Privacy Policy

L’Oréal’s ambition is to be an exemplary corporate citizen to help make the world a more beautiful place. We place great value on honesty and clarity and we are committed to building a strong and lasting relationship with our consumers based on trust and mutual benefit. Part of this commitment means safeguarding and respecting your privacy and your choices. Respecting your privacy is essential to us. This is why we set out “Our Privacy Promise” and our full Privacy Policy below.

1) We respect your privacy and your choices.
2) We make sure that privacy and security are embedded in everything we do.
3) We do not send you marketing communications unless you have asked us to. You can change your mind at any time.
4) We never offer or sell your data.
5) We are committed to keeping your data safe and secure. This includes only working with trusted partners.
6) We are committed to being open and transparent about how we use your data.
7) We do not use your data in ways that we have not told you about.
8) We respect your rights, and always try to accommodate your requests as far as is possible, in line with our own legal and operational responsibilities.

For more information about our privacy practices, below we set out what types of personal data we may receive from you directly or from your interaction with us, how we may use it, who we may share it with, how we protect it and keep it secure, and your rights around your personal data. Of course all situations may not apply to you. This Privacy Policy gives you an overview of all possible situations in which we could interact together.

The more you interact with us, the more you let us know you and the more we are able to offer you tailored services.

When you share personal data with us or when we collect personal data about you, we use it in line with this Policy. Please read this information and our Q&A page (if any) carefully. If you have any questions or concerns about your personal data, please contact us at [insert effective email entitled to address the request].

WHAT WILL YOU FIND IN THIS PRIVACY POLICY ? [insert hyperlink in the table of content below].

Who are we ?
What is personal data ?
What data do we collect from you and how do use it ?
How do we collect or receive your data ?
Automated Decision Making
Profilling

Who may access your personal data ?
Where we store your personal data?
How long do we keep your personal data ?
Is my Personal data secure?
Links to third party sites and social login
Social media and user generated content
Your rights and choices
Contact

[OPTION TO SELECT:
Option 1/ where the privacy policy is narrowed to a brand:] Brand is a part of the Name of L’Oréal Country entity brand portfolio. L’Oréal country entity is responsible for the personal data that you share with us. When we say “L’Oréal”, “us”, “our” or “we”, this is who we are referring to. L’Oréal is the “data controller” for the purposes of applicable data protection laws.
Option 2/ where the privacy policy is the same for a whole country:] L’Oréal country entity is responsible for the personal data that you share with us. When we say “L’Oréal”, “us”, “our” or “we”, this is who we are referring to. L’Oréal is the “data controller” for the purposes of applicable data protection laws.

[[Name of L’Oréal entity] [address]
Representative: [name of the entity’s representative]
[country / brand / division website URL].

“Personal data” means any information or pieces of information that could identify you either directly (e.g. your name) or indirectly (e.g. through pseudonymized data such as a unique ID number). This means that personal data includes things like email/home addresses/mobile phone, usernames, profile pictures, personal preferences and shopping habits, user generated content, financial information, and welfare information. It could also include unique numerical identifiers like your computer’s IP address or your mobile device’s MAC address, as well as cookies.

L'Oréal believes that you, the consumer, are at the heart of what we do. We love hearing from you, learning about you, and creating and delivering products that you enjoy. And we know that many of you love talking to us. Because of this, there are many ways that you might share your personal data with us, and that we might collect it.

How do we collect or receive your data?

We might collect or receive data from you via our websites, forms, apps, devices, L’Oréal products or brands pages on social media or otherwise. Sometimes you give this to us directly (e.g. when you create an account, when you contact us, when you purchase from our websites/apps or stores/beauty salon), sometimes we collect it (e.g. using cookies to understand how you use our websites/apps) or sometimes we receive your data from other third parties, including other L’Oréal Group entities.

When we collect data, we indicate the mandatory fields via asterisks where such data is necessary for us to:

- Perform our contract with you (e.g. to deliver the products you have purchase on our websites/apps);
- Provide you with the service you have asked for (e.g. to provide you with a newsletter); or
- Comply with legal requirements (e.g. invoicing).

If you do not provide the data marked with an asterisk, this may affect our ability to provide the products and services.

We set out further details in the table below, explaining:

1) During what interaction your data may be provided or collected? This column explains what activity or situation you are involved in when we use or collect your data.
For example, whether you are making a purchase, signing up to a newsletter, or browsing a website/app.
2) What personal data may we receive from you directly or resulting from your interaction with us? This column explains what types of data we may collect about you depending on the situation.
3) How and why we may use it? This column explains what we may do with your data and the purposes for collecting it.
4) What is the legal basis for using your personal data? This column explains the reason we may use your data.
Depending on the purpose for which the data is used, the legal basis for the processing of your data can be:

Your consent;
Our legitimate interest, which can be:
• Improvement of our products and services: more specifically, our business interests to help us better understand your needs and expectations and therefore improve our services, websites / Apps / devices, products and brands for our consumers’ benefit.
• Fraud prevention: to ensure payment is complete and free from fraud and misappropriation.
• Securing our tools: to keep tools used by you (our websites/Apps/devices) safe and secure and to ensure they are working properly and are continually improving.
The performance of a contract: more specifically to perform the services you request from us;
Legal grounds where a processing is required by law.

Information collected during the creation of an account on L’Oréal websites/apps, through a social media login, or in store.

What personal data may we receive from you directly or resulting from your interaction with us?

Depending on how much you are interacting with us, those data may include:
• Name and surname;
• Gender;
• Email address;
• Address;
• Phone number;
• Photo;
• Birthday or age range;
• ID, username, and password;
• Personal description or preferences;
• Order details;
• Social media profile (where you use social login or share this personal data with us).

How and why we may use your data ?

To:
• Manage your orders;
• Manage any competitions, promotions, surveys or contests you choose to enter;
• Respond to your questions and otherwise interact with you ;
• Offer you a loyalty program;
• Allow you to manage your preferences;

• Send you marketing communications (where you have asked us to) which may be tailored to your “profile” (i.e. based on the personal data we know about you and your preferences);

• Offer personalized services based on your beauty characteristics;
• Monitor and improve our websites/apps ;
• Run analytics or collect statistics
• Secure our websites/apps and protect you and us against fraud;

What is the legal basis for using your personal data?

• Performance of a contract
To provide you with the service you requested (e.g. create an account, complete a survey, or purchasing a product).

• Consent
To send you direct marketing communications.

• Legitimate Interest
To ensure our websites/apps remain secure, to protect them against fraud, and to help us better understand your needs and expectations and therefore improve our services, products and brands.

What personal data may we receive from you directly or resulting from your interaction with us?

Depending on how much you are interacting with us, those data may include:
• Email address;
• Name and surname;
• Personal description or preferences;
• Social media profile (where you use social login or share this personal data with us).

How and why we may use your data ?

To :
• Send you marketing communications (where you have asked us to) which may be tailored to your “profile” based on the personal data we know about you, and your preferences (incl. location of your favorite store);

• Run analytics or collect statistics.
• Keep an up to date suppression list if you have asked not to be contacted;

What is the legal basis for using your personal data?

• Consent
To send you direct marketing communications.

• Legitimate Interest
To tailor our marketing communications, understand their effectiveness, and ensure you receive the most relevant experience; to help us better understand your needs and expectations and therefore improve our services, products and brands.

• Legal grounds
To keep your details on a suppression list if you have asked us not to send you any direct marketing anymore.

Information collected during the purchase process made on L’Oréal website/apps/social pages or in store.

What personal data may we receive from you directly or resulting from your interaction with us?

Depending on how much you are interacting with us, those data may include:
• Name and surname;
• Email address;
• Address (delivery and invoicing);
• Phone number;
• Personal description or preferences;
• Social media profile (where you use social login or share this personal data with us);
• Transaction information including purchased products and store location;
• Payment and information; or
• Purchase history

How and why we may use your data ?

To
• Contact you to finalize your order where you have saved your shopping cart or placed products in your cart without completing the checkout process;
• Inform you when a product you wanted to purchase is available;
• Process and follow your order including delivering the product to the address you indicated;
• Manage the payment of your order. To be noted, payment information (credit card number / Paypal information / bank account details) are not collected by us but directly by payment service providers;
• Manage any contact you have with us regarding your order;

• Secure the transactions against fraud. To be noted, we use a third party provider’s solution to detect fraud and ensure the payment is complete and made by you or someone authorized by you;
• Enrich your profile if you place a purchase using your account information;
• Measure satisfaction;
• Manage any dispute relating to a purchase;
• For statistics purposes.

What is the legal basis for using your personal data?

• Performance of a contract:
To provide you with the service you requested (purchase).

• Legitimate interest
To protect you and us from fraudulent transaction and to ensure the payment is complete and free from fraud and misappropriation.

Information collected during a game, contests, promotional offer, sample requests, surveys.

What personal data may we receive from you directly or resulting from your interaction with us?

Depending on how much you are interacting with us, those data may include:
• Name and surname;
• Email address;
• Phone number;
• Birth date;
• Gender;
• Address;
• Personal description or preferences;
• Social media profile (where you use social login or share this personal data with us);
• Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, or by providing your own content such as photos or a review, or a question via the chat function available on some websites/apps, or by participating in a contest, game, survey).

How and why we may use your data ?

• To complete tasks that you have asked us to, for example to manage your participation in contests, games and surveys, including to take into account your feedback and suggestions;

• For statistics purposes.

• To send you marketing communications (where you have asked us to)

What is the legal basis for using your personal data?

• Performance of contract
To provide you with the service you requested.

• Legitimate Interest
To to help us better understand your needs and expectations and therefore improve our services, products and brands.

• Consent
To send you direct marketing communications.

Information collected when you submitted some content on one of our social platforms or accepted the re-use of content you posted on social media platforms by us.

What personal data may we receive from you directly or resulting from your interaction with us?

Depending on how much you are interacting with us, those data may include:
• Name and surname or alias;
• Email address;
• Photo;
• Personal description or preferences;
• Social media profile (where you use social login or share this personal data with us);
• Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, or by providing your own content such as photos or a review, or a question via the chat function available on some websites/apps).

How and why we may use your data ?

• In accordance with the specific terms and conditions accepted by you:
o To post your review or content;
o To promote our products.

• For statistics purposes.

What is the legal basis for using your personal data?

• Consent
To reuse the content you posted online.

• Legitimate Interest
To help us better understand your needs and expectations and therefore improve and promote our services, products and brands.

Information collected as part of your use of our Apps and/or devices.

What personal data may we receive from you directly or resulting from your interaction with us?

Depending on how much you are interacting with us, those data may include:
• Name and surname;
• Email address;
• Location;
• Birth date;
• Personal description or preferences;
• Photo;
• Welfare data including skin tone, skin/hair type
• Geolocation.

How and why we may use your data ?

To
• Provide you with the service requested (for example, virtually test our products, purchase our products through the App or on related e-com websites; advice and notifications regarding your sun exposure, your hair routine);
• Analyse your welfare characteristics and recommend the appropriate products (including bespoke products) and routines;
• Provide you product & routine recommendations;

• For research and innovation by scientists within L’Oréal Group;
• For monitoring and improvement of our Apps and devices;
• For statistics purposes.

What is the legal basis for using your personal data?

• Performance of a contract
To provide you with the service requested (including, where needed, analysis by the research and innovation team of the algorithm necessary to provide the service).

• Legitimate Interest
To always improve our products and services to match your needs and expectations and for research and innovation purposes.