Just like your skin, respect for your privacy is one of our priorities. When you visit our website or purchase our products, you may send us personal data, directly or indirectly. Your personal data is precious; it is part of your privacy.
BIODERMA (NAOS UK and Ireland) therefore undertakes to collect and process your personal data in a transparent, fair and lawful manner.
Global Opt-In for NAOS United Kingdom and Ireland
By signing up for the newsletter of any brand affiliated with NAOS United Kingdom and Ireland, including NAOS UKI Corporate, Bioderma brand (https://www.bioderma.co.uk/), Institut Esthederm brand (https://www.esthederm.com/en/), Etat pur (https://www.etatpur.com/), and our e-commerce website NAOS Store (https://www.naos-store.co.uk/), you are providing your explicit consent to receive communication from NAOS United Kingdom and Ireland. This communication may include updates, promotions, and information related to any of our brands. We are committed to safeguarding your privacy and complying with all applicable data protection laws, including the General Data Protection Regulation (GDPR) and UK data protection law.
Your personal information will be used solely for the purpose of delivering relevant newsletters and marketing content from NAOS United Kingdom and Ireland and its affiliated brands. You have the right to withdraw your consent or manage your communication preferences at any time by following the instructions provided in our communications or by contacting our Data Protection Officer at firstname.lastname@example.org.
1. Which data is covered by the Policy?
"Personal data" is information that directly or indirectly identifies a natural person. This includes, for example, your name, e-mail address, and phone number, but also data on your consumption habits, your skin type, etc.
|Time of collection||Categories of data collected||Retention period||Legal basis|
|You browse our Website|
|13 months from the date of collection during your navigation.|
|You subscribe to our newsletter|
|3 years from the date of collection or last contact from you||Consent|
|You write via our social networking pages|
|3 years from the date of collection or last contact from you|
|You contact our Consumers Service or our advisers by email, phone, mail|
|3 years from the date of collection or last contact from you|
|You participate in a game or contest|
|Time required to manage the game||Completing a contract|
|You participate in a product test or a satisfaction survey|
The data we collect depends on the purpose of the survey or test.
We can collect including:
|Duration required to complete the test or survey and to interpret the results.|
|You declare a case of Cosmetovigilance|
|Duration provided by law||Legal obligation|
During each collection, certain data (indicated by asterisks) must be provided in order to benefit from the services offered. The others are purely optional and allow us to know you better, for example to offer you adapted offers.
2. How do we collect data from minors?
Our website is accessible to anyone, major or minor.
However, the additional prior consent of the holder of parental authority is required for minors under the age of fifteen who subscribe to our services or provide us with personal data concerning them.
3. The case of third-party websites
On our website, you can connect via your social network profiles, click on links to our social networking pages, etc.
- Facebook: https://en-gb.facebook.com/privacy/explanation/
- Instagram: https://en-gb.facebook.com/help/instagram/155833707900388
- Pinterest: https://policy.pinterest.com/en-gb/privacy-policy
- YouTube: https://policies.google.com/privacy?hl=en-GB&gl=zz
You also have the option to publish content on our pages. We remind you that any content transmitted via our pages is accessible to the public. Concerned about the protection of your privacy, we invite you to be vigilant when you communicate your personal data on social networks. We are not responsible for the use that may be made by third parties, data that you have communicated publicly.
We remind you that we may collect the content you publish on our pages, to know you better and to segment our consumer databases.
4. Cookie management
As part of the protection of your privacy, we invite you to consult our Cookies Management Policy to obtain information on these cookies and set their operation.
5. Who are the recipients of your data?
We may be required to transmit your data to the following companies, structures and/or persons involved in the fulfillment of the purposes described in IV above:
- Employees of NAOS Group companies who need to process the personal data collected for the purposes explained above;
- Our subcontractors and service providers, for example to send you commercial solicitations when you have consented, to host our consumer databases, etc.;
- Google, to measure the audience on our Website;
- Social networks, to know your activity on our pages, your consumption habits etc.;
We select subcontractors, service providers and suppliers who provide sufficient safeguards to ensure the protection, security and privacy of your personal data, including the implementation of appropriate technical and organizational measures that meet the requirements of the law. They are only allowed to process your data according to our instructions.
Your personal data may also be communicated to the administrative or judicial authorities at their request, as well as to third parties or authorized recipients to comply with a legal obligation or for the exercise of legitimate interests.
6. How do we ensure the security of your data?
We undertake to use reasonable means to ensure that your personal data are sufficiently protected, taking into account the sensitive nature of certain information collected. We use a variety of technologies and procedures to ensure that your data is treated in a manner that protects it against unauthorized loss, destruction, alteration, disclosure, or access, whether unlawfully or accidentally.
We implement measures that respect the principles of protection from the design stage and, by default, the personal data processed. As such, we are able to use data anonymization techniques whenever possible and/or necessary.
We demand an equivalent level of security from our subcontractors.
For example, we or our subcontractors store your data on computer servers located in controlled locations and whose access is limited.
7. Where do we store your data?
Our company and our subcontractors process and store your data only in member countries of the European Union.
8. How can you exercise your rights?
In accordance with the laws in force, you benefit from:
- A right to information;
- A right of access to data concerning you;
- A right to correct your data;
- A right to erase data for legitimate reasons;
- The right to oppose the processing of your data for legitimate reasons;
- The right to withdraw your consent to the processing of your data;
- A right to limit treatment;
- The right to portability of data;
- The right not to be the subject of a decision based exclusively on automated processing and having legal effects affecting you or affecting you significantly;
- The right to oppose the commercial prospection;
- The right to formulate guidelines regarding the storage, deletion and communication of your personal post-mortem data.
You may exercise these rights at any time by email, via our contact form (https://www.bioderma.co.uk/contact-us) or by post to the following address: Consumer Service BIODERMA, NAOS UKI - Dickens House, 1 Fetter Lane, London. EC4A 1BR United Kingdom.
A reply will be sent to you within one month of receiving your request.
We reserve the right not to respond to requests that are manifestly unfounded in accordance with European regulations. The person concerned will be informed of any refusal formulated by us.
You can also - if you wish - make a complaint to the GOV.uk website: https://www.gov.uk/data-protection.
For more information, please consult the following link: http://www.aboutcookies.org/.
9. How to contact the DPO?
We have appointed a Data Protection Officer (DPO) who can be reached at the following address: email@example.com, or by post at the following address: Legal Department - DPO, NAOS UKI, Dickens House, 1 Fetter Lane, London. EC4A 1BR United Kingdom.
The Data Protection Officer is available to provide any necessary information regarding the Data Protection Policy.