We attach particular importance to the respect of the privacy of the users of our site and to the respect of the legal provisions in force.
This personal data protection policy allows you to better understand the principles of collection, processing and protection of personal data that we apply, as required by the laws on data protection in force and in particular the European General Data Protection Regulation (Regulation 2016/679, called "RGPD").
BCR, whose headquarters is located at 10 bis rue Marcel Pellay, in Pont-Croix, France is responsible for the processing of personal data for thesite edulis-cosmetics.com
What personal data do we collect?
We consider all information that directly or indirectly identifies you to be "personal data".
We may primarily collect the following personal data:
- Data relating to your identity: such as last name, first name, age, e-mail address
- Data relating to your skin profile: such as skin type, skin care concerns, environment, skin sensitivity…
- Data related to the follow-up of our commercial relationship, in particular communication preferences (newsletter), history of your requests or your correspondence with our customer service
- Product-related data: collection of product reviews and ratings
- Employment application data for our HR department: message, curriculum vitae, cover letter
- Technical data, such as your IP address or browsing information about your terminal, your browsing preferences
- Other data you provide in connection with a request to one of our services
When do we collect your personal data?
We collect personal data from you when:
- You visit our site
- Give us feedback on a product
- You subscribe to our newsletters
- You carry out a skin diagnosis
- You take part in special operations, in particular competitions, product tests
- You submit an unsolicited application for employment
- You request a partnership with our brand
- You contact us, in particular when you make a request or a complaint to our customer service, whenYou give your opinion on our products and/or services.
What is the legal basis for our personal data processing?
The processing of personal data that we carry out within the framework of our activity can have several legal bases:
- Legitimate interest: we need to collect your personal data to get to know you better in order to provide you with personalized offers and services, ensure the security of our site, improve our content,etc.
- The execution of a contract: the collection of your data is necessary when you subscribe to our online service
- Your consent: In some cases, the law requires your consent to collect or use your data. This is the case, for example, when we collect data relating to your skin profile or your household in order to advise you of appropriate products, or when we wish to send you commercial solicitations (news, promotional offers, contests, etc.) by email
- Legal obligation when the legislation in force requires the processing of data
Why is your personal data collected?
We collect your personal data within the framework of the legal bases mentioned above.
The main purposes are as follows:
- To communicate with you: to manage your requests, your complaints
- To administer your participation in promotional events
- Administration of the site, statistical analysis and improvement of the quality of our services
- Customer relationship management (CRM), in particular to get to know you better and to communicate personalized information about our products and services (in particular, by e-mail, on social networks or any other medium)
- To provide product recommendation in the context of skin diagnostics
- Process your requests and complaints about our products and/or services
- Process your job applications
- Process your partnership requests
- Manage the submission of product reviews
- Administer our website, ensure its security and fight against fraud
- Analyze and anticipate the market in order to adapt our products and services to best meet your needs
- If necessary, prevent and detect fraud
- To manage your requests (samples, advice, promotional operations, complaints, right of access, rectification, opposition, etc.)
With whom do we share your personal data?
We never sell, rent or transfer your personal data to other companies for commercial prospecting purposes. Your data is confidential.
It may be transmitted to service providers and subcontractors chosen for their expertise and reliability who act on our behalf and according to our instructions, in particular to provide you with services such as: carrying out technical maintenance and development operations, processing requests, complaints, applications, communication for promotional purposes, etc.
Each service provider or subcontractor:
- Receives only the personal data necessary for the purposes for which they are responsible
Is not allowed to use this data for any other reason whatsoever
If we sell a business or assets, we may disclose your personal data to the prospective purchaser of that business or asset. If BCR or any part of its assets are acquired by a third party, personal data held about its customers and related to those assets is one of the transferred assets. In the latter case, the acquirer who will act as the new data controller will process your data and its data protection policy will govern the processing of your personal data.
Finally, we may transfer your personal data to local authorities, if required by law or in the context of an investigation and in accordance with applicable regulations.
How do we protect your personal data?
BCR implements technical and organizational measures appropriate to the nature of the data and the risks involved in processing it, to preserve the security and confidentiality of your personal data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorized third parties.
These measures may include practices such as limited access to data by personnel in departments authorized to access it by virtue of their duties, contractual guarantees in the event of the use of an external service provider, privacy impact assessments, regular reviews of our privacy practices and policies, and/or physical and/or logical security measures (secure access, authentication procedures, backups, antivirus software, firewalls, etc.).
In the unlikely event that we believe that the security of your personal data in our possession or control has been or may have been compromised, we will notify you in accordance with legal requirements and in the manner prescribed by law.
What is our policy regarding minors?
Our website is designed and intended for the general public. It is intended for people who are at least 18 years old. We do not voluntarily request or collect personal data from persons under the age of 18.
If we become aware of or suspect that we have collected personal data from a minor, we will take the appropriate steps to contact the individual and, if necessary, delete the personal data from our servers and/or those of our service providers. We may use your personal data to conduct age checks and enforce our age rules.
If you are not 18 years of age or older, please do not submit a review, perform a skin assessment or contact our services. Have an adult, your guardian or legal representative take the necessary steps.
How long do we keep your personal information for?
As a general rule:
- Unless you object or request deletion, prospect/customer data is retained for a period of five years from the date of collection or last contact or the end of the business relationship. At the end of this five-year period, we may contact you again to see if you wish to continue receiving commercial solicitations. In the absence of a positive and explicit response from you, the data concerning you will be deleted or archived in accordance with the provisions in force
- Product reviews are published on our website and are therefore kept for the duration of their publication.
- Job applications are kept by our services for a period of 2 years
What are your rights concerning your personal data and how can you exercise them?
In accordance with the applicable regulations, you have the right to access, rectify, delete and port your personal data, as well as the right to oppose and limit the processing. You may withdraw your consent at any time. You may also formulate directives concerning the conservation, deletion and communication of your personal data after your death.
To exercise these rights, you can send us a request accompanied by a copy of your identity card or passport with your signature, to:
10 bis rue Marcel Pellay
We will inform you of the action taken relating to your request as soon as possible.
In accordance with the applicable regulations, you may also lodge a complaint with the competent supervisory authority in charge of data protection or file a legal appeal if your data is misused.
10 bis rue Marcel Pellay