Privacy and cookies Policies

Date of Last Update: 21/05/2018

We respect your concerns about privacy and value the relationship we have with you. This Privacy Policy describes the types of personal data we collect about our customers, how we use this information, with whom we share it, and the rights of our customers regarding our use of this information. We also describe the measures we take to protect the security of the information, how long we retain it and how our customers can contact us about our privacy practices and how to exercise their rights.

For the purposes of applicable data protection laws, the data controller is Nanshy Limited, a company registered in England and Wales with company number 08302139 and having its registered office at UNIT 13, SPACE BUSINESS CENTRE, TEWKESBURY ROAD, CHELTENHAM, ENGLAND, GL51 9FL

We respect your privacy and your choices.
We make sure that privacy and security are embedded in everything we do.
We will not send you marketing communications unless you have asked us to. You can change your mind at any time.
We will never sell your personal data.
We are committed to keeping your personal data safe and secure. This includes only working with trusted partners.
We are committed to being open and transparent about how we use your personal data.
We will not use your personal data in ways that we have not told you about.
We respect your rights, and will always try to accommodate your requests as far as is possible, in line with our own legal and operational responsibilities.

For more information about our privacy practices, below we set out what types of personal data we might collect or hold about you, how we use it, who we share it with, how we protect it and keep it secure, and your rights around your personal data. Note that all of the information set out below may not apply to you. We have explained below an overview of all possible situations in which we could interact together, and one or more of these may apply to you depending on how you have interacted with us For example, if you have not provided us with a photo for your account, then these details will not apply to you. Similarly, if you have not created a Professional Account, then that information will not apply to you.

When you share personal data with us or when we collect personal data about you, we will use it in line with this Privacy Policy. Please read this information [and our FAQs page] carefully. If you have any questions or concerns about your personal data, please contact us at [email protected]

Please note that you must be at least 13 years old or older to use our services, or older where the terms of a specific service require this.

WHO WE ARE

WHAT IS PERSONAL DATA?

“Personal data” means any information or pieces of information that could identify you either directly (e.g. your name) or indirectly (e.g. through pseudonymised data, such as a unique ID number). This means that personal data includes things like email/home addresses, usernames, profile pictures, personal preferences and shopping habits, user-generated content, financial information, and health information. It could also include unique numerical identifiers like your computer’s IP address or your mobile device’s MAC address, as well as cookies.

This Privacy Policy covers all personal data about you that is collected and used by Nanshy.

WHAT PERSONAL DATA DO WE COLLECT FROM YOU AND HOW DO WE USE IT?

HOW DO WE COLLECT OR RECEIVE YOUR PERSONAL DATA?

In the table below, we explain:

1. In what context is your personal data collected? This column explains what activity or scenario you are involved in when we use or collect your personal data. For example, whether you are making a purchase, signing up to a newsletter, or browsing a website.

1. What personal data may we hold about you? This column explains what types of personal data we may collect when you take part in a particular activity.

1. How and why we use it? This column explains what we do with your personal data, and the purposes for collecting and using it.

1. What is our legal basis for using your personal data? Whenever we use your personal data, we will have a legal basis to do this. For example, you have asked us to provide a service, you have given us your consent, or we have a legitimate interest in using your personal data.

The legal basis for the processing of your personal data can be:

- Your consent - This applies where you provide your personal data and specifically consent to us using it to provide you with a specific service, for example, so that:
  1. you can receive marketing communications from us. If you later ask us to stop sending you marketing communications, we need to keep some of your personal data on a suppression list so that we can make sure we do not contact you again. This is a legal obligation; and
  2. we can store certain cookies on your device. We may place targeted advertising cookies (these allow us to tailor services we offer, specifically to you), analytical cookies (these measure your interaction with our site so we can make improvements) on your device.
- The performance of a contract - This applies where you provide us with your personal data in order for us to provide you with a service (e.g. you ask us to create a customer account for you or you wish to purchase a product and we can manage the associated logistics).

- Our legitimate interests - This applies where you provide us with your personal data and we use it to:
  1. improve our products and services. By providing us with your personal data, we are able to better understand your needs and expectations when it comes to the products and services we offer. This understanding means we can improve our products and services so they match your needs. This might involve performing analytics on how you use our products, services, and websites/apps/devices, or trying out new functions which we think you might like based on what we know about you.
  2. better engage with you. Where you provide us with your personal data, we may use it to encourage you to be more actively engaged with our products and brands and increase your overall brand engagement and awareness. One way we do this is by tailoring the marketing communications we send you so that you receive the information most relevant to you.
  3. iii. prevent fraud. Where you provide us with your personal data, it means we can action any payment you make when you purchase any of our products and/or services, and importantly, check that your payment is free from fraud.
  4. secure our tools: We may use your personal data to keep our tools (websites/apps/devices) safe and secure. This involves making sure our tools are working properly, and that your personal data is kept secure.
- To comply with a legal obligation - This is where you provide us with your personal data which we need to keep for our legal reasons (e.g. when you make a purchase we need to keep your transaction information to comply with our tax and financial reporting obligations).

To protect the vital interests of an individual - This is where we use your personal data to protect you (or someone else) where there is evidence of danger to your (or someone else’s) health and/or safety.

The table below sets out which legal basis we rely on when processing your personal data for each context.

When we collect personal data, we will indicate which types of personal data are mandatory via asterisks. Some of the personal data we request from you are either necessary for us to:

- Perform our contract with you (e.g. to deliver the goods you have purchased on our websites/apps);

- Provide you with a service you have asked for (e.g. to provide you with a newsletter);

- Comply with legal requirements (e.g. invoicing).

If you do not provide the personal data marked with an asterisk, this may affect the goods and services that we can provide.

In which context is your personal data collected?	What personal data may we hold about you?	How and why we may use it?	What is our legal basis for processing your personal data?
Personal account creation and management Where your personal data are collected during the creation or management of an account on Nanshy websites, through a social media login or in store.	First name and surname; Gender; Email address; Address; Phone number; Photo; Birthday or age range; ID/username, and password; Personal description or preferences; Order details; Social media profile (where you use your social media login or share this personal data with us); User generated content; and/or; Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or by participating in a contest, game, survey etc.)	To: Manage your orders; Send you marketing communications (where you have asked us to) which may be tailored to your “profile” (i.e. based on the personal data we know about you and your preferences); Offer you a loyalty program; Offer personalised services based on your characteristics; Allow you to manage your preferences; Monitor and improve our websites and apps; Run analytics or collect statistics; Secure our websites and protect you and us against fraud; Respond to your questions and otherwise interact with you; and/or Manage any competitions, promotions, surveys or contests you enter.	The performance of a contract – so you can create and manage your account; Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; and (iv) secure our tools; and Consent – so you can receive marketing communications from us.
Personal account creation and management Where your personal data are collected during the creation or management of a professional account on Nanshy websites/apps. *professional accounts are created in relation to a business capacity; they are not for personal use.	First name and surname; Organisation name; Gender; Professional and personal email address; Professional and/or personal address; Professional and/or personal phone number; Photo; ID/username, and password; Preferences Order details; and/or Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or by participating in a survey etc.).	To: Manage your orders; Send you marketing communications (where you have asked us to) which may be tailored to your “profile” (i.e. based on the personal data we know about you and your preferences); Offer you a loyalty program; Offer personalised services based on your characteristics; Allow you to manage your preferences; Monitor and improve our websites and apps; Run analytics or collect statistics; Secure our websites and protect you and us against fraud; Respond to your questions and otherwise interact with you; and/or Manage any competitions, promotions, surveys or contests you enter.	The performance of a contract – so you can create and manage your account; Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; and (iv) secure our tools; and Consent – so you can receive marketing communications from us.
Newsletter and marketing subscription Where your personal data are collected when you subscribe to receive our marketing communications.	First name and surname; Email address; Gender; Address Phone number; Birthday or age range ID/username, and password; Personal description or preferences; Order details; Social media profile (where you use your social media login or share this personal data with us); User generated content; and/or Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or by participating in a contest, game, survey etc.).	To: Send you marketing communications (where you have asked us to) which may be tailored to your “profile” (i.e. based on the personal data we know about you and your preferences); Show you marketing communications on other websites, including social media platforms. Note that you may also see our ads on other websites, including on social media sites, but these may not be tailored to you; Keep an up to date suppression list if you have asked not to be contacted; Run analytics or collect statistics; and/or Send content on your behalf to your friends and/or family.	Consent – so you can receive marketing communications from us; and Our legitimate interests: (i) to improve our products and services; and (ii) better engage with you.
Purchases and order management Where your personal data are collected during the purchase process made on Nanshy website/apps or in store.	First name and surname; Email address; Address; Phone number; Personal description or preferences; Social media profile (where you use your social media login or share this personal data with us); Transaction information including purchased products; Payment and information; and/or Purchase history.	To: Contact you to finalise your order where you have saved your shopping cart or placed products in your cart without completing the checkout process; Inform you when a product you wanted to purchase is available; Process your order including delivering the product to the address you indicated; Manage payment. Please note that your payment information (credit card number/Paypal/bank account details) are not collected by us directly, but by secure payment service providers; Manage any contact you have with us about your order; Secure your transactions against fraud. We may use a third party provider’s solution to detect fraud and make sure that payment is completed; If you place a purchase using a registered account, we will add this transaction to your profile so we can understand your interests and preferences and you will see a record of your transactions with us within your account (where applicable); Manage any dispute relating to a purchase; and/or Run analytics or collect statistics.	The performance of a contract – so you can make purchase and we can manage the associated logistics. Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; and (iv) secure our tools. To comply with a legal obligation – to keep information we are required to.
Online browsing Where your personal data are collected by cookies or similar technologies (“cookies”) when you browse Nanshy website/apps or on third-party website/apps where we have cookies. For information on the specific cookies placed on a particular website/app, please check the cookies table or tool available on the specific website/app. cookies are small text files stored on your device (computer, tablet or mobile) when you are on the Internet.	Data related to your use of our websites, including: Where you came from; Login details; Pages you looked at; Duration of your visit; and/or Products you selected to create your basket. Technical information: Your IP address; Browser information; Device information; and/or Your unique ID which is given to each visitor, and the expiration date of the ID.	We use cookies, together with other personal data you have already shared with us (such as previous purchases, or whether you’re signed up to our email newsletters) for the following purposes: To deliver targeted advertising, that is to show you: online advertisements for products which may be of interest to you, based on your previous behaviour; and/or ads and content on social media platforms or other websites. You can opt out of targeted advertising by using the function available on our website (where applicable), or in your browser settings. For opting out of targeted advertising on social media platforms, please visit the relevant social media platform to explore the options they may provide. To tailor our services for you, that is to: show you recommendations, marketing, or content based on your profile and interests; and/or display our websites in a tailored way, for example, show you products we think you might like. To allow our websites/apps to function properly, that is to: ensure the proper display of content; create and remember your shopping cart; create and remember your account login details; interface personalisation, such as language, or any user-interface customisation (i.e. parameters attached to your device including your screen resolution or font preference), etc.; and/or improve our websites/apps, for example, by testing new ideas or layouts. like. To allow our websites/apps to function properly, that is to: ensure the proper display of content; create and remember your shopping cart; create and remember your account login details; interface personalisation, such as language, or any user-interface customisation (i.e. parameters attached to your device including your screen resolution or font preference), etc.; and/or improve our websites/apps, for example, by testing new ideas or layouts. like. To ensure our websites/apps are secure and safe, and to protect you against fraud or misuse of our websites/apps or services, for example through performing troubleshooting. To run statistics, that is to: avoid visitors being recorded twice; know users’ reaction to our advertising campaigns. improve our offers; and/or understand how you discovered our websites/apps. To allow sharing of our content on social media.	Consent – to store cookies on your device. Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii secure our tools
Promotions Where your personal data are collected during a competition, game, contest, promotional offer, sample request, survey etc.	First name and surname; Email address; Phone number; Birth day or age range; Gender; Address Personal description or preferences; Social media profile (where you use your social media login or share this personal data with us); and/or User generated content; Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or by participating in a contest, game, survey etc.).	To: Complete tasks that you have asked us to, for example to manage your participation in the promotion, including to take into account your feedback and suggestions; Run analytics and statistics; Add your participation to your profile so we can understand your interests and preferences.	The performance of a contract – so you may entered into the promotion/we can deliver the prize). Our legitimate interests: (i) to improve our products and services; and (ii) better engage with you.
User Generated Content Where your personal data are collected when you submit content (for example images or ratings and reviews) on one of our websites/apps/social media platforms, or accept our re-use of any content you posted on social media platforms.	First name and surname or alias; Email address; Photo; Personal description or preferences; Social media profile (where you use your social media login or share this personal data with us); and/or Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, or by providing your own content such as photos or a review, or a question via the chat function available on some websites).	To: Use the content you have created and/or shared in accordance with the specific terms and conditions accepted by you e.g. to post your review/content and to promote our products; Run analytics and statistics; and/or Add your content to your profile so we can understand your interests and preferences.	Consent – to provide you with the service you have requested, for example, so you can upload the content of your choice. Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii) secure our tools and design new features.
Use of websites/apps and devices Where your personal data are collected as part of your use of our apps and/or devices.	First name and surname; Email address; Location; Birth day and/or age range; Personal description or preferences, including characteristics such as skin tone, skin/hair type; and/or Application or device usage data.	To: Provide you with the service(s) you requested (e.g. test our products virtually, enable you to purchase our products, provide you with advice and notifications regarding your sun exposure, hair routine etc.); Analyse your personal characteristics and recommend appropriate products (including bespoke products) and routines; Conduct research and innovation by scientists within the L’Oréal Group; Monitor and improve our apps and devices; and/or Run analytics and statistics.	Consent – to provide you with the service you have requested, for example, show you recommended products or complete your purchase. Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii) secure our tools.
Enquiries Where your personal data are collected when you ask questions relating to our brands, our products and their use, or your purchases, account or rights.	First name and surname; Phone number; Email address; Other information you have shared with us about yourself in relation to your enquiry (which may include welfare and health data).	To: Answer and manage your enquiries; Run analytics and statistics; and/or Add your questions or concerns to your profile so we can understand your interests and preferences.	The performance of a contract – to respond to your enquiries. Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii) secure our tools.

In which context is your personal data collected?

What personal data may we hold about you?

How and why we may use it?

What is our legal basis for processing your personal data?

Personal account creation and management

Where your personal data are collected during the creation or management of an account on Nanshy websites, through a social media login or in store.

First name and surname;
Gender;
Email address;
Address;
Phone number;
Photo;
Birthday or age range;
ID/username, and password;
Personal description or preferences;
Order details;
Social media profile (where you use your social media login or share this personal data with us);
User generated content; and/or;
Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or by participating in a contest, game, survey etc.)

To:

Manage your orders;
Send you marketing communications (where you have asked us to) which may be tailored to your “profile” (i.e. based on the personal data we know about you and your preferences);
Offer you a loyalty program;
Offer personalised services based on your characteristics;
Allow you to manage your preferences;
Monitor and improve our websites and apps;
Run analytics or collect statistics;
Secure our websites and protect you and us against fraud;
Respond to your questions and otherwise interact with you; and/or
Manage any competitions, promotions, surveys or contests you enter.

The performance of a contract – so you can create and manage your account;
Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; and (iv) secure our tools; and
Consent – so you can receive marketing communications from us.

Personal account creation and management

Where your personal data are collected during the creation or management of a professional account on Nanshy websites/apps.

*professional accounts are created in relation to a business capacity; they are not for personal use.

First name and surname;
Organisation name;
Gender;
Professional and personal email address;
Professional and/or personal address;
Professional and/or personal phone number;
Photo;
ID/username, and password;
Preferences
Order details; and/or
Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or by participating in a survey etc.).

To:

Manage your orders;
Send you marketing communications (where you have asked us to) which may be tailored to your “profile” (i.e. based on the personal data we know about you and your preferences);
Offer you a loyalty program;
Offer personalised services based on your characteristics;
Allow you to manage your preferences;
Monitor and improve our websites and apps;
Run analytics or collect statistics;
Secure our websites and protect you and us against fraud;
Respond to your questions and otherwise interact with you; and/or
Manage any competitions, promotions, surveys or contests you enter.

The performance of a contract – so you can create and manage your account;
Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; and (iv) secure our tools; and
Consent – so you can receive marketing communications from us.

Newsletter and marketing subscription

Where your personal data are collected when you subscribe to receive our marketing communications.

First name and surname;
Email address;
Gender;
Address
Phone number;
Birthday or age range
ID/username, and password;
Personal description or preferences;
Order details;
Social media profile (where you use your social media login or share this personal data with us);
User generated content; and/or
Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or by participating in a contest, game, survey etc.).

To:

Send you marketing communications (where you have asked us to) which may be tailored to your “profile” (i.e. based on the personal data we know about you and your preferences);
Show you marketing communications on other websites, including social media platforms. Note that you may also see our ads on other websites, including on social media sites, but these may not be tailored to you;
Keep an up to date suppression list if you have asked not to be contacted;
Run analytics or collect statistics; and/or
Send content on your behalf to your friends and/or family.

Consent – so you can receive marketing communications from us; and
Our legitimate interests: (i) to improve our products and services; and (ii) better engage with you.

Purchases and order management

Where your personal data are collected during the purchase process made on Nanshy website/apps or in store.

First name and surname;
Email address;
Address;
Phone number;
Personal description or preferences;
Social media profile (where you use your social media login or share this personal data with us);
Transaction information including purchased products;
Payment and information; and/or
Purchase history.

To:

Contact you to finalise your order where you have saved your shopping cart or placed products in your cart without completing the checkout process;
Inform you when a product you wanted to purchase is available;
Process your order including delivering the product to the address you indicated;
Manage payment. Please note that your payment information (credit card number/Paypal/bank account details) are not collected by us directly, but by secure payment service providers;
Manage any contact you have with us about your order;
Secure your transactions against fraud. We may use a third party provider’s solution to detect fraud and make sure that payment is completed;
If you place a purchase using a registered account, we will add this transaction to your profile so we can understand your interests and preferences and you will see a record of your transactions with us within your account (where applicable);
Manage any dispute relating to a purchase; and/or
Run analytics or collect statistics.

The performance of a contract – so you can make purchase and we can manage the associated logistics.
Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; and (iv) secure our tools.
To comply with a legal obligation – to keep information we are required to.

Online browsing

Where your personal data are collected by cookies or similar technologies (“cookies”*) when you browse Nanshy website/apps or on third-party website/apps where we have cookies.

For information on the specific cookies placed on a particular website/app, please check the cookies table or tool available on the specific website/app.

*cookies are small text files stored on your device (computer, tablet or mobile) when you are on the Internet.

Data related to your use of our websites, including:

Where you came from;
Login details;
Pages you looked at;
Duration of your visit; and/or
Products you selected to create your basket.

Technical information:

Your IP address;
Browser information;
Device information; and/or
Your unique ID which is given to each visitor, and the expiration date of the ID.

We use cookies, together with other personal data you have already shared with us (such as previous purchases, or whether you’re signed up to our email newsletters) for the following purposes:

- To deliver targeted advertising, that is to show you:
  - online advertisements for products which may be of interest to you, based on your previous behaviour; and/or
  - ads and content on social media platforms or other websites.

You can opt out of targeted advertising by using the function available on our website (where applicable), or in your browser settings. For opting out of targeted advertising on social media platforms, please visit the relevant social media platform to explore the options they may provide.

- To tailor our services for you, that is to:
  - show you recommendations, marketing, or content based on your profile and interests; and/or
  - display our websites in a tailored way, for example, show you products we think you might like.
- To allow our websites/apps to function properly, that is to:
  - ensure the proper display of content;
  - create and remember your shopping cart;
  - create and remember your account login details;
  - interface personalisation, such as language, or any user-interface customisation (i.e. parameters attached to your device including your screen resolution or font preference), etc.; and/or
  - improve our websites/apps, for example, by testing new ideas or layouts. like.
- To allow our websites/apps to function properly, that is to:
  - ensure the proper display of content;
  - create and remember your shopping cart;
  - create and remember your account login details;
  - interface personalisation, such as language, or any user-interface customisation (i.e. parameters attached to your device including your screen resolution or font preference), etc.; and/or
  - improve our websites/apps, for example, by testing new ideas or layouts. like.
- To ensure our websites/apps are secure and safe, and to protect you against fraud or misuse of our websites/apps or services, for example through performing troubleshooting.

To run statistics, that is to:
- avoid visitors being recorded twice;
- know users’ reaction to our advertising campaigns.
- improve our offers; and/or
- understand how you discovered our websites/apps.
To allow sharing of our content on social media.

Consent – to store cookies on your device.
Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii secure our tools

Promotions

Where your personal data are collected during a competition, game, contest, promotional offer, sample request, survey etc.

First name and surname;
Email address;
Phone number;
Birth day or age range;
Gender;
Address
Personal description or preferences;
Social media profile (where you use your social media login or share this personal data with us); and/or
User generated content;
Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or by participating in a contest, game, survey etc.).

To:

Complete tasks that you have asked us to, for example to manage your participation in the promotion, including to take into account your feedback and suggestions;
Run analytics and statistics;
Add your participation to your profile so we can understand your interests and preferences.

The performance of a contract – so you may entered into the promotion/we can deliver the prize).
Our legitimate interests: (i) to improve our products and services; and (ii) better engage with you.

User Generated Content

Where your personal data are collected when you submit content (for example images or ratings and reviews) on one of our websites/apps/social media platforms, or accept our re-use of any content you posted on social media platforms.

First name and surname or alias;
Email address;
Photo;
Personal description or preferences;
Social media profile (where you use your social media login or share this personal data with us); and/or
Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, or by providing your own content such as photos or a review, or a question via the chat function available on some websites).

To:

Use the content you have created and/or shared in accordance with the specific terms and conditions accepted by you e.g. to post your review/content and to promote our products;
Run analytics and statistics; and/or
Add your content to your profile so we can understand your interests and preferences.

Consent – to provide you with the service you have requested, for example, so you can upload the content of your choice.
Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii) secure our tools and design new features.

Use of websites/apps and devices

Where your personal data are collected as part of your use of our apps and/or devices.

First name and surname;
Email address;
Location;
Birth day and/or age range;
Personal description or preferences, including characteristics such as skin tone, skin/hair type; and/or
Application or device usage data.

To:

Provide you with the service(s) you requested (e.g. test our products virtually, enable you to purchase our products, provide you with advice and notifications regarding your sun exposure, hair routine etc.);
Analyse your personal characteristics and recommend appropriate products (including bespoke products) and routines;
Conduct research and innovation by scientists within the L’Oréal Group;
Monitor and improve our apps and devices; and/or
Run analytics and statistics.

Consent – to provide you with the service you have requested, for example, show you recommended products or complete your purchase.
Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii) secure our tools.

Enquiries

Where your personal data are collected when you ask questions relating to our brands, our products and their use, or your purchases, account or rights.

First name and surname;
Phone number;
Email address;
Other information you have shared with us about yourself in relation to your enquiry (which may include welfare and health data).

To:

Answer and manage your enquiries;
Run analytics and statistics; and/or
Add your questions or concerns to your profile so we can understand your interests and preferences.

The performance of a contract – to respond to your enquiries.
Our legitimate interests: (i) to improve our products and services; (ii) better engage with you; and (iii) secure our tools.

AUTOMATED DECISION MAKING

Automated decision making means the ability to make decisions using technology, without human involvement.

We may use automated decision making in the following circumstances:

For the purposes of securing transactions placed through our websites/apps/devices against fraud. We may use a third-party provider’s solution to protect against fraud. The method of fraud detection is based on a number of different data prediction and data intelligence techniques that may change over time, to keep up with technological advancement. These may include, for example, data comparison or association, or detecting outlier (unusual) data patterns. This fraud detection process may be completely automated or may involve some human intervention where the final decision is taken by a person.

As a result of automatic fraud detection, you may experience a delay in the processing of your order/request whilst we review your transaction. You may be limited or excluded from using a service if a risk of fraud is identified.

You have the right to access the information on which we base our decision.

PROFILING

This means automatically processing personal data to evaluate certain personal aspects about an individual, in particular, to analyse or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

When we send or display personalised communications or content, we may use some profiling techniques. This means that we may collect personal data about you in the different scenarios mentioned in the table above, and use this data to analyse, evaluate, or predict your personal preferences, interests, behaviour and/or location.

Based on our analysis, we then send or display communications and/or content specifically tailored to your interests and needs.

You may have the right to object at any time to the use of your personal data for “profiling”. Please see “Your Rights and Choices” section below.

WHO MAY ACCESS YOUR PERSONAL DATA?

First, we want to be clear that we do not sell your personal data.

We may share your personal data within Nanshy

Your personal data may be accessed within Nanshy. Where appropriate, we may update the information you share with us, to tailor our communications based on your preferences, and to run analytics and perform statistics.

Your personal data may also be processed on our behalf by our trusted third-party suppliers.

We rely on trusted third parties to perform a range of business operations on our behalf. We only provide them with the information they need to perform the service, and we require that they do not use your personal data for any other purpose. We will always use our best efforts to make sure that all third parties we work with will keep your personal data secure. Examples include:

Third parties that assist and help us in providing digital and e-commerce services such as social listening, store locator, loyalty programs, identity management, ratings and reviews, CRM, web analytics and search engine, user-generated content curation tools;
Advertising, marketing, digital and social media agencies to help us to deliver advertising, marketing, and campaigns, to analyse their effectiveness, and to manage your contact and questions;
Third parties required to deliver a product to you e.g. postal/delivery services;
Third parties that assist and help us in providing IT services, such as platform providers, hosting services, maintenance and support on our databases as well as on our software and applications;
Payment service providers and credit reference agencies for the purpose of assessing your credit score and verifying your details where this is a condition of entering into a contract with you;
Third parties that assist us with customer care and research purposes.

The legal basis for this sharing is our legitimate interests – (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; (iv) secure our tools and design new features; and (v) use appropriate suppliers.

We may also disclose your personal data to third parties:

In the event that we sell any or part of our business or assets, we may disclose your personal data to the prospective buyer of such business or assets. If Nanshy is acquired by a third party, personal data we hold about our consumers relating to those assets will be one of the transferred assets. In such cases, your personal data will be processed by the buyer acting as the new data controller and its privacy policy will govern the processing of your personal data.
If we are under a duty to disclose or share your personal data in order to comply with a legal obligation, or in order to enforce or apply our terms of use/sales or other terms and conditions you have agreed to; or to protect the rights, property, or safety of Nanshy, our consumers, or others.
In other circumstances, if we have your consent or we are permitted to do so by law.

WHERE WE STORE YOUR PERSONAL DATA

The personal data that we collect from you may be transferred to, accessed in, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our service providers.

Where Nanshy transfers personal data outside of the EEA, this will be done in a secure and lawful way. As some countries may not have laws governing the use and transfer of personal data, we will take steps to make sure that third parties adhere to the commitments set out in this Privacy Policy. These steps may include reviewing third parties’ privacy and security standards, and/or entering into appropriate contracts (on the basis of the template adopted by the EU Commission and available via its homepage).

For further information, please contact us as per the “Contact” section below.

HOW LONG DO WE KEEP YOUR PERSONAL DATA

We will keep your personal data for as long as we need it to provide you with your requested service(s) or to meet our commercial or legal obligations.

To determine the retention period of your personal data, we consider several criteria to make sure that we do not keep your personal data for longer than is necessary or appropriate. These criteria include:

The purpose for which we hold your personal data;
Our legal and regulatory obligations in relation to that personal data, for example, any financial reporting obligations;
Whether our relationship with you is ongoing, for example, you have an active account with one or more of our brands, you continue to receive marketing communications, or you regularly browse or purchase of our websites/apps);
Whether you are no longer actively participating or engaging with our brands, for example, you do not open our emails, visit our websites, or share user-generated content;
Any specific requests from you in relation to the deletion of your personal data; and
Our legitimate business interests in relation to managing our own rights, for example, the defence of any claims.

When we no longer need to retain your personal data, it will be deleted or be anonymised so that you can no longer be identified from it.

IS MY PERSONAL DATA SECURE?

We are committed to keeping your personal data secure and taking all reasonable precautions to do so. We contractually require that trusted third parties who handle your personal data for us do the same.

We always do our best to protect your personal data and once we have received your personal data, we use strict procedures and security features to try to prevent unauthorised access. As no transmission of information via the internet is completely secure, we cannot guarantee the security of your personal data transmitted to our site although. Any transmission is therefore at your own risk.

LINKS TO THIRD PARTY SITES AND SOCIAL LOGIN

Our websites/apps may, from time to time, contain links to the advertisers and/or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you share any personal data with these websites.

We may offer you the opportunity to use your social media login when interacting with our websites/apps. If you do so, please be aware that you will be sharing your profile information with us. The personal data that is shared will depend on your social media platform settings. Please visit the relevant social media platform and review its privacy policy to understand how your personal data is shared and used in this context.

SOCIAL MEDIA AND USER GENERATED CONTENT

Our websites and apps allow users to submit their own content. Please remember that any content submitted to our social media platforms can be viewed by the public, and you should be cautious about providing certain personal data e.g. financial information or address details. We are not responsible for any actions taken by other individuals if you post personal data on one of our social media platforms and we recommend that you do not share such information.

YOUR RIGHTS AND CHOICES

Nanshy respects your right to privacy: it is important that you are able to control your personal data. You have the following rights:

Your rights	What does this mean?
The right to be informed	You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data, and your rights. This is why we are providing you with the information in this Privacy Policy.
The right of access	You have the right to access and receive a copy of, any personal data we hold about you (subject to certain restrictions). In exceptional circumstances, we may charge a reasonable fee for providing such access but only where permitted by law.
The right to rectification	You have the right to have your personal data rectified if it is incorrect or outdated and/or completed if it is incomplete. If you have an account, it may be easier to correct your own personal data via your “My Account” function.
The right to erasure/right to be forgotten	In some cases, you have the right to have your personal data erased or deleted. Note this is not an absolute right, as we may have legal or legitimate grounds for retaining your personal data.
The right to object to direct marketing, including profiling, and any processing based on our legitimate interests	You can unsubscribe or opt out of our direct marketing communication at any time. The easiest way to do this is by clicking on the “unsubscribe” link in any email or communication we send you. In circumstances where you have the right to object to profiling or any processing based on our legitimate interests, you should contact us using the details below.
The right to withdraw consent at any time for and personal data processing based on consent	You can withdraw your consent to our processing of your personal data when such processing is based on consent. Where you withdraw your consent, this does not affect the lawfulness of our processing before your withdrawal. Please see the table in section “what personal data do we collect from you and how do we use it” specifically the column “What is our legal basis for processing your personal data?” to see where/when our processing is based on consent.
The right to object to processing based on legitimate interests	You may object at any time to our processing of your personal data when such processing is based on our legitimate interests. Please see the table in section “what personal data do we collect from you and how do we use it” specifically the column “What is our legal basis for processing your personal data?” to see where/when our processing is based on legitimate interests.
The right not to be subject to a decision based solely on automated decision-making	Where we use your personal data to make an automated decision about you (please see “Automated Decision Making” above for examples), you have the right to object to our decision. Your right does not apply if: (i) you gave us your explicit consent to use your personal data to make our decision; (ii) we are allowed by law to make our decision; or (iii) our automated decision was necessary to enable us to enter into a contract with you.
The right to lodge a complaint with a supervisory authority	You have the right to contact the data protection authority of your country in order to lodge a complaint against our data protection and privacy practices. Do not hesitate to contact us at the details below before lodging any complaint with the competent data protection authority as we will always seek to resolve your complaint in the first instance.
The right to data portability	You have the right to move, copy or transfer personal data from our database to another. This only applies to personal data that you have provided, where processing is based on a contract or your consent, and the processing is carried out by automated means. Please see the table in section “what personal data do we collect from you and how do we use it” specifically the column “What is our legal basis for processing your personal data?” to see where/when our processing is based on consent or the performance of a contract.
The right to restriction	This right means that our processing of your personal data is restricted, so we can store it, but not use nor process it further. It applies in the following limited circumstances set out in the General Data Protection Regulation: the accuracy of the personal data is contested by you, for a period enabling L’Oréal to verify the accuracy of the personal data; the processing is unlawful and you object the erasure of your personal data and request L’Oréal restricts the ways in which it processes your personal data; L’Oréal no longer needs your personal data for the purposes of its processing, but you require the personal data for the establishment, exercise or defence of legal claims; You object to L’Oréal’s processing of your personal data based L’Oréal’s legitimate interests, pending the verification whether the L’Oréal’s legitimate grounds override your rights and freedoms.
The right to deactivate cookies	The settings from the Internet browsers are usually programmed by default to accept cookies, but you can easily adjust it by changing the settings of your browser or, where available, by using the tools on our websites. Many cookies are used to enhance the usability or functionality of a website; therefore disabling some types of cookies may prevent you from using certain parts of our websites. If you wish to restrict or block all the cookies which are set by our websites, please use the tool available on the particular website (if applicable), or refer to the Help function within your browser to learn how to manage your settings within your browser. For more information please consult the following links:http://www.aboutcookies.org/.

How can I exercise these rights?

For more information, or to request any of the rights noted above, please contact us on the details set out below.

Note that we may require proof of your identity and full details of your request before we process any request(s).

COOKIES

What are they?

A cookie is a small file that a website transfers to the cookie file of the browser on your device so that the website can remember who you are.

We use cookies to help you navigate our website efficiently and to perform certain functions, including site traffic analysis. Cookies may also recognize you on your next log-in and offer you content tailored to your preferences and interests. Cookies do not compromise the security of a website.

Some cookies can collect personal information, including information you disclose like your username, or where cookies track you to deliver more relevant advertising content. For further details on how we use your personal information, please see our Privacy Policy.

There are two types of cookies on our sites – “session” cookies that are temporary cookies that remain on your browser only while you’re on our site, and “persistent” cookies, that remain on your browser for much longer.

Do I want to stop them?

Many cookies are used to enhance the usability or functionality of a website; therefore disabling cookies may prevent you from using certain parts of this website. We explain the cookies we use in the table below and give you a button by which you can block the optional cookies.

If you do not make either choice then you will be treated as having accepted all cookies on this site. You can change your mind in subsequent visits and use the buttons below to change your cookie status for our site.

If you wish to restrict or block all the cookies which are set by our website (which as we say may prevent you from using certain parts of the site), or indeed any other website, you can do this through your browser settings. The Help function within your browser should tell you how. For more information go to www.aboutcookies.org

Which cookies are being used on this site?

We use four different types of cookies on this site – those that are strictly necessary for the website to function, functionality cookies, performance/analytics cookies, and targeted/advertising cookies.

Strictly Necessary cookies: These are cookies that are essential for our website to work correctly. They may be required for system administration, to prevent fraudulent activity, or for a shopping cart function. These cookies cannot be switched off.

Functionality cookies: These cookies are used to enhance and simplify your user experience. For example, they may remember information about previous choices you have made, remember your password, or allow video or social media content to be properly viewed on the website. You can opt out of functionality cookies using the function below.

Analytics and Performance cookies: These are used for internal purposes to help us understand how you interact with our site, so we can provide you with an improved user experience e.g. to assess the performance of our website, or to test different design ideas for the website. We may work with third parties to perform these services for us, so these cookies may be set by a third party. You can opt out of these cookies using the function below.

Targeting and advertising cookies: These cookies are used to deliver relevant and tailored content (including advertising content) to you, and also to evaluate the effectiveness of that content. This content may be delivered on our websites.

There may be additional cookies managed by third parties, for example:

Social Media Networks and Third Party Content. On our website, we may use social networking icons and sometimes embed video content from websites such as YouTube. When you visit a page with content embedded from, for example, YouTube, or click on a social network icon that takes you to that social network, you will be presented with third-party cookies from Youtube or that site as applicable. We do not control these cookies and you need to check with the applicable third party website for more information.

Flash cookies. Nanshy uses Flash files to deliver part of its content, such as Video Player, throughout the site. To improve user experience Local Shared Objects – or flash cookies as they are commonly known – are employed to provide features such as auto-resume and for saving your preferences. Flash Cookies are stored in your terminal much in the same way as cookies are, however it is not possible to manage them at browser level in the same way.

Spotlight tags – These are something we use to track measure and report on activities that happen when you see or click on one of our advertisements somewhere on the web and then either click through to our website from that ad or visit certain pages on our website within 30 days of having seen one of our advertisements somewhere on the web.

All cookies used on this website are detailed below

Cookie and status	Name	Purpose
Cookie Acceptance (necessary)	CookiesAccepted	Records if you have accepted the use of cookies on the website. It does not contain any user information. This cookie remains on your computer after the session has closed.
Session ID (necessary)	ONDEMANDAUTH	Required to navigate from one page to another and to maintain the login/logout information during your visit. It collects information in an anonymous form by using a unique identifier. Expires after 20 minutes of inactivity or when you end your session.
Basket Cookie (necessary)	AdditionalParams	Used to store the number of items and total cost of the basket when you are internet shopping with us. It collects information in an anonymous form by using a unique identifier. Expires when you end your session.
Cybersource payment cookies (necessary)	JSESSIONID BIGipServerorderpage	When you are internet shopping with us these two cookies work in relation to the secure payments aspects of the transaction and collect information in an anonymous form using a unique identifier. JSESSIONID expires when you end your session and BIGipServerorderpage expires after two hours.
Banner view (necessary)	onetime	Records whether you have been shown the cookie alert banner so as not to show it to you again. It collects information in an anonymous form using a unique identifier. This cookie remains on your computer after the session has closed.
Offers (optional)	onetimehomepage	Records whether you have been shown the exclusive offer popup on the home page so as not to show it to you again. It collects information in an anonymous form using a unique identifier. Expires when you end your session.
User Authentication (optional)	UserAuthentication	Contains your country code and an anonymous unique identifier used during your previous visit to personalise the content of this website. This cookie remains on your computer after the session has closed.
Google Analytics (optional)	-utma -utmb -utmc -utmz	These cookies are used to collect information about how visitors use our site. They are placed on the site by Google, Inc an American Corporation. It collects information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited on the site. This information is then used by Google to make reports for us and to help us improve the site. For more information visit http://www.google.com/intl/en/policies/privacy/
Doubleclick (optional)	Doubleclick Cookie	This cookie ensures that you can see Lancôme offers on carefully selected third party websites after you have left the Lancôme site. For more information or if you want to disable this cookie without removing the other optional cookies please visit this link: https://www.google.com/settings/ads/onweb#display_optoutThis cookie expires after 60 days.
Chat: Last Visit (optional)	LastVisit	Records the date and time that you last visited a page with our Live Chat service enabled.
Live Chat: Last Invite (optional)	LastInvite	Records the date and time that we last sent you a Live Chat invite to improve your experience on lancome.co.uk
Live Chat: Never Invite (optional)	NeverInvite	Records your preference to not be contacted again to participate in a Live Chat session.
Live Chat: Aborted Time (optional)	AbortedTime	Records the time that your Live Chat session was aborted.
Live Chat: Last Interaction (optional)	LastInteraction	LastInteraction Records the date that you last engaged in Live Chat on lancome.co.uk
Live Chat: Chat Open (optional)	ChatOpen	Records whether you have an active chat session open or not. Expires after 2 minutes.
Google Analytics support(session cookie)	bvgacef e.g. bvgacefRatingsAndReviews	Creates an event the first time Bazaar Voice is loaded for a user. Bazaar Voice Cookie
Feedback Submitted (session cookie)	pfv_(ID) rfv_(ID),rhf_(ID),rif_(ID) qfv_(ID),qhf_(ID),qif_(ID) cfv_(ID),chf_(ID),cif_(ID)	Identifies and remembers user provided feedback through voting on helpfulness, innappropriate and voting/flagging icons. Cookies expires after session has finished. Bazaar Voice Cookie
Comment Submitted (session cookie)	r-commented-(ID)s-commented-(ID)	Identifies the reviews on which the user has commented in order to customise display highlighting these comments. Cookies expires after session has finished. Bazaar Voice Cookie
Mobile Preferences(session cookie)	displayTypePreferred(CODE)	Records whether a user has indicated a preference for Mobile or Desktop version of landing pages through search engines. Cookies expires after session has finished. Bazaar Voice Cookie
Analytics Session ID (session cookie)	BVSID BVBRANDSID BVID	Allows internal Bazaar Voice analytics to be correlated to the same user browsing session for interactions across the Bazaar Voice network. BVSID & BVBRANDSID Cookies expires after session has finished. BVID cookie expires after 18 months.Bazaar Voice Cookie
C2013 Session Cookie (session cookie)	Production: bvf_(client checksum) Staging: bvf_(client checksum)s	Stores a session ID of the user after submission of a review. Cookies expires after session has finished. Bazaar Voice Cookie
C2013 A/B testing cookie (session cookie)	BVImpl{client site name}	Stores user configuration for a/B testing. Cookies expires after session has finished. Bazaar Voice Cookie
Submit In Progress(session cookie)	prr-sip qa-sip sy-sip cp-sip	Identifies a submission that is in progress, to enable maintaining of content in case of a refresh by the user. Cookies expires after session has finished.Bazaar Voice Cookie
Display state (session cookie)	goto scroll-to-story-id bvReturnPosition bvOpenedQ(CODE) bvProfileActiveTab_(ID) bvScrollPositionX bvScrollPostitionY bvScrollToElementID bvScrollToElementOffset)	Cookies retain the state of display across pages and/or reloads to enable consistent user experience. Cookies expires after session has finished.Bazaar Voice Cookie
Memory	mem	Memory widget cookie used to track ordered list of products that a user has visited. Remains on computer for 365 days. Bazaar Voice Cookie
Remember Me	rm	Identifies users who have chosen to remember their credentials. Is removed upon sign out, or after 365 days. Bazaar Voice Cookie

CHANGES TO OUR PRIVACY POLICY

Any changes we may make to our Privacy and Cookies Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Privacy and Cookies Policy.

CONTACT

If you have any questions or concerns about how we treat and use your personal data, or would like to exercise any of your rights above, please contact us at [email protected] or by writing to us at:

Nanshy Ltd

Unit 13

Space Business Centre

Tewkesbury Road

Cheltenham

GL51 9FL

Last updated: June 06, 2022