myBlend places great importance on the protection of user’s privacy and its obligations in accordance with the legal provisions in force.
You can download and archive this document in PDF format by clicking here. To open the PDF file, you will need the free Adobe Reader (downloadable from https://www.adobe.com/uk/) or similar software that supports the PDF format.
1. Who we are?
Clarins (UK) Limited whose registered office is located 10 Cavendish Place, London, W1G 9DN, is data controller unless we state otherwise in a particular case.
2. When do we collect your data?
We collect personal data from you when:
- you visit our website;
- you create an account on our website;
- you make a purchase or a reservation on our website or in certain approved points of sale of our distribution network ;
- you subscribe to one of our newsletters;
- you sign up for our loyalty program;
- you participate in special operations such as games, competitions, product tests, customers surveys or market researches;
- you share content on social networks such as Instagram, Facebook or Pinterest using the hashtag #myblend or other hashtags we offer;
- you are visiting one of our Spa or some approved points of sale of our distribution network ;
- you do a diagnosis with mySkinDiag via our website, our app or at a point of sale;
- you contact us, in particular when you call or submit a request or a complaint to our Customer Service teams, when you rate or review our products and/or services or when you chat with our Beauty Coaches in real time;
- you have given your consent to third parties to send us personal data about you.
3. What data do we collect about you?
We may mainly collect the following personal data that could identify you directly or indirectly:
- information about your identity, in particular your gender, last name, first names, address, telephone numbers, email address, username and password, date of birth or age;
- information about your payment method, in particular your credit card number and the expiration date;
- information about our commercial transactions, in particular transaction numbers, history of your purchases, your request or your communications with our Customer Service team, your preferences and interests or information about one of our loyalty program;
- content information such as photos, videos, ratings, reviews, comments ;
- information about wellness or health (beauty concern, skin type, skin sensitivity, contraindications, adverse reaction reports etc.) subject when applicable to your prior and explicit consent, in particular for cosmetovigilance or when asking for a Skin Diag or a treatment myBlend in one of our Spa;
- information about your social media accounts (username, caption information, location, etc.), uploads and posts when you share content or use the hashtag #myblend or other hashtags we offer;
- recordings of telephone conversations to offer the best quality of service, in particular for the purpose of staff training and appraisal;
- technical information, in particular your IP address or information about how your device navigates through our website;
- other information you provide when you contact us or we have received from external providers.
4. Why is your data collected?
Personal data may be collected mainly for the following purposes:
- Website administration and improvement of the quality of service. (Legitimate interests);
- Processing of your orders (order management, tracking of deliveries, post purchase service, etc.). (Performance of a contract);
- Customer Relationship Management (CRM), in particular to manage your membership to our Loyalty programme and to allow you to benefit from your advantages as a member (Performance of a contract), and to help us get to know you better and to provide you with personalized offers about our products and services, according to your purchasing behaviour, your habits and/or your centres of interest (in particular by e-mail, SMS or any other medium). In this respect, we may perform segmentation operations, analyze your browsing behaviours and requests or perform any other actions to better qualify our database (Consent or Legitimate interests). For example, we may transmit certain encrypted data (email or phone number) to third-party platforms to check whether you already had an interaction with our brands and/or are likely to be interested in our products and services and to provide you with personalized advertising on social networks and third-party websites using retargeting features. Creating an account allows you to benefit from a personalized customer experience and an unified view of your personal data (E.g. information collected at the point of sale, by our Customer Service or during promotional operations). You can also place an order using the Guest Check Out option;
- Carrying out analyzes and business statistics to anticipate market changes (business intelligence, data visualization, etc.), measuring your satisfaction and R&D (Legitimate interests);
- Measurement of the performance of affiliate campaigns (with consent), Social network engagement (with consent);
- When appropriate, prevention and fraud detection, crime and litigation management. The fraud detection solutions we use can be completely automated or involve human intervention. When we use automated fraud detection solutions, we engage in processing of your personal data for the purpose of identifying fraudulent activity or securing payment and making automated decisions in this respect. The logic of this automated decision-making relies on applying fraud analysis rules and models to our business processes to determine if an action is potentially fraudulent. This processing can produce legal effects that concern you or similarly significantly affect you, and specifically we may refuse to enter into a contract with you.
- Social interaction (Consent);
- Managing undesirable effects related to the use of our products (Cosmetovigilance), carrying out studies concerning the safety of use of our products and exercise of your rights (keeping an opt-out list) (Legal obligation);
- As otherwise permitted by law and/or notified to you from time to time.
5. Do we disclose your data?
We never sell nor rent your personal data to other companies for marketing or other purposes.
It may also be shared with service providers chosen for their expertise and reliability and acting on our behalf and at our instructions or as joint controllers with us or who receive data about you from us as separate controllers (order processing and fulfilment, secure payment, donations, customer service management, maintenance and technical development operations, ratings and reviews, analytics, spam prevention, management of digital campaigns and affiliation, etc.). We authorize these service providers to use your personal data only to the extent necessary to perform services on our behalf or to comply with legal requirements and we strive to ensure that your personal data is always protected.
These third parties may be located in or out of the European Economic Area (EEA), including in countries that do not provide the same level of data protection as in your country of residence. In such a case, we will ensure that:
- we enter into appropriate data transfer agreements conforming to the Standard Model Clauses established by the European Commission,
- we comply with Binding Corporate Rules (BCR) approved by competent authorities,
- we use another valid legal basis in accordance with the applicable law.
Finally, we may also transmit your personal data to local authorities if required by law or as part of an investigation and in accordance with applicable regulations and to a third party in the case of a sale, merger, consolidation, liquidation, reorganization or acquisition.
6. How will we protect your data?
Clarins takes appropriate technical and organizational measures, in relation to the nature of data and risks, to preserve the security and confidentiality of your personal data and, in particular, to prevent them from being altered, disclosed or transmitted to any unauthorized parties.
This may include practices such as limited access by members of staff who, by virtue of their duties, are authorized to access data, contractual guarantees in case of third-party provider, privacy impact assessments, internal reviews of our practices and privacy policies and/or implementation of physical and/or systematic security measures (secure access, authentication process, backup, antivirus, firewall, pseudonymization, encryption, etc.).
7. What is our policy on minors?
We do not knowingly collect nor process personal data from minors.
Assuming we would have knowledge of the collection of personal data from minors without prior authorization from the holder of the parental responsibility, we will take appropriate measures to contact the person and/or, if necessary, to delete their personal data from our servers and/or those of our service providers.
8. What is our cookies (and other tracking technologies) policy?
Cookies or trackers designate all mechanisms aimed at storing information on your device, or accessing information already stored on your device.
When you visit our site for the first time, we notify you of the purpose of the trackers used, as well as the identity of our partners so that you can make an informed decision in this regard.
We ask for your consent before storing and/or reading trackers on your device, except when their sole purpose is to allow or facilitate the use of our site or when they are strictly necessary to provide a service specifically requested by you.
The trackers are mainly used on our site to:
- carry out statistics of frequentation and navigation of our site;
- display personalized advertising according to your browsing and your profile;
- personalize the editorial content of our site according to your use or personalize the display of our products and services according to those you have previously consulted on our site;
- enable additional features on our site (community chat, ratings & reviews, etc.).
You can change your preferences at any time:
- Our consent management tool allows you to give or withdraw your consent independently and specifically for each distinct purpose;
- You can find out how to change your tracking preferences within the help menu of your browser;
- The European platform Youronlinechoices allows you to refuse or accept the cookies used by the digital advertising professionals grouped within the European Digital Advertising Alliance.
Please note that deactivating the cookies will not prevent the display of ads on your device. It will only block technologies that allow us to tailor ads to your browsing habits and interests. We would also like to remind you that your settings may cause all or part of our services to function less well. Finally, we draw your attention to the fact that the taking into account of your choices is based on tracing. If you delete all cookies stored on your device (via your browser), we – or our partners – will no longer be able to retain your preferences.
By default, we retain your choices (both given consent and opt-out) for a period of 6 months.
9. How is the contents you share on social networks using our hashtags managed?
You can choose to use our hashtags to tag your content on social networks such as Instagram, Facebook or TikTok.
By using these hashtags, you acknowledge and agree that your content may appear on our website and be used to refer to our products or services.
We remind you that the information you share on social networks can be consulted, used and saved by others around the world, in particular in countries without legislation guaranteeing an adequate level of protection of your personal data as defined in your country of residence.
We also draw your attention to the fact that when you submit content using one of our hashtags, your use of social networks is exclusively governed by the general conditions of these social networks. We invite you to read it and to refer to it regularly.
If you no longer want your content to appear on our site, please remove it from the social network or stop using hashtags.
10. For how long is your data kept?
As a general rule:
- Customer / prospect data will be kept for three years from the date of collection or after the last contact or the end of the commercial relationship, unless it is opposed or requested to be deleted by you. At the end of this three-year period, we may make contact with you again in order to find out whether or not you wish to continue to receive marketing approaches. If no clear positive answer is given by you, your data will be deleted or archived in accordance with the provisions in force.
- Data relating to identity documents may be kept for one year in the event of exercise of your rights.
- Data on credit cards will be deleted after the transaction or archived for evidence purposes in accordance with the provisions in force. Subject to your express consent, banking data may be kept until the expiration date of the credit card. We never store your visual cryptogram.
- Data necessary for carrying out analyzes and business statistics can be kept for up to five years.
- Data to prove a right or a contract or kept under compliance with a legal obligation can be archived in accordance with the provisions in force.
11. What are your rights regarding your data and how do you contact us?
If you give us your email address, phone number or mailing address, you may receive emails, calls or periodic messages from us about our products, services or upcoming events. You can unsubscribe at any time from our mailing lists by contacting us at the address below, by following the link “unsubscribe” contained in each of our emails or by replying “STOP” to one of our SMS. You can also change your preferences at any time in your account.
In accordance with the provisions in force, you have a right to access, rectification, erasure and data portability of your personal data as well as a right to object and restriction of processing. You can also withdraw your consent at any time. To exercise these rights, you must send us a request by justifying your identity:
- E-mailing a request to our Customer Service at the following address: : firstname.lastname@example.org
- By writing to the following address:
Clarins (UK) Limited
10 Cavendish Place,
London, W1G 9DN
You will be informed of the actions to be taken as soon as possible and in any case no later than one month after your request. However, we reserve the right not to respond to unfounded or vexatious requests.
Clarins (UK) Limited
Data Protection Officer
10 Cavendish Place,
London, W1G 9DN
Direction Juridique & Compliance Groupe / Data Protection Officer
12 avenue de la Porte des Ternes