“Personal data” means any information or pieces of information that could identify you either directly (e.g. your
name) or indirectly (e.g. through pseudonymized data such as a unique ID number). This means that personal data
includes things like email/home addresses/mobile phone, usernames, profile pictures, personal preferences and
shopping habits, user generated content, financial information, and welfare information. It could also include
unique numerical identifiers like your computer's IP address or your mobile device's MAC address, as well as
cookies.
L'Oréal believes that you, the consumer, are at the heart of what we do. We love hearing from you, learning about
you, and creating and delivering products that you enjoy. And we know that many of you love talking to us.
Because of this, there are many ways that you might share your personal data with us, and that we might collect
it.
We might collect or receive data from you via our websites, forms, apps, devices, L'Oréal products or brands
pages on social media or otherwise. Sometimes you give this to us directly (e.g. when you create an account,
when you contact us, when you purchase from our websites/apps or stores/beauty salon), sometimes we collect it
(e.g. using cookies to understand how you use our websites/apps) or sometimes we receive your data from other
third parties, including other L'Oréal Group entities.
When we collect data, we indicate the mandatory fields via asterisks where such data is necessary for us to:
- perform our contract with you (e.g. to deliver the products you have purchase on our websites/apps);
- provide you with the service you have asked for (e.g. to provide you with a newsletter, birthday offers or
account status); or
- comply with legal requirements (e.g. invoicing).
If you do not provide the data marked with an asterisk, this may affect our ability to provide the products and
services.
We set out further details in the table below, explaining:
- During what interaction your data may be provided or collected? This column
explains what activity or situation you are involved in when we use or collect your data. For example,
whether you are making a purchase, signing up to a newsletter, or browsing a website/app.
- What personal data may we receive from you directly or resulting from your interaction with
us? This column explains what types of data we may collect about you
depending on the situation.
- How and why we may use it? This column explains what we may do
with your data and the purposes for collecting it.
- What is the legal basis for using your personal data?
This column explains the reason we may use your data.
Depending on the purpose for which the data is used, the legal basis for the processing of your data can be:
- Your consent;
- Our legitimate interest, which can be:
- Improvement of our products and services: more specifically, our business
interests to help us better understand your needs and expectations and therefore improve our
services, websites / Apps / devices, products and brands for our consumers' benefit.
- Fraud prevention: to ensure payment is complete and free from fraud and
misappropriation.
- Securing our tools: to keep tools used by you (our websites/Apps/devices) safe
and secure and to ensure they are working properly and are continually improving.
- The performance of a contract: more specifically to perform the services you
request from us; or
- Legal grounds where a processing is required by law.
Information overview on your interactions with us and their consequences on your data
|
During which interactions may you provide and we may collect your data?
|
What personal data may we receive from you directly or resulting from your
interaction with us?
|
How and why we may use your data?
|
What is the legal basis for using your personal data?
|
Account Creation and management
Information collected during the creation of an account on L'Oréal websites/apps, through a
social media login, or in store.
|
Depending on how much you are interacting with us, those data may include:
- name and surname;
- gender;
- email address;
- address;
- phone number;
- photo;
- birthday or age range;
- ID, username, and password;
- personal description or preferences;
- order details; and
- social media profile (where you use social login or share this personal data with us).
|
To:
- manage your orders;
- manage any competitions, promotions, surveys or lucky draws you choose to enter;
- respond to your questions and otherwise interact with you ;
- offer you a loyalty program;
- allow you to manage your preferences;
|
|
- send you marketing communications (where you have asked us to) which may be tailored to your
“profile” (i.e. based on the personal data we know about you and your preferences);
|
|
- offer personalized services based on your beauty characteristics;
- monitor and improve our websites/apps ;
- run analytics or collect statistics; and
- secure our websites/apps and protect you and us against fraud;
|
- Legitimate Interest
To ensure our websites/apps remain secure, to protect them against fraud, and to help us
better understand your needs and expectations and therefore improve our services,
products and brands.
|
Newsletter and commercial communications subscription
|
Depending on how much you are interacting with us, those data may include:
- email address;
- name and surname;
- personal description or preferences; and
- social media profile (where you use social login or share this personal data with us).
|
To :
- send you marketing communications (where you have asked us to) which may be tailored to your
“profile” based on the personal data we know about you, and your preferences (incl. location
of your favourite store); and
|
|
- run analytics or collect statistics.
|
- Legitimate Interest
to tailor our marketing communications, understand their effectiveness, and ensure you
receive the most relevant experience; and
to help us better understand your needs and expectations and therefore improve our
services, products and brands.
|
- Keep an up to date suppression list if you have asked not to be contacted;
|
|
Purchases and order management
Information collected during the purchase process made on L'Oréal website/apps/social pages or in
store
|
Depending on how much you are interacting with us, those data may include:
- name and surname;
- email address;
- address (delivery and invoicing);
- phone number;
- personal description or preferences;
- social media profile (where you use social login or share this personal data with us);
- transaction information including purchased products and store location;
- payment and information; or
- purchase history
|
To
- contact you to finalize your order where you have saved your shopping cart or placed
products in your cart without completing the checkout process;
- inform you when a product you wanted to purchase is available;
- process and follow your order including delivering the product to the address you indicated;
- manage the payment of your order. To be noted, payment information (credit card number /
Paypal, Alipay or WeChat Pay information / bank account details) are not collected by us but
directly by payment service providers;
- manage any contact you have with us regarding your order;
|
|
- secure the transactions against fraud. To be noted, we use a third party provider's solution
to detect fraud and ensure the payment is complete and made by you or someone authorized by
you;
- enrich your profile if you place a purchase using your account information;
- measure satisfaction;
- manage any dispute relating to a purchase; and
- for statistics purposes.
|
|
Online browsing
Information collected by cookies or similar technologies (“Cookies”*) as part of
your browsing on L'Oréal website / apps and/or on third-party website / apps.
For information on specific Cookies placed through a given website/app, please consult the
relevant cookie table.
* Cookies are small text files stored on your device (computer, tablet or mobile) when you are on
the Internet, including on L'Oréal Group's websites.
|
Depending on how much you are interacting with us, those data may include:
- data related to your use of our websites/apps:
- where you came from;
- login details;
- pages you looked at;
- videos you watched;
- ads you click on or tap;
- products you search for;
- your location;
- duration of your visit; and
- products you selected to create your basket.
Technical information:
- IP address;
- browser information; and
- device information.
A unique identifier granted to each visitor and the expiration date of such identifier.
|
We use Cookies, where relevant, with other personal data you have already shared with us (such as
previous purchases, or whether you're signed up to our email newsletters) or the following
purposes:
- to allow proper functioning of our website/apps:
- proper display of the content;
- creation and remembering of a cart;
- creation and remembering of your login;
- interface personalisation such as language;
- parameters attached to your device including your screen resolution, etc; and
- improvement of our websites/apps, for example, by testing new ideas;
- to ensure the website/app is secure and safe and protect you against fraud or misuse of our
websites or services, for example through performing troubleshooting;
- to run statistics:
- to avoid visitors being recorded twice;
- to know users' reaction to our advertising campaigns;
- to improve our offers; and
- to know how you discovered our websites / apps.
|
- Legitimate interest:
To ensure we are providing you with websites /
apps, advertising and communications that are working properly and are continually
improving for cookies that are (i) essential for the functioning of our websites /
apps, (ii) used to keep our websites/apps safe and secure.
|
- to deliver online behavioural advertising:
- to show you online advertisements for products which may be of interest to you, based on
your previous behaviour; and
- to show you ads and content on social media platforms.
- to tailor our services for you:
- to send you recommendations, marketing, or content based on your profile and interests;
- to display our websites/apps in a tailored way like remembering your cart or
login, your language, the user-interface customization cookies (i.e. the parameters
attached to your device including your screen resolution, font preference, etc); and
- to allow sharing of our content on social media (sharing buttons intended to display the
site).
|
- Consent
For all other cookies.
|
Promotional operations
Information collected during a game, contests, promotional offer, sample requests, surveys.
|
Depending on how much you are interacting with us, those data may include:
- name and surname;
- email address;
- phone number;
- birth date;
- gender;
- address;
- personal description or preferences;
- social media profile (where you use social login or share this personal data with us); and
- other information you have shared with us about yourself (e.g. via your “My Account” page,
by contacting us, or by providing your own content such as photos or a review, or a question
via the chat function available on some websites/apps, or by participating in a
contest, game, survey).
|
- to complete tasks that you have asked us to, for example to manage your participation in
contests, games and surveys, including to take into account your feedback and suggestions;
|
|
- for statistics purposes; and
|
|
- to send you marketing communications (where you have asked us to)
|
|
User Generated Content
Information collected when you submitted some content on one of our social platforms or accepted
the re-use of content you posted on social media platforms by us.
|
Depending on how much you are interacting with us, those data may include:
- name and surname or alias;
- email address;
- photo;
- personal description or preferences;
- social media profile (where you use social login or share this personal data with us); and
- other information you have shared with us about yourself (e.g. via your “My Account” page,
by contacting us, or by providing your own content such as photos or a review, or a question
via the chat function available on some websites/apps).
|
- In accordance with the specific terms and conditions accepted by you:
- to post your review or content; and
- to promote our products.
|
|
|
|
Use of Apps and devices
Information collected as part of your use of our Apps and/or devices.
|
Depending on how much you are interacting with us, those data may include:
- name and surname;
- email address;
- location;
- birth date;
- personal description or preferences;
- photo;
- welfare data including skin tone, skin/hair type; and
- geolocation.
|
To
- provide you with the service requested (for example, virtually test our products, purchase
our products through the App or on related e-com websites; advice and notifications
regarding your sun exposure, your hair routine);
- analyse your welfare characteristics and recommend the appropriate products (including
bespoke products) and routines;
- provide you product & routine recommendations;
|
|
- for research and innovation by scientists within L'Oréal Group;
- for monitoring and improvement of our Apps and devices; and
- for statistics purposes.
|
|
Enquiries
Information collected when you ask questions (e.g. through our consumer care) relating to our
brands, our products and their use.
|
Depending on how much you are interacting with us, those data may include:
- name and surname;
- phone number;
- email address; and
- other information you have shared with us about yourself in relation to your enquiry (which
may include welfare and health data).
|
- To answer your enquiries;
- where needed, to connect you with the relevant services;
|
- Consent
To process your enquiry.
|
- for statistics purposes; and
|
|
|
|
- for post-market surveillance:
- to monitor and prevent any undesirable effect linked to the use of our products;
- to perform studies relating to the safe use of our products; and
- to perform and follow-up on corrective measures taken, where needed.
|
|
Sponsorship
|
Depending on how much you are interacting with us, those data may include:
- name and surname;
- phone number; and
- email address.
|
- To send information on our products and or information tagged in a wish list to a person at
another person's request.
|
- Performance of a contract
To process the request.
|
For purposes of securing transactions placed through our websites/apps/devices against fraud and
misappropriation, we use third party provider's solution(s).The method of fraud detection is based on, for
example, simple comparisons, association, clustering, prediction and outlier detections using intelligent
agents, data fusion techniques and various data mining techniques.
This fraud detection process may be completely automated or may involve human intervention where a person takes
the final decision. In any case, we take all reasonable precautions and safeguards to limit access to your data.
As a result of automatic fraud detection, you may (i) experience delay in the processing of your order / request
whilst your transaction is being reviewed by us; and (ii) be limited or excluded from the benefit of a service
if a risk of fraud is identified. You have the right to access information on which we base our decision. Please
see “Your Rights and Choices” section below.
When we send or display personalised communications or content, we may use some techniques qualified as
“profiling” (i.e. any form of automated processing of personal data consisting of using those data to evaluate
certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning
that natural person's personal preferences, interests, economic situation, behaviour, location, health,
reliability, or movements). This means that we may collect personal data about you in the different scenarios
mentioned in the table above. We centralize this data and analyse it to evaluate and predict your personal
preferences and/or interests.
Based on our analysis, we send or display communications and/or content tailored to your interests/needs.
You have the right to object to the use of your data for “profiling” in certain circumstances. Please see “Your
Rights and Choices” section below.
We may share your personal data within L'Oréal Group to comply with our legal obligations, to prevent
fraud and/or to secure our tools, to improve our products and services, or after having obtained your
consent to do so.
Depending on the purposes for which they were collected, and only on a need-to-know basis some of your personal
data may be accessed by L'Oréal Group entities worldwide, where possible in a pseudonimized way (not allowing
direct identification), and where necessary to provide you with requested services.
We may also share your personal data in a pseudonimized way (not allowing direct identification) with L'Oréal
Research & Innovation scientists, including those located outside of your country, for research and
innovation purposes.
Where permitted, we may also share some of your personal data including those collected through Cookies between
our brands to harmonize and update the information you share with us, to perform statistics based on your
characteristics and to tailor our communications.
Please visit the L'Oréal group website, for further details on the L'Oréal
Group, its brands and its locations.
We may share your personal data for marketing purposes with third party or entities of the L'Oréal
Group.
We only share your personal data with third parties for direct marketing purposes with your consent. In this
context, your data is processed by such third party, acting as a data user, and its own terms and conditions and
privacy notice apply. You should carefully check their documentation before consenting to the disclosure of your
information to that third party.
Your personal data may also be processed on our behalf by our trusted third party providers.
We rely on trusted third parties to perform a range of business operations on our behalf. We only provide them
with the information they need to perform the service, and we require that they do not use your personal data
for any other purpose. We always use our best efforts to ensure that all third parties we work with keep your
personal data secure. For instance, we may entrust services that require the processing of your personal data
to:
- third parties that assist and help us in providing digital and e-commerce services such as social listening,
store locator, loyalty programs, identity management, ratings and reviews, CRM, web analytics and search
engine, user generated content curation tools;
- advertising, marketing, digital and social media agencies to help us to deliver advertising, marketing, and
campaigns, to analyse their effectiveness, and to manage your contact and questions;
- third parties required to deliver a product to you e.g. postal/delivery services;
- third parties that assist and help us in providing IT services, such as platform providers, hosting
services, maintenance and support on our databases as well as on our software and applications that may
contain data about you (such services could sometimes imply access to your data to perform the required
tasks);
- payment service providers and credit reference agencies for the purpose of assessing your credit score and
verifying your details where this is a condition of entering into a contract with you; and
- third parties that assist us for customer care and post-market surveillance purposes.
-
We may also disclose your personal data to third parties:
- in the event that we sell any business or assets, in which case we may disclose your personal data to the
prospective buyer of such business or assets. If L'Oréal or a part of its assets is acquired by a third
party, personal data held by it about its customers relating to those assets is one of the transferred
assets. Where appropriate, in such case, the buyer acting as the new data user processes your data and its
privacy policy governs the processing of your personal data;
- if we are under a duty to disclose or share your personal data in order to comply with a legal obligation,
or in order to enforce or apply our terms of use/sales or other terms and conditions you have agreed to; or
to protect the rights, property, or safety of L'Oréal, our customers, or employees
- if we have your consent to do so; or
- if we are permitted to do so by law.
We may disclose your personal data to our partners:
- in the event the service you subscribe to was co-created by L'Oréal and a partner (for example, a co-branded
app). In such case, L'Oréal and the partner process your personal data each for their own purposes and as
such your data is processed:
- by L'Oréal in accordance with this Privacy Policy; and
- by the partner acting also as a data user under its own terms and conditions and in accordance with its
own privacy policy;
- in the event you agreed to receive marketing and commercial communications from a L'Oréal partner through a
dedicated opt-in (for instance, through an App branded by L'Oréal and made available to its partners). In
such case, your data is processed by the partner acting as a data user under its own terms and conditions,
and in accordance with its privacy policy; and
- we may publish on our supports content from social networks. In the event you consult content from social
networks on our website/apps, a Cookie from such social network may be stored on your device. We invite you
to read the Cookie Policy of these social networks for more information.
We do not offer or sell your personal data.
The data that we collect from you may be transferred to, accessed from, and stored at a destination outside Hong
Kong SAR. It may also be processed by staff members operating outside the Hong Kong SAR who work for us or for
one of our service providers.
L'Oréal transfers personal data outside of the Hong Kong SAR only in a secure and lawful way. As some countries
may not have laws governing the use and transfer of personal data, we take steps to make sure that third parties
adhere to the commitments set out in this Policy. These steps may include reviewing third parties' privacy and
security standards and/or entering into appropriate contracts.
For further information, please contact us as per the “Contact” section below.
How Long Do We Keep Your Personal data
We only keep your personal data for as long as we need it for the purpose for which we hold your personal data,
to meet your needs, or to comply with our legal obligations.
To determine the data retention period of your data, we use the following criteria:
- where you purchase products and services, we keep your personal data for the duration of our contractual
relationship;
- where you participate in a promotional offer, we keep your personal data for the duration of the promotional
offer;
- where you contact us for an enquiry, we keep your personal data for the duration needed for the processing
of your enquiry;
- where you create an account, we keep your personal data until you require us to delete it or after a period
of inactivity (no active interaction with brands) defined in accordance with local regulations and guidance;
- where you have consented to direct marketing, we keep your personal data until you unsubscribe or require us
to delete it or after a period of inactivity (no active interaction with brands) defined in accordance with
local regulations and guidance; and
- where cookies are placed on your computer, we keep them for as long as necessary to achieve their purposes
(e.g. for the duration of a session for shopping cart cookies or session ID cookies) and for a period
defined in accordance with local regulations and guidance.
We may retain some personal data to comply with our legal or regulatory obligations, as well as to allow us to
manage our rights (for example to assert our claims in Courts) or for statistical or historical purposes.
When we no longer need to use your personal data, it is removed from our systems and records or anonymised so
that you can no longer be identified from it.
We are committed to keeping your personal data secure, and taking all reasonable precautions to do so. We
contractually require that trusted third parties who handle your personal data for us do the same.
We always do our best to protect your personal data and once we have received your personal data, we use strict
procedures and security features to try to prevent unauthorised access. As the transmission of information via
the internet is not completely secure, we cannot guarantee the security of your data transmitted to our site. As
such, any transmission is at your own risk.
Our websites and Apps may from time to time contain links to and from the websites of our partner networks,
advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have
their own privacy policies and that we are not responsible or liable for these policies. Please check these
policies before you submit any personal data to these websites.
We may also offer you the opportunity to use your social media login. If you do so, please be aware that you
share your profile information with us depending on your social media platform settings. Please visit the
relevant social media platform and review its privacy policy to understand how your personal data is shared and
used in this context.
Some of our websites and Apps allow users to submit their own content. Please remember that any content submitted
to one of our social media platforms can be viewed by the public, so you should be cautious about providing
certain personal data e.g. financial information or address details. We are not responsible for any actions
taken by other individuals if you post personal data on one of our social media platforms and we recommend that
you do not share such information.
YOUR RIGHTS AND CHOICES
L'Oréal respects your right to privacy: it is important that you are able to control your personal data. You have
the following rights:
Your rights
|
What does this mean?
|
The right to be informed
|
You have the right to obtain clear, transparent and easily understandable information about how
we use your personal data, and your rights. This is why we are providing you with the
information in this Policy.
|
The right of access
|
You have the right to access to the personal data we hold about you (subject to certain
restrictions).
We may charge a reasonable fee taking into account the administrative costs of providing the
information.
Requests manifestly unfounded, excessive or repetitive may not be answered to.
To do this, please contact us at the details below.
|
The right to rectification
|
You have the right to have your personal data rectified if it is incorrect or outdated and/or
completed if it is incomplete.
To do this, please contact us at the details below. If you have an account, please correct your
own data via your “My Account” function.
|
The right to object to direct marketing, including profiling
|
You can unsubscribe or opt out of our direct marketing communication at any time.
It is easiest to do this by clicking on the “unsubscribe” link in any email or communication we
send you. Otherwise, you can contact us using contact detail below.
If you would like to object to any profiling, please contact us at the details below.
|
The right to withdraw consent at any time for data processing based on consent
|
You can withdraw your consent to our processing of your data when such processing is based on
consent. The withdrawal of consent shall not affect the lawfulness of processing based on
consent before its withdrawal. We refer to the table inserted in section “what data do we
collect from you and how do we use it” especially the column “What is our legal basis for
processing your data?” to identify where our processing is based on consent.
If you would like to object to withdraw your consent, please contact us at the details below.
|
To deal with your request, we may require proof of your identity.
A Chinese version of this Privacy Policy is available. In the event of discrepancy, the English version shall
prevail.
24 June 2020
We, L’Oreal Hong Kong Limited (“we” or “L’Oréal”) trading as KIEHL'S HONG KONG (“Brand”), will collect and store
your personal information pursuant to this Personal Information Collection Statement (“Your Data”). It is
mandatory for you to provide your personal information marked with asterisks (*) and voluntary for those without
an asterisk (*); but if you do not, we may not be able to provide you with our products and services.
PURPOSES FOR WHICH YOUR PERSONAL DATA ARE USED
We will use Your Data for the following purposes (as the case may be):
- a) fulfilling, managing and contacting you about your purchase of our goods and/or services at our online or
retail stores (including our retail/department store partners), and your online purchase accounts;
- b) creating, managing and contacting you about your Brand membership and member rewards (including enquiries
and implementation on loyalty points accrual or redemption);
- c) providing you with free products, samples or gifts in relation to any contest, lucky draw, game,
competition, event or promotion which is organised by L’Oréal as you may participate;
- d) communicating with you regarding your enquiries about our goods and/or services;
- e) identification and verification to facilitate any of the above purposes;
- f) internal research, profiling and analytics;
- g) (subject to any written consent you may give) direct marketing purpose; and
- h) any other directly related purposes.
(collectively, the “Use Purposes”).
Where you have given your written consent, we may contact and communicate with you by phone call, SMS, email,
mail or via interactive conversations over social media platform messengers (e.g. Facebook message, Instagram
message, WhatsApp message, WeChat message, etc.) with our beauty advisors.
TRANSFER OF YOUR PERSONAL DATA
For the Use Purposes, we may transfer, grant access to or share Your Data with:
- a) L’Oréal or any member of its group companies or affiliates, whether located within or outside of Hong
Kong SAR (together the “L’Oréal Group”);
- b) any of L’Oréal’s or L’Oréal Group member’s third party service providers or agents who provides payment,
IT, research, profiling, analytics, marketing, call centre, administrative and any other services which
support the business operation of L’Oréal or any L’Oréal Group member;
- c) in relation to payment for your purchase of our goods and/or services, credit reference agencies, credit,
debit and/or charge card companies and/or banks; and
- d) social media platform providers (including those which may be located in the PRC and the United States).
USE OF YOUR PERSONAL DATA FOR DIRECT MARKETING
If you opt-in, we will use your full name, email address, telephone number, mail address, WhatsApp account name
and account ID, WeChat account name and account ID, Facebook account name and account ID to send you promotions,
news and updates regarding (as the case may be) beauty, skincare, make-up, hair care, hair styling, fragrances,
scents, candles, hand wash and related products and services from our Brand in Hong Kong SAR and Macau SAR via
the communication channels you indicate (e.g. phone call, SMS, email, mail, WhatsApp message, WeChat message,
Facebook message etc.) We cannot use and/or transfer your personal information for direct marketing without your
consent.
YOUR RIGHTS AND CONTACT US
You have the right to request access to or correction of information held by us about you. If you wish to access
or correct your personal information, please contact our Legal Department at [email protected]. For any unsubscribe from direct
marketing or other general enquiries, please contact us at [email protected]
For further information on how we use your personal information, please see our Privacy Policy: https://www.kiehls.com.hk/en/privacy-policy.
This Statement is written in the English language and may be translated into the Chinese language. In the event
of any inconsistency, the English version shall prevail.