EFFECTIVE DATE: 8 MARCH 2022
It’s likely that we’ll need to update this Policy from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
1. WHO ARE WE ?
The Laura Mercier brand is part of the brand portfolio owned by Orveon Global Ltd (“Orveon”) and its affiliates, and its or their subsidiaries and (direct and indirect) parent companies from time to time (together, “Laura Mercier”, “Orveon Group”, “we”, “us” or “our”).
We value your privacy and your privacy choices. We are committed to building strong and lasting relationships with our customers based on trust and transparency. In accordance with this philosophy, the protection of your personal data is essential to us and we wish to inform you via this Policy of how we collect and process this data.
2. LEGAL BASIS FOR PROCESSING YOUR DATA
Data protection law in the UK and the European Union (“EU”) contains a number of “lawful bases” for processing personal data. These are really legal justifications which mean organisations like us are allowed to have your personal information in the first place. We have been careful to ensure we have a lawful basis for all processing of data we undertake. Our lawful bases include:
PERFORMING THE CONTRACT WE HAVE WITH YOU - In certain circumstances, we need your personal data to comply with our contractual obligation to deliver products you order or in order to take steps at your request prior to entering into a contract. For example, if you buy our products through our Site, we need your name and contact details so we can communicate with you and deliver the products to you. In this case, provision of your personal data will be necessary to provide you with the products, information and services you request and to perform the activities as explained above. If you do not provide your personal data we will not be able to provide you with the requested products and services.
LEGAL COMPLIANCE - Sometimes the law says we need to collect and use your data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement and tax laws require us to retain records of orders and payments for our products. In this case, provision of your personal data will be necessary to provide you with the products, information and services you request and to perform the activities as explained above. If you do not provide your personal data we will not be able to provide you with the requested products and services.
LEGITIMATE INTERESTS - this is a technical term in data protection law which really means we have a good and fair reason to use your data and we do so in ways which does not hurt your interests and rights. We sometimes use your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we will send you promotional communications about our service, subject to your legal rights to control whether we do so. We do analyse how users interact with our Site so we can understand better what elements of the design are working well and which are not working so well. This allows to improve and develop the quality of the online experience we offer all our users.
CONSENT – in certain cases we may ask for your consent before using your information. Where we will use sensitive data (e.g., allergy or intolerance data), we may ask for explicit consent in relation to that specific use.
VITAL INTERESTS – in certain cases, we may process your personal data to protect your vital interests (e.g., to notify you if we become aware of product safety issues relating to products you have purchased).
LEGAL CLAIMS – in certain cases, we may process your personal data in the context of establishing, exercising or defending legal claims.
3. WHEN DO WE COLLECT DATA FROM YOU ?
Please find below a list of situations in which we may collect data about you: collect information from you:
• When you visit one of our Sites, use your account to buy products and services, or redeem vouchers from us on the phone, in a shop or online.
• When you make an online purchase and check out as a guest (in which case we just collect transaction-based data).
• When you create an account or profile with us.
• When you sign up online or in our shops to receive electronic newsletters, blog posts, special offers and other materials.
• When you join one of our loyalty programs online or in a shop.
• When you enter competitions or quizzes we may hold.
• When you choose to complete any surveys we send you.
• When you comment on or review our products.
• When you participate in our user community or otherwise contribute content to the Sites, such as by authoring a post on our forums or commenting on a blog post.
• When you engage with us on social media.
• When you book any kind of appointment with us or book to attend an event with us, for example appointments with our beauty consultants in shops and department stores for beauty consultation, make up sessions and tutorials and events around new product launches
• When you contact us in some way – online chat, email, text message, telephone help line for any reason, compliments, feedback or a request.
• When you fill in any forms. For example, if an accident happens in a store.
• When you submit an employment application and/or resume, or fill out other employment documentation.
• When you’ve given a third party permission to share with us the information they hold about you.
4. WHAT DATA DO WE COLLECT AND HOW DO WE USE IT ?
Depending on how you interact with us (online, in-store, on the phone, etc.), we may collect from you various types of information, which are described in more detail below. In some instances, we may combine one type of information with another type of information, and store them together in our records. In all cases, however, we strive to limit the amount of information we collect and store to that which is necessary for the lawful reason we have your information in the first place. We inform you wherever possible whether we need information requested or whether you have the choice not to provide it, but can still make an order, subscribe for our updates and offers etc. We may not be able to provide a service if you do not disclose the information requested.
a) INFORMATION YOUR PROVIDE TO US WHEN YOU INTERACT WITH US
• ACCOUNT INFORMATION: such as your name, customer number, login ID, screen name, password, and/or security question and answer, and other registration information. Certain login information, such as your customer number, may be generated by us and then sent to you. We only collect (or create for you) unique login information for those activities that require an account. Your unique login information, especially your password, should always be kept confidential and should never be shared with anyone else.
• PERSONAL CONTACT INFORMATION: This includes any information that would allow us to personally contact you, such as your name, home or mailing address, phone number (home, mobile), or email address. In some cases, this could include information that you give us about someone else (for example, if you ask us to ship a product to a friend). We typically collect personal contact information in connection with a variety of activities, including account registration (e.g. online shopping and website community features, newsletter sign-up, etc.), product orders, customer service, contests and promotions, and customer feedback. If you create an account with us, some of your personal contact information may be stored under your account profile.
• ORDER AND PRODUCT INFORMATION: This includes details of the products you have ordered and searched for online or in our shops, the time, date of orders and searches, the shops you prefer to visit (which we know from records of the purchases you have made in our shops). We use this information send you promotional emails and communications (with your consent), to make personalised recommendations of products when you return to the Site, to advertise to you (with your consent) when you visit other websites and to better understand our customers so we can improve our products and our customer’s experience of our business both offline and online.
• DEMOGRAPHIC INFORMATION AND PREFERENCES: This includes any information that describes demographic characteristics and preferences, such as age, gender, preferences, interests, date of birth, age or age range, with your consent facial attributes (e.g., hair colour, eye colour, skin type, skin tone, - these are only provided if you choose to do so and you can order products without providing facial attribute data), general geographic location (e.g., post code or city and state), favourite products, hobbies and interests, or lifestyle information. We typically collect demographic information in connection with a variety of activities, including account registration (e.g., online shopping, website community features, newsletter sign-up, etc.), contests and promotions, and customer surveys. If you create an account with us, you may be allowed to modify certain demographic information stored under your account profile. We use this information to send you promotional emails and communications (with your consent), to make personalised recommendations of products when you return to the Site (with your consent), to advertise to you (with your consent) when you visit other websites and to better understand our customers so we can improve our products and our customer’s experience of our business both offline and online.
• EMPLOYMENT RELATED INFORMATION: This includes information you provide when submitting an employment application online and provide during the recruitment process, such as your CV, cover letter, employment history education history, professional qualifications, language and other relevant skills, and other information included in a or as part of our online application process. We use this to take necessary steps with a view to entering into a possible contract with you and in our legitimate interests in assessing candidates for employment.
• YOUR FEEDBACK: This includes information that you voluntarily share with us about your experience in using our products or services, including our beauty products, our Site, and our shops. Examples include comments and suggestions, testimonials, or other feedback you send us about what you may have liked (or disliked) about your experience in using our products or services. We typically collect this information in the form of customer surveys, feedback forms, and email correspondence. We use your feedback to understand what our customers think of our products and the experience they have of us, to improve our products and the customer experience and – if you agree to - to discuss your feedback with you.
• USER-GENERATED CONTENT AND POSTS: This refers to any content that you create and then share with us (and perhaps others) by uploading it to one of our websites or applications, such as our Facebook fan pages or applications. Examples include photos, videos, personal stories, or other similar media or content. We mostly collect customer-generated content in connection with contests and promotions, website community features, customer engagement, and third party social networking. Any other information you choose to make public on the Site (e.g. information shared with other members of our user community).
• INFORMATION ON ALLERGIES AND INTOLERANCE FOR THE SAFETY OF OUR COSMETIC PRODUCTS: This includes information on your allergies or intolerance, as provided by you to us through our customer service. Examples may include intolerance regarding our products or a component of a product. We only use this information with your explicit consent to follow-up on allergies and intolerance you may encounter when using our products as the case may be and in developing and improving our products. It’s always your choice whether you share such details with us.
• CCTV: Your image may be recorded on CCTV when you visit one of our shops. We use for security reasons and regularly delete the footage unless an incident or alleged incident requires investigation or action.
b) AUTOMATICALLY COLLECTED INFORMATION
When you interact with us through the Site or our application, we use various technologies (including cookies, as further described below) to collect certain information (described below) about your visits to and use of the Site and application. We use this information to understand your needs and preferences better so we can offer you a better experience online and in-store, to monitor and maintain our online infrastructure improve our Site and applications generally.
A number of cookies and similar technologies we use last only for the duration of your web or app session and expire when you close your browser/or exit the app. Others are used to remember you when you return to the Site and will last for longer.
We use these cookies and other technologies on the basis that they are necessary for the performance of a contract with you, and, in some cases, where required by law, where you have consented to their use. For more detail on the cookies we use see here [https://www.lauramercier.co.uk/en/customer-service?cid=privacy-policy].
c) INFO WE RECEIVE AND COLLECT FROM OTHER SOURCES
We may obtain information, including personal data, from third parties and sources other than our Site, such as our partners, advertisers. If we combine or associate information from other sources with personal data that we collect through the Service, we will treat the combined information as personal data in accordance with this Policy.
d) SOCIAL MEDIA AND ADVERTISING PARTNERS
We work with social media platforms and digital advertising platforms to:
• Make it easier for you to log onto your account (for instance by using your Facebook account)
• Show you advertising for our products and the products of other companies in the Orveon Group on other websites and social media platforms. For instance, if you show an interest or buy a product on our Site or in one of our shops, we may advertise that or other products we think may be of interest and you may see them on other websites and on your Facebook or other social media feeds. To do this we will share information with our social medial and digital advertising partners about your age, gender and interests for instance so they can better understand what you are interested in. Our partners may also keep this information about you and use it to help other companies, unrelated to any member of the Orveon Group, show you adverts online. YOU CANNOT BE IDENTIFIED “IN THE REAL WORLD” BY ANY OF THIS INFORMATION. For more information about how to turn this feature off see below or visit www.youronlinechoices.eu.
We want to bring you offers and promotions that are most relevant to your interests at particular times, in emails (where we have your consent) and on the Site when you visit. To help us form a better, overall understanding of you as a customer, we may combine your information gathered across various channels, for example your online and offline shopping history. For this purpose we also combine the data that we collect directly from you with data that we obtain from third parties to whom you have given your consent to pass that data onto us. In doing this, we may put you into one or more categories of customer which we use to help build our promotional and marketing strategies, and that category will in part dictate the promotional communications and recommendations you receive from us.
5. DATA ENRICHMENT AND PROFILING
So we can better understand you as a customer, we may combine your personal data from various channels. For example, personal data collected in the course of your online activity (e.g. shopping, account creation, etc.) may be combined with personal data we collect when you visit one of our stores (if you have consented).
This personal data enrichment may also occur between different brands of the Orveon Group. For example, if you make an online purchase on the Laura Mercier website and then create an online account with the same email address on the website of another Orveon Group brand (e.g., bareMinerals or BUXOM), the personal data collected through these two websites may be combined to enrich your customer profile.
This helps us to propose products and advice that is most relevant to your interests at particular times, by email (where we have your consent) or when you visit one of our stores.
Under no circumstances will this enrichment allow us to send you communications relating to another brand of the Orveon Group if you have not consented to it.
You can object to these “profiling” operations at any time by contacting us. Please refer to Section 12.
6. WE ARE NOT RESPONSIBLE FOR THIRD PARTY SITES/FEATURES
Our Site may provide links to, or features from, other third party sites (such as third party social networks) that we do not own or control. If you click on such links or use such features, you do so at your own risk. We are not responsible for the content or practices of any third party site, application, or feature.
7. SAFETY OF OUR COSMETIC PRODUCTS
In the event you would experience allergies or intolerance when using our cosmetic products, your requests or claims regarding safety of our cosmetic products should be submitted by contacting:
Orveon Global Ltd.
The Adelphi, 1-11, John Adam St, Floor 10, London, WC2N 6HT, UK
The data you provide for safety reasons is your name, contact details and health data relating to allergy or intolerance. The processing of this data is for safety of our cosmetic products only, and based on your consent. This data is used only for this purpose, and in separate digital environments and channels from the general commercial and marketing purposes. We will process it to adapt our marketing messages to you only upon your prior consent.
We may also have to transmit information on the safety of our cosmetic products to the competent health authorities, on an anonymous basis.
Although most Web browsers automatically accept cookies, the decision of whether to accept or not is yours. You have the choice to accept or decline cookies by way of consent. You may adjust your browser settings to prevent the reception of cookies, or to provide notification whenever a cookie is sent to you.
9. DO WE SHARE YOUR PERSONAL INFORMATION ?
ORVEON GROUP COMPANIES
The Orveon Group comprises leading beauty care and perfume brands with products sold in many countries. As a global business, we may share your personal information with Orveon Group companies and trusted third parties based outside the country in which you live so that they may process that data on our behalf or help us administer out business (e.g., with support for ecommerce, customer relations and marketing efforts) in which case they will be a joint controller of your personal data under UK and European data protection law. We will never rent, trade or sell your personal information to third party companies for their own marketing use.
THIRD PARTY VENDORS AND PROVIDERS
We sometimes share your personal data with trusted third parties. For example, delivery couriers, for fraud management, to handle complaints, to help us personalise our offers, website, application development, hosting, maintenance, customer relationship management and promotional services to you and so on. You can see the main companies we work with who collect information relating to you directly through the Site here [https://www.lauramercier.co.uk/en/customer-service?cid=privacy-policy].
Where we use any of these providers:
• We provide only the information they need to perform their specific services.
• They may only use your data for the purposes we specify in our contract with them.
• We work closely with them to ensure that your privacy is respected and protected at all times.
• If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
For some suppliers, we and our group companies need to transfer your information to locations outside the UK, such as to the United States.
LEGAL DISCLOSURES (WHEN NECESSARY)
This is when we may need to share your information for law enforcement or other legal purposes. This type of sharing may be necessary in connection with a lawsuit, claim or investigation, governmental inquiry, court order, enforcement of legal rights (e.g., contract terms, intellectual property rights, etc.), safety issue, or other similar legal or security matter. Sharing your information for these reasons is not a regular event, but could arise from time to time. We will strive to limit the types and amount of information we may need to share for legal purposes to that which is reasonably necessary and will make sure that any transfers outside the UK or the European Economic Area (“EEA”) are made on an appropriate legal basis.
BUSINESS TRANSFERS (E.G., SALE OR ACQUISITION OF COMPANY)
To the extent allowed by the law, we may share (or receive) information about you, including personal contact information, in the event of an acquisition, merger, sale, corporate restructuring, bankruptcy, or other similar event that involves Orveon or other Orveon Group companies. If such an event occurs, we will take reasonable steps to require that your information be handled in accordance with this Policy, unless it is not practicable or permissible to do so and will make sure that any transfers outside the UK or the EEA is made on the appropriate legal basis.
Orveon is headquartered in the UK with operations, affiliates and service providers throughout the world, including the United States. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction.
Whenever we transfer your personal data out of the UK or the EEA, we ensure a similar degree of protection is afforded to it by ensuring that these transfers are based on standard contractual clauses, in compliance with the model clauses validated by the European Commission (with respect to transfers out of the EEA) or the UK Government (with respect to transfers out of the UK).
10. HOW DO WE PROTECT YOUR PERSONAL INFORMATION ?
Orveon knows how much data security matters to all our customers. So we take great care to treat your data and take all appropriate steps to protect it, and require the same of our suppliers who we share your data with.
SECURE OPERATING ENVIRONMENTS
We secure access to all transactional areas of our websites and apps using ‘https’ technology.
ENCRYPTION FOR PAYMENT INFO
Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured by SSL encryption.
OTHER SECURITY MEASURES
In addition to the methods above, we may take other measures to protect your information, depending on the sensitivity of the data and other considerations (such as how the information is collected and where it is stored). These measures may include (among other things) additional access restrictions, password requirements, and physical protections (e.g., secure data centres, etc.).
MEASURES YOU CAN TAKE
Despite all of our efforts, no security safeguards or standards are guaranteed to provide 100% security. It is also important for you to play a role in keeping your information safe and secure. When signing up for an online account, please be sure to choose an account password that is hard for others to guess and never to reveal it to anyone else. If you use a shared or public computer, never choose to have your login ID or password remembered and make sure to log out of your account every time you leave the computer.
Please note, however, that these protections do not apply to any information you choose to share in public areas such as our website community features or other social areas. We pay particular attention to sensitive data, in particular payment card data, allergy or intolerance data, etc.
11. HOW LONG DO WE RETAIN YOUR PERSONAL INFORMATION ?
We will retain your personal information for the period necessary to fulfil the purposes outlined in this Policy. The criteria used to determine such retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal or business obligation to which we are subject; or (iii) whether a longer retention period is required or permitted by law.
12. YOUR RIGHTS AND CHOICES
You have the legal right to request:
• Access to the personal data we hold about you.
• The correction of your personal data which is wrong.
• In some specific cases, the erasure of your personal data.
• That we stop using your data where our ‘lawful basis’ is consent by withdrawing your consent at any time, or to object to our use of your data where our ‘lawful basis’ is legitimate interests and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.
• In specific cases (e.g., the data enrichment and profiling described in Section 5), that we restrict our processing of your personal data;
• That we stop using your personal data for direct marketing.
• If your data is processed automatically based on your consent or the performance of a contract with you and, to obtain a copy of the personal data you provided us, in a commonly used format, to transmit it to another data controller.
You have the right to request a copy of any personal data we hold that relates to you. To ask for your information, please contact us using the details in the Contact section below. To ask for your information to be amended, please update your online account, or contact our Customer Services team.
If we choose not to action your request we will explain to you the reasons for our refusal.
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Policy. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
13. DATA ABOUT CHILDREN
Our Sites are not directed to anyone under 16 years of age. We do not solicit or collect any type of information from a person known to be under the age of 16. If we become aware that we have accidentally collected information from a child, we will remove that information from our records as soon as feasibly possible (or obtain the necessary parental permission to retain it).
14. INTERNATIONAL PRIVACY LAWS
This Policy represents our accepted privacy principles but does not supplement or replace existing national law. It complements the respective national data protection law. The respective national law supersedes in case where it requires deviations from this Policy or sets more stringent requirements. Likewise, the contents of this Policy shall apply if no corresponding national data protection law exists.
15. DISPUTE RESOLUTION / CONTACTING THE REGULATOR
If you have any complaints regarding our compliance with this Policy, please first contact us. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this Policy.
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the supervisory authority in your country of residence (see https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html).
16. ANY QUESTIONS ? HOW TO CONTACT US
We hope this Policy has been helpful in setting out the way we handle your personal data and your rights to control it.
If you have further questions related to this Policy or have any concerns regarding your personal data, please contact us and we will be pleased to help you:
• Contact us at: firstname.lastname@example.org
• Or write to us at:
Orveon Global Ltd.
The Adelphi, 1-11, John Adam St, Floor 10, London, WC2N 6HT, UK
Please contact the above company for all processing described in this Policy, except for the safety of cosmetic products. For safety of cosmetic product please refer to Section 6 of this Policy