When you share personal data with us or when we collect personal data about you, we will use it in line with this Privacy Policy. Please read this information carefully. If you have any questions or concerns about your personal data, please contact us at data

Just like your skin, respect for your privacy is one of our priorities. When you visit our website or purchase our products, you may send us personal data, directly or indirectly. Your personal data are precious; they are part of your privacy.

NAOS therefore undertakes to collect and process your personal data in a transparent, fair and lawful manner.

We invite you to carefully read this Privacy Policy (hereinafter "the Policy"). Here you will find all the information about the data we collect, how we use it, how long it takes, how we protect it, what rights you have, and so on.

Our Privacy Policy may be updated or modified, depending on the evolution of our services, tools and regulations. The changes taking effect immediately, we invite you to consult it regularly.

Global Opt-In for NAOS United Kingdom and Ireland 

By signing up for the newsletter of any brand affiliated with NAOS United Kingdom and Ireland, including NAOS UKI Corporate, Bioderma brand (https://www.bioderma.co.uk/), Institut Esthederm brand (https://www.esthederm.com/en/), Etat pur (https://www.etatpur.com/), and our ecommerce website NAOS Store (https://www.naos-store.co.uk/), you are providing your explicit consent to receive communication from NAOS United Kingdom and Ireland. This communication may include updates, promotions, and information related to any of our brands. We are committed to safeguarding your privacy and complying with all applicable data protection laws, including the General Data Protection Regulation (GDPR) and UK data protection law.

Your personal information will be used solely for the purpose of delivering relevant newsletters and marketing content from NAOS United Kingdom and Ireland and its affiliated brands. You have the right to withdraw your consent or manage your communication preferences at any time by following the instructions provided in our communications or by contacting our Data Protection Officer at support@uki.naos.com.

We value your trust and are dedicated to ensuring that your personal information is handled with the utmost care and security. For more information on how we collect, process, and protect your data, please review our comprehensive Privacy Policy on our respective websites.

1. Which data is covered by the Policy?

This Privacy Policy applies to all personal data that you communicate to us or that we collect, directly or indirectly, in particular when you browse our website www.naos-store.co.uk (hereinafter "The Website") or on the occasion of the purchase of NAOS products.

A "personal data" is information that directly or indirectly identifies a natural person. This includes, for example, your name, e-mail address, phone number, but also data on your consumption habits, your skin type, etc.

Time of collection

Categories of data collected

Retention period

Legal basis

Account creation and management

 

Where your personal data are collected during the creation or management of an account on NAOS websites/apps, through a social media login or in store.

 

We collect:

First name and surname;

Gender;

Email address;

Address;

Phone number;

Photo;

Birthday or age range;

ID/username, and password;

Personal description or preferences;

Order details;

Social media profile (where you use your social media login or share this personal data with us);

User generated content; and/or

Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or by participating in a contest, game, survey etc.).

To:

Manage your orders;

Send you marketing communications (where you have asked us to) which may be tailored to your “profile” (i.e. based on the personal data we know about you and your preferences);

Offer you a loyalty program;

Offer personalised services based on your characteristics;

Allow you to manage your preferences;

Monitor and improve our websites and apps;

Run analytics or collect statistics;

Secure our websites and protect you and us against fraud;

Respond to your questions and otherwise interact with you; and/or

Manage any competitions, promotions, surveys or contests you enter.

 

The performance of a contract – so you can create and manage your account;

Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud or criminal activity; and (iv) secure our tools; and

Consent – so you can receive marketing communications from us.

Purchases and order management

 

Where your personal data are collected during the purchase process made on NAOS website/apps, in store or on voice assistant platforms.

We collect:

 

First name and surname;

Email address;

Address;

Phone number;

Personal description or preferences;

Social media profile (where you use your social media login or share this personal data with us);

Transaction information including purchased products;

Payment and information; and/or

Purchase history.

 

To:

Contact you to finalise your order where you have saved your shopping cart or placed products in your cart without completing the checkout process;

Inform you when a product you wanted to purchase is available;

Process your order including delivering the product to the address you indicated;

Manage payment. Please note that your payment information (credit card number/Paypal/bank account details) are not collected by us directly, but by secure payment service providers;

Manage any contact you have with us about your order;

Secure your transactions against fraud. We may use a third party provider’s solution to detect fraud and make sure that payment is completed;

If you place a purchase using a registered account, we will add this transaction to your profile so we can understand your interests and preferences and you will see a record of your transactions with us within your account (where applicable);

Manage any dispute relating to a purchase; and/or

Run analytics or collect statistics.

 

 

• The performance of a contract – so you can make purchase and we can manage the associated logistics. • Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud or criminal activity; and (iv) secure our tools. • To comply with a legal obligation – to keep information we are required to.

You browse our Website

We collect:

·         Your technical data for connection and navigation (e.g. your IP address, information about your browser, information about your device, pages visited, duration of your visit, etc.)

For more information, see our Cookie Policy.

13 months from the date of collection during your navigation.

Legitimate interest

Consent

Promotions

 

Where your personal data are collected during a competition, game, contest, promotional offer, sample request, survey etc.

First name and surname;

Email address;

Phone number;

Birth day or age range;

Gender;

Address;

Personal description or preferences;

Social media profile (where you use your social media login or share this personal data with us); and/or

User generated content;

Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us,  a question via the chat function available on some websites, or by participating in a contest, game, survey etc.).

To:

Complete tasks that you have asked us to, for example to manage your participation in the promotion, including to take into account your feedback and suggestions;

Run analytics and statistics;

Add your participation to your profile so we can understand your interests and preferences.

 

 

 

 

The performance of a contract – so you may entered into the promotion/we can deliver the prize).

Our legitimate interests: (i) to improve our products and services; and (ii) better engage with you.

 

You join the BIODERMA Loyalty Club, you use the services offered (e.g. declaration of your purchases, sending of your loyalty card, validation of your gift vouchers, payment of your prize pool, etc.), you use your account, you complete your profile, etc.

We collect:

·         Your identification data (e.g. surname, first name, postal address, email address, photo, etc.);

·         Data relating to your consumption habits (e.g. favourite outlets, cash receipts for proof of purchase, etc.);

·         If you consent, data relating to your health and your skin colour (e.g. skin-related pathology, phototype, etc.) in order to offer you adapted products;

·         Your personal situation (number of children and year of birth in order to offer you adapted products);

·         Bank or financial data (e.g. amount of your kitty, IBAN, PayPal account number, etc.);

·         Your profile on social networks (if you use it to connect, if you are active on our pages or if you communicate it to us).

3 years from the date of your account creation or last login to your account

Legitimate interest

Consent

Execution of a contract

You are sponsoring your friend (s)

We collect:

·         The identification data of your referrals (last name, first name, email address).

1 month from collection

Legitimate interest

You subscribe to our newsletter

We collect:

·         Your email address

3 years from the date of collection or last contact from you

Consent

You write via our social networking pages

We collect:

·         Identification data (surname, first name, etc.);

·         Your profile on social networks;

·         The content of your messages (which may include data relating to your health, skin colour, consumption habits, etc.).

3 years from the date of collection or last contact from you

Legitimate interest

Consent

You contact our Consumers Service or our advisers by email, phone, chat, mail

We collect:

·         Your identification data (e.g. surname, first name, postal address, e-mail address, etc.);

 

·         The information you agree to communicate to us (which may contain information relating to your health, skin colour, habits of consumption, etc.);

·         For chat: your real-time navigation data on our Website and the content of your preview messages (unsaved).

3 years from the date of collection or last contact from you

Legitimate interest

Consent

You participate in a game or contest

We collect:

·         Your identification details (e.g. surname, first name, postal address, email address, nickname, phone number, etc.).

Time required to manage the game

Completing a contract

You participate in a product test or a satisfaction survey

The data we collect depends on the purpose of the survey or test.

We can collect including:

·         Your identification data (name, surname, age, etc.);

·         Data relating to your health (e.g. pathology related to your skin);

·         Your family situation,

·         Data relating to your skin colour (e.g. phototype), etc.

Duration required to complete the test or survey and to interpret the results.

Legitimate interest

Consent

You declare a case of Cosmetovigilance

We collect:

·         Your identification data (e.g. surname, first name, postal address, e-mail address, etc.);

·         The reason and the content of our exchanges;

·         data relating to your health or your skin colour, if you decide or agree to communicate them to us;

·         Bank or financial data (e.g. IBAN in case of refund, etc.).

Duration provided by law

Legal obligation

During each collection, certain data (indicated by asterisks) must be provided in order to benefit from the services offered. The others are purely optional and allow us to know you better, for example to offer you adapted offers.

2. How do we collect data from minors?

Our website is accessible to anyone, major or minor.

However, the additional prior consent of the holder of parental authority is required for minors under the age of fifteen who subscribe to our services or provide us with personal data concerning them.

3. The case of third-party websites

On our website, you can connect via your social network profiles, click on links to our social networking pages, etc.

Social networks (Facebook, Instagram, Pinterest, Twitter, YouTube, etc.) may collect personal data about you. You will find below the links to the privacy policies of these main social networks. To ensure the security of your data, we invite you to consult the privacy policy of these websites.

You also have the option to publish content on our pages. We remind you that any content transmitted via our pages is accessible to the public. Concerned about the protection of your privacy, we invite you to be vigilant when you communicate your personal data on social networks. We are not responsible for the use that may be made by third parties, data that you have communicated publicly.

We remind you that we may collect the content you publish on our pages, to know you better and to segment our consumer databases.

4. Cookie management

We may be required to deposit and use cookies when browsing our website or mobile application, in particular to improve our content and the operation of our services.

As part of the protection of your privacy, we invite you to consult our Cookies Management Policy to obtain information on these cookies and set their operation.

5.Who are the recipients of your data?

We may be required to transmit your data to the following companies, structures and / or persons involved in the fulfilment of the purposes described in IV above:

  • Employees of NAOS Group companies who need to process the personal data collected for the purposes explained above;
  • Our subcontractors and service providers, for example to send you commercial solicitations when you have consented, to host our consumer databases, etc.;
  • Google, to measure the audience on our Website;
  • Social networks, to know your activity on our pages, your consumption habits etc.;

We select subcontractors, service providers and suppliers who provide sufficient safeguards to ensure the protection, security and privacy of your personal data, including the implementation of appropriate technical and organizational measures that meet the requirements of the law. They are only allowed to process your data according to our instructions.

Your personal data may also be communicated to the administrative or judicial authorities at their request, as well as to third parties or authorized recipients to comply with a legal obligation or for the exercise of legitimate interests.

6. How do we ensure the security of your data?

We undertake to use reasonable means to ensure that your personal data are sufficiently protected, taking into account the sensitive nature of certain information collected. We use a variety of technologies and procedures to ensure that your data is treated in a manner that protects it against unauthorized loss, destruction, alteration, disclosure, or access, whether unlawfully or accidentally.

We implement measures that respect the principles of protection from the design stage and, by default, the personal data processed. As such, we are able to use data anonymization techniques whenever possible and / or necessary.

We demand an equivalent level of security from our subcontractors.

For example, we or our subcontractors store your data on computer servers located in controlled locations and whose access is limited.

7. Where do we store your data?

Our company and our subcontractors process and store your data only in member countries of the European Union.

8. How can you exercise your rights?

In accordance with the laws in force, you benefit from:

  • A right to information;
  • A right of access to data concerning you;
  • A right to correct your data;
  • A right to erase data for legitimate reasons;
  • The right to oppose the processing of your data for legitimate reasons;
  • The right to withdraw your consent to the processing of your data;
  • A right to limit treatment;
  • The right to portability of data;
  • The right not to be the subject of a decision based exclusively on automated processing and having legal effects affecting you or affecting you significantly;
  • The right to oppose the commercial prospection;
  • The right to formulate guidelines regarding the storage, deletion and communication of your personal post-mortem data.

You may exercise these rights at any time by email at support@uk.naos.com or by post to the following address: Consumer Service NAOS UK - 1 Fetter Lane, EC4A 1BR London, UK.

A reply will be sent to you within one month of receiving your request.

We reserve the right not to respond to requests that are manifestly unfounded in accordance with European regulations. The person concerned will be informed of any refusal formulated by us.

You can also - if you wish - make a complaint to the GOV.uk website: https://www.gov.uk/data-protection.

For more information, please consult the following link: http://www.aboutcookies.org/.

9. How to contact the DPO?

We have appointed a Data Protection Officer (DPO) who can be reached at the following address: support@uk.naos.com, or by post at the following address: Legal Department - DPO, 1 Fetter Lane, EC4A 1BR London, UK.

The Data Protection Officer is available to provide any necessary information regarding the Data Protection Policy.

 

Additional Informations

Automated Decision Making

Automated decision making means the ability to make decisions using technology, without human involvement.

We may use automated decision making techniques for the purposes of securing transactions placed through our websites/apps and/or devices against fraud. In addition, we may use a third party provider’s solution to protect our systems, assets etc. against fraud.

The method of fraud detection is based on a number of different data prediction and data intelligence techniques that may change over time, to keep up with technological advancement. These may include, for example, simple comparisons, or association, clustering, prediction and outlier detections using intelligent agents, data fusion and data mining techniques. This fraud detection process may be completely automated or may involve some human intervention where the final decision is taken by a person. In all cases, we take all reasonable precautions and safeguards to limit access to your data.

As a result of automatic fraud detection, you may: (i) experience a delay in the processing of your order/request whilst we review your transaction; and/or (ii) be limited or excluded from using a service if a risk of fraud is identified.

You have the right to access the information on which we base our decision. Please see “Your Rights and Choices” section below.

Profiling

When we send or display personalised communications or content, we may use a technique known as “profiling” (or “insights”). This means any form of automated processing of personal data to evaluate certain personal aspects about an individual, in particular to analyse or predict aspects concerning their personal preferences, interests, economic situation, reliability, behaviour, location, or movements.

This means that we may collect personal data about you in the different scenarios mentioned in the table above, and use this data to analyse, evaluate, or predict your personal preferences, interests, behaviour and/or location.

Based on our analysis, we may send or display communications and/or content specifically tailored to your interests and/or needs.

We ensure that we have an appropriate legal basis to process your personal data when conducting profiling activities (e.g., consent). You may have the right to object at any time to the use of your personal data for “profiling”. Please see “Your Rights and Choices” section below.

Who may access your Personal data?

First, we want to be clear that we do not sell your personal data.

We may share your personal data within NAOS

NAOS represents several different brands and products. For more information on NAOS, and the brands it represents, please see www.naos.com

Your personal data may be accessed within NAOS. Where appropriate, we may share your personal data between our brands to harmonise and update the information you share with us, to tailor our communications based on your preferences, and to run analytics and perform statistics. Where you have opted in to receive communications from all NAOS brands, rather than one or two specific brands, your personal data may also be shared within NAOS.

We may share your personal data within the NAOS Group.

Your personal data may be accessed by the NAOS Group. This means that we may share your personal data across the NAOS Group, which includes our ultimate parent company and its subsidiaries. Access will always be controlled on a need-to-know basis, and only provided where it is necessary to provide you with requested services or to allow us to perform any necessary or legitimate functions.

We may also share your personal data in a pseudonymised way (not allowing direct identification) with NAOS Research & Innovation scientists, including those located outside of your country, for research and innovation purposes.

Where permitted, we may also share some of your personal data, including data collected through cookies, between brands to harmonise and update information you share with us, to perform statistics based on your characteristics and to tailor our communications to you.

We may share your personal data for marketing purposes with third parties or NAOS Group entities.

We only share your personal data with third parties for direct marketing purposes with your consent. In this context, your personal data is processed by the third party acting as a controller, and its own terms and conditions, as well as its privacy policy will apply to its processing. You should review their documentation carefully before consenting to the disclosure of your personal data to that third party.

Your personal data may also be processed on our behalf by our trusted third party suppliers.

We rely on trusted third parties to perform a range of business operations on our behalf. We only provide them with the information they need to perform the service, and we require that they do not use your personal data for any other purpose. We always use our best efforts to ensure that all third parties we work with will keep your personal data secure. For example, we may entrust services that require the processing of your personal data to:

Third parties that assist and help us in providing digital and e-commerce services such as social listening, store locator, loyalty programs, identity management, ratings and reviews, CRM, web analytics and search engine, user generated content curation tools;

Advertising, marketing, digital and social media agencies to help us to deliver advertising, marketing, and campaigns, to analyse their effectiveness, and to manage your contact, questions and our relationship;

Third parties required to deliver a product to you e.g. postal/delivery services;

Third parties that assist and help us in providing IT services, such as platform providers, hosting services, maintenance and support on our databases as well as on our software and applications;

Third parties that provide us with consulting services in the field of market research and analytics, collect feedback and conduct market surveys on our products, services and otherwise for customer relationship management purposes;

Payment service providers and credit reference agencies for the purpose of assessing your credit score and verifying your details where this is a condition of entering into a contract with you;

Third parties that assist us for customer care and cosmetovigilance purposes.

The legal basis for this sharing is our legitimate interests – (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; (iv) secure our tools and design new features; and (v) use appropriate suppliers.

We may also disclose your personal data to third parties:

In the event that we sell any or part of our business or assets, we may disclose your personal data to the prospective buyer of such business or assets. If NAOS or a part of its assets are acquired by a third party, personal data we hold about our consumers relating to those assets will be one of the transferred assets. In such cases, your personal data will be processed by the buyer acting as the new controller and its privacy policy will govern the processing of your personal data.

If we are under a duty to disclose or share your personal data in order to comply with a legal obligation, or in order to enforce or apply our terms of use/sales or other terms and conditions you have agreed to; or to protect the rights, property, or safety of NAOS, our consumers, or others.

In other circumstances if we have your consent or we are permitted to do so by law.

We may disclose your personal data to our partners:

In the event the service you use, subscribe to, or the event in which you participate was co-created by NAOS and a partner (for example, a co-branded app, an event/joint promotion or survey run in partnership with a third party). In such cases, NAOS and the partner will process your personal data each for their own purposes and as such your personal data will be processed:

By NAOS in accordance with this Privacy Policy;

By the partner acting also as a data controller and its privacy policy will govern the processing of your personal data for its purposes.

To display NAOS content (for example recommended products/services) on our partners’ sites where you have agreed to receive advertising that is tailored to you (either by accepting our or our partners’ cookies, or by consenting to receive our marketing). Where you accept our cookie from our partners, they may store a cookie on your device and so you should read their privacy and cookies policy. In the other cases, we only share data that does not directly identify you with our partners. Our partners will then determine which of our products/services to display to visitors of their websites.

We may publish content created by third parties. Where we do this, the third party may place a cookie on your device if you read this content. Please read the third parties’ Cookie Policy for details on what information they may gather from the cookie, and how it is used.

When we use Google advertising services on our websites, apps and/or devices. Google will access and use your personal data when we utilise their services. If you would like to learn more about how Google uses your personal data in this context, please review their Google Privacy & Terms available here which govern these services and data processing.

Information that Facebook collects and shares with us

All Facebook features and services available on our websites, apps and/or devices are governed by the Facebook Data Policy. Pease review this policy if you would like more information on your privacy rights and settings options.

When using any of our websites/apps and/or devices, you may be able to:

sign-in with your Facebook login. If you do so, you consent to share some of your public profile information with us;

use the Facebook social plug-ins, such as “like” or “share” to share our content, or your user generated content on the Facebook platform;

accept cookies from our website/apps (also known as “Facebook Pixels”). These types of cookies help us understand your activity including for example, information about your device, how you use our services, any purchases you make and the ads you see, whether or not you have a Facebook account or are logged into Facebook.

 When you use any Facebook features, we collect your data to help us to:

show you ads you might be interested in on Facebook or any of its other services (Instagram, Messenger etc.); and

measure and analyse the effectiveness of our websites, apps and/or devices.

We may also use any personal data you provide us with on our websites, apps and/or devices (e.g. your name, email address, gender and phone number), to identify you on Facebook or any of its other services (Instagram, Messenger etc.), in order to show you ads that are more relevant for you. While doing this, Facebook will not share your personal data and will delete the information promptly after the matching process is complete.

Where we Store your Personal data

The personal data that we collect from you may be transferred to, accessed from, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our service providers.

NAOS transfers personal data outside of the EEA, only in a secure and lawful way. As some countries may not have laws governing the use and transfer of personal data, we will take steps to make sure that third parties adhere to the commitments set out in this Privacy Policy. These steps may include reviewing third parties’ privacy and security standards, and/or entering into appropriate contracts (on the basis of the template adopted by the EU Commission and available via its homepage).

For further information, please contact us as per the “Contact” section below.

How Long Do We Keep Your Personal data

We will keep your personal data for as long as we need it to provide you with your requested service(s) or to meet our commercial or legal obligations.

To determine the retention period of your personal data, we consider several criteria to make sure that we do not keep your personal data for long than is necessary or appropriate. These criteria include:

The purpose for which we hold your personal data;

Our legal and regulatory obligations in relation to that personal data, for example any financial reporting obligations;

Whether our relationship with you is ongoing, for example, you have an active account with one or more of our brands, you continue to receive marketing communications, or you regularly browse or purchase off our websites/apps);

Whether you are no longer actively participating or engaging with our brands, for example, you do not open our emails, visit our websites, or share user generated content;

Any specific requests from you in relation to the deletion of your personal data; and

Our legitimate business interests in relation to managing our own rights, for example the defence of any claims, or for statistical purposes.

In particular, we retain certain personal data for the following periods:

Where you purchase products and services, we keep your personal data for the duration of our contractual relationship;

Where you participate in a promotional offer, we keep your personal data for the duration of the promotional offer;

Where you have consented to receive marketing, we keep your personal data until you: (ii) request we delete your personal data; or (iii) after a period of inactivity (i.e. where you have not interacted with us for a period of time). This period is defined in accordance with local regulations and guidance;

Where cookies are placed on your computer, they are stored for as long as necessary to achieve their purposes (e.g. for the duration of a session for shopping cart cookies or session ID cookies) and otherwise for a period defined in accordance with local regulations and guidance.

When we no longer need to use your personal data, it is removed from our systems and records, or anonymised so that you can no longer be identified from it.

Is Your Personal data Secure?

We are committed to keeping your personal data secure, and taking all reasonable precautions to do so. We contractually require that trusted third parties who handle your personal data for us do the same.

We always do our best to protect your personal data and once we have received your personal data, we use strict procedures and security features to try to prevent unauthorised access. As no transmission of information via the internet is completely secure, we cannot guarantee the security of your personal data transmitted to our site although. Any transmission is therefore at your own risk.

Links to Third Party Sites and Social Login

Our websites/apps may, from time to time, contain links to and from the websites of our partner networks, advertisers and/or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you share any personal data with these websites.

We may also offer you the opportunity to use your social media login when interacting with our websites/apps. If you do so, please be aware that you will be sharing your profile information with us. The personal data that is shared will depend on your social media platform settings. Please visit the relevant social media platform and review its privacy policy to understand how your personal data is shared and used in this context.

Social Media and User Generated Content

Some of our websites and apps allow users to submit their own content. Please remember that any content submitted to our social media platforms can be viewed by the public, and you should be cautious about providing certain personal data e.g. financial information or address details. We are not responsible for any actions taken by other individuals if you post personal data on one of our social media platforms and we recommend that you do not share such information.