Privacy Policy

This Privacy Policy was updated on July 25, 2024.

This privacy policy (“Privacy Policy”) allows you to better understand how NEVINAR COSMETICS LTD processes your personal data when you contact us or use one of our services, which includes this website and our stores/spas (collectively, our “Services”).

This Privacy Policy may be updated at any time by us. Any changes to this Privacy Policy will be posted on this page and, where appropriate, notified to you. We invite you to refer back to it on a regular basis.

You can download and archive this document in PDF format by clicking here. To open the PDF file, you will need the free Adobe Reader (downloadable from www.adobe.fr) or similar software that supports the PDF format.

1 Who are we?

NEVINAR COSMETICS LTD (“Clarins”, “we”, “us”, “our”), with registered office n° 439933, located at Clarins House, 4B Lazer Lane, Grand Canal Dock, Dublin 2, D02 PP89, Ireland is the data controller unless otherwise stated.

2 What data do we collect about you?

We may mainly collect the following personal data that could identify you directly or indirectly:

  • information about your identity, in particular your gender, last name, first names, address, telephone numbers, email address, username and password, date of birth or age;
  • information about your payment method, in particular your credit card number and the expiration date;
  • information about our commercial transactions, in particular transaction numbers, history of your purchases, your request or your communications with our Customer Service team, your preferences and interests or information about one of our loyalty programs;
  • content information such as photos, videos, ratings, reviews, comments;
  • information about wellness or health (beauty concern, skin type, skin sensitivity, contraindications, undesirable effects reports, etc.) subject when applicable to your prior and explicit consent, in particular for cosmetovigilance or when asking for a beauty prescription Clarins or a treatment Clarins in one of our Spas;
  • information about your social media accounts (username, sex, profile picture, caption information, location, etc.), uploads and posts when you share content or use the hashtag #clarins or other hashtags we offer or when you interact with our chatbot;
  • recordings of telephone conversations to offer the best quality of service;
  • technical information, in particular your IP address or information about how your device navigates through our website or metadata when you interact with our chatbot;
  • other information you provide when you contact us, or we have received from external providers.

In most cases we collect this personal data directly from you, such as when you make a purchase from us, visit one of our Services or contact us for any purpose. We may also collect personal data (e.g., email address or telephone number) from third parties to whom you have given your consent to share personal information about you with us.

The provision of the personal data indicated in this Policy is mandatory, unless otherwise stated. If you do not provide us with such personal data, we may not be able to provide you with some or all of our products or Services or enter into a contract with you.

3 Why is your data collected and on what legal basis?

We might collect your personal data for the following purposes:

Purposes of processing Legal basis
1. Website administration and improvement. We have a legitimate interest to improve our website to provide you with an enhanced client experience when you use it.
2. Manage our business relationship with you: (process of your orders, deliveries, invoices, after sales service, etc.) and provide our Services in one of our Spas or some approved points of sale of distribution network. Performance of the contract you entered with us.
3. Manage our accountings. Our legal obligation under the national legislation (tax obligations, accounting obligations, etc.).
4. Process your donations. Your consent to contribute to our actions in various causes in particular to support research in the health sector.
5. Manage your membership to our Loyalty program or participation in a game or competition. Performance of the contract to which you adhere when enrolling to our program or when participating to an event.
6. Carry out marketing activities:
  • Manage our Customer Relationship (CRM), better know you and provide personalized marketing communications and offers about our products and Services (in particular by email, by SMS, on social networks or any other medium and by displaying targeted ads on websites and on social networks)
  • For purposes 5 and 6, we may perform segmentation operations based on your preferences, interests and purchases behavior, analyze your browsing and requests on our website or perform any other actions to better qualify our database. For example, we may transmit certain encrypted data (email or phone number) on third-party platforms to check if you already had an interaction with our brands and/or are likely to be interested by our products and Services and to provide you with personalized advertising on social networks and third-party websites using retargeting features.

Your consent to receive marketing communications when such consent is required by law.

Our legitimate interests to better respond to your preferences and interests.

7. Manage the creation and use of your account and allow you to benefit from a personalized customer experience, a unified view of your personal data (e.g., information collected at the point of sale, by our Customer Service or during promotional operations, when you create a wishlist). You can also place an order using the Guest Check option. Performance of a contract resulting from your acceptance of our Terms & Conditions governing the creation and use of your account.
8. Provide the services you request such as the Live Consultation, the Virtual Try On, the Store Locator, the Refer-a-Friend. Your consent to use this feature.
9. Carry out descriptive, prescriptive and predictive analysis, measure your customer experience and feed our R&D. We have a legitimate interest to better understand our clients and the market on which we operate and make informed decisions.
10. Determine how you evaluate our products based on social interaction when you share content with us on social medias, react to our posts and provide your opinion. Your consent to share your opinions on our products.
11. Help us tailor and improve our content and Services, deliver targeted advertising, measure their performance on our website and those of our partners, including social media, share content regarding our products on social medias or react to our posts, provide chatbot, virtual try-on and store locator features, detect and prevent fraud using cookies and other tracers.

For further detail, please refer to Section 8.
Your consent to non-essential cookies as defined in Section 8, by using the consent management tool.
12. Processing your requests and complaints. Our legitimate interest to manage your requests and complaints and respond to them.
13. Detect and prevent fraud when using our Services.

The fraud detection solutions we use can be automated but will involve human intervention. When we use automated fraud detection solutions, we engage in processing of your personal data for the purpose of identifying fraudulent activity or securing payment and making automated decisions in this respect. The logic of this automated decision-making relies on applying fraud analysis rules and models to our business processes to determine if an action is potentially fraudulent. This processing can produce legal effects that concern you or similarly significantly affect you, and specifically we may refuse to enter into a contract with you, subject to an analysis of the automated decision.
Our legitimate interest to prevent online fraud in relation with the purchase of our products and Services on our Website.
14. Manage undesirable effects related to the use of our products (Cosmetovigilance), carrying out studies concerning the safety of use of our products and exercise of your rights (keeping an opt-out list). Our legal obligation under cosmetic products law.
15. Respond to your requests when you exercise your data subject’ data protection rights. Our legal obligation under the national data protection law.
16. Carry out call recording activities when you contact our customer service. Our legitimate interest to offer you the best quality of service.
17. Transfer of your personal data in case of merger, acquisition, restructuring or sale of our business. Our legitimate interest to develop our business activities, which may result in the transfer of all or part of your personal data.
18. Establish our rights or defend ourselves against any dispute that may arise. Our legitimate interest to ascertain, exercise and/or defend our rights and ensure our business continuity.
19. Compliance and legal processes. Necessity to comply with our legal obligations.

4 Do we disclose your data?

We never sell nor rent your personal data to other companies for marketing or other purposes. For the purpose listed above and, on a need-to-know basis, we can share your personal data with:

  • Authorized employees: Our employees might have access to your personal data on a need-to-know basis as part of their job.
  • Other Clarins group companies: Clarins is an international group that operates in many countries. The personal data we are collecting about you will be used by us and might be communicated for the purposes stated in this Privacy Policy to other Clarins group companies on a case-by-case basis and as necessary and in particular to our parent company in France. This may involve your personal data being communicated outside of your jurisdiction of residence where it may be subject to access by local authorities in accordance with the laws of that jurisdiction. Each of those companies may also process and use your personal data for the purposes stated in this Privacy Policy independently and on their own behalf. To learn more about the Clarins group and its locations, visit our corporate website.
  • Service providers: We may use service providers chosen for their expertise and reliability and acting as data processors, separate data controllers or joint controllers with us, to assist us notably with processing and fulfilment, secure payment, donations, customer service management, maintenance and technical development operations, ratings and reviews, virtual try on, beauty consultations, analytics, spam prevention, management of digital campaigns and affiliation, fraud prevention, etc. These service providers use your personal data only to the extent necessary to perform their services or on our behalf or to comply with legal requirements and we strive to ensure that your personal data is always protected.
  • Public authorities: we may also transmit your personal data to local authorities if required by law or as part of an investigation and in accordance with applicable regulations.
  • Other third parties: in case of a sale, merger, consolidation, liquidation, reorganization or acquisition.

5 Why do we transfer your personal data?

Some of our service providers or Clarins group companies may be located outside of the European Economic Area (EEA), including in countries that do not provide the same level of data protection as in your country of residence (e.g., the United States) and your personal information may be subject to access by local authorities in accordance with the law of the local jurisdiction. In such a case, we ensured that:

  • we entered into appropriate data transfer agreements conforming to the Standard Contractual Clauses adopted by the European Commission;
  • we rely on the Binding Corporate Rules (BCR) of our service providers approved by competent authorities, where applicable;
  • such transfer is necessary for the purposes and based on the legal basis described in section 4 of this Privacy Policy.

In addition, where required, we have implemented supplementary measures (contractual, technical or organizational) to ensure the validity of the transfer.

To the extent provided by applicable law, you have a right to contact us for more information about the safeguards we have put in place to ensure an adequate protection of your personal data when it is transferred as mentioned above.

6 How will we protect your data?

Clarins takes appropriate technical and organizational measures, in relation to the nature of data and risks, to preserve the security and confidentiality of your personal data and, in particular, to prevent them from being altered, disclosed or transmitted to any unauthorized parties.

This may include practices such as limited access by members of staff who, by virtue of their duties, are authorized to access data, contractual guarantees from third-party providers, privacy impact assessments when required, internal reviews of our practices and privacy policies and/or implementation of physical and/or systematic security measures (secure access, authentication process, backup, antivirus, firewall, pseudonymization, encryption, etc.).

7 What is our policy on minors?

We do not knowingly collect nor process personal data from minors.

If we are aware of such collection and processing, we will take immediately appropriate measures to contact the person and delete this personal data from our servers and/or those of our service providers.

8 What is our cookies (and other tracking technologies) policy?

Cookies or other trackers (e.g. pixel tags, unique identifier or fingerprint, etc.) designate all mechanisms aimed at storing information on your device, or accessing information already stored on your device.

When you visit our site for the first time, we notify you of the purpose of the trackers used as well as the identity of our partners so that you can make an informed decision in this regard.

We ask for your express consent before storing and/or reading trackers on your device. You are not required to consent to our use of cookies or trackers, however if you refuse to give your consent to the use of certain cookies or trackers which, except when their sole purpose is to allow or facilitate the use of our site or when they are strictly necessary to provide access to our website or to a service expressly requested by you, we may be unable to provide you with such access or services.

The trackers are mainly used on our site to:

  • analyse your navigation, measure the perfomance of our site and improve the quality of our services;
  • display personalized advertising according to your browsing and your profile;
  • personalize the editorial content of our site according to your use or personalize the display of our products and services based on the browsing habits associated with your device;
  • enable additional features on our site;
  • monitor and prevent fraudulent activity, correct errors and ensure the security of our site.

You can change your preferences at any time:

  • our consent management tool allows you to give or withdraw your consent independently and specifically for each distinct purpose;
  • you can find out how to change your tracking preferences in the help menu of your browser;
  • the platform Youronlinechoices allows you to refuse or accept the cookies used by our partners.

Please note that deactivating the cookies will not prevent the display of ads on your device but will only block technologies that allow us to tailor ads to your browsing habits and interests.

The consideration of your choices is based on a tracker. If you delete all cookies stored on your device (via your browser), we - or our partners - will no longer be able to retain your preferences.

By default, we retain your choices (both consent and opt-out) for a period of 6 months.

User ID:

Token:

We may also use trackers in the e-mails we send to track certain of your behaviors such as opening the e-mail or clicking on a URL link to a page on our site in order to determine the date of our last interaction, measure the performance of marketing campaigns and provide you with personalized content. You can unsubscribe from our e-mails if you do not wish your browsing to be tracked in this way.

We may offer you push notifications on your web browser, subject to your consent. You can disable these notifications at any time by changing your browser settings. For more information, see our FAQ.

9 How are the contents you share on social networks using our hashtags managed?

You can choose to use our hashtags to tag your content on social networks such as Instagram, Facebook or TikTok.

By using these hashtags, please note that your content may appear on our website and be used to refer to our products or Services.

We remind you that the information you share on social networks can be consulted, used and saved by others around the world, in particular in countries without legislation guaranteeing an adequate level of protection of your personal data as defined in your country of residence.

We also draw your attention to the fact that when you submit content using one of our hashtags, your use of social networks is exclusively governed by the general conditions of these social networks. We invite you to read it and to refer to it regularly.

If you no longer want your content to appear on our site, please remove it from the social network or stop using hashtags.

10 How long do we keep your data?

We strive to keep your personal data only for the time necessary for the purposes set out in this Privacy Policy and in accordance with the legal provisions in force.

As a general rule, we will keep your personal data for as long as is strictly necessary to manage our relationship with you and for the duration of the contract with you, and thereafter for a period of 6 years from the end of the contract or such other period as permitted by applicable law.

We may also keep some of your personal data for a shorter or longer period in the following cases:

  • With respect to data processed in connection with the use of the Chat available on our website, your conversation data and metadata are deleted after you end your use of the Chat, unless the exchanges have been on topics that require the retention of such data as set out below.
  • When you use the Virtual Try On feature on our Site, the photos you send us are kept for up to 24 hours and are deleted then after. If you wish to use the Virtual Try On again, you will have to take new photographs.
  • Customer / prospect data will be kept for 3 years from the date of collection or after the last contact or the end of the commercial relationship, unless it is opposed or requested to be deleted by you. At the end of this 3-year period, we may contact you again in order to find out whether or not you wish to continue to receive marketing information. If no clear positive answer is given by you, your data will be deleted or archived in accordance with the provisions in force.
  • Data on credit cards will be deleted after the transaction or archived for evidence purposes to the extent permitted by applicable law. Subject to your express consent, banking data may be kept until the expiration date of the credit card. We never store your visual cryptogram.
  • Data necessary for carrying out analyzes and business statistics can be kept for up to 5 years.
  • Recordings of telephone conversations may be kept for up to 6 months.
  • Data to prove a right or a contract or kept under compliance with a legal obligation can be archived in accordance with the relevant statute of limitation provided by the applicable law.

Your personal data will be irreversibly erased or anonymized once the purposes has been fulfilled or the retention period has expired.

11 What are your rights regarding your data and how do you contact us?

As a data subject, you are entitled to:

  • Right to access: You have the right to ask us to confirm whether we are processing your personal data and, if so, inform you of the characteristics of the processing(s) of your personal data, access them and obtain a copy.
  • Right to rectification: You can ask us to correct or complete your personal data if they are incorrect or incomplete.
  • Right to erasure: You can ask us to delete your personal data in the following cases:
    • when they are no longer necessary for the purposes for which they were collected;
    • you have revoked your consent;
    • following the exercise of your right to object;
    • your personal data has been processed unlawfully; or
    • to comply with a legal obligation.

    We are not obliged to comply with your request for the deletion of your personal data, in particular if their processing is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.

  • Right to restriction: You may ask us to restrict the processing of your personal data (i.e., to retain it without using it) when:
    • its accuracy is disputed;
    • its processing is unlawful, but you do not want it deleted;
    • it is still necessary for the establishment, exercise or defense of legal claims;
    • we verify the existence of compelling reasons in connection with the exercise of your right to object.
    We may continue to use your personal data following a request for restriction:
    • with your consent;
    • for the establishment, exercise, or defense of legal claims; or
    • to protect the rights of any other natural or legal person.
  • Right to data portability: You may ask us to provide you with your personal data in a structured, commonly used and machine-readable format, or you may request that it be transmitted directly to another controller, but only if the processing is based on your consent or the performance of a contract with you and the processing is automated.
  • Right to withdraw your consent: You can withdraw your consent to process data at any time, if the processing is based on consent, without affecting the lawfulness of the processing based on your consent and carried out prior to your withdrawal of consent.
  • Right to object to such processing where we are relying upon legitimate interest to process data. In case of such objection, we must stop that processing unless we can either demonstrate legitimate grounds for the processing that override your interests, rights, and freedoms or where we need to process the data for the establishment, exercise, or defense of legal claims.

    With respect to direct marketing, you can object to the processing activity by changing your preferences at any time in your account, by contacting us at the address below or by the following means:
    • For emails: by following the link "unsubscribe" contained in each of our emails.
    • For calls: by indicating to the contacting person that you object to the processing of your personal data.
    • For SMS: by replying "STOP" to one of our SMS.
  • Automated decision making: You have the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

To exercise these rights, you must send us a request. In case of doubt, we may ask you to justify your identity by any appropriate mean:

  • E-mailing a request to the Customer Service;
  • By writing to the following address:

    NEVINAR COSMETICS LTD
    Clarins House, 4B Lazer Lane, Grand Canal Dock
    Dublin 2, D02 PP89
    Ireland

You will be informed of the actions to be taken as soon as possible and in any case no later than one month after your request. However, we reserve the right not to respond to unfounded or vexatious requests.

  • Right to lodge a complaint: In accordance with the provisions in force, you can also file a complaint with the competent authority responsible for data protection or lodge an appeal if your data are misused. To identify the competent authority, please refer to Section 12 below.

Please contact our contact point for data protection in Ireland or in France should you have any questions, comments or concerns in connection with this Privacy Policy:

NEVINAR COSMETICS LTD
Data Protection Officer
Clarins House, 4B Lazer Lane, Grand Canal
Dock
Dublin 2, D02 PP89
Ireland
CLARINS
Group Legal & Compliance Department / Group Data Protection Officer
12 avenue de la Porte des Ternes
75017 Paris
France

12 Jurisdiction Specific Terms

Appendix 1. Competent national Data Protection Supervisory Authority

Ireland Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland
www.dataprotection.ie