Just like your skin, respecting your privacy is one of our priorities. When browsing our site, or purchasing our products, you may transmit personal data to us, directly or indirectly. Your personal data is precious, it is part of your private life.

 

Naos UKI therefore undertakes to collect and process your personal data in complete transparency, in a fair and lawful manner.

 

We invite you to carefully read this Personal Data Protection Charter. There you will find all the information on the data we collect, the way we use it, their retention periods, the means we implement to ensure their protection, the rights you benefit from, etc.

Our Personal Data Protection Charter may be updated or modified, depending on the evolution of our tools and regulations. The changes take effect immediately, so we invite you to consult it regularly.

 

I. What data is covered by the Charter?

This Charter applies to all personal data that you communicate to us or that we collect, directly or indirectly, during your visits to our site https://naos.com/en-UK or when purchasing NAOS UKI products.

“Personal data” is information that directly or indirectly identifies a natural person. This includes, for example, your name, your email address, your telephone number, but also data relating to your consumption habits, your skin type, etc.

 

II. Who is the data controller?

The law defines the data controller as the company which determines the purposes and conditions of the collection and use of your data.

This is the company NAOS UKI

 

III. Why do we collect your personal data?

We collect your personal data only when necessary, for explicit, legitimate and specific purposes.

Therefore, we collect and process your personal data in particular to:

• Ensure the operation and content of our site as well as our services, in order to better meet your needs and requests;
• Get to know you better and carry out segmentations of our consumer databases, based on your needs and preferences, in order to send you information, advice and personalized offers.
• Answer your questions and provide you with personalized advice, particularly as part of our consumer and customer service, through the contact form on our Site, our Chat, social networks, etc.
• Collect your opinions on our products.
• Carry out audience analyzes and statistical studies, for example in order to know and measure the number of visits to our Site, the activity and journey of internet users on our site, the subscription rate to our services, the effectiveness of our promotional offers, etc.
• Manage cosmetovigilance (management of declarations linked to adverse effects of our products, carrying out studies and work concerning the safety of use of our products, carrying out and monitoring corrective actions taken if necessary).
• Carry out product tests or competitions.
• Carry out targeted communications by email or in advertising inserts on partner sites (we analyze the personal data that you have communicated to us or the data linked to your visits to our Site in order to evaluate your personal preferences, needs and/or interests, and thus display and/or offer you suitable content).
• If you have consented, send you by post or email, SMS/MMS, information on our products, services and activities which may be personalized.
• Detect fraudulent behavior and manage disputes
• Ensuring the security of our site and our services
• Manage our social media pages

IV. What data is collected, when and how long is it kept?

• We collect and process your personal data fairly and lawfully. We respect the principle of data minimization, that is to say that we only collect the data strictly necessary to achieve our purposes.
• We also ensure that the data is, if necessary, updated so that it does not become obsolete.

Data may be collected :

• Either directly from you, for example when you complete our collection forms on our site
• Either indirectly, for example via our partners

We define the retention period of your data according to the duration necessary to achieve the objectives of the collection. When our purposes are achieved, we delete your data, except in certain cases where the law requires us to retain it. In this case, your data is archived under the conditions provided for by law.

The detail below tells you when your data is collected, what data is collected, their retention periods, as well as the legal basis on which we rely for this processing.

You are browsing our site or the site of a third party partner

Categories of data collected: We and/or our subcontractors/partners collect certain data through cookies or similar technologies:

• Your technical connection and navigation data (e.g your IP address, information concerning your browser, information relating to your device, analytical data, number of clicks and page views, time spent on the Site or element of the Site, language and country of consultation, geolocation city, transaction number, identifiers, advertisement clicked, etc.). For more information, consult our Cookies Charter.

Retention periods: 13 months from the date of deposit of cookies or other similar technologies

 

Legal bases:

• Legitimate interest :For cookies strictly necessary for the operation of our site
• Consent: For other categories of cookies requiring your prior consent to deposit

You subscribe to our newsletters (Email, SMS/MMS)

 

Categories of data collected: We and/or our subcontractors collect and process:

• Your identification data ( Name, first name, email address, etc.). We also use data related to your consumption habits, preferences, interests, skin types, etc. In order to offer you personalized content adapted to your skin and your needs.

 

Retention periods: Until you unsubscribe, or a maximum of 3 years from the date of collection of your data or the last contact from you

Legal bases:

• Consent: Send you commercial communications

You can contact us through our social media, by mail or by email

Categories of data collected: Depending on your request and the channel, we and/or our subcontractors collect and process:

• Your identification data (Name, first name, postal address, email address, your nickname, etc.)
• The information that you agree to communicate to us (which may contain information relating to your health, your skin color, consumption habits, etc.)

We remind you that by using social networks, you accept the specific conditions of these sites, referring to the data that you publish on the pages of your profiles. We invite you to consult these conditions before publishing data on social networks.

 

Retention periods: 3 years from the collection of your data or the last contact from you. 1 year for paper mail. Conversations on our Chat / Bot tools are kept for 12 months.

Legal bases :

• Legitimate interest: Responding to your request

You are participating in a game or competition

Categories of data collected: The data that we and/or our subcontractors collect and process depends on the game in question:

• Your identification data (Name, first name, email address, etc.)
• Your profile on social networks (if the game is played on social network, if you use a social network to connect or if you communicate it to us)
• Your consumption habits
• Your interests
• Data relating to your skin ( Combination, oily, dry, etc.)

Retention periods: Duration necessary for game management

Legal bases :

• Legitimate interest: Performance of a contract: Providing you with the requested service (participation in the competition)

You are participating in a product test or survey

 

Categories of data collected: The data we and/or our subcontractors collect and process depends on the relevant product test or survey:

• Your identification data (Name, first name, email address, etc.)
• Your lifestyle and consumption habits
• Data related to your skin (Combination, oily, etc.)
• Data relating to your health (e.g. Pathologies and/or concerns related to your skin.)
• Your opinion on the product tested (Your opinion may be reproduced in a pseudonymized manner on our social network pages, or on our Site.)
• Your opinion on more general questions depending on the investigation concerned.

Shelf life: Length of time required to carry out the test or investigation and interpret the results

Legal bases:

• Legitimate interest: To allow you to participate in our product testing or survey
• Consent: In the case of collecting health data.

You can give us your opinion on a product offered on our Site

 

Categories of data collected.

Your opinion is linked to your account. We and/or our subcontractors collect and process :

• Your identification data (Your reviews are pseudonymised on our site: only your first name and the first letter of your last name, or your nickname will appear)
• Your consumption habits (product consumed, etc.)
• The content of your opinion (We recommend that you do not communicate data relating to your family, your religion, your health, etc.)

Retention periods: Your data is kept for 3 months from the sending of the VERIFIED NOTICES e-mail, if no notice is filed, or 18 months from the filing of the notice, when you have filed a notice. Your data attached to each review is subject to deletion by automated anonymization. Reviews thus anonymized are kept for a period of 5 years, from the date of their publication, solely for statistical purposes. They are deleted from the database and backups after 5 years from collection. The data deletion process takes place over one (1) rolling month. Product reviews are managed by our Verified Reviews partner.

Legal bases:

• Legitimate interest: Knowing customer opinions on our products

You report an adverse reaction that occurred following the use of one of our products

In accordance with the regulations, we are obliged to implement monitoring and recording of adverse reactions linked to the use of our products and to report all serious adverse reactions to the competent authority without delay.

Categories of data collected:

When you, one of your loved ones or a healthcare professional report an adverse reaction to our customer and consumer services, we collect and process :

• Your identification data (e.g.: Name, first name, email address, telephone number
• Description of the adverse effect encountered
• Your consumption habits (Product consumed.)
• Data relating to your personal life (In the event that you report an adverse effect that has occurred on a member of your family).

This data allows us to report your case to our service provider AXPHARMA so that they can contact you with the aim of carrying out a medical analysis of your reaction by competent people through a detailed questionnaire. For this, our service provider will collect and process any data strictly necessary for the assessment of the adverse event and in particular :

Your identification data (Name, first name, email address, telephone number, identification number, etc.)

• Data relating to your health (skin disease, allergies, medical results, etc.)
• Data relating to your consumption habits (Products consumed)
• Data relating to your skin type (Combination, oily, dry, etc.)
• Data relating to your ethnic origins if necessary (Phototype)
• Data relating to your personal life (In the event that you report an adverse effect that has occurred on a member of your family.)

Retention periods: Our customer and consumer services keep your data for the time necessary to process your request (transmission of information to authorized and competent teams and people, etc.)

Our Cosmétovigilance service keeps your data for 3 years from collection. They are then kept in our secure archives for 10 years from the date the product concerned is withdrawn from the market.

Our service provider AXPHARMA keeps your data for one year from collection. At the end of the current year, your data is given to us and our service provider destroys it on its media.

 

Legal bases:

Legitimate interest: To respond to your request. Execution of a public interest or relating to the exercise of public authority: The collection of data as part of health surveillance is necessary for reasons of public interest. Its particular objective is to guarantee compliance with high standards of quality and safety of our products.

During each collection, certain data (indicated by asterisks) must be provided in order to benefit from the services offered. The others are purely optional and allow us to get to know you better, for example in order to offer you suitable offers.

 

V. Do we use profiling?

When we display personalized content or send you personalized communications, we use techniques known as “profiling”.

Profiling is defined as “any form of automated processing of personal data consisting of using these personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict elements concerning the economic situation, interests , behavior, location, etc".

We may therefore use the personal data we have collected, in accordance with the table above, to analyze it to predict your preferences. These analyzes will allow us to display and/or send communications adapted in particular to your interests, your needs, your skin type or your consumption habits.

You have the right at any time to object to the use of your data for profiling purposes. To find out how to proceed, we invite you to consult Article XII of this charter.

VI. Comment collectons-nous les données des mineurs ?

Our Site is accessible to any person, adult or minor.

However, the prior consent of the holder of parental authority is required for minors under the age of fifteen who subscribe to our services or communicate personal data concerning them to us.

 

VII. The case of third-party sites

On our Site, you can click on links to our social media pages. Social networks may collect personal data about you. These social networks have their own personal data protection policies

To ensure the security and confidentiality of your data, we invite you to consult the personal data protection policies of these sites.

You also have the possibility to publish content on our pages. We remind you that any content transmitted via our pages is accessible to the public. Concerned about the protection of your privacy, we invite you to be vigilant when communicating your personal data on social networks. We are not responsible for the use that may be made by third parties of the data that you have communicated publicly.

We process/collect the content that you publish publicly on our pages, to analyze our online reputation and disseminate your opinions on our products and brands.

 

VIII. Cookie management

We and our service providers may place and use cookies when you browse our Site, in order to offer you certain features on our Site, to produce visit statistics, to optimize your navigation and your experience on our Site. , as well as the relevance of the advertising offered (including on partner sites.)

As part of the protection of your privacy, we invite you to consult our Cookies Charter to obtain information on the cookies placed and configure their operation.

 

IX. Who are the recipients of your data

We may transmit your data to companies, structures and/or people involved in achieving the purposes described above. Only the data they need in order to carry out the service entrusted to them is communicated to them.

We call on service providers and partners to assist us :

• In our commercial missions, such as customer relationship management (CRM), content creation, management of our social networks, analyzes and statistics, management of our loyalty program, etc.
• For hosting our Site and the data we collect
• For the maintenance of our IT tools and databases
• For the management of cosmetovigilance cases

We choose subcontractors, service providers and suppliers who provide sufficient guarantees to ensure the protection, security and confidentiality of your personal data, in particular by implementing appropriate technical and organizational measures that meet the requirements of the law. They are only allowed to process your data according to our instructions.

We may also transmit certain personal data about you to social networks or search engines (e.g. Facebook, Google), in order to carry out targeted advertising. When we transmit this information to these partners, your data is securely encrypted. We do not collect any data about you from these partners.

Your personal data may also be communicated to administrative or judicial authorities upon their request, as well as to third parties or authorized recipients to comply with a legal obligation or for the exercise of legitimate interests.

 

Finally, we may transmit some of your data to employees of NAOS group companies who need to process them for the purposes explained above.

 

X. How we keep your data secure?

We undertake to implement reasonable means to ensure that your personal data is sufficiently protected, taking into account the sensitive nature of certain information collected. We use several technologies and procedures to ensure that your data is processed in a way that ensures its protection against loss, destruction, alteration, unauthorized disclosure or access, unlawfully or accidentally.

We therefore implement measures that respect the principles of protection by design and by default of the personal data processed. As such, we are able to use data anonymization techniques when possible and/or necessary.

We demand an equivalent level of security from our subcontractors.

 

XI. Where do we store your data?

Our company processes and stores your data only in France.

Most of our subcontractors and service providers store and process your personal data within the European Union. However, we also use certain subcontractors or service providers storing or processing your data in one or more countries located outside the European Economic Area (EEA). We ensure that transfers of personal data outside the EEA are carried out securely and in compliance with current legislation.

 

Certain subcontractors and service providers store or process your personal data in the following country(ies): United States, Tunisia. These transfers comply with current regulations and are covered by Standard Contractual Clauses.

For any questions relating to these data transfers, contact us directly via our collection form or at the contact details indicated in the Article below.

 

XII. How can you exercise your rights?

In accordance with current laws, you benefit from:

• The right to information
• The right of access to data concerning you
• The right to rectification of your data
• The right to erasure of your data
• The right to object to the processing of your data
• The right to withdraw your consent to the processing of your data
• Right to restriction of processing
• The right to portability of your data
• The right not to be the subject of a decision based exclusively on automated processing and producing legal effects concerning you or significantly affecting you
• The right to object to commercial prospecting, including profiling
• The right to formulate directives concerning the conservation, erasure and communication of your post-mortem personal data.

You can exercise these rights at any time by email, via our contact form, or by post to the following address: BIODERMA Consumer Service, NAOS Group - 1 Fetter Lane, London, EC4A 1BR

A response will then be sent to you within one month of receipt of your request.

We reserve the right not to respond to manifestly unfounded requests, in accordance with European regulations. You will be informed of any refusal made on our part.

 

XIII. How to contact the DPO?

We have appointed a Data Protection Officer (DPO) who can be reached at the following contact details: contact.dpo@naos.com

The Data Protection Officer remains available to provide any necessary clarification regarding this charter..