PRIVACY POLICY

Clé de Peau Beauté values your privacy and your privacy choices. We are committed to building strong and lasting relationships with our customers based on trust and transparency. In accordance with this philosophy, the protection of your personal data is essential to us and we wish to inform you via this Privacy Policy of how we collect and process this data.

This Privacy Policy ("Policy") explains in detail the types of personal data we may collect about you when you use Clé de Peau Beauté's website, (hereinafter referred to as the "Services", the "Site" or the "Sites") and any other online or offline interactions you have with us through other written, oral or digital channels.

It's likely that we'll need to update this Policy from time to time. We'll notify you of any significant changes, but you're welcome to come back and check it whenever you wish.

We hope the following sections will answer any questions you have but if not, please do get in touch with us.

1. Who are we?

The brand Clé de Peau Beauté belongs to the SHISEIDO GROUP ("SHISEIDO"). The Sites are operated by SHISEIDO UK, acting as joint-controller together with Beauté Prestige International SA, doing business as SHISEIDO EMEA (56A, rue du Faubourg St Honoré – 75009 PARIS – France). SHISEIDO UK runs our local operations while SHISEIDO EMEA is in charge of leading our ecommerce, customer relations and marketing efforts for Europe.

2. Legal basis for processing your data

Data protection law in the European Union contains a number of "lawful bases" for processing personal data. These are really legal justifications which mean organisations like us are allowed to have your personal information in the first place. We have been careful to ensure we have a lawful basis for all processing of data we undertake. Our lawful bases include:

Performing the contract we have with you - In certain circumstances, we need your personal data in order to take steps at your request prior to entering into a contract. In this case, provision of your personal data will be necessary to provide you with the products, information and services you request and to perform the activities as explained above. If you do not provide your personal data we will not be able to provide you with the requested products and services.

Legal compliance - Sometimes the law says we need to collect and use your data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement and tax laws require us to retain records of orders and payments for our products. In this case, provision of your personal data will be necessary to provide you with the products, information and services you request and to perform the activities as explained above. If you do not provide your personal data we will not be able to provide you with the requested products and services.

Legitimate interests - this is a technical term in data protection law which really means we have a good and fair reason to use your data and we do so in ways which does not hurt your interests and rights. We sometimes use your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we will send you promotional communications about our service, subject to your legal rights to control whether we do so. We do analyse how users interact with our Site so we can understand better what elements of the design are working well and which are not working so well. This allows to improve and develop the quality of the online experience we offer all our users.

Consent – in certain cases we may ask for your consent before using your information.

3. When do we collect data from you?

Please find below a list of situations in which we may collect data about you:

• When you sign up online or in our shops to receive communications, blog posts, special offers and other materials
• When you join one of our loyalty programs
• When you enter competitions or quizzes we may hold
• When you choose to complete any surveys we send you
• When you comment on or review our products
• When you participate in our user community or otherwise contribute content to the Sites, such as by authoring a post on our forums or commenting on a blog post
• When you engage with us on social media
• When you book any kind of appointment with us or book to attend an event with us, for example appointments with our beauty consultants in shops and department stores for beauty consultation, make up sessions and tutorials and events around new product launches
• When you contact us in some way – online, email, text message, telephone help line for any reason, compliments, feedback or a request
• When you fill in any forms. For example, if an accident happens in a store.
• When you submit an employment application and/or resume, or fill out other employment documentation.
• When you've given a third party permission to share with us the information they hold about you.
• When you visit one of our Sites, redeem vouchers from us on the phone or in a shop

4. What data do we collect and why do we use it?

Depending on how you interact with us (online, in-store, on the phone, etc.), we may collect from you various types of information, which are described in more detail below. In some instances, we may combine one type of information with another type of information, and store them together in our records. In all cases, however, we strive to limit the amount of information we collect and store to that which is necessary for the lawful reason we have your information in the first place. We inform you wherever possible whether we need information requested or whether you have the choice not to provide it, but can still make an order, subscribe for our updates and offers etc. We may not be able to provide a service if you do not disclose the information requested.

a) Information your provide to us when you interact with us

Personal contact information: This includes any information that would allow us to personally contact you, such as your name, home or mailing address, phone number (home, mobile), or email address. In some cases, this could include information that you give us about someone else (for example, if you ask us to ship a product to a friend). We typically collect personal contact information in connection with a variety of activities, including newsletter sign-up, customer service, contests and promotions, and customer feedback

Demographic information and preferences: This includes any information that describes demographic characteristics and preferences, such as age, gender, preferences, interests, date of birth, age or age range, with your consent facial attributes (e.g., hair color, eye color, skin type, skin tone, - these are only provided if you choose to do so and you can order products without providing facial attribute data), general geographic location (e.g., post code or city and state), favorite products, hobbies and interests, or lifestyle information. We use this information to better understand our customers so we can improve our products and our customer's experience of our business

• Employment related information: This includes information you provide when submitting an employment application online and provide during the recruitment process, such as your CV, cover letter, employment history education history, professional qualifications, language and other relevant skills, and other information included in a or as part of our online application process. We use this to take necessary steps with a view to entering into a possible contract with you and in our legitimate interests in assessing candidates for employment
• Your feedback: This includes information that you voluntarily share with us about your experience in using our products or services, including our beauty products, our Site, and our shops. Examples include comments and suggestions, testimonials, or other feedback you send us about what you may have liked (or disliked) about your experience in using our products or services. We typically collect this information in the form of customer surveys, feedback forms, and email correspondence. We use your feedback to understand what our customers think of our products and the experience they have of us, to improve our products and the customer experience and – if you agree to - to discuss your feedback with you
• User-generated content and posts: This refers to any content that you create and then share with us (and perhaps others) by uploading it to one of our websites or applications, such as our Facebook fan pages or applications. Examples include photos, videos, personal stories, or other similar media or content. We mostly collect customer-generated content in connection with contests and promotions, website community features, customer engagement, and third party social networking
• Information on allergies and intolerance for the safety of our cosmetic products: This includes information on your allergies or intolerance, as provided by you to us through our customer service. Examples may include intolerance regarding our products or a component of a product. We only use this information with your explicit consent to follow-up on allergies and intolerance you may encounter when using our products as the case may be and in developing and improving our products. It’s always your choice whether you share such details with us
• CCTV: Your image may be recorded on CCTV when you visit one of our shops. We use for security reasons and regularly delete the footage unless an incident or alleged incident requires investigation or action

b) Automatically collected information

When you interact with us through the Site or our application, we use various technologies (including cookies, as further described below) to collect certain information (described below) about your visits to and use of the Site and application. We use this information to understand your needs and preferences better so we can offer you a better experience online and instore, to monitor and maintain our online infrastructure improve our Site and applications generally.

Our Site uses cookies and/or other similar technologies such as device-IDs, pixel tags and web beacons to collect and store certain information. These typically involve pieces of information or code that a website transfers to or accesses from your computer hard drive or mobile device to store and sometimes track information about you. Cookies and similar technologies enable you to be remembered when using that computer or device to interact with websites and online services and can be used to manage a range of features and content as well as storing searches and presenting personalised content, and enable you to use your social media accounts in conjunction with the Sites and enable us to advertise to you on our Sites and other sites and apps.

In accordance to the information provided in the banner or notice emerging in our Site when you first visit our Site, browsing and remaining on our Site will be understood as you are consenting to the use of the abovementioned cookies as set out in this Policy and the Cookies Policy.

You can change your browser to refuse the use of cookies and your help screen or manual will tell you how to do this. We also give you information about how to disable cookies here. However, you may not be able to take full advantage of our website if you do so.

A number of cookies and similar technologies we use last only for the duration of your web or app session and expire when you close your browser/or exit the app. Others are used to remember you when you return to the Site and will last for longer.

We use these cookies and other technologies on the basis that they are necessary for the performance of a contract with you, and, in some cases, where required by law, where you have consented to their use. For more detail on the cookies we use see here. You can also find information on the social media and advertising partners here as they also use cookies and similar technologies on the Site.

c) Info we receive and collect from other sources

We may obtain information, including personal data, from third parties and sources other than our Site, such as our partners, advertisers. If we combine or associate information from other sources with personal data that we collect through the Service, we will treat the combined information as personal data in accordance with this Policy.

d) Social media and advertising partners

We work with social media platforms and digital advertising platforms to:

• Make it easier for you to log onto your account (for instance by using your Facebook account)
• Show you advertising for our products and the products of other companies in the SHISEIDO group on other websites and social media platforms. For instance, if you show an interest or buy a product on our Site or in one of our shops, we may advertise that or other products we think may be of interest and you may see them on other websites and on your Facebook or other social media feeds. To do this we will share information with our social medial and digital advertising partners about your age, gender and interests for instance so they can better understand what you are interested in. Our partners may also keep this information about you and use it to help other companies, unrelated to SHISEIDO, show you adverts online. You cannot be identified "in the real world" by any of this information. For more information about how to turn this feature off see below or visit http://www.youronlinechoices.eu.

Our social media and digital advertising partners also use cookies and similar technologies, so please see here.

5. Profiling

We may use certain techniques referred to as "profiling" (defined as any form of automated processing of personal data consisting in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict elements concerning the personal preferences, interests, etc.) to bring you offers and promotions that are most relevant to your interests.

To help us form a better, overall understanding of you as a customer, we may combine your information gathered across various channels, for example the data you provide when you register (your experience, your interests, the brands you work for, etc.) as well as your activity on our websites or your purchase history. In doing this, we may put you into one or more categories of customer which we use to help build our promotional and marketing strategies, and that category will in part dictate the promotional communications and recommendations you receive from us.

You have the right to object to the use of your data for "profiling" purposes. See the section "Your rights.

6. We are not responsible for third party sites/features

Our Site may provide links to, or features from, other third party sites (such as third party social networks) that we do not own or control. If you click on such links or use such features, you do so at your own risk. We are not responsible for the content or practices of any third party site, application, or feature.

7. Safety of our cosmetic products

In the event you would experience allergies or intolerance when using our cosmetic products, your requests or claims regarding safety of our cosmetic products should be submitted by contacting:

SHISEIDO International France

The data you provide for safety reasons is your name, contact details and health data relating to allergy or intolerance. The processing of this data is for safety of our cosmetic products only, and based on your consent. This data is used only for this purpose, and in separate digital environments and channels from the general commercial and marketing purposes. We will process it to adapt our marketing messages to you only upon your prior consent.

We may also have to transmit information on the safety of our cosmetic products to the competent health authorities, on an anonymous basis.

8. Do we use Cookies and similar technologies

Like most websites, our Site uses cookies and/or other similar technologies such as device-IDs, pixel tags or web beacons to collect and store certain information. You can learn more about cookies and how they work at www.allaboutcookies.org or http://www.youronlinechoices.eu.

Although most Web browsers automatically accept cookies, the decision of whether to accept or not is yours. You have the choice to accept or decline cookies by way of consent. You may adjust your browser settings to prevent the reception of cookies, or to provide notification whenever a cookie is sent to you.

Please refer to our Cookies Policy to learn more about what specific cookies we may use, for which purpose and the choices you have regarding the use of cookies.

9. Do we share your Personal Information?

SHISEIDO is a leading beauty care and perfume company with products sold in over 120 countries. As a global business, we may share your personal information with SHISEIDO Group companies and trusted third parties based outside the country in which you live so that they may process that data on our behalf. We will never rent, trade or sell your personal information to third party companies for their own marketing use.

Affiliates and SHISEIDO group entities
We may share (or receive) information about you, including personal information, with our regional headquarters for Europe / Middle East-Africa (EMEA), Beaute Prestige International S.A., the trading name of which is SHISEIDO EMEA, RCS B 379 445 984, which headquarter is 56 A, rue du Faubourg Saint Honoré, 75008 Paris, France ("SHISEIDO EMEA"), and SHISEIDO Japan Corporation Limited which headquarter is 7-5-5, Ginza, Chuo-ku, Tokyo 104-0061, in Japan.

SHISEIDO EMEA is in charge of leading our ecommerce, customer relations and marketing efforts for the Europe, Middle East and Africa region and this means they are also a joint controller of your personal data under European data protection law.

SHISEIDO Japan Corporation Limited is in charge of defining and administering of SHISEIDO Group's IT system, and providing technology infrastructure, including through their third party suppliers, which helps us for instance host the Site and your information. As such, SHISEIDO Japan Corporation Limited acts as a data processor on our behalf.

Third party vendors and providers
We sometimes share your personal data with trusted third parties. For example, delivery couriers, for fraud management, to handle complaints, to help us personalise our offers, website, application development, hosting, maintenance, customer relationship management and promotional services to you and so on. You can see the main companies we work with who collect information relating to you directly through the Site here.

Where we use any of these providers:

• We provide only the information they need to perform their specific services.
• They may only use your data for the purposes we specify in our contract with them.
• We work closely with them to ensure that your privacy is respected and protected at all times.
• If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

For some suppliers, we and our group companies need to transfer your information to locations outside the European Union, such as to the United States.

Legal disclosures (when necessary)
This is when we may need to share your information for law enforcement or other legal purposes. This type of sharing may be necessary in connection with a lawsuit, claim or investigation, governmental inquiry, court order, enforcement of legal rights (e.g., contract terms, intellectual property rights, etc.), safety issue, or other similar legal or security matter. Sharing your information for these reasons is not a regular event, but could arise from time to time. We will strive to limit the types and amount of information we may need to share for legal purposes to that which is reasonably necessary and will make sure that any transfers outside the European Union is made on the appropriate legal basis.

Business transfers (e.g., sale or acquisition of company)
To the extent allowed by the law, we may share (or receive) information about you, including personal contact information, in the event of an acquisition, merger, sale, corporate restructuring, bankruptcy, or other similar event that involves SHISEIDO EMEA or its parent or affiliated companies. If such an event occurs, we will take reasonable steps to require that your information be handled in accordance with this Policy, unless it is not practicable or permissible to do so and will make sure that any transfers outside the European Union is made on the appropriate legal basis.

SHISEIDO's headquartered in Japan, and we have operations, affiliates, entities, and service providers in Europe and throughout the world, including in the United States. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction.

Whenever we transfer your personal data out of the EEA or Switzerland, we ensure a similar degree of protection is afforded to it by ensuring that these transfers are based on standard contractual clauses, in compliance with the model clauses validated by the European Commission or, for some transfers to the United States, under the Privacy Shield program, details of which you can find here: https://www.privacyshield.gov/welcome. When such sharing of information involves transfers outside Europe to Shiseido Americas Corporation ("SAC"), these transfers are based on its Privacy Shield certification. SAC complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of your information transferred from the Europe to the United States. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/list.

10. How do we protect your Personal Information?

We know how much data security matters to all our customers. So we take great care to treat your data and take all appropriate steps to protect it, and require the same of our suppliers who we share your data with.

Secure operating environments
We secure access to all transactional areas of our websites and apps using ‘https’ technology.

Encryption for payment info
Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured by SSL encryption.

Other security measures
In addition to the methods above, we may take other measures to protect your information, depending on the sensitivity of the data and other considerations (such as how the information is collected and where it is stored). These measures may include (among other things) additional access restrictions, password requirements, and physical protections (e.g., secure data centers, etc.).

Measures you can take
Despite all of our efforts, no security safeguards or standards are guaranteed to provide 100% security. It is also important for you to play a role in keeping your information safe and secure. When signing up for an online account, please be sure to choose an account password that is hard for others to guess and never to reveal it to anyone else. If you use a shared or public computer, never choose to have your login ID or password remembered and make sure to log out of your account every time you leave the computer.

Please note, however, that these protections do not apply to any information you choose to share in public areas such as our website community features or other social areas. We pay particular attention to sensitive data, in particular payment card data, allergy or intolerance data, etc.

11. How long do we retain your Personal Information?

We will retain your personal information for the period necessary to fulfil the purposes outlined in this Policy. The criteria used to determine such retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal or business obligation to which we are subject; or (iii) whether a longer retention period is required or permitted by law.

12. Your rights and choices

You have the legal right to request:

• Access to the personal data we hold about you.
• The correction of your personal data which is wrong.
• In some specific cases, the erasure of your personal data.
• That we stop using your data where our 'lawful basis' is consent by withdrawing your consent at any time, or to object to our use of your data where our 'lawful basis' is legitimate interests and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.
• In specific cases, that we restrict our processing of your personal data;
• That we stop using your personal data for direct marketing.
• If your data is processed automatically based on your consent or the performance of a contract with you and, to obtain a copy of the personal data you provided us, in a commonly used format, to transmit it to another data controller.

You have the right to request a copy of any personal data we hold that relates to you. To ask for your information, please contact our Data Protection Officer in the Contact section, To ask for your information to be amended, please update your online account, or contact our Customer Services team.

If we choose not to action your request we will explain to you the reasons for our refusal.

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Policy. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

13. Data about Children

Our Sites are not directed to anyone under 16 years of age. We do not solicit or collect any type of information from a person known to be under the age of 16. If we become aware that we have accidentally collected information from a child, we will remove that information from our records as soon as feasibly possible (or obtain the necessary parental permission to retain it).

14. International Privacy Laws

This Policy represents our accepted privacy principles but does not supplement or replace existing national law. It complements the respective national data protection law. The respective national law supersedes in case where it requires deviations from this Policy or sets more stringent requirements. Likewise, the contents of this Policy shall apply if no corresponding national data protection law exists.

15. Dispute Resolution / Contacting the Regulator

If you have any complaints regarding our compliance with this Policy, please first contact us. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this Policy.

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the French Privacy Commission (CNIL), who is our 'lead supervisory authority' under data protection law. That means they are the data protection regulator with primary responsibility for overseeing our compliance with data protection law. You can contact them by calling: +33 (0)1 53 73 22 22 or go online to www.cnil.fr (opens in a new window; please note we can't be responsible for the content of external websites).

Additionally, Spanish users may contact directly with the Spanish Data Protection Authority by writing to C/ Jorge Juan, 6. 28001, Madrid or go online to http://www.agpd.es.

If you are based outside of France or Spain, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence. (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html).