MANAGED BY L’OREAL ACTIVE COSMETICS (L’OREAL DERMATOLOGICAL BEAUTY PLATFORM)
Respect your privacy and your data
L'Oréal Active Cosmetics’s ambition is to be an exemplary corporate citizen and help build a better
world. We therefore give great importance to the principles of honesty and transparency and we are
committed to building a strong and lasting relationship with our partners based on mutual trust and
interest. Part of this commitment means protecting and respecting your privacy as well as your personal
- We respect your privacy and your choices.
- We make sure that privacy and security are embedded in everything we do.
- We do not send you marketing communications unless you have asked us to. You can change your mind at any
- We never offer or sell your data.
- We are committed to keeping your data safe and secure. This includes only working with trusted partners.
- We are committed to being open and transparent about how we use your data.
- We do not use your data in ways that we have not told you about.
- We respect your rights, and always try to accommodate your requests, in line with our own legal and
collect or retain concerning you, the way we can use them, the purposes for which we collect them, the
people with whom we can share them, how we protect them and ensure their security, as well as the rights you
have regarding this data.
When you provide us with personal data and/or when we collect or generate data about you
2.  Who we are and who is Concerned about this Policy ?
3.  What is a Personal Data & a Processing?
data collected, generated and more generally processed by L'Oréal in relation to an event it organized.
- The term "personal data" refers to any information that may identify you directly or indirectly (the "Data").
In practice, the data that can identify you directly are:
- Your names and surnames,
- Your email
- Your country
- Tamooz Marketing Communications and ANY OTHERS
In practice, the data that can identify you indirectly are:
- Your IP address,
- The MAC address of your mobile devices,
- OS/Device type
- User agent
What is a Data Processing?
Any operation we do or plan to do directly or indirectly with the Data as it includes any operation
such as collecting, recording, hosting, sending, organizing, structuring, storing, keeping/retaining, adapting /
modifying, retrieving, consulting/access, using, disclosing by transmission, or otherwise making available,
alignment or combination, restriction, erasing/deleting etc.
4.  Which Data do we collect from you and how do we use them?
How do we collect, generate or receive your Data?
- We may collect or receive your Data directly from you, such as through one of the following means :
- Our information system, via the use of our webmail,
- Our extra and intranet,
- The forms or questionnaires that you fill-in;
- The social networks or any other tool made available.
In other cases we collect your Data ourselves by connecting to this platform
When we collect Data from you, we identify the required fields with an asterisk. Some of the Data we
require is mandatory for the following reasons:
- Organisation of your visit on our E-booth
- The answer to a request that you may have sent us into the contact Us section
- The answer to request that you may have provided us through the chat in foyer area.
Failing to provide the required information may have consequences on the performance of
the services and tools that we provide you or that are available.
Under no circumstances will we collect your Data via tools that you are not aware of.
- In the event that your personal, or professional situation changes and that requires a modification of your Data, you agree to update them, either directly on the platform as case may be, or by contacting the service identified in paragraph “Contact us” below.
Table summarizing the purposes, data processed, grounds of the processing and retention period
You will find in the table below detailed information relating to the following items:
In which context may your Data be collected?
This column lists the activities you are performing or the circumstances when we use or collect your Data. For
example, to manage your participation to visit our booth platform.
Which Data relating to you are we likely to retain?
This column lists the categories of Data that we collect considering the circumstances.
How and why do we use your Data for?
This column explains what we could do with your Data and the purposes of their collection.
On which legal basis do we process your personal data as part of the purpose of the processing?
This column explains the legal basis on which we process your Data, namely:
- An agreement you may have with L'Oréal (information about products or services)
- Our legitimate interest , which may be:
- To provide you with information required.
- The security of our tools, to ensure the protection and safety of our tools (websites) and to
ensure that they work properly and are constantly improved.
- Legal obligations when the applicable law or regulation requires the processing of the, which is often
the case with regard to security.
- Your consent in a few instances *.
* With regard to processing based on your consent (i.e. processing that do not fall within 1 to 3 above) L'Oréal
Active Cosmetics can ask you at any time to consent to a data processing. Consent-based processing is an
integral part of this Policy and will therefore be implemented in accordance with these provisions. You may
withdraw your consent for these processing, as explained below under "Your Rights and Your Choices"
- Retention of your Data
This column lists the retention periods for each category of Data and purposes.
|In which context may your Data be collected?
||Which Data relating to you are we likely to retain?
||How and why do we use your Data for ?
||On which legal basis do we process your personal data as part of the purpose of the processing?
||Retention of your Data
Through our L’Oréal Dermatological Beauty platform entitled
Your data will be collected for the sole use of this activity/booth platform visitation of Vichy brand
We may contact you to answer your questions if you have required additional information through the
contact us section or the chat box
- First name
- Last name
- Address email
- IP Address
- Traffic source/referral
Organization of your visit on our E-booth
The answer to a request that you may have sent us into the contact Us section
To participate to the Vichy raffle
To comply with legal or compliance obligations
- 3 month
Automated Individual decision making & profiling
Automated individual decision-making
L’Oréal does not use automated systems for individual
Certain techniques that constitute "profiling" (defined as "any form of automated processing of personal
data consisting of the use of personal data to evaluate certain personal aspects relating to a natural
person, in particular to analyze or predict certain aspects concerning that natural person’s performance
at work, economic situations, health, personal preferences, interests, reliability, behavior, location
- We do not collect Data for profiling about you in the different scenarios mentioned in the table above.
We study the use of our tools through statistics, but we do not evaluate or predict your personal preferences and / or interest.
Who can access to your Data ?
We can share your Data within L’Oréal’s Group.
Depending on the purpose for which your Data is processed, any member of the L'Oréal’s organization staff of the
event, may have access to your Data, provided that:
- They need to have access to your Data,
- If possible, the Data is in a pseudonymized form (not allowing any direct identification), and
- It is necessary as part of your participation process within L'Oréal, or to meet our legal obligations,
to prevent fraud and/or to secure our tools, for reasons of physical security, or after having obtained
your consent to do so.
This means that we can communicate your Data to our holding company, L'Oréal S.A., and its subsidiaries
- We decide who has access to your Data for each type of Data
- Your Data is only available to people and employees who need to access to this Data as part of their
duties within L'Oréal (e.g. The organization team of the event), as well as the trusted third parties we
- Access rights have been defined internally for this purpose.
Your Data may also be processed on our behalf by trusted service providers.
- We may also share your Data with some of our service providers who need to access to some of your Data to
perform the mission assigned to them by L'Oréal, including those that are located outside your
country. In this case, L'Oréal imposes strong commitments to these co-contractors regarding the processing,
confidentiality, and security measures regarding the Data that these service providers access to. Thus, we
only provide them the Data necessary to perform the services they have been assigned and we require that
they do not use your Data for any other purposes.
As part of this, your Data may be shared with:
- third parties that provide us with Saas solutions and tools to organize yourparticipation to this
specific digital congress .
- third parties that assist and help us in providing IT services, such as platform providers,
hosting services, maintenance and technical assistance services for our databases as well as for our
software and applications that may contain data relating to you (these providers may sometimes
require access to your Data to perform the requested tasks);
- third parties that provides us with administrative services, such as file archiving;
- third parties that help us to ensure the security and monitoring of our premises.
- We may also disclose your Data to third parties in certain specific situations:
- If we are obliged to disclose or share your Data to comply with a legal obligation, a court or
administrative order or decision, or to protect the rights, property or safety of L'Oréal, its customers or
If you have given your consent to do so; or
- If the law allows us to do so.
We will not give or sell your Data.
8.  How long do we retain your Data?
- We retain your Data only for the period necessary to achieve the purpose for which we hold the
Data, to meet to your needs or to fulfill our legal obligations. Generally, most of this
Data is retained for the duration of the event and its consequences.
- When we do not need to use you Data, in particular, we delete your Data from our systems and files or anonymize
them so that they no longer allow your identification.
- We may retain certain Data in order to fulfill our legal or regulatory obligations and to allow us to exercise our
rights (e.g. filing a claim before the courts) or for statistical or historical purposes.
- We may fully anonymize your Data and use it to generate statistics and other type of reports.
To know how long your Data can be retained, please refer to the summary table above.
9.  Where do we store you Data and what security measures are implemented to protect them ?
- Location of your Data:
- Your Data may be transferred, accessed to and stored in a country located outside the European Economic Area
(the "EEA"). They can also be processed by individuals working outside the EEA who work for us or for one of our
trusted service providers.
- L'Oréal transfers Data outside the EEA only in a secure manner and in compliance with the applicable
regulations. As some countries may not have laws governing the use and transfer of Data, we undertake to take
all necessary steps to ensure that third parties comply with the terms and conditions set out in this Employees’
Policy. These measures may include controlling the standards applied by these third parties as part of data
protection and security and / or the execution of appropriate agreements (e.g. the standard contractual clauses
adopted by the Commission of the European Union).
- For further information, please contact us as indicated in the "Contact" section below.
- Security measures implemented
- We take all reasonable and useful measures regarding the nature of the Data and the risks induced by its
processing, to preserve the security of the data and, in particular, to prevent them from being distorted,
damaged, or that unauthorized third parties have access.
- Our general IT security policy is described in the L’Oréal IT Policy that we have implemented and which includes
obligations for you as well, since the security of your Data also depends on you.
- In addition, we require third party service providers who have access to your Data on our behalf, through an
agreement, to commit to the same obligations.
- However, considering that the provision of Data via the Internet is not completely secure,we cannot guarantee
the security of your Data provided via the Internet.
10.  Your rights and your choices
L'Oréal respects your right to privacy, it is important that you control your Data.
- To be informed: You have the right to receive clear, transparent, understandable and easily available
information about how we use your Data and about your rights. This is the purpose of the information included in
this this Policy.
- Accessing and obtaining a copy: You have the right to access to your Data that we retain (subject to certain
restrictions), and to obtain a copy of such Data.
- Right to rectify: You have the right to require that your Data be rectified if it is inaccurate or out of date
and / or completed if it is incomplete.
- Right to object: You may object, in writing, to the collection and processing of your Data as part of any
processing based on our legitimate interests, subject to the applicable legal and regulatory provisions. In case
of disagreement, we will have to prove the legitimacy of this treatment for our interests. On the other hand,
you cannot oppose the processing of your Data which is essential for the performance of the event or compliance
with the Law.
- Right to erasure and right to be forgotten: In some cases, you have the right to obtain the erasure or deletion
of your Data. This is not an absolute right, as we may be forced to retain your Data for legal or legitimate
- Right to withdraw your consent at any time for consent-based data processing: You may withdraw your consent to
the processing of your Data if this processing is based on your consent. Withdrawing your consent does not have
consequences on the lawfulness of consent-based processing prior to such withdrawal. For example, you may object
to receiving our marketing messages at any time by clicking on the "unsubscribe" link in any email or
communication we send you. You can also object to the processing of your image or your voice You can also
contact us at the coordinates below. You can read the table included in the section "What data do we collect
from you and how do we use it?" and in particular under the column “On which legal basis do we process your
personal data as part of the purpose of the processing?” to know if our processing is based on your consent.
- File a complaint before a supervisory authority: You have the right to file a complaint before the data
protection authority of your country to dispute L'Oréal's data protection practices and respect of privacy. You
may contact us at the contact details below before filing any complaint to the relevant data protection
- Right to Data portability: You have the right to move, copy or transmit data relating to you from our database
to another one. This only applies to the data you have provided, when the processing is based on your consent or
an agreement and it is implemented via automated means. You may read the table added in the section "What data
do we collect from you and how do we use it?" and in particular under the column “On which legal basis do we
process your personal data as part of the purpose of the processing?” to know if our processing is based on an
agreement or the consent.
- Right to restriction of processing: You have the right to request the restriction of your Data processing. This
means that the processing of your Data be limited, so that we may retain the Data but not use or process it.
This right applies in specific circumstances provided for by the General Data Protection Regulations, namely:
- the accuracy of the Data is challenged by the data subject (i.e. You), for a period enabling the controller
(i.e. L’Oréal) to verify the accuracy of the Data;
- the processing is unlawful and the data subject (i.e. You) opposes the deletion of the Data and requests the
restriction of their use instead;
- the controller (i.e. L’Oréal) no longer needs the Data for the purposes of the processing, but they are required
by the data subject (i.e. You) for the establishment, exercise or defense of legal claims;
- the data subject (i.e. You) has objected to the processing based on legitimate grounds from the controller (i.e.
L’Oréal) pursuant to pending the verification whether the legitimate grounds of the controller (i.e. L’Oréal)
override those of the data subject (i.e. You).
To exercise each of the rights listed above, please contact us at the contact details below. We may ask you to
prove your identity and provide additional information about your request before processing your request.
11.  Contact us if you have any questions or wish to exercise your rights
If you have any questions or comments about how we process and use your Data, or if you wish to exercise any of your
rights listed above, please contact us at the e-mail address, mentioning your subsidiary:
L’Oreal Data protection officer