L'ORÉAL (UK) LIMITED PRIVACY POLICY

1.   Purposes of this Privacy Policy

   •  Respect your privacy and your data

L'Oréal's ambition is to be an exemplary corporate citizen and help build a better world. We place great value on honesty and clarity, and we are committed to building a strong and lasting relationship with our partners based on mutual trust and interest. Part of this commitment means protecting and respecting your privacy as well as your personal data. This is why we set out “Our Privacy Promise” and our full Privacy Policy below.

OUR PRIVACY PROMISE

For more information about our privacy practices, below we set out the types of personal data that we might collect or hold about you, how we use it, who we shared it with, how we protect is and keep it secure, and your rights around your personal data.
 When you provide us with personal data and/or when we collect or generate data about you with our tools, we undertake to process them in accordance with this Privacy Policy.

 2.  Who we are and who is Concerned about this Policy? 

 This Privacy Policy applies to all attendees at events (such as meetings, shows, exhibitions etc.) organised by L’Oréal (UK) Limited. When we say “L’Oréal”, “us”, “our” or “we”, this is who we are referring to.

   •  Who is the data controller?

L’Oréal (UK) Limited
255 Hammersmith Road
London, W6 8AZ

L’Oréal is responsible for the personal data that you share with us and is the “data controller” for the purposes of applicable data protection laws.

   •  Who does this Privacy Policy relate to

This Privacy Policy applies to all participants who attend an event organised by L’Oréal. Participants include, for example: 

   •   Professionals or partners; and

   •   Non-L’Oréal employees, interns or temporary workers or apprentices.

 3.  What is Personal Data & Data Processing? 

The Privacy Policy applies to all personal data collected, generated and otherwise processed by L'Oréal in relation to an event it has organised.

   •   The term "personal data" refers to any information that may identify you directly or indirectly.

        ○   Personal data that can identify you directly include: 

           •   Your name and surname;
           •   Your email/postal address/phone number;
           •   Your username; 
           •   Your birthday;
           •   Your picture; 
           •   Content you create;
           •   Your financial information; and 
           •   Information relating to your education and your career. 

        ○   Personal data that can identify you indirectly include:  

           •   Your IP address, 
           •   The MAC address of your mobile devices, 

   •   What is a Data Processing? 

It is any operation performed on personal data such as collecting, recording, hosting, sending, organising, structuring, storing, keeping/retaining, adapting/modifying, retrieving, consulting/access, using, disclosing by transmission or otherwise making available, alignment or combination, restriction, erasing/deleting etc.

 4.  What personal data do we collect from you and how do we use it? 

   •   How do we collect, generate or receive your personal data?  

        ○   We may collect or receive your personal data directly from you, through for example, one of the following means:   

           •   Our information system, via the use of our webmail;
           •   Our extranet/intranet;
           •   The applications and software that you use;  
           •   The badging system;
           •   The CCTV system;
           •   The forms or questionnaires that you fill-in; and/or 
           •   The social networks or any other tool made available.

        ○   In other cases we collect your personal data ourselves (e.g. when CCTV system or badging system is implemented or the data generated by the tools we use as part of the management of the event).  

        ○   When we collect personal data from you, we identify the required fields with an asterisk. Some of the personal data we require from you is mandatory for example:   

           •   To assist in the organisation of the event you are attending (e.g. knowing that you are attending); 
           •   To respond to a request you may have made (e.g. to send you an information, to validate your registration/subscription to a service, to make catering arrangements);
           •   To comply with legal obligations. 

Failing to provide the required information may have consequences on the performance of the services and tools that we provide you or that are available. Under no circumstances will we collect your personal data via tools that you are not aware of. In the event that your personal/professional situation changes and that requires a modification of your personal data, you must let us know by contacting us at [email protected], or applicable method we described to you during the event. 

5.  Table summarizing the purposes, data processed, grounds of the processing and retention period  

The table below provides detailed information relating to the following items: 

   •   In what context is your personal data collected?

This column explains what activity or scenario you are involved in when we use or collect your personal data. For example, the type of event you are participating in.

   •   What personal data may we hold about you?

This column explains what types of personal data we may collect when you take part in a particular activity.

   •   How and why do we use your personal data?

This column explains what we do with your personal data, and the purposes for collecting and using it.

   •   What is our legal basis for using your personal data?

Whenever we use your personal data, we will have a legal basis to do this. For example, you have asked us to provide a service, you have given us your consent, we have a legitimate interest in using your personal data. The legal basis for the processing of your personal data can be:

  1.   Your consent – This applies where you provide your personal data and specifically consent to us using it to provide you with a specific service, for example, so that:

      a.   you can receive marketing communications from us. If you later ask us to stop sending you marketing communications, we need to keep
           some of your personal data on a suppression list so that we can make sure we do not contact you again.
           This is a legal obligation; and

      b.   we can store certain cookies on your device. We may place targeted advertising cookies
           (these allow us to tailor services we offer, specifically to you), analytical cookies (these measure your interaction
           with our site so we can make improvements) on your device

  2.   The performance of a contract – This applies where you provide us with your personal data in order for us to provide you with a service (e.g. you request a place at an event we are holding).

  3.   Our legitimate interests –This applies where you provide us with your personal data and we use it to:

      a.   improve our products and services. By providing us with your personal data, we are able to better
           understand your needs and expectations when it comes to the products and services we offer.
           This understanding means we can improve our products and services so they match your needs.
           This might involve performing analytics on how you use our products, services, and websites/apps/devices,
           or trying out new functions which we think you might like based on what we know about you.

      b.   better engage with you. Where you provide us with your personal data,
           we may use it to encourage you to be more actively engaged with our products and brands and increase
           your overall brand engagement and awareness. One way we do this is by tailoring the marketing communications
           we send you so that you receive the information most relevant to you.

      c.   prevent fraud. Where you provide us with your personal data,
           it means we can action any payment you make when you purchase any of our products and/or services,
           and importantly, check that your payment is free from fraud.

  4.   To comply with a legal obligation – This is where you provide us with your personal data which we need to keep for our legal reasons (e.g. when you make a purchase we need to keep your transaction information to comply with our tax and financial reporting obligations

  5.   To protect the vital interests of an individua – – This is where we use your personal data to protect you (or someone else) where there is evidence of danger to your (or someone else’s) health and/or safety.

In what context is your personal data collected? What personal data may hold about you? How and why do we use your personal data? What is our legal basis for using your personal data?

Use of website
(anonymised data)

  • Pages visited
  • Average time spend on pages

Run analytics and statistics to learn and optimise user experience

  • Our legitimate interests in: (i)promoting the event;(ii)better engaging with you and future attendees; and(iii)improving promoting our products and/or services

SAMPLING

  • Name
  • Delivery address
  • Email address if opt into marketing

To fulfil your request for a sample and send you marketing where opted in

  • The performance of a contract - so you may attend the event you have selected
  • Consent

LIVE CHAT

Information you have shared with us about yourself via the chat function

To respond to your questions and otherwise interact with you

  • Our legitimate interests in: (i)promoting the event;(ii)better engaging with you and future attendees; and(iii)improving promoting our products and/or services


6. Automated Individual decision making & profiling

   •   Automated individual decision-making

Automated decision making means the ability to make decisions using technology, without human involvement.

L’Oréal does not use automated systems for individual decision-making.

   •   Profiling

This means automatically processing personal data to evaluate certain personal aspects about an individual, in particular to analyse or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.  
Where you provide us with content (feedback, text, images etc.) during events, or we send or display personalised communications or content to you, we may use some profiling techniques. This means that we may collect personal data about you in the different scenarios mentioned in the table above, and use this data to analyse, evaluate, or predict your personal preferences, interests, behaviour and/or location. Based on our analysis, we then send or display communications and/or content specifically tailored to your interests and needs.

7. Who can access to your Data ?

 Firstly, we want to be clear that we do not sell your personal data.

Depending on the purpose for which your Data is processed, any member of the L'Oréal’s organization staff of the event, may have access to your Data, provided that :

Depending on the purpose for which your personal data is processed, any member of the L'Oréal’s organisation staff of the event, may have access to your personal data, provided that:

This means that we can communicate your Data to our holding company, L'Oréal S.A., and its subsidiaries worldwide.

   •   We decide who has access to your Data for each type of Data

Your personal data is only available to people and employees who need to access it as part of their duties within L'Oréal (e.g. the organisation team of the event), as well as the trusted third parties we work with. Access rights have been defined internally for this purpose.

   •   Your personal data may also be processed on our behalf by trusted service providers.

We may share your personal data with some of our service providers who perform a range of business operations on our behalf, including those that are located outside your country. In this case, L'Oréal imposes strong commitments to these service providers regarding the processing, confidentiality and security measures regarding your personal data that these service providers have access to. Thus, we only provide them with your personal data it is necessary for them to have to perform the services they have been assigned, and we require that they do not use your personal data for any other purposes.

As part of this, your personal data may be shared with, for example:

   •   We may also disclose your personal data to third parties in certain specific situations:

   9. How long do we retain your personal data? 


10.  Your rights and your choices

L'Oréal respects your right to privacy: it is important that you control your personal data. You have the following rights:

To exercise each of the rights listed above, please contact us at the contact details below. We may ask you to prove your identity and provide additional information about your request before processing your request.

  10. Contact us 

If you have any questions or concerns about how we treat and use your personal data, or would like to exercise any of your rights above, please contact us at[email protected] or by writing to us at:
Data Protection Officer
L’Oréal (UK) Limited
255 Hammersmith Road
London
W6 8AZ
If you would like to get in touch with our Data Protection Officer, please contact us at [email protected]