POLICY FOR PROTECTION OF PERSONAL DATA
Concerned about the protection of your privacy, we attach great importance to the confidentiality of the personal data that you send to us.
We would like to explain to you by this policy for the protection of personal data (hereinafter the “Policy”), the nature of the personal data that we collect, the way in which we process it and the measures that we take to ensure its security and the nature of your rights.
Our Policy can be updated at any time by us and these modifications shall take effect immediately. We thus invite you to regularly consult it in order to take note of the latest version available.
By using our internet site us.nuxe.com or www.nuxe.com (hereinafter called the “Site”), you declare that you accept the terms of this Policy and agree that we can collect, use and disclose your personal data in accordance with the Policy. This Policy applies to all the personal data that you provide to us directly or indirectly. In the event of disagreement about the terms of the Policy, we invite you not to use our site.
For any further information, you can contact us here.
1.Who collects your personal data?
Your personal data collected in the framework of our activities are mainly processed by:
Registered office: 19 Rue Péclet, 75015 PARIS
Paris Corporate Register number: 642.060.123
And for the Spa, also by NUXE SPA
Registered office: 19 Rue Péclet, 75015 PARIS
Paris Corporate Register number: 497.883.587
2.When do we collect your data?
We collect, directly or indirectly through our service providers, personal data from you notably when:
- You browse on our Site or use our Services on our Site,
- You create an account on our Site,
- You connect to your account on our Site,
- You use your account on our Site,
- You subscribe to our newsletter,
- You place and pay for an order on our Site,
- You use our loyalty programme,
- You draft a customer opinion, a comment about our social networks or our Site,
- You contact us through various channels including, in particular, the contact forms, by post or by telephone,
- You contact us via our tchat or webcallback,
- You participate in a game or competition, product tests, satisfaction surveys and polls,
- You visit us in the Institute/Spa,
- You share content on social networks by using a hashtag #Nuxe or hashtags that we propose to you,
- You have given your agreement to third parties so that they can send us personal data concerning you,
- You share your content with us on our UGC (User Generated Consent),
We only collect your personal data when this is strictly necessary and legal. We undertake only to collect the minimum of personal information necessary for the purposes covered by this Policy.
In the event where we will need to use your personal data for purposes not covered by this Policy, additional consent will be requested from you. Such consent is not compulsory but will sometimes be necessary so that we can be able to meet our needs/requests.
Please note, however, that your consent will not be necessary if the processing that we make of your personal data is justified by a legitimate reason on condition that this use has no prejudicial effect on your own rights and interests.
3.How do we collect your data?
We can collect personal information about you from various sources, notably:
- The personal data collected directly, that you voluntarily communicate to us notably through collection forms (for example: last name, first name, address details, etc)
- The personal data collected indirectly, automatically or with your express consent at the time of use of our Site
- The personal data that you choose to share at the time of us of sites third parties, that we have collected from other sources
- The personal data concerning you coming from other legitimate sources, including sources available commercially, such as public databases, data aggregators, etc.
4.What personal data do we collect?
In this Policy, “your personal data” means information or items of information which allow you to be identified directly or indirectly. This generally includes information such as your name, address, profile photo, e-mail address and telephone number, but can also include other information such as your IP address, your buying habits, and information about your lifestyle or your preferences.
Even if the precise details of the personal data that we collect vary according to specific needs, we generally collect the following data:
At the time of your browsing on our Site and/or your connection to your account
your last name, first name, e-mail address, connection data, technical data including your IP address, browsing information concerning your terminal
At the time of the creation of your account on our Site
your last name, first name, e-mail address, date of birth, type of skin, Facebook ID (if connection linked to Facebook)
At the time of your registration for our newsletter
your e-mail address
At the time of the filing of your opinion about a product and/or service proposed on our Site or our social networks
the content of your opinion
At the time of the filing of content on our UGC and our social networks
Content filed (image, photograph, video, opinion, etc)
At the time of your contacting our Consumer Department
your last name, first name, e-mail address, postal address, date of birth, telephone number, order number, the content of your request.
At the time of your participation à games/competitions, product tests, satisfaction surveys and polls
your last name, first name, e-mail address, date of birth, your content connected to the participation (photographs, videos, opinions, comments etc), Facebook ID.
At the time of your visit to the Institute/Spa
your last name, first names, telephone number, e-mail address, postal address, date of birth, data contained in the health questionnaire
When you authorise third parties to send us data
the content of the data that you provide to them
This data is honestly collected; no collection is made without the knowledge of the persons and without their being informed thereof.
5.For what purposes do we collect your data?
The processing that we use has an explicit, legitimate and specific purpose.
Any processing of your personal data which may have a purpose other than those set out below shall require your consent if it is not justified by a legitimate interest.
For our part, the processing of your personal data allows us to provide you with the services of the Site, ensure their improvement and the maintaining of a secure environment and, in particular, to:
- Manage the functioning and the optimisation of our Site and our services and products
- Help accelerate your future activities and experiences on our Site
- Assess the use of our Site, of our products and services and to analyse the effectiveness of our communication campaigns and promotions
- Personalise your experience on our Site and other platforms and to asses anonymously and globally the activity on our Site and other platforms (in particular, we take into account the time when you visited it, if you have already visited it and what site referred you to it)
- Make our Site easier to us and better adapt our Site, our products and services to your interests and needs
- Carry out the transactions concerning our business relationship (orders, payment, deliveries, invoices, accounting, satisfaction survey, customer service, etc)
- Manage the loyalty programme and make you benefit from its advantages. This processing is conducted subject to your consent
- Manage our customer relationship through our CRM, in order to get to know you better, personalise our products and services and contact you concerning the products and services capable of interesting you (launching of new products, promotional offers, promotional events, beauty lessons and/or demonstrations, PR event, VIP meetings, store opening events, announcements/events, events with shopping centres, department stores, celebrities, magazines, television, Web sites, joint promotions, etc.), on condition that you have given your consent (or that you have not expressed your refusal) or that you have previously requested a product or service from us and that the communication is relevant or connected to this prior request and made within the times stipulated by the applicable laws.
- Provide you with the products or services that you request from us (request for information, replying to your questions/comments)
- Provide a customer service accessible by telephone or by instant messaging by type of purchase
- Provide sharing tools on our Site and/or social networks
- Provide you with mobile messaging services by which you can receive text or other types of messages from NUXE such as SMS or MMS on your mobile telephone, on condition that you have previously accepted to receive these messages on the mobile number that you have provided to us for this purpose
- Proceed with the verification, identification and authentication of the personal data that you have sent us
- Prevent and detect frauds, malwares (malicious software) and manage security incidents
- Manage eventual disputes
- Comply with applicable laws, including requests and subpoenas from lawful authorities for information they may request
We try to minimise the data collected, to keep it accurate and un to date by facilitating the rights of the persons concerned.
6.For how long to we keep your data?
In accordance with the legislation and regulations in effect, we do not keep your data beyond the duration strictly necessary for the purposes pursued above.
THE TYPE OF DATA
THE DURATION OF CONSERVATION
>The personal data that you have filled out/declared in your profile.
>The data concerning your browsing and your use of the Site,
Duration of three (3) years from your last activity on the Site
>The data concerning an order
Duration of three (3) years from your order
>The audience measurement statistics and your gross data of frequentation of our Site
Duration of thirteen (13) months
>The prospects/customer data
Duration of three (3) years from its collection or the last contact or the end of the business relationship.
>The banking data
Duration of the transaction.
Subject to your express agreement, this data can be kept until the expiry date of the bank card.
>The data permitting proof of a right or a contract to be established or kept to comply with a statutory obligation
Archiving in accordance with the legislation in effect
>The information concerning the listening to and recording of conversations in order to improve the Consumer Service
The duration of the request with a maximum of six months
However, in order to fulfil our administrative, legal, accounting and tax obligations, your data can be the subject of archiving and be kept beyond the above-mentioned periods, in accordance with the legislation in effect.
7.What is our policy concerning cookies?
For more details, please consult our policy concerning cookies.
8.Who are the recipients of your data?
We are the sole recipients of your personal data and we do not market it.
On the other hand, to the extent that this turns out to be necessary, we can communicate your personal data to authorised and specified recipients, namely:
- all of the employees of the companies of the Nuxe Group,
- our advertising, marketing and promotion agencies to help us execute and analyse the effectiveness of our advertising campaigns and promotions,
- third parties required to deliver a product or service to you, such as delivery or a postal service delivering a product that you have ordered,
- third party suppliers of services, such as the suppliers of hosting services for Web sites,
- suppliers of Web analysis tools such as Google,
- our service providers and/or business partners when sharing is necessary to achieve the purposes stated above,
- the administrative or judicial authorities when they request us to disclose your information to them,
We require that these recipients take the technical and organisational measures necessary and appropriate to ensure the confidentiality and optimal security of your data against any improper use and that only use it in accordance with our instructions and the legislation and regulations in effect, notably by the signature of an agreement for the protection of personal data.
9.What is our Policy about transfer outside of the EU?
We inform you that we may transmit personal data concerning you for the needs set out above to another company of the Nuxe Group or trusted partners located outside of the European Economic Area, whose legislation concerning the protection of personal data differs from that of the European Union.
When these partners are located outside of the European Union, we take, as far as possible, all the appropriate measures to guarantee the security of such transfers by one of the following measures:
- Either by obtaining your express and unequivocal consent to sharing your personal data with these third parties,
- Or by concluding contracts for the transfer of data reproducing the standard clauses of the European Commission,
- Or by complying with internal company rules in accordance with applicable laws,
- Or by ensuring that these third parties are companies that have registered with the EU-US Privacy Shield and are self-certified.
We contractually require of our partners that they take all the technical and organisational measures to ensure the confidentiality and the security of your data.
10.How do we protect your data?
In our capacity as processing manager, we take all reasonable precautions to protect the security and the confidentiality of your personal data by deploying organisational, technical, software and physical measures and we require from our partners that they do the same.
Access to your personal data is restricted to prevent any unauthorised access, any modification, interference, loss and/or abuse. However, despite our efforts, we cannot guarantee the perfect security of the transmission or storage of your personal data on the Internet due to the fact that the Internet is not an environment sufficiently safe and secure.
11.How can you exercise your rights?
In accordance with the IT and Rights Law of 6 January 1978 as amended, and the General Regulations for the Protection of Data no 2016/679 dated 27 April 2016, you have:
- A right of access to your personal data,
- A right of rectification of your personal data,
- A right of opposition to the processing of your personal data for legitimate reasons,
- A right to the deletion of your personal data subject to having legitimate reasons,
- A right of portability of your personal data as from 25 May 2018,
- A right to “digital death” in accordance with the Law for a Digital Republic, by providing us with instructions concerning the conservation, deletion and the communication of your personal data after your death. These instructions can be recorded with a “trusted third party in digital affairs” certified by the CNIL.
In the absence of a person appointed to ensure the execution of these instructions, your heirs will be appointed.
In the absence of instructions during your lifetime, your heirs will then have the possibility of exercising certain rights, in particular,:
- the right of access, if it is necessary “for the settlement of the estate of the deceased person”,
- the right of opposition to proceed with the closure of your user accounts and oppose the processing of their data.
To exercise these rights, you only need to make a written request for this, signed and accompanied by an identity document to the Consumer Department:
- either by sending a letter to the following address:
Service consommateurs, (Consumer Department)
19 Rue Péclet
- or by an e-mail to the address: email@example.com
A reply will be sent to you within one (1) month from the date de receipt of your request. Nevertheless, we reserve the right not to answer requests that are clearly unjustified.
However, you can exercise your right of access to and of rectification of your personal data at any time from your Account, excluding the data collected indirectly.
How do you deregister from our newsletter lists?
Deregistration from our newsletters lists is accessible through the deregistration link present at the bottom of all our newsletters.
What is our Policy concerning personal data of minors?
Our Site is intended only for those who are 18 years or older, and, for minors who have the authorisation of their legal representative allowing them to make an order on the Site.
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us immediately at firstname.lastname@example.org . If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.
LABORATOIRE NUXE is not responsible for the illegal collection or processing of personal data made by social networks that we use such as Facebook, Instagram and Twitter.
As a service provided to our visitors, our Site may contain hypertext links referring to other web sites which are neither operated nor controlled by LABORATOIRE NUXE.
This being the case, LABORATOIRE NUXE shall not be held liable for the content of such web sites or for the measures of protection of data of third parties who operate them. We draw your attention to the fact that the measures of protection of the data of third parties can differ from those presented in this Policy. We ask you to verify and understand their measures in the matter before entrusting your personal data to them.
13.California Privacy Rights
California Civil Code Section 1798.83, also known as the “ Shine The Light ” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided above.
If you are under 18 years of age, reside in California, and have a registered account with the Service, you have the right to request removal of unwanted data that you publicly post on the Service. To request removal of such data, please contact us using the contact information provided above, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Service, but please be aware that the data may not be completely or comprehensively removed from our systems.