Privacy policy

L’Oréal’s ambition is to be an exemplary corporate citizen to help make the world a more beautiful place. We place great value on honesty and clarity and we are committed to building a strong and lasting relationship with you based on trust and mutual benefit. Part of this commitment means safeguarding and respecting your privacy and your choices. Respecting your privacy is essential to us. This is why we set out “Our Privacy Promise” and our full Privacy Policy below.

OUR PRIVACY PROMISE

1. We respect your privacy and your choices.
2. We make sure that privacy and security are embedded in everything we do.
3. We do not send you marketing communications unless you have asked us to. You can change your mind at any time.
4. We never offer or sell your data.
5. We are committed to keeping your data safe and secure. This includes only working with trusted partners.
6. We are committed to being open and transparent about how we use your data.
7. We do not use your data in ways that we have not told you about.
8. We respect your rights, and always try to accommodate your requests as far as is possible, in line with our own legal and operational responsibilities.

For more information about our privacy practices, below we set out what types of personal data we may receive from you directly or from your interaction with us, how we may use it, who we may share it with, how we protect it and keep it secure, and your rights around your personal data. Of course all situations may not apply to you. This Privacy Policy gives you an overview of all possible situations in which we could interact together.

When you share personal data with us or when we collect personal data about you, we use it in line with this Policy. Please read this information carefully. If you have any questions or concerns about your personal data, please contact our Data Protection Officer at dpo@loreal.com.

WHAT WILL YOU FIND IN THIS PRIVACY POLICY?

1. Who are we?
2. What is personal data?
3. What data do we collect from you and how do use it?
a. How do we collect or receive your data?
b. Who may access your personal data?
c. Where do we store your personal data?
d. How long do we keep your personal data?
e. Is your Personal data secure?
f. Links to third party sites and social login
g. Social media and user generated content
4. Your rights and choices
5.Contact

1. Who we are


L’Oréal S.A. is responsible for the personal data that you share with us. When we say “L’Oréal”, “us”, “our” or “we”, this is who we are referring to L’Oréal S.A company. In accordance with regulations applicable to the processing of personal data, L’Oréal is the “data controller”. 

L’OREAL S.A.
14 Rue Royale, Paris, 75008, France
Directrice de la publication : Ariane Rolland, Directrice Communication Interne et Image

2. WHAT IS PERSONAL DATA?


“Personal data” means any information or pieces of information that could identify you either directly (e.g. your name) or indirectly (e.g. through pseudonymized data such as a unique ID number). This means that personal data includes things like email usernames, user generated content, sex, age rage, place of origin, user profile (journalist, consumer etc.). It could also include unique numerical identifiers like your computer’s IP address or your mobile device’s MAC address, as well as cookies.

3. WHAT DATA DO WE COLLECT FROM YOU AND HOW DO WE USE IT?


How do we collect or receive your data?

We might collect or receive data from you via our website.. Sometimes you give this to us directly (e.g. when you contact us to ask a question), sometimes we collect it (e.g. using cookies to understand how you use our website) or sometimes we receive your data from other third parties, including other L’Oréal Group entities.

When we collect data, we indicate the mandatory fields via asterisks where such data is necessary for us to:
- Provide you with the service you have asked for (e.g. to provide you with a newsletter or answer your question); or
- Improve the functioning of our website (e.g. through satisfaction surveys).

If you do not provide the data marked with an asterisk, this may affect our ability to provide the products and services.

We set out further details in the table below, explaining:

1. During what interaction your data may be provided or collected? This column explains what activity or situation you are involved in when we use or collect your data. For example, whether you contact us to make a request.
2. What personal data may we receive from you directly or resulting from your interaction with us? This column explains what types of data we may collect about you depending on the situation.
3. How and why we may use it? This column explains what we may do with your data and the purposes for collecting it.
4. What is the legal basis for using your personal data? This column explains the reason we may use your data.
Depending on the purpose for which the data is used, the legal basis for the processing of your data can be :
- Your consent;
- Our legitimate interest, which can be :

  • Improvement of our website so that it better meets the expectations and needs of users.
  • Establishing and maintaining a long-term relationship with suppliers, investors, media representatives and anyone else interested in our activities,
  • Securing our tools: to keep tools used by you (our websites/Apps/devices) safe and secure and to ensure they are working properly and are continually improving.

 

Information overview on your interactions with us and their consequences on your data: CLICK HERE.


PROFILING

When we send or display personalised communications or content, we may use some techniques qualified as “profiling” (i.e. any form of automated processing of personal data consisting of using those data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s personal preferences, interests, economic situation, behaviour, location, health, reliability, or movements). This means that we may collect personal data about you in the different scenarios mentioned in the table above. We centralize this data and analyse it to evaluate and predict your personal preferences and/or interests.

Based on our analysis, we send or display communications and/or content tailored to your interests/needs.

You have the right to object to the use of your data for “profiling” in certain circumstances. Please see “Your Rights and Choices” section below.

WHO MAY ACCESS YOUR PERSONAL DATA?

The persons having access to your personal data are authorized employees within the competent departments of L'Oréal S.A. and its affiliates.

Your personal data may also be processed on our behalf by our trusted third party providers.

We rely on trusted third parties to perform a range of business operations on our behalf. We only provide them with the information they need to perform the service, and we require that they do not use your personal data for any other purpose. We always use our best efforts to ensure that all third parties we work with keep your personal data secure. For instance, we may entrust services that require the processing of your personal data to:

  • Third parties that assist and help us in providing IT services, such as platform providers, hosting services, maintenance and support on our databases as well as on our software and applications that may contain data about you (such services could sometimes imply access to your data to perform the required tasks);
  • Third parties that perform on our behalf our satisfaction surveys and the statistical analyses associated with the use of the website.

We may also disclose your personal data to third parties :

  • In the event that we sell any business or assets, in which case we may disclose your personal data to the prospective buyer of such business or assets. If L’Oréal or a part of its assets is acquired by a third party, personal data held by it about its customers relating to those assets is one of the transferred assets. Where appropriate, in such case, the buyer acting as the new data controller processes your data and its privacy policy governs the processing of your personal data.
  • If we are under a duty to disclose or share your personal data in order to comply with a legal obligation, or in order to enforce or apply our terms of use/sales or other terms and conditions you have agreed to; or to protect the rights, property, or safety of L’Oréal, our customers, or employees.
  • If we have your consent to do so
  • Or if we are permitted to do so by law.

We do not offer or sell your personal data.

WHERE WE STORE YOUR PERSONAL DATA?

The data we collect from you is stored in France by L'Oréal or its trusted service providers.
However, said data may, at any moment, be transferred to, accessed from, and stored at a destination outside the European Economic Area ("EEA"). It may also be processed by staff members operating outside the EEA who work for us or for one of our service providers.

L’Oréal transfers personal data outside of the EEA only in a secure and lawful way. As some countries may not have laws governing the use and transfer of personal data, we take steps to make sure that third parties adhere to the commitments set out in this Policy. These steps may include reviewing third parties’ privacy and security standards and/or entering into appropriate contracts (based on the template adopted by the EU Commission).

For further information, please contact us as per the “Contact” section below.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We only keep your personal data for as long as we need it for the purpose for which we hold your personal data, to meet your needs, or to comply with our legal obligations. To determine the data retention period of your data, we use the following criteria:

  • Where cookies are placed on your computer, we keep them for as long as necessary to achieve their purposes (e.g. for the duration of a session for session ID cookies) and for a period defined in accordance with local regulations and guidance.
  • If you contact us as part of an enquiry, we keep your personal data for as long as necessary to process your enquiry.

We may retain some personal data to comply with our legal or regulatory obligations, as well as to allow us to manage our rights (for example to assert our claims in Courts) or for statistical or historical purposes.
When we no longer need to use your personal data, it is removed from our systems and records or anonymised so that you can no longer be identified from it.

IS YOUR PERSONAL DATA SECURE?

We are committed to keeping your personal data secure, and taking all reasonable precautions to do so. We contractually require that trusted third parties who handle your personal data for us do the same.

We always do our best to protect your personal data and once we have received your personal data, we use strict procedures and security features to try to prevent unauthorised access. As the transmission of information via the internet is not completely secure, we cannot guarantee the security of your data transmitted to our site. As such, any transmission is at your own risk.

LINKS TO THIRD PARTY SITES AND SOCIAL LOGIN

Our websites and Apps may from time to time contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we are not responsible or liable for these policies. Please check these policies before you submit any personal data to these websites.

We may also offer you the opportunity to use your social media login. If you do so, please be aware that you share your profile information with us depending on your social media platform settings. Please visit the relevant social media platform and review its privacy policy to understand how your personal data is shared and used in this context.

SOCIAL MEDIA AND USER GENERATED CONTENT

Some of our websites allow users to submit their own content. Please remember that any content submitted to one of our social media platforms can be viewed by the public, so you should be cautious about providing certain personal data e.g. financial information or address details. We are not responsible for any actions taken by other individuals if you post personal data on one of our social media platforms and we recommend that you do not share such information.

4. YOUR RIGHT AND CHOICES


L’Oréal respects your right to privacy: it is important that you are able to control your personal data.
You have the following rights :CLICK HERE.

To deal with your request, we may require proof of your identity. 

5. Contact


If you have any questions or concerns about how we process and use your personal data, or would like to exercise any of your rights above, please contact our Data Protection Officer at dpo@loreal.com or by writing to us at:

L’Oréal S.A - Legal Department 
41, Rue Martre
92117 Clichy Cedex France