L'OREAL SA
L’OREAL APIs MARKETPLACE PLATFORM
PRIVACY POLICY
This Privacy Policy (i) applies to all individuals who use the L’Oréal APIs Marketplace Platform (hereinafter the “Platform”), whether they are employees of the L’Oréal Group or a third party having been granted access to the Platform by L’Oréal (hereinafter “Users”) and (ii) aims at informing about the way L’Oréal SA processes the personal data of such Users.
L'Oréal's ambition is to be an exemplary corporate citizen and help build a better world. We therefore give great importance to the principles of honesty and transparency and we are committed to building a strong and lasting relationship with you based on mutual trust and interest. Part of this commitment means protecting and respecting your privacy as well as your personal data.
This is why we set out the statements hereunder, and our full Privacy Policy below.
- We respect your privacy and your choices.
- We make sure that privacy and security are embedded in everything we do.
- We do not send you marketing communications unless you have asked us to. You can change your mind at any time.
- We never offer or sell your data.
- We are committed to keeping your data safe and secure. This includes only working with trusted partners.
- We are committed to being open and transparent about how we use your data.
- We do not use your data in ways that we have not told you about.
- We respect your rights, and always try to accommodate your requests, in line with our own legal and operational responsibilities.
For more information, the Privacy Policy below sets out the different types of personal data that we may collect or retain concerning you, the way we can use them, the purposes for which we collect them, the people with whom we can share them, how we protect them and ensure their security, as well as the rights you have regarding this data.
When you provide us with personal data and/or when we collect or generate data about you with our tools, we undertake to process them in accordance with this Privacy Policy.
WHAT WILL YOU FIND IN THIS POLICY?
- WHO WE ARE, AND WHOM TO CONTACT?
- WHAT IS PERSONAL DATA?
- WHAT PERSONAL DATA DO WE COLLECT FROM YOU AND HOW DO WE USE IT?
- DETAIL OF PERSONAL DATA PROCESSINGS
- WHO CAN ACCESS TO YOUR PERSONAL DATA?
- HOW LONG DO WE RETAIN YOUR DATA?
- STORAGE AND SECURITY OF YOUR DATA
- YOUR RIGHTS AND YOUR CHOICES
- AUTOMATED INDIVIDUAL DECISION MAKING & PROFILING
- WHO WE ARE, AND WHOM TO CONTACT?
L’Oréal operates in 140 countries around the world and represents several different brands and products. For details on the L’Oréal Group, please see http://www.loreal.com/group.
Who is the data controller?
L’Oréal SA is responsible for the personal data that you share and acts as data controller as per applicable data protection laws, with regard to the processing activities of personal data relating to the Users of the Platform (hereinafter “you”).
When we say "L’Oréal", "we", “our” or "us" this is who we are referring to:
14, rue Royale, 75008 PARIS
Representative: Etienne Bertin Group Chief Information Officer
If you have any questions or comments about how we process and use your Data, or if you wish to exercise any of your rights listed in this Policy, please contact our Data Protection Officer [email protected] or by writing to us at L’Oréal SA, 14, rue Royale, 75008 PARIS.
14, rue Royale, 75008 PARIS.
- WHAT IS PERSONAL DATA?
“Personal data” means any information or pieces of information that could identify you either directly (e.g. your name) or indirectly (e.g. through pseudonymised data, such as a unique ID number). This means that personal data includes things like email/home addresses, usernames, profile pictures, personal preferences and shopping habits, user generated content, financial information, and health information. It could also include unique numerical identifiers like your computer’s IP address or your mobile device’s MAC address, as well as cookies.
A “Data Processing” (or “Processing”) is any operation we do or plan to do directly or indirectly with the Data as it includes any operation performed such as collecting, recording, hosting, sending, organizing, structuring, storing, keeping/retaining, adapting / modifying, retrieving, consulting/access, using, disclosing by transmission or otherwise making available, alignment or combination, restriction, erasing/deleting etc.
- WHAT PERSONAL DATA DO WE COLLECT FROM YOU AND HOW DO WE USE IT?
We may collect or receive your Data directly from you, such as through the Platform that you use, or via the forms/questionnaire that you fill-in. Sometimes you give this to us directly (e.g. when you create an account, when you contact us), sometimes we collect it ourselves (e.g. using cookies to understand how you use our websites/apps) or sometimes we receive your personal data from other third parties, including other L’Oréal Group entities.
When we collect Data from you, we indicate which types of personal data are mandatory via asterisks. Some of the Data we request from you are either necessary for us to:
- Perform our contract with you (e.g. to create your account);
- Answer a request that you have sent us or provide you with a service you have asked for (e.g. to send you an information);
- Use certain tools; or
- Comply with legal obligations.
In the table below, we explain:
- During which interactions you may provide and we may collect your data: This column explains what activity or scenario you are involved in when we use or collect your personal data. For example, where you are browsing a website.
- What personal data we may receive from you directly or resulting from your interactions with us: This column explains what types of personal data we may collect when you take part in a particular activity.
- How and why we use your personal data: This column explains what we do with your personal data, and the purposes for collecting and using it.
- What is our legal basis for using your personal data: Whenever we use your personal data, we will have a legal basis to do this. For example, you have asked us to provide a service, you have given us your consent, or we have a legitimate interest in using your personal data. The legal basis for the processing of your personal data can be:
- Your consent.
- Our legitimate interest, which can be:
- Improvement of our products and services: more specifically, our business interests to help us better understand your needs and expectations and therefore improve our services, websites/apps, devices, products and brands for our customers’ benefit.
- Fraud prevention: to ensure payment is complete and free from fraud and misappropriation.
- Securing our tools: to keep tools used by you (our websites/apps, devices) safe and secure and to ensure they are working properly and are continually improving.
- The performance of a contract – This applies where you provide us with your personal data in order for us to provide you with a service (e.g. you ask us to create a user account for you).
- Legal grounds – This is where we need to keep your personal data for legal reasons.
- DETAIL OF PERSONAL DATA PROCESSINGS
|
Information Overview On Your Interactions With Us And Their Consequences On Your Personal Data
|
||||
|
During which interactions may you provide and we may collect your personal data? |
What personal data may we receive from you directly or resulting from your interactions with us?
|
How and why we may use your personal data ? |
What is the legal basis for using your personal data?
|
|
|
Account creation and management
Where your personal data are collected as part of the creation of an account on the Platform.
|
This may include:
|
To:
|
To provide you with the Platform services you requested (e.g. create an account). |
Personal data are kept during all commercial relationship with l’Oréal API Portal till 90 days after the user account deletion |
|
To ensure our Platform and websites/apps, devices remain secure, to protect them against fraud, and to help us better understand your needs and expectations and therefore improve our services, products and brands.
|
3 Years |
||
|
Online browsing
Information collected by cookies or similar technologies (“Cookies”*) as part of your browsing on the Platform and/or on third-party website/apps.
For information on specific Cookies placed through a given website/app, please consult the relevant cookie table.
* Cookies are small text files stored on your device (computer, tablet or mobile) when you are on the Internet, including on L’Oréal Group’s websites. |
Depending on how much you are interacting with us, those data may include:
Technical information:
A unique identifier granted to each visitor and the expiration date of such identifier.
|
We use Cookies, where relevant, with other personal data you have already shared with us (such as you’re signed up to our email newsletters) for the following purposes:
|
To ensure we are providing you with websites/apps, advertising and communications that are working properly and are continually improving for cookies that are (i) essential for the functioning of our websites/apps, (ii) used to keep our websites/apps safe and secure.
|
Personal data are kept during all commercial relationship with l’Oréal API Portal till 90 days after the user account deletion |
|
|
For all other cookies.
|
Personal data are kept during all commercial relationship with l’Oréal API Portal till 90 days after the user account deletion |
||
|
User Generated Content
Information collected when you submitted some content on the Platform or accepted the re-use of content you posted on the Platform by us.
|
Depending on how much you are interacting with us, those data may include:
|
In accordance with the specific terms and conditions accepted by you:
|
To reuse the content you posted online. |
3 Years |
|
To help us better understand your needs and expectations and therefore improve and promote our services, products and brands.
|
3 Years |
||
|
Use of the Platform
Information collected as part of your use of the Platform. |
Depending on how much you are interacting with us, those data may include:
|
To:
|
To provide you with the Platform services requested. |
Personal data are kept during all commercial relationship with l’Oréal API Portal till 90 days after the user account deletion |
|
To always improve our products and services to match your needs and expectations and for research and innovation purposes.
|
Personal data are kept during all commercial relationship with l’Oréal API Portal till 90 days after the user account deletion |
||
|
Enquiries
Information collected when you ask questions relating to the use of the Platform and contents made available to you on the Platform.
|
Depending on how much you are interacting with us, those data may include:
|
To:
|
To process your enquiry.
|
Personal data are kept during all commercial relationship with l’Oréal API Portal till 90 days after the user account deletion |
|
To help us better understand Users’ needs and expectations and therefore improve our services.
|
Personal data are kept during all commercial relationship with l’Oréal API Portal till 90 days after the user account deletion |
- WHO CAN ACCESS TO YOUR PERSONAL DATA?
We may share your personal data within L’Oréal Group to comply with our legal obligations, to prevent fraud and/or to secure our tools, to improve our products and services, or after having obtained your consent to do so.
Depending on the purposes for which they were collected, and only on a need-to-know basis, some of your personal data may be accessed by L’Oréal Group entities worldwide, where possible in a pseudonimized way (not allowing direct identification), and where necessary to provide you with requested services.
For L’Oréal employees, we may also share personal data relating to member of the L'Oréal’s Group staff with the L’Oréal Human Resources department, provided that:
• There is a professional need to access to your Data, and
• It is necessary as part of your employment/collaboration process within L'Oréal.
If possible, the Data is in a pseudonymized form (not allowing any direct identification).
This means that we can communicate your Data among L’Oréal subsidiaries worldwide.
Where permitted, we may also share some of your personal data including those collected through cookies between our brands to harmonize and update the information you share with us, to perform statistics based on your characteristics and to tailor our communications.
Please visit the L’Oréal Group website, for further details on the L’Oréal Group, its brands and its locations.
We decide who has access to your Data for each type of Data.
- Your Data is only available to people and employees who need to access to this Data as part of their duties within L'Oréal, as well as the trusted third parties we work with.
- Access rights have been defined internally for this purpose.
Your Data may also be processed on our behalf by trusted service providers.
We may also share your Data with some of our service providers who need to access to some of your Data to perform the mission assigned to them by L'Oréal, including those that are located outside your country.
In this case, L'Oréal imposes strong commitments to these co-contractors regarding the processing, confidentiality and security measures regarding the Data that these service providers access to. Thus, we only provide them the Data necessary to perform the services they have been assigned and we require that they do not use your Data for any other purposes.
As part of this, your Data may be shared with:
- third parties that provide us with solutions and tools available on the Platform;
- third parties that provide us with SaaS solutions and tools to manage the services you have opted in;
- third parties that assist and help us in providing IT services, such as platform providers, hosting services, maintenance and technical assistance services for our databases as well as for our software and applications that may contain data relating to you (these providers may sometimes require access to your Data to perform the requested tasks);
We may also disclose your Data to third parties in certain specific situations:
- If we decide to or intend to transfer of an activity/business or assets (by any means including the sale of the entity carrying on that business or owning such assets), we may disclose your Data to the purchaser of that activity or assets and potential purchasers as part of an audit including to their counsel.
- If L'Oréal or any part of its assets is acquired by a third party, your Data will be considered as one of the assets transferred. If so, your Data will be processed by the acquirer that will act as the new data controller and its data privacy policy will then govern the processing of your Data.
- If we are obliged to disclose or share your Data to comply with a legal obligation, a court or administrative order or decision, or to protect the rights, property or safety of L'Oréal, its customers or employees;
- If you have given your consent to do so; or
- If the law allows us to do so.
We will not give or sell your Data.
- HOW LONG DO WE RETAIN YOUR DATA?
We retain your Data only for the period necessary to achieve the purpose for which we hold the Data, to meet to your needs or to fulfill our legal obligations.
- When we do not need to use you Data, we delete your Data from our systems and files or anonymize them so that they no longer allow your identification.
- We may retain certain Data in order to fulfill our legal or regulatory obligations and to allow us to exercise our rights (e.g. filing a claim before the courts) or for statistical or historical purposes.
- We may fully anonymize your Data and use it to generate statistics and other type of reports.
To know how long your Data can be retained, please refer to the summary table above.
- STORAGE AND SECURITY OF YOUR DATA
Location of your Data:
- Your Data may be transferred, accessed to and stored in a country located outside the European Economic Area (the "EEA"). They can also be processed by individuals working outside the EEA who work for us or for one of our trusted service providers.
- L'Oréal transfers Data outside the EEA only in a secure manner and in compliance with the applicable regulations. As some countries may not have laws governing the use and transfer of Data, we undertake to take all necessary steps to ensure that third parties comply with the terms and conditions set out in this Employees’ Policy. These measures may include controlling the standards applied by these third parties as part of data protection and security and / or the execution of appropriate agreements (e.g. the standard contractual clauses adopted by the Commission of the European Union).
- For further information, please contact us as indicated in the "Contact" section above.
Security measures implemented
- We take all reasonable and useful measures regarding the nature of the Data and the risks induced by its processing, to preserve the security of the data and, in particular, to prevent them from being distorted, damaged, or that unauthorized third parties have access.
- Our general IT security policy is described in the L’Oréal IT policies for employees and third parties that we have implemented and which include obligations for you as well, since the security of your Data also depends on you.
- In addition, we require third party service providers who have access to your Data on our behalf, through an agreement, to commit to the same obligations.
However, considering that the provision of Data via the Internet is not completely secure, we cannot guarantee the security of your Data provided via the Internet.
- YOUR RIGHTS AND YOUR CHOICES
L’Oréal respects your right to privacy: it is important that you are able to control your personal data.
You have the following rights:
|
Your rights |
What does this mean? |
|||||||
|
The right to be informed |
You have the right to obtain clear, transparent and easily understandable information about how we use your personal data, and your rights. This is why we are providing you with the information in this Policy. |
|||||||
|
The right of access |
You have the right to access to the personal data we hold about you (subject to certain restrictions). We may charge a reasonable fee taking into account the administrative costs of providing the information. Requests manifestly unfounded, excessive or repetitive may not be answered to. To do this, please contact us at the details above. |
|||||||
|
The right to rectification |
You have the right to have your personal data rectified if it is incorrect or outdated and/or completed if it is incomplete. To do this, please contact us at the details above. If you have an account, it may be easier to correct your own data via your “My Account” function. |
|||||||
|
The right to erasure/right to be forgotten |
In some cases, you have the right to have your personal data erased or deleted. Note this is not an absolute right, as we may have legal or legitimate grounds for retaining your personal data. If you would like us to delete your personal data, please contact us at the details above. |
|||||||
|
The right to object to direct marketing, including profiling |
You can unsubscribe or opt out of our direct marketing communication at any time. It is easiest to do this by clicking on the “unsubscribe” link in any email or communication we send you. Otherwise, you can contact us using contact detail above. If you would like to object to any profiling, please contact us at the details above. |
|||||||
|
The right to withdraw consent at any time for data processing based on consent
|
You can withdraw your consent to our processing of your data when such processing is based on consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. We refer to the table inserted in section “what data do we collect from you and how do we use it” especially the column “What is our legal basis for processing your data?” to identify where our processing is based on consent. If you would like to object to withdraw your consent, please contact us at the details above. |
|||||||
|
The right to object to processing based on legitimate interests |
You can oppose at any time to our processing of your data when such processing is based on the legitimate interest. We refer to the tables inserted in section “what data do we collect from you and how do we use it” especially the column “What is our legal basis for processing your data?” to identify where our processing is based on legitimate interests. To do so, please contact us at the details above. |
|||||||
|
The right to lodge a complaint with a supervisory authority
|
You have the right to contact the data protection authority of your country in order to lodge a complaint against the data protection and privacy practices of L’Oréal. Do not hesitate to contact us at the details above before lodging any complaint with the competent data protection authority. |
|||||||
|
The right to data portability |
You have rights to move, copy or transfer data from our database to another. This only applies to data that you have provided, where processing is based on a contract or your consent, and the processing is carried out by automated means. We refer to the tables inserted in section “what data do we collect from you and how do we use it” especially the column “What is our legal basis for processing your data?” to identify where our processing is based on the performance of a contract or on consent. For further details, please contact us at the details above. |
|||||||
|
The right to restriction |
You have the right to request restriction of our processing of your data. This right means that our processing of your data is restricted, so we can store it, but not use nor process it further. It applies in limited circumstances listed by the General Data Protection Regulation which are as follow:
If you would like to request restriction, please contact us at the details above. |
|||||||
|
The right to deactivate Cookies |
You have the right to deactivate Cookies. The settings from the Internet browsers are usually programmed by default to accept Cookies, but you can easily adjust it by changing the settings of your browser. Many cookies are used to enhance the usability or functionality of websites/apps; therefore disabling cookies may prevent you from using certain parts of our websites/apps as detailed in the relevant Cookie Table. If you wish to restrict or block all the cookies which are set by our websites/apps (which may prevent you from using certain parts of the site), or any other websites/apps, you can do this through your browser settings. The Help function within your browser should tell you how. For more information please consult the following links: http://www.aboutcookies.org/; |
To exercise each of the rights listed above, please contact us at the contact section above. We may ask you to prove your identity and provide additional information about your request before processing your request.
- AUTOMATED INDIVIDUAL DECISION MAKING & PROFILING
Automated individual decision-making
L’Oréal does not use automated systems for individual decision-making.
For your information, a “fully automated decision”, is a decision which affects the individual, and which is made throughout algorithms processed on his own personal Data, and without any human intervention.
Profiling
Certain techniques that constitute "profiling" (defined as "any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict certain aspects concerning that natural person’s performance at work, economic situations, health, personal preferences, interests, reliability, behavior, location or movement").
We do not collect Data for profiling about you in the different scenarios mentioned in the table above.
We study the use of our tools through statistics, but we do not evaluate or predict your personal preferences and / or interest.