile device’s MAC address, as well as cookies.

This Privacy Policy covers all personal data about you that is collected and used by L'Oréal.

 

WHAT PERSONAL DATA DO WE COLLECT FROM YOU AND HOW DO WE USE IT?

You, the consumer, are our priority. You drive what we do. We love hearing from you, learning about you, and creating and delivering products that you enjoy. We know that many of you love interacting with us and because of this, there are many ways that you might share your personal data with us, and ways that we might collect it.

 

How do we collect or receive your personal data?

We might collect or receive personal data from you via our websites, forms, apps, devices, L’Oréal products or brand pages on social media, through your direct interactions with your account managers or customer care teams, or otherwise. Sometimes you give this to us directly (e.g. when you create an account, when you contact us, when you purchase from our websites or stores), sometimes we collect it (e.g. using cookies to understand how you use our websites and apps) or sometimes we receive your personal data from other third parties, including other L’Oréal Group entities (e.g. when you mention L’Oréal products or services on non-L’Oréal pages (e.g., social media platforms)).

In the table below, we explain:

  1. In what context is your personal data collected? This column explains what activity or scenario you are involved in when we use or collect your personal data. For example, whether you are making a purchase, signing up to a newsletter, or browsing a website.
  2. What personal data may we hold about you? This column explains what types of personal data we may collect when you take part in a particular activity.
  3. How and why we use it? This column explains what we do with your personal data, and the purposes for collecting and using it.
  4. What is our legal basis for using your personal data? Whenever we use your personal data, we will have a legal basis to do this. For example, you have asked us to provide a service, you have given us your consent, or we have a legitimate interest in using your personal data.

The legal basis for the processing of your personal data can be:

Your consent – This applies where you provide your personal data and specifically consent to us using it to provide you with a specific service, for example, so that we can store certain cookies on your device. We may place targeted advertising cookies (these allow us to tailor services we offer, specifically to you), analytical cookies (these are also known as performance cookies and measure/record your interaction with our site so we can make improvements) on your device. Please see the Cookie Settings section of our websites for more information on the different types of cookies we use, and their purpose.

  • The performance of a contract – This applies where you provide us with your personal data in order for us to provide you with a service (e.g. you ask us to create a customer account for you or you wish to purchase a product and we can manage the associated logistics).
  • Our legitimate interests –This applies where you provide us with your personal data and we use it to:
  1. Provide you with marketing information about our products and services. If you later ask us to stop sending you these communications, we need to keep some of your data on a suppression list so that we can make sure we don’t contact you with marketing again (although please note, we may need to contact you about the management of your account with us); and
  2. Improve our products and services. We may use your personal data to better understand your needs and expectations when it comes to the products and services we offer. This understanding means we can improve our products and services so they better match your needs. This might involve performing analytics on how you use our products/, services, websites/apps/devices, and market research and surveys, or trying out new functions which we think you might like based on what we know about you.
  3. Better engage with you. We may use your personal data to encourage you to be more actively engaged with our products and brands and increase your overall brand engagement and awareness. One way we do this is by tailoring the marketing communications we send you so that you receive the information most relevant to you.
  4. Prevent fraud or criminal activity. We may use your personal data so we can action any payment you make when you purchase any of our products and/or services (including checking that your payment is free from fraud or other fraudulent or suspicious activity).
  5. Secure our tools: We may use your personal data to keep our tools (websites/apps/devices) safe and secure. This involves making sure our tools are working properly, and that your personal data is kept secure. 
  • To comply with a legal obligation – This is where you provide us with your personal data which we need to keep for our legal reasons (e.g. when you make a purchase we need to keep your transaction information to comply with our tax and financial reporting obligations).

The table below sets out which legal basis we rely on when processing your personal data for each context.

When we collect personal data, we will indicate which types of personal data are mandatory via asterisks. Some of the personal data we request from you are either necessary for us to:

  • Perform our contract with you (e.g. to create your account, or deliver the goods you have purchased on our websites/apps);
  • Provide you with a service you have asked for (e.g. to provide you with a credit facility);
  • Comply with legal requirements (e.g. invoicing).

If you do not provide the personal data marked with an asterisk, this may affect the goods and services that we can provide.

 

In which context is your personal data collected? What personal data may we hold about you? How and why we may use it? What is our legal basis for processing your personal data?

Professional* account creation and management

Where your personal data are collected as part of the creation or throughout the management of a professional account with L’Oréal (either directly through our account management teams, or on L’Oréal websites/apps)

*professional accounts are created in relation to a business capacity; they are not for personal use.

First name and surname;
Organisation name;
Gender;
Professional and/or personal email address;
Professional and/or personal postal address;
Professional and/or personal phone number;
Professional social media profile;
Bank details or other financial information;
Details of individuals employed by your organisation;
Professional account details and/or membership associations;
Training courses (online and offline) you have selected and/or attended;
Photo;
ID/username, and password;
Preferences;
Order details;
User generated content (such as reviews or images you share);
Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or by participating in a survey etc.).
To:
Manage your account and orders;
Send you marketing communications which may be tailored to your professional “profile” (i.e. based on the personal data we know about you and your preferences);
Assess your eligibility for credit facilities and manage any credit facility throughout our relationship with you, including the recovery of any unpaid monies;
Manage any direct debits;
Run audits to manage our compliance obligations;
Offer you a loyalty program;
Offer personalised services based on professional interests and characteristics;
Allow you to manage your preferences;
Monitor and improve our websites and apps;
Run analytics or collect statistics;
Secure our websites and protect you and us against fraud;
Respond to your questions and otherwise interact with you;
Contact you for feedback and request you complete surveysetc.; and/or
Manage any promotions, surveys etc. you enter.
The performance of a contract – so we can create and manage your professional account, and provide you with the services that you request;
Our legitimate interests: (i) to send you information about our products and services; (ii) to improve our products and services; (iii) better engage with you; (iv) prevent fraud or criminal activity; (v) exercise our rights e.g. in the event of unpaid monies; and (vi) secure our tools.
Newsletter and marketing subscription Where your personal data are collected when you subscribe to receive our marketing communications. First name and surname;
Email address;
Gender;
Address;
Phone number;
Professional account details and/or membership associations;
Birthday or age range
ID/username, and password;
Personal description or preferences;
Order details;
Social media profile (where you use your social media login or share this personal data with us);
User generated content; and/or
Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or by participating in a contest, game, survey etc.).
To :
Send you marketing communications (where you have asked us to) which may be tailored to your “profile” based on the personal data we know or learn about you and your preferences;
Show you marketing communications on other websites, including social media platforms. Note that you may also see our ads on other websites, including on social media sites, but these may or may not be tailored to you;
Keep an up to date suppression list if you have asked not to be contacted;
Run analytics or collect statistics; and/or
Send content on your behalf to your friends, family and/or other contacts.
Our legitimate interests to: (i) send you information on our products and services; and (ii) improve our products and services; and (iii) better engage with you.

Purchases and order management

Where your personal data are collected during the purchase process made via L’Oréal account team, on L’Oréal customer website/apps, or in store.

Professional account details, including first name and surname, email address, postal address, phone number, account number;
Personal description or preferences;
Social media profile (where you use your social media login or share this personal data with us);
To Contact you to finalise your order where you have saved your shopping cart or placed products in your cart without completing the checkout process; Inform you when a product you wanted to purchase is available; Process your order including delivering the product to the address you indicated; Manage payment. Please note that if you make a payment on a credit or debit card, your payment information (credit card number/Paypal/bank account details) are not collected by us directly, but by secure payment service providers. If you make payment via your account, we will hold your bank details in order to manage these payments; Manage any contact you have with us about your order; Secure your transactions against fraud. We may use a third party provider’s solution to detect fraud and make sure that payment is completed; If you place a purchase using a registered account, we will add this transaction to your profile so we can understand your interests and preferences and you will see a record of your transactions with us within your account (where applicable); Manage any dispute relating to a purchase; and/or Run analytics or collect statistics The performance of a contract – so you can make purchase and we can manage the associated logistics. Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; and (iv) secure our tools. To comply with a legal obligation – to keep information we are required to.
Online browsing Where your personal data are collected by cookies or similar technologies (“cookies”*) when you browse L’Oréal website/apps or on third-party website/apps where we have cookies. For information on the specific cookies placed on a particular website/app, please check the cookies table or tool available on the specific website/app. *cookies are small text files stored on your device (computer, tablet or mobile) when you are on the Internet, including on L’Oréal Group’s websites.

Data related to your use of our websites, including:
Where you came from;
Login details;
Location;
Data related to your navigation on our apps/websites, incl. scroll/mouse movement (but in an manner that does not identify you);
Videos you watched;
Pages/ads/content you looked at, clicked or tapped on;
Duration of your visit; and/or
Products you searched for and/or selected to create your basket.

Technical information:
Your IP address;
Browser information;
Device information; and/or
Your unique ID which is given to each visitor, and the expiration date of the ID.

We use cookies, together with other personal data you have already shared with us (such as previous purchases, or whether you’re signed up to our email newsletters) for the following purposes:

To deliver targeted advertising, that is to show you:
online advertisements for products which may be of interest to you, based on your previous behaviour; and/or
ads and content on social media platforms or other websites.

You can opt out of targeted advertising by using the function available on our website (where applicable), or in your browser settings. For opting out of targeted advertising on social media platforms, please visit the relevant social media platform to explore the options they may provide.

To tailor our services for you, that is to:
show you recommendations, marketing, or content based on your profile and interests; and/or
display our websites in a tailored way, for example, show you products we think you might like.

To allow our websites/apps to function properly, that is to:
ensure the proper display of content;
create and remember your shopping cart;
create and remember your account login details;
interface personalisation, such as language, or any user-interface customisation (i.e. parameters attached to your device including your screen resolution or font preference), etc.;

perform troubleshooting; and/or
improve user experience and our websites/apps, for example, by testing new ideas or layouts.
Please note that we only track your navigation on the website/app (e.g., mouse movements) to ensure our websites/apps function properly, for troubleshooting, and to improve user experience, as explained above. We do so in a way that does not identify you and use encryption mechanisms to ensure that the personal data provided on the website/app is always masked and never recorded.


To ensure our websites/apps are secure and safe, and to protect you against fraud or misuse of our websites/apps or services.

To run statistics, that is to:
avoid visitors being recorded twice;
know users’ reaction to our advertising campaigns.
improve our offers; and/or
understand how you discovered our websites/apps.

To allow sharing of our content on social media platform.

Consent – to store cookies on your device. Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii secure our tools.Consent – to store cookies on your device.
Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii secure our tools.

Promotions

Where your personal data are collected during a competition, game, contest, promotional offer, sample request, survey etc.

Professional Account details;
First name and surname;
Email address;
Phone number;
Birthday or age range;
Gender;
Address;
Personal description or preferences;
Social media profile (where you use your social media login or share this personal data with us); and/or
User generated content;
Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or by participating in a contest, game, survey etc.).
To:
Complete tasks that you have asked us to, for example to manage your participation in the promotion, including to take into account your feedback and suggestions;
Run analytics and statistics;
Add your participation to your profile so we can understand your interests and preferences.
The performance of a contract – so you may entered into the promotion/we can deliver the prize.
Our legitimate interests: (i) to improve our products and services; and (ii) better engage with you.
User Generated Content Where your personal data are collected when you submit content (for example images or ratings and reviews) on one of our websites/apps/social media platforms, or accept our re-use of any content you posted on social media platforms. Professional Account details;
First name and surname or alias;
Email address;
Photo;
Personal description or preferences;
Social media profile (where you use your social media login or share this personal data with us); and/or
Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, or by providing your own content such as photos or a review, or a question via the chat function available on some websites).
To:
Use the content you have created and/or shared in accordance with the specific terms and conditions accepted by you e.g. to post your review/content and to promote our products;
Run analytics and statistics; and/or
Add your content to your profile so we can understand your interests and preferences.
Consent – to provide you with the service you have requested, for example, so you can upload the content of your choice, or so we can reuse your content for which you have given your consent.
Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii) secure our tools and design new features.

Use of websites/apps and devices Where your personal data are collected as part of your use of our websites/apps and/or devices (for example when you provide your personal data when completing online forms).

First name and surname;
Gender;
Email address;
Photo;
Location;
Birthday or age range;
Personal description or preferences, including characteristics such as skin tone, skin/hair type (e.g., your beauty profile); and/or
Application or device usage data.
To:
Provide you with the service(s) you requested (e.g. test our products virtually, enable you to purchase our products, provide you with advice and notifications regarding your sun exposure, skin/hair routine etc.);
Analyse your personal characteristics and recommend appropriate products (including bespoke products) and routines;
Provide you with learning materials and information on brands, products, and services;
Facilitate communication and connection between users (e.g. chat functions);
Conduct research and innovation by scientists within the L’Oréal Group;
Monitor and improve our apps and devices; and/or
Run analytics and statistics.
Consent – to provide you with the service you have requested, for example, show you recommended products or complete your purchase.
The performance of a contract – to deliver the service you have requested;
Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii) secure our tools.

Enquiries Where your personal data are collected when you ask questions relating to our brands, our products and their use, or your purchases, account or rights.

Professional Account details;
First name and surname;
Phone number;
Email address;
Other information you have shared with us about yourself in relation to your enquiry (which may include welfare, health data and call recordings).
To:
Answer and manage your enquiries;
Conduct studies in relation to the safe use of our products;
Run analytics and statistics; and/or
Add your questions or concerns to your profile so we can understand your interests and preferences.

The performance of a contract – to respond to your enquiries.
To comply with a legal obligation – to monitor any undesirable effects of our products.
Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii) secure our tools.

Stakeholder (e.g., influencer) engagement Where your personal data are collected from publicly available information contained in social media and public profiles.

Personal data manifestly made publicly available by you such as content available in your public profile, and media coverage, including:
First name and surname;
Gender;
Email address;
Address;
Phone number;
Photo;
ID/username;
Preferences; and
User generated content, such as reviews or images you share.
To:
Review your profile to ensure our values are aligned and evaluate partnership opportunities;
Manage our contractual relationship where a partnership opportunity is created;
Run analytics or collect statistics.

Our legitimate interests to: (i) ensure that when we elect to work with you on a particular project/activity, our values are aligned. For influencers, for example, we assess whether your posted content aligns with our Value Charter, (ii) prevent fraud or criminal activity (e.g. to ensure you do not buy or artificially inflate your follower account e.g. via “paid-for” or “like-for-like” means).
The performance of a contract – where our relationship is based on a contract with you (e.g., influencers).
To comply with a legal obligation – to protect you and our business (against e.g. corruption, money laundering etc.)
The processing of special categories of data is limited to data manifestly made public by you.

Event, seminars and training sessions Where you are interacting with us in the course of your professional occupation as our customer, client, vendor, service provider, journalist etc

Professional account details;
First name and surname;
Organisation name;
Gender;
Birthday or age range;
Dietary requirements;
Professional occupation;
Professional and/or personal email address;
Professional and/or personal address;
Professional and/or personal phone number;
Professional account details and/or membership associations
Photo;
Preferences;
Spoken language; and/or
Other information you have shared with us about yourself
To:
Invite you, organise the relevant event and manage the seminars and events that we organise as part of our business activities;
Provide you with information and training on our products, services, and brands, tailored to your professional profile.
The performance of a contract, to provide you or your organisation with the requested service
Our legitimate interests to: (i) contact you with information about our products and services; (ii) improve our products and services; (iii) better engage with you.
Consent or explicit consent – to provide you with the service you have requested, for example, to accommodate the dietary requirement(s) you have requested.

Store Premises Where your personal data are collected when you visit a store.

Photo/Video captured via CCTV. To:
Assist in the prevention and detection of crime and manage enquiries; and/or
Help ensure the health, safety and security of employees and visitors, information located or stored within the premises, and assets.
Our legitimate interests: (i) prevent fraud and criminal activity; and (ii) secure our tools.
To comply with legal obligation – to meet health and safety requirements.

 

Automated Decision Making

Automated decision making means the ability to make decisions using technology, without human involvement.

We may use automated decision making techniques for the purposes of securing transactions placed through our websites/apps and/or devices against fraud. In addition, we may use a third party provider’s solution to protect our systems, assets etc. against fraud.

The method of fraud detection is based on a number of different data prediction and data intelligence techniques that may change over time, to keep up with technological advancement. These may include, for example, simple comparisons, or association, clustering, prediction and outlier detections using intelligent agents, data fusion and data mining techniques. This fraud detection process may be completely automated or may involve some human intervention where the final decision is taken by a person. In all cases, we take all reasonable precautions and safeguards to limit access to your data.

As a result of automatic fraud detection, you may: (i) experience a delay in the processing of your order/request whilst we review your transaction; and/or (ii) be limited or excluded from using a service if a risk of fraud is identified.

You have the right to access the information on which we base our decision. Please see “Your Rights and Choices” section below.

 

Profiling

When we send or display personalised communications or content, we may use a technique known as “profiling” (or “insights”). This means any form of automated processing of personal data to evaluate certain personal aspects about an individual, in particular to analyse or predict aspects concerning their personal preferences, interests, economic situation, reliability, behaviour, location or movements.

This means that we may collect personal data about you in the different scenarios mentioned in the table above, and use this data to analyse, evaluate, or predict your personal preferences, interests, behaviour and/or location.

Based on our analysis, we may send or display communications and/or content specifically tailored to your interests and/or needs.

We ensure that we have an appropriate legal basis to process your personal data when conducting profiling activities. You may have the right to object at any time to the use of your personal data for “profiling”. Please see “Your Rights and Choices” section below.

 

Who may access your Personal data?

First, we want to be clear that we do not sell your personal data.

We may share your personal data within L’Oréal.

 

L’Oréal represents several different brands and products. For more information on L’Oréal, and the brands it represents, please see http://www.loreal.co.uk/.

Your personal data may be accessed within L’Oréal. Where appropriate, we may share your personal data between our brands to harmonise and update the information you share with us, to tailor our communications based on your preferences, and to run analytics and perform statistics. Where you receive communications from all L’Oréal brands, rather than one or two specific brands, your personal data may also be shared within L’Oréal.

 

We may share your personal data within the L’Oréal Group.

Please visit the L’Oréal group website, for further details on the L’Oréal Group, its brands and its locations.

Your personal data may be accessed by the L’Oréal Group. This means that we may share your personal data across the L’Oréal Group, which includes our ultimate parent company and its subsidiaries. Access will always be controlled on a need-to-know basis, and only provided where it is necessary to provide you with requested services or to allow us to perform any necessary or legitimate functions.

We may also share your personal data in a pseudonymised way (not allowing direct identification) with L’Oréal Research & Innovation scientists, including those located outside of your country, for research and innovation purposes.

Where permitted, we may also share some of your personal data, including data collected through cookies, between brands to harmonise and update information you

share with us, to perform statistics based on your characteristics and to tailor our communications to you.

 

We may share your personal data for marketing purposes with third parties or L’Oréal Group entities.

We only share your personal data with third parties for direct marketing purposes with your consent. In this context, your personal data is processed by the third party acting as a controller, and its own terms and conditions, as well as its privacy policy will apply to its processing. You should review their documentation carefully before consenting to the disclosure of your personal data to that third party.

 

Your personal data may also be processed on our behalf by our trusted third party suppliers.

We rely on trusted third parties to perform a range of business operations on our behalf. We only provide them with the information they need to perform the service, and we require that they do not use your personal data for any other purpose. We always use our best efforts to ensure that all third parties we work with will keep your personal data secure. For example, we may entrust services that require the processing of your personal data to:

  • Third parties that assist and help us in providing digital and e-commerce services such as social listening, store locator, loyalty programs, identity management, reviewing social media and public profiles, ratings and reviews, CRM, web analytics and search engine, user generated content curation tools;
  • Advertising, marketing, digital and social media agencies to help us to deliver advertising, marketing, and campaigns, to analyse their effectiveness, and to manage your contact, questions and our relationship;
  • Third parties required to deliver a product to you e.g. postal/delivery services;
  • Third parties that assist and help us in providing IT services, such as platform providers, hosting services, maintenance and support on our databases as well as on our software and applications;
  • Payment service providers and credit reference agencies for the purpose of assessing your credit score and verifying your details where this is a condition of entering into a contract with you;
  • Third parties that assist us for customer care and cosmetovigilance purposes;
  • Third parties that assist us in providing training, seminars, and events, such as training providers travel agencies, and event management companies; and/or
  • Third parties that provide us with consulting services in the field of market research and analytics, collect feedback and conduct market surveys on our products, services and otherwise for customer relationship management purposes.

The legal basis for this sharing is our legitimate interests – (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; (iv) secure our tools and design new features; (v) use appropriate suppliers; and (v) ensuring your values align with that of L’Oréal’s.

 

We may also disclose your personal data to third parties:

  • In the event that we sell any or part of our business or assets, we may disclose your personal data to the prospective buyer of such business or assets. If L’Oréal or a part of its assets are acquired by a third party, personal data we hold about our consumers relating to those assets will be one of the transferred assets. In such cases, your personal data will be processed by the buyer acting as the new controller and its privacy policy will govern the processing of your personal data;
  • If we are under a duty to disclose or share your personal data in order to comply with a legal obligation, or in order to enforce or apply our terms of use/sales or other terms and conditions you have agreed to; or to protect the rights, property, or safety of L’Oréal, our customers, or others; and/or
  • In other circumstances if we have your consent or we are permitted to do so by law.

 

We may disclose your personal data to our partners:

  • In the event the service you use, subscribe to, or the event in which you participate is co-created by L’Oréal and a partner (for example, a co-branded app, an event/promotion or survey run in partnership with a third party). In such cases, L’Oréal and the partner will process your personal data each for their own purposes and as such your personal data will be processed:
    • By L’Oréal in accordance with this Privacy Policy;
    • By the partner acting also as a data controller, and its privacy policy shall govern the processing of your personal data for its purposes.
  • To display L’Oréal content (for example recommended products/services) on our partners’ sites where you have agreed to receive advertising that is tailored to you (either by accepting our or our partners’ cookies). Where you accept our cookie from our partners, they may store a cookie on your device and so you should read their privacy and cookies policy. In the other cases, we only share data that does not directly identify you with our partners. Our partners will then determine which of our products/services to display to visitors of their websites.
  • We may publish content created by third parties. Where we do this, the third party may place a cookie on your device if you read this content. Please read the third parties’ Cookie Policy for details on what information they may gather from the cookie, and how it is used.

When we use Google advertising services on our websites, apps and/or devices. Google will access and use your personal data when we utilise their services. If you would like to learn more about how Google uses your personal data in this context, please review their Google Privacy & Terms available here which govern these services and data processing.

Information that Facebook collects and shares with us

 

  • All Facebook features and services available on our websites, apps and/or devices are governed by the Facebook Data Policy. Pease review this policy if you would like more information on your privacy rights and settings options.
  • When using any of our websites/apps and/or devices, you may be able to:
    • sign-in with your Facebook login. If you do so, you consent to share some of your public profile information with us;
    • use the Facebook social plug-ins, such as “like” or “share” to share our content, or your user generated content on the Facebook platform;
    • accept cookies from our website/apps (also known as “Facebook Pixels”). These types of cookies help us understand your activity including for example, information about your device, how you use our services, any purchases you make and the ads you see, whether or not you have a Facebook account or are logged into Facebook.
    • When you use any Facebook features, we collect your data to help us to:
      • show you ads you might be interested in on Facebook or any of its other services (Instagram, Messenger etc.); and
      • measure and analyse the effectiveness of our websites, apps and/or devices.
    • We may also use any personal data you provide us with on our websites, apps and/or devices (e.g. your name, email address, gender and phone number), to identify you on Facebook or any of its other services (Instagram, Messenger etc.), in order to show you ads that are more relevant for you. While doing this, Facebook will not share your personal data and will delete the information promptly after the matching process is complete.

 

Where we Store your Personal data

The personal data that we collect from you may be transferred to, accessed from, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our service providers.

L’Oréal transfers personal data outside of the EEA, only in a secure and lawful way. As some countries may not have laws governing the use and transfer of personal data, we take steps to make sure that third parties adhere to the commitments set out in this Privacy Policy. These steps may include reviewing third parties’ privacy and security

standards, and/or entering into appropriate contracts (on the basis of the template adopted by the EU Commission and available via its homepage).

 

For further information, please contact us as per the “Contact” section below.

 

How Long Do We Keep Your Personal data

We will keep your personal data for as long as we need it to provide you with your requested service(s) or to meet our commercial or legal obligations.

To determine the retention period of your personal data, we consider several criteria to make sure that we do not keep your personal data for long than is necessary or appropriate. These criteria include:

  • The purpose for which we hold your personal data;
  • Our legal and regulatory obligations in relation to that personal data, for example any financial reporting obligations;
  • Whether our relationship with you is ongoing, for example, you have an active account with one or more of our brands, you continue to receive marketing communications, or you regularly browse or purchase off our websites/apps);
  • Whether you are no longer actively participating or engaging with our brands, for example, you do not open our emails, visit our websites, or share user generated content;
  • Any specific requests from you in relation to the deletion of your personal data; and
  • Our legitimate business interests in relation to managing our own rights, for example the defence of any claims, or for statistical purposes.

 

In particular, we retain certain personal data for the following periods:

  • Where you purchase products and services, we keep your personal data for the duration of our contractual relationship;
  • Where you participate in a promotional offer, we keep your personal data for the duration of the promotional offer;
  • Where you create a professional account, we keep your personal data until you request we delete it or after a period of inactivity (i.e. where you have not interacted with us for a period of time). This is period is defined in accordance with local regulations and guidance;
  • Where cookies are placed on your computer, they are stored for as long as necessary to achieve their purposes (e.g. for the duration of a session for shopping cart cookies or session ID cookies) and otherwise for a period defined in accordance with local regulations and guidance.

When we no longer need to use your personal data, it is removed from our systems and records, or anonymised so that you can no longer be identified from it.

 

Is Your Personal data Secure?

We are committed to keeping your personal data secure, and taking all reasonable precautions to do so. We contractually require that trusted third parties who handle your personal data for us do the same.

We always do our best to protect your personal data and once we have received your personal data, we use strict procedures and security features to try to prevent unauthorised access. As no transmission of information via the internet is completely secure, we cannot guarantee the security of your personal data transmitted to our site although. Any transmission is therefore at your own risk.

 

Links to Third Party Sites and Social Login

Our websites/apps may, from time to time, contain links to and from the websites of our partner networks, advertisers and/or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you share any personal data with these websites.

We may also offer you the opportunity to use your social media login when interacting with our websites/apps. If you do so, please be aware that you will be sharing your profile information with us. The personal data that is shared will depend on your social media platform settings. Please visit the relevant social media platform and review its privacy policy to understand how your personal data is shared and used in this context.

 

Social Media and User Generated Content

Some of our websites and apps allow users to submit their own content. Please remember that any content submitted to our social media platforms can be viewed by the public, and you should be cautious about providing certain personal data e.g. financial information or address details. We are not responsible for any actions taken by other individuals if you post personal data on one of our social media platforms and we recommend that you do not share such information.

 

Your Rights and Choices

L’Oréal respects your right to privacy: it is important that you are able to control your personal data. You may have the following rights:

Many cookies are used to enhance the usability or functionality of a website; therefore disabling some types of cookies may prevent you from using certain parts of our websites.If you wish to manage your preferences regarding the cookies which are set by our websites, please use the tool available on the particular website (if applicable), or refer to the Help function within your browser to learn how to manage your settings within your browser. For more information please consult the following links:
http://www.aboutcookies.org/.

Your rights What does this mean?
The right to be informed You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data, and your rights. This is why we are providing you with the information in this Privacy Policy.
The right of access You have the right to access any personal data we hold about you (subject to certain restrictions). In exceptional circumstances we may charge a reasonable fee for providing such access but only where permitted by law (e.g. where your request is manifestly unfounded or excessive).
The right to rectification You have the right to have your personal data rectified if it is incorrect or outdated and/or completed if it is incomplete. If you have an account, it may be easier to correct your own personal data via your “My Account” function.
The right to erasure/right to be forgotten In some cases, you have the right to have your personal data erased or deleted. Note this is not an absolute right, as we may have legal or legitimate grounds for retaining your personal data.
The right to object to direct marketing, including profiling You can unsubscribe or opt out of our direct marketing communication at any time. The easiest way to do this is by clicking on the “unsubscribe” link in any email or communication we send you or follow any other opt-out instructions communicated to you. In circumstances where you have the right to object to profiling you should contact us using the details below.
The right to withdraw consent at any time for and personal data processing based on consent You can withdraw your consent to our processing of your personal data when such processing is based on consent. Where you withdraw your consent, this does not affect the lawfulness of our processing before your withdrawal. Please see the table in section “what personal data do we collect from you and how do we use it” specifically the column “What is our legal basis for processing your personal data?” to see where/when our processing is based on consent.
The right to object to processing based on legitimate interests You may object at any time to our processing of your personal data when such processing is based on our legitimate interests. Please see the table in section “what personal data do we collect from you and how do we use it” specifically the column “What is our legal basis for processing your personal data?” to see where/when our processing is based on legitimate interests.
The right not to be subject to a decision based solely on automated decision-making which produces legal effects or similarly significant effects You may have the right not to be subject to such type of automated decision-making about you, unless: (i) you gave us your explicit consent to use your personal data to make our decision; (ii) we are allowed by law to make our decision; or (iii) our automated decision was necessary to enable us to enter into a contract with you.
The right to lodge a complaint with a supervisory authority You have the right to contact the data protection authority of your country in order to lodge a complaint against our data protection and privacy practices. Do not hesitate to contact us at the details below before lodging any complaint with the competent data protection authority as we will always seek to resolve your complaint in the first instance.
The right to data portability You have the right to move, copy or transfer personal data from our database to another. This only applies to personal data that you have provided, where processing is based on a contract or your consent, and the processing is carried out by automated means. Please see the table in section “what personal data do we collect from you and how do we use it” specifically the column “What is our legal basis for processing your personal data?” to see where/when our processing is based on consent or the performance of a contract.
The right to restriction This right means that our processing of your personal data is restricted, so we can store it, but not use nor process it further.
It applies in the following limited circumstances set out in the General Data Protection Regulation:
the accuracy of the personal data is contested by you, for a period enabling L’Oréal to verify the accuracy of the personal data;
the processing is unlawful and you object to the erasure of your personal data and request L’Oréal restricts the ways in which it processes your personal data;
L’Oréal no longer needs your personal data for the purposes of its processing, but you require the personal data for the establishment, exercise or defence of legal claims;
You object to L’Oréal’s processing of your personal data based L’Oréal’s legitimate interests, pending the verification whether the L’Oréal’s legitimate grounds override your rights and freedoms.
The right to turn on/off cookies The settings from the Internet browsers are usually programmed by default to accept cookies, but you can easily adjust it by changing the settings of your browser or, where available, by using the tools on our websites.

 

How can I exercise these rights?

For more information, or to request any of the rights noted above, please contact us on the details set out below.

Note that we may require proof of your identity and full details of your request, before we process any request(s).

 

CONTACT

If you have any questions or concerns about how we treat and use your personal data, or would like to exercise any of your rights above, please contact us at [email protected] or by writing to us at:

 

Data Protection Officer

L’Oréal (UK) Limited

Gateway Central

187 Wood Lane

London

W12 7SA

 

If you would like to get in touch with our Data Protection Officer, please contact us at [email protected].