Privacy & Security
PT L’OREAL INDONESIA
1. OUR PRIVACY PROMISE
- We respect Consumers privacy and Consumers choices.
- We make sure that privacy and security are embedded in everything we do.
- We do not send Consumers marketing communications unless Consumers have asked us to. Consumers can change Consumers mind at any time.
- We never offer or sell Consumers data.
- We are committed to keeping Consumers data safe and secure. This includes only working with trusted partners.
- We are committed to being open and transparent about how we use Consumers data.
- We do not use Consumers data in ways that we have not told Consumers about.
- We respect Consumers rights and always try to accommodate Consumers requests as far as is possible, in line with our own legal and operational responsibilities.
The more Consumers interact with us, the more Consumers let us know Consumers and the more we are able to offer Consumers tailored services.
When Consumers share personal data with us or when we collect personal data about Consumers, we use it in line with this Policy. Please read this information carefully. If Consumers have any questions or concerns about Consumers personal data, please contact us at firstname.lastname@example.org.
2. WHO WE ARE
PT L’Oréal Indonesia is responsible for the personal data that Consumers share with us. When we say “L’Oréal”, “us”, “our” or “we”, this is who we are referring to. L’Oréal is the “data controller” for the purposes of applicable data protection laws.
PT L’Oreal Indonesia
DBS Bank Tower level 29-30
Ciputra World I
Jl. Prof. Dr. Satrio Kav. 3-5
Jakarta Selatan 12940
3. WHAT IS PERSONAL DATA
“Personal data” means any information or pieces of information that could identify Consumers either directly (e.g. Consumers name) or indirectly (e.g. through pseudonymized data such as a unique ID number). This means that personal data includes things like email/home addresses/mobile phone, usernames, profile pictures, personal preferences and shopping habits, user generated content, financial information, and welfare information. It could also include unique numerical identifiers like Consumers computer’s IP address or Consumers mobile device’s MAC address, as well as cookies. “Personal data” means any information or pieces of information that could identify Consumers either directly (e.g. Consumers name) or indirectly (e.g. through pseudonymized data such as a unique ID number). This means that personal data includes things like email/home addresses/mobile phone, usernames, profile pictures, personal preferences and shopping habits, user generated content, financial information, and welfare information. It could also include unique numerical identifiers like Consumers computer’s IP address or Consumers mobile device’s MAC address, as well as cookies.
4. WHAT DATA DO WE COLLECT FROM CONSUMERS AND HOW DO WE USE IT?
L'Oréal believes that Consumers, the consumer, are at the heart of what we do. We love hearing from Consumers, learning about Consumers, and creating and delivering products that Consumers enjoy. And we know that many of Consumers love talking to us. Because of this, there are many ways that Consumers might share Consumers personal data with us, and that we might collect it.
How do we collect or receive Consumers data?
We might collect or receive data from Consumers via our websites, forms, apps, devices, L’Oréal products or brands pages on social media or otherwise. Sometimes Consumers give this to us directly (e.g. when Consumers create an account, when Consumers contact us, when Consumers purchase from our websites/apps or stores/beauty salon), sometimes we collect it (e.g. using cookies to understand how Consumers use our websites/apps) or sometimes we receive Consumers data from other third parties, including other L’Oréal Group entities.
When we collect data, we indicate the mandatory fields via asterisks where such data is necessary for us to:
i. Perform our contract with Consumers (e.g. to deliver the products Consumers have purchase on our websites/apps);
ii. Provide Consumers with the service Consumers have asked for (e.g. to provide Consumers with a newsletter); or
iii. Comply with legal requirements (e.g. invoicing).
If Consumers do not provide the data marked with an asterisk, this may affect our ability to provide the products and services.
We set out further details in the table below, explaining:
1) During what interaction Consumers data may be provided or collected? This column explains what activity or situation Consumers are involved in when we use or collect Consumers data. For example, whether Consumers are making a purchase, signing up to a newsletter, or browsing a website/app.
2) What personal data may we receive from Consumers directly or resulting from Consumers interaction with us? This column explains what types of data we may collect about Consumers depending on the situation.
3) How and why we may use it? This column explains what we may do with Consumers data and the purposes for collecting it.
4) What is the legal basis for using Consumers personal data? This column explains the reason we may use Consumers data.
Depending on the purpose for which the data is used, the legal basis for the processing of Consumers data can be:
i. Consumers consent;
ii. Our legitimate interest, which can be:
a. Improvement of our products and services: more specifically, our business interests to help us better understand Consumers needs and expectations and therefore improve our services, websites/apps/devices, products and brands for our consumers’ benefit.
b. Fraud prevention: to ensure payment is complete and free from fraud and misappropriation.
c. Securing our tools: to keep tools used by Consumers (our websites/apps/devices) safe and secure and to ensure they are working properly and are continually improving.
iii. The performance of a contract: more specifically to perform the services Consumers request from us;
iv. Legal grounds where processing is required by law.
|During which interactions may Consumers provide and we may collect Consumers data?||What personal data may we receive from Consumers directly or resulting from Consumers interaction with us?||How and why we may use Consumers data?||What is the legal basis for using Consumers personal data?|
| Depending on how much Consumers are interacting with us, those data may include:
|Newsletter and commercial communications subscription||Depending on how much Consumers are interacting with us, those data may include:
Purchases and order management
|Depending on how much Consumers are interacting with us, those data may include:
Depending on how much Consumers are interacting with us, those data may include:
|Promotional operations||Depending on how much Consumers are interacting with us, those data may include:
|User Generated Content||
|Use of apps and devices||Depending on how much Consumers are interacting with us, those data may include:
|Enquiries||Depending on how much Consumers are interacting with us, those data may include:
|Sponsorship||Depending on how much Consumers are interacting with us, those data may include:
||To send information on our products and or information tagged in a wish list to a person at another person’s request.||
Automated Decision Making
For purposes of securing transactions placed through our websites/apps/devices against fraud and misappropriation, we use third party provider’s solution(s).The method of fraud detection is based on, for example, simple comparisons, association, clustering, prediction and outlier detections using intelligent agents, data fusion techniques and various data mining techniques.
This fraud detection process may be completely automated or may involve human intervention where a person takes the final decision. In any case, we take all reasonable precautions and safeguards to limit access to Consumers data.
As a result of automatic fraud detection, Consumers may (i) experience delay in the processing of Consumers order/request whilst Consumers transaction is being reviewed by us; and (ii) be limited or excluded from the benefit of a service if a risk of fraud is identified. Consumers have the right to access information on which we base our decision. Please see “Consumers Rights and Choices” section below.
When we send or display personalised communications or content, we may use some techniques qualified as “profiling” (i.e. any form of automated processing of personal data consisting of using those data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s personal preferences, interests, economic situation, behaviour, location, health, reliability, or movements). This means that we may collect personal data about Consumers in the different scenarios mentioned in the table above. We centralize this data and analyse it to evaluate and predict Consumers personal preferences and/or interests.
Based on our analysis, we send or display communications and/or content tailored to Consumers interests/needs.
Consumers have the right to object to the use of Consumers data for “profiling” in certain circumstances. Please see “Consumers Rights and Choices” section below.
Who may access Consumers Personal data?
We may share Consumers personal data within L’Oréal Group including but not limited to comply with our legal obligations, to prevent fraud and/or to secure our tools, to improve our products and services, or after having obtained Consumers consent to do so.
Depending on the purposes for which they were collected, and only on a need-to-know basis some of Consumers personal data may be accessed by L’Oréal Group entities worldwide, where possible in a pseudonimized way (not allowing direct identification), and where necessary to provide Consumers with requested services.
We may also share Consumers personal data in a pseudonimized way (not allowing direct identification) with L’Oréal Research & Innovation scientists, including those located outside of Consumers country, for research and innovation purposes.
Where permitted, we may also share some of Consumers personal data including those collected through Cookies between our brands to harmonize and update the information Consumers share with us, to perform statistics based on Consumers characteristics and to tailor our communications.
Please visit the L’Oréal group website, for further details on the L’Oréal Group, its brands and its locations.
We may share Consumers personal data for marketing purposes with third party or entities of the L’Oréal Group.
We only share Consumers personal data with third parties for direct marketing purposes with Consumers consent. In this context, Consumers data is processed by such third party, acting as a data controller, and its own terms and conditions and privacy notice apply. Consumers should carefully check their documentation before consenting to the disclosure of Consumers information to that third party.
Consumers personal data may also be processed on our behalf by our trusted third party providers.
We rely on trusted third parties to perform a range of business operations on our behalf. We only provide them with the information they need to perform the service, and we require that they do not use Consumers personal data for any other purpose. We always use our best efforts to ensure that all third parties we work with keep Consumers personal data secure. For instance, we may entrust services that require the processing of Consumers personal data to:
i. Third parties that assist and help us in providing digital and e-commerce services such as social listening, store locator, loyalty programs, identity management, ratings and reviews, CRM, web analytics and search engine, user generated content curation tools;
ii. Advertising, marketing, digital and social media agencies to help us to deliver advertising, marketing, and campaigns, to analyse their effectiveness, and to manage Consumers contact and questions;
iii. Third parties required to deliver a product to Consumers e.g. postal/delivery services;
iv. Third parties that assist and help us in providing IT services, such as platform providers, hosting services, maintenance and support on our databases as well as on our software and applications that may contain data about Consumers (such services could sometimes imply access to Consumers data to perform the required tasks);
v. Payment service providers and credit reference agencies for the purpose of assessing Consumers credit score and verifying Consumers details where this is a condition of entering into a contract with Consumers;
vi. Third parties that assist us for customer care and cosmetovigilance purposes.
We may also disclose Consumers personal data to third parties:
iii. If we have Consumers consent to do so
iv. Or if we are permitted to do so by law.
We may disclose Consumers personal data to our partners:
i. In the event the service Consumers subscribe to was co-created by L’Oréal and a partner (for example, a co-branded app). In such case, L’Oréal and the partner process Consumers personal data each for their own purposes and as such Consumers data is processed:
iv. When we use Google advertising services on our websites/apps, Google will access and use Consumers personal data. If Consumers wish to learn more on how Google uses Consumers personal data in this context, please consult their Google Privacy & Terms, which govern these services and data processing.
Information that Facebook collects and shares with us
All Facebook features and services available on our website/app are governed by the Facebook Data Policy, in which Consumers can get more info about Consumers privacy rights and settings options.
By using this website/app, Consumers may:
i. Sign-up with Consumers Facebook login. If Consumers do so, Consumers consent to share some of Consumers public profile information with us;
ii. Use the Facebook social plug-ins, such as “like” or “share” our content on the Facebook platform;
iii. Accept cookies from this website/app (also identified as “Facebook Pixel”) that will help us understand Consumers activities, including information about Consumers device, how Consumers use our services, the purchase Consumers make and the ads Consumers see, whether or not Consumers have a Facebook account or are logged into Facebook. When Consumers are using those Facebook features, we collect data that help us to:
a. Show Consumers ads Consumers might be interested in on Facebook (or Instagram, Messenger or any other Facebook services);
b. Measure and analyze the effectiveness of our website/app and ads
We may also use the personal information Consumers gave us on this website/app (such as Consumers name and surname, email, address, gender and phone number) to identify Consumers in Facebook (or Instagram, Messenger or any other Facebook services) in order to show Consumers ads that are even more relevant for Consumers. While doing this, Facebook will not share Consumers personal information and will delete the information promptly after the match process is complete.
We do not offer or sell Consumers personal data.
Where We Store Consumers Personal Data
The data that we collect from Consumers are stored in a secure and lawful storage.
For further information, please contact us as per the “Contact” section below.
How Long Do We Keep Consumers Personal Data
We only keep Consumers personal data for as long as we need it for the purpose for which we hold Consumers personal data, to meet Consumers needs, or to comply with our legal obligations.
To determine the data retention period of Consumers data, we use the following criteria:
i. Where Consumers purchase products and services, we keep Consumers personal data for the duration of our contractual relationship;
ii. Where Consumers participate in a promotional offer, we keep Consumers personal data for the duration of the promotional offer;
iii. Where Consumers contact us for an enquiry, we keep Consumers personal data for the duration needed for the processing of Consumers enquiry;
iv. Where Consumers create an account, we keep Consumers personal data until Consumers require us to delete it or after a period of inactivity (no active interaction with brands) defined in accordance with local regulations and guidance;
v. Where Consumers have consented to direct marketing, we keep Consumers personal data until Consumers unsubscribe or require us to delete it or after a period of inactivity (no active interaction with brands) defined in accordance with local regulations and guidance;
vi. Where cookies are placed on Consumers computer, we keep them for as long as necessary to achieve their purposes (e.g. for the duration of a session for shopping cart cookies or session ID cookies) and for a period defined in accordance with local regulations and guidance.
We may retain some personal data to comply with our legal or regulatory obligations, as well as to allow us to manage our rights (for example to assert our claims in Courts) or for statistical or historical purposes.
When we no longer need to use Consumers personal data, it is removed from our systems and records or anonymised so that Consumers can no longer be identified from it.
Is Consumers Personal Data Secure?
We are committed to keeping Consumers personal data secure, and taking all reasonable precautions to do so. We contractually require that trusted third parties who handle Consumers personal data for us do the same.
We always do our best to protect Consumers personal data and once we have received Consumers personal data, we use strict procedures and security features to try to prevent unauthorised access. As the transmission of information via the internet is not completely secure, we cannot guarantee the security of Consumers data transmitted to our site. As such, any transmission is at Consumers own risk.
Links to Third Party Sites and Social Login
Our websites and apps may from time to time contain links to and from the websites of our partner networks, advertisers and affiliates. If Consumers follow a link to any of these websites, please note that these websites have their own privacy policies and that we are not responsible or liable for these policies. Please check these policies before Consumers submit any personal data to these websites.
Social Media and User Generated Content
Some of our websites and apps allow users to submit their own content. Please remember that any content submitted to one of our social media platforms can be viewed by the public, so Consumers should be cautious about providing certain personal data e.g. financial information or address details. We are not responsible for any actions taken by other individuals if Consumers post personal data on one of our social media platforms and we recommend that Consumers do not share such information.
5. CONSUMERS RIGHTS AND CHOICES
L’Oréal respects Consumers right to privacy: it is important that Consumers are able to control Consumers personal data. Consumers have the following rights:
|Consumers Rights||What does this mean?|
|The right to be informed||Consumers have the right to obtain clear, transparent and easily understand information about how we use Consumers personal data, and Consumers rights. This is why we are providing Consumers with the information in this Policy.|
|The right of access||
Consumers have the right to access to the personal data we hold about Consumers (subject to certain restrictions).
|The right to rectification||
Consumers have the right to have Consumers personal data rectified if it is incorrect or outdated and/or completed if it is incomplete.
|The right to erasure/right to be forgotten||
In some cases, Consumers have the right to have Consumers personal data erased or deleted. Note this is not an absolute right, as we may have legal or legitimate grounds for retaining Consumers personal data.
|The right to object to direct marketing, including profiling||Consumers can unsubscribe or opt out of our direct marketing communication at any time.
It is easiest to do this by clicking on the “unsubscribe” link in any email or communication we send Consumers. Otherwise, Consumers can contact us using contact detail below.
If Consumers would like to object to any profiling, please contact us at the details below.
|The right to withdraw consent at any time for data processing based on consent||Consumers can withdraw Consumers consent to our processing of Consumers data when such processing is based on consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. We refer to the table inserted in section “what data do we collect from Consumers and how do we use it” especially the column “What is our legal basis for processing Consumers data?” to identify where our processing is based on consent.
If Consumers would like to object to withdraw Consumers consent, please contact us at the details below.
|The right to object to processing based on legitimate interests||Consumers can oppose at any time to our processing of Consumers data when such processing is based on the legitimate interest. We refer to the tables inserted in section “what data do we collect from Consumers and how do we use it” especially the column “What is our legal basis for processing Consumers data?” to identify where our processing is based on legitimate interests.
To do so, please contact us at the details below.
|The right to lodge a complaint with a supervisory authority||Consumers have the right to contact the data protection authority of Consumers country in order to lodge a complaint against the data protection and privacy practices of L’Oréal.
Do not hesitate to contact us at the details below before lodging any complaint with the competent data protection authority.
|The right to data portability||Consumers have rights to move, copy or transfer data from our database to another. This only applies to data that Consumers have provided, where processing is based on a contract or Consumers consent, and the processing is carried out by automated means. We refer to the tables inserted in section “what data do we collect from Consumers and how do we use it” especially the column “What is our legal basis for processing Consumers data?” to identify where our processing is based on the performance of a contract or on consent.
For further details, please contact us at the details below.
|The right to restriction||Consumers have the right to request restriction of our processing of Consumers data. This right means that our processing of Consumers data is restricted, so we can store it, but not use nor process it further.|
|The right to deactivate Cookies||
Consumers have the right to deactivate Cookies. The settings from the Internet browsers are usually programmed by default to accept Cookies, but Consumers can easily adjust it by changing the settings of Consumers browser.
To deal with Consumers request, we may require proof of Consumers identity.
If Consumers have any questions or concerns about how we treat and use Consumers personal data, or would like to exercise any of Consumers rights above, please contact us at email@example.com.