Date of Last Update: 21/05/2018
We respect your concerns about privacy and value the relationship we have with you. This Privacy Policy describes the types of personal data we collect about our customers, how we use this information, with whom we share it, and the rights of our customers regarding our use of this information. We also describe the measures we take to protect the security of the information, how long we retain it and how our customers can contact us about our privacy practices and how to exercise their rights.
For the purposes of applicable data protection laws, the data controller is Nanshy Limited, a company registered in England and Wales with company number 08302139 and having its registered office at UNIT 13, SPACE BUSINESS CENTRE, TEWKESBURY ROAD, CHELTENHAM, ENGLAND, GL51 9FL
- We respect your privacy and your choices.
- We make sure that privacy and security are embedded in everything we do.
- We will not send you marketing communications unless you have asked us to. You can change your mind at any time.
- We will never sell your personal data.
- We are committed to keeping your personal data safe and secure. This includes only working with trusted partners.
- We are committed to being open and transparent about how we use your personal data.
- We will not use your personal data in ways that we have not told you about.
- We respect your rights, and will always try to accommodate your requests as far as is possible, in line with our own legal and operational responsibilities.
In the table below, we explain:
-
- In what context is your personal data collected? This column explains what activity or scenario you are involved in when we use or collect your personal data. For example, whether you are making a purchase, signing up to a newsletter, or browsing a website.
-
- What personal data may we hold about you? This column explains what types of personal data we may collect when you take part in a particular activity.
-
- How and why we use it? This column explains what we do with your personal data, and the purposes for collecting and using it.
-
- What is our legal basis for using your personal data? Whenever we use your personal data, we will have a legal basis to do this. For example, you have asked us to provide a service, you have given us your consent, or we have a legitimate interest in using your personal data.
-
- Your consent - This applies where you provide your personal data and specifically consent to us using it to provide you with a specific service, for example, so that:
- you can receive marketing communications from us. If you later ask us to stop sending you marketing communications, we need to keep some of your personal data on a suppression list so that we can make sure we do not contact you again. This is a legal obligation; and
- we can store certain cookies on your device. We may place targeted advertising cookies (these allow us to tailor services we offer, specifically to you), analytical cookies (these measure your interaction with our site so we can make improvements) on your device.
- The performance of a contract - This applies where you provide us with your personal data in order for us to provide you with a service (e.g. you ask us to create a customer account for you or you wish to purchase a product and we can manage the associated logistics).
- Your consent - This applies where you provide your personal data and specifically consent to us using it to provide you with a specific service, for example, so that:
-
- Our legitimate interests - This applies where you provide us with your personal data and we use it to:
- improve our products and services. By providing us with your personal data, we are able to better understand your needs and expectations when it comes to the products and services we offer. This understanding means we can improve our products and services so they match your needs. This might involve performing analytics on how you use our products, services, and websites/apps/devices, or trying out new functions which we think you might like based on what we know about you.
- better engage with you. Where you provide us with your personal data, we may use it to encourage you to be more actively engaged with our products and brands and increase your overall brand engagement and awareness. One way we do this is by tailoring the marketing communications we send you so that you receive the information most relevant to you.
- iii. prevent fraud. Where you provide us with your personal data, it means we can action any payment you make when you purchase any of our products and/or services, and importantly, check that your payment is free from fraud.
- secure our tools: We may use your personal data to keep our tools (websites/apps/devices) safe and secure. This involves making sure our tools are working properly, and that your personal data is kept secure.
- To comply with a legal obligation - This is where you provide us with your personal data which we need to keep for our legal reasons (e.g. when you make a purchase we need to keep your transaction information to comply with our tax and financial reporting obligations).
- Our legitimate interests - This applies where you provide us with your personal data and we use it to:
- To protect the vital interests of an individual - This is where we use your personal data to protect you (or someone else) where there is evidence of danger to your (or someone else’s) health and/or safety.
- Perform our contract with you (e.g. to deliver the goods you have purchased on our websites/apps);
- Provide you with a service you have asked for (e.g. to provide you with a newsletter);
- Comply with legal requirements (e.g. invoicing).
In which context is your personal data collected?
|
What personal data may we hold about you?
|
How and why we may use it?
|
What is our legal basis for processing your personal data?
|
---|---|---|---|
Personal account creation and management
Where your personal data are collected during the creation or management of an account on Nanshy websites, through a social media login or in store. |
|
To:
|
|
Personal account creation and management
Where your personal data are collected during the creation or management of a professional account on Nanshy websites/apps. *professional accounts are created in relation to a business capacity; they are not for personal use. |
|
To:
|
|
Newsletter and marketing subscription
Where your personal data are collected when you subscribe to receive our marketing communications. |
|
To:
|
|
Purchases and order management
Where your personal data are collected during the purchase process made on Nanshy website/apps or in store. |
|
To:
|
|
Online browsing
Where your personal data are collected by cookies or similar technologies (“cookies”*) when you browse Nanshy website/apps or on third-party website/apps where we have cookies. For information on the specific cookies placed on a particular website/app, please check the cookies table or tool available on the specific website/app.
*cookies are small text files stored on your device (computer, tablet or mobile) when you are on the Internet. |
Data related to your use of our websites, including:
Technical information:
|
We use cookies, together with other personal data you have already shared with us (such as previous purchases, or whether you’re signed up to our email newsletters) for the following purposes:
You can opt out of targeted advertising by using the function available on our website (where applicable), or in your browser settings. For opting out of targeted advertising on social media platforms, please visit the relevant social media platform to explore the options they may provide.
|
|
Promotions
Where your personal data are collected during a competition, game, contest, promotional offer, sample request, survey etc. |
|
To:
|
|
User Generated Content
Where your personal data are collected when you submit content (for example images or ratings and reviews) on one of our websites/apps/social media platforms, or accept our re-use of any content you posted on social media platforms. |
|
To:
|
|
Use of websites/apps and devices
Where your personal data are collected as part of your use of our apps and/or devices. |
|
To:
|
|
Enquiries
Where your personal data are collected when you ask questions relating to our brands, our products and their use, or your purchases, account or rights. |
|
To:
|
|
AUTOMATED DECISION MAKING
Automated decision making means the ability to make decisions using technology, without human involvement.
We may use automated decision making in the following circumstances:
- For the purposes of securing transactions placed through our websites/apps/devices against fraud. We may use a third-party provider’s solution to protect against fraud. The method of fraud detection is based on a number of different data prediction and data intelligence techniques that may change over time, to keep up with technological advancement. These may include, for example, data comparison or association, or detecting outlier (unusual) data patterns. This fraud detection process may be completely automated or may involve some human intervention where the final decision is taken by a person.
PROFILING
This means automatically processing personal data to evaluate certain personal aspects about an individual, in particular, to analyse or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
When we send or display personalised communications or content, we may use some profiling techniques. This means that we may collect personal data about you in the different scenarios mentioned in the table above, and use this data to analyse, evaluate, or predict your personal preferences, interests, behaviour and/or location.
Based on our analysis, we then send or display communications and/or content specifically tailored to your interests and needs.
You may have the right to object at any time to the use of your personal data for “profiling”. Please see “Your Rights and Choices” section below.
WHO MAY ACCESS YOUR PERSONAL DATA?
First, we want to be clear that we do not sell your personal data.
We may share your personal data within Nanshy
Your personal data may be accessed within Nanshy. Where appropriate, we may update the information you share with us, to tailor our communications based on your preferences, and to run analytics and perform statistics.
Your personal data may also be processed on our behalf by our trusted third-party suppliers.
- Third parties that assist and help us in providing digital and e-commerce services such as social listening, store locator, loyalty programs, identity management, ratings and reviews, CRM, web analytics and search engine, user-generated content curation tools;
- Advertising, marketing, digital and social media agencies to help us to deliver advertising, marketing, and campaigns, to analyse their effectiveness, and to manage your contact and questions;
- Third parties required to deliver a product to you e.g. postal/delivery services;
- Third parties that assist and help us in providing IT services, such as platform providers, hosting services, maintenance and support on our databases as well as on our software and applications;
- Payment service providers and credit reference agencies for the purpose of assessing your credit score and verifying your details where this is a condition of entering into a contract with you;
- Third parties that assist us with customer care and research purposes.
We may also disclose your personal data to third parties:
- In the event that we sell any or part of our business or assets, we may disclose your personal data to the prospective buyer of such business or assets. If Nanshy is acquired by a third party, personal data we hold about our consumers relating to those assets will be one of the transferred assets. In such cases, your personal data will be processed by the buyer acting as the new data controller and its privacy policy will govern the processing of your personal data.
- If we are under a duty to disclose or share your personal data in order to comply with a legal obligation, or in order to enforce or apply our terms of use/sales or other terms and conditions you have agreed to; or to protect the rights, property, or safety of Nanshy, our consumers, or others.
- In other circumstances, if we have your consent or we are permitted to do so by law.
WHERE WE STORE YOUR PERSONAL DATA
The personal data that we collect from you may be transferred to, accessed in, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our service providers.
Where Nanshy transfers personal data outside of the EEA, this will be done in a secure and lawful way. As some countries may not have laws governing the use and transfer of personal data, we will take steps to make sure that third parties adhere to the commitments set out in this Privacy Policy. These steps may include reviewing third parties’ privacy and security standards, and/or entering into appropriate contracts (on the basis of the template adopted by the EU Commission and available via its homepage).
For further information, please contact us as per the “Contact” section below.
HOW LONG DO WE KEEP YOUR PERSONAL DATA
We will keep your personal data for as long as we need it to provide you with your requested service(s) or to meet our commercial or legal obligations.
To determine the retention period of your personal data, we consider several criteria to make sure that we do not keep your personal data for longer than is necessary or appropriate. These criteria include:
- The purpose for which we hold your personal data;
- Our legal and regulatory obligations in relation to that personal data, for example, any financial reporting obligations;
- Whether our relationship with you is ongoing, for example, you have an active account with one or more of our brands, you continue to receive marketing communications, or you regularly browse or purchase of our websites/apps);
- Whether you are no longer actively participating or engaging with our brands, for example, you do not open our emails, visit our websites, or share user-generated content;
- Any specific requests from you in relation to the deletion of your personal data; and
- Our legitimate business interests in relation to managing our own rights, for example, the defence of any claims.
IS MY PERSONAL DATA SECURE?
We are committed to keeping your personal data secure and taking all reasonable precautions to do so. We contractually require that trusted third parties who handle your personal data for us do the same.
We always do our best to protect your personal data and once we have received your personal data, we use strict procedures and security features to try to prevent unauthorised access. As no transmission of information via the internet is completely secure, we cannot guarantee the security of your personal data transmitted to our site although. Any transmission is therefore at your own risk.
LINKS TO THIRD PARTY SITES AND SOCIAL LOGIN
Our websites/apps may, from time to time, contain links to the advertisers and/or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you share any personal data with these websites.
We may offer you the opportunity to use your social media login when interacting with our websites/apps. If you do so, please be aware that you will be sharing your profile information with us. The personal data that is shared will depend on your social media platform settings. Please visit the relevant social media platform and review its privacy policy to understand how your personal data is shared and used in this context.
SOCIAL MEDIA AND USER GENERATED CONTENT
Our websites and apps allow users to submit their own content. Please remember that any content submitted to our social media platforms can be viewed by the public, and you should be cautious about providing certain personal data e.g. financial information or address details. We are not responsible for any actions taken by other individuals if you post personal data on one of our social media platforms and we recommend that you do not share such information.
YOUR RIGHTS AND CHOICES
Nanshy respects your right to privacy: it is important that you are able to control your personal data. You have the following rights:
Your rights
|
What does this mean?
|
---|---|
The right to be informed | You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data, and your rights. This is why we are providing you with the information in this Privacy Policy. |
The right of access | You have the right to access and receive a copy of, any personal data we hold about you (subject to certain restrictions). In exceptional circumstances, we may charge a reasonable fee for providing such access but only where permitted by law. |
The right to rectification | You have the right to have your personal data rectified if it is incorrect or outdated and/or completed if it is incomplete. If you have an account, it may be easier to correct your own personal data via your “My Account” function. |
The right to erasure/right to be forgotten | In some cases, you have the right to have your personal data erased or deleted. Note this is not an absolute right, as we may have legal or legitimate grounds for retaining your personal data. |
The right to object to direct marketing, including profiling, and any processing based on our legitimate interests | You can unsubscribe or opt out of our direct marketing communication at any time. The easiest way to do this is by clicking on the “unsubscribe” link in any email or communication we send you. In circumstances where you have the right to object to profiling or any processing based on our legitimate interests, you should contact us using the details below. |
The right to withdraw consent at any time for and personal data processing based on consent | You can withdraw your consent to our processing of your personal data when such processing is based on consent. Where you withdraw your consent, this does not affect the lawfulness of our processing before your withdrawal. Please see the table in section “what personal data do we collect from you and how do we use it” specifically the column “What is our legal basis for processing your personal data?” to see where/when our processing is based on consent. |
The right to object to processing based on legitimate interests | You may object at any time to our processing of your personal data when such processing is based on our legitimate interests. Please see the table in section “what personal data do we collect from you and how do we use it” specifically the column “What is our legal basis for processing your personal data?” to see where/when our processing is based on legitimate interests. |
The right not to be subject to a decision based solely on automated decision-making | Where we use your personal data to make an automated decision about you (please see “Automated Decision Making” above for examples), you have the right to object to our decision. Your right does not apply if: (i) you gave us your explicit consent to use your personal data to make our decision; (ii) we are allowed by law to make our decision; or (iii) our automated decision was necessary to enable us to enter into a contract with you. |
The right to lodge a complaint with a supervisory authority | You have the right to contact the data protection authority of your country in order to lodge a complaint against our data protection and privacy practices. Do not hesitate to contact us at the details below before lodging any complaint with the competent data protection authority as we will always seek to resolve your complaint in the first instance. |
The right to data portability | You have the right to move, copy or transfer personal data from our database to another. This only applies to personal data that you have provided, where processing is based on a contract or your consent, and the processing is carried out by automated means. Please see the table in section “what personal data do we collect from you and how do we use it” specifically the column “What is our legal basis for processing your personal data?” to see where/when our processing is based on consent or the performance of a contract. |
The right to restriction | This right means that our processing of your personal data is restricted, so we can store it, but not use nor process it further. It applies in the following limited circumstances set out in the General Data Protection Regulation:
|
The right to deactivate cookies | The settings from the Internet browsers are usually programmed by default to accept cookies, but you can easily adjust it by changing the settings of your browser or, where available, by using the tools on our websites.
Many cookies are used to enhance the usability or functionality of a website; therefore disabling some types of cookies may prevent you from using certain parts of our websites. If you wish to restrict or block all the cookies which are set by our websites, please use the tool available on the particular website (if applicable), or refer to the Help function within your browser to learn how to manage your settings within your browser. For more information please consult the following links:http://www.aboutcookies.org/. |
How can I exercise these rights?
For more information, or to request any of the rights noted above, please contact us on the details set out below.
Note that we may require proof of your identity and full details of your request before we process any request(s).
COOKIES
What are they?
A cookie is a small file that a website transfers to the cookie file of the browser on your device so that the website can remember who you are.
We use cookies to help you navigate our website efficiently and to perform certain functions, including site traffic analysis. Cookies may also recognize you on your next log-in and offer you content tailored to your preferences and interests. Cookies do not compromise the security of a website.
Some cookies can collect personal information, including information you disclose like your username, or where cookies track you to deliver more relevant advertising content. For further details on how we use your personal information, please see our Privacy Policy.
There are two types of cookies on our sites – “session” cookies that are temporary cookies that remain on your browser only while you’re on our site, and “persistent” cookies, that remain on your browser for much longer.
Do I want to stop them?
Many cookies are used to enhance the usability or functionality of a website; therefore disabling cookies may prevent you from using certain parts of this website. We explain the cookies we use in the table below and give you a button by which you can block the optional cookies.
If you do not make either choice then you will be treated as having accepted all cookies on this site. You can change your mind in subsequent visits and use the buttons below to change your cookie status for our site.
If you wish to restrict or block all the cookies which are set by our website (which as we say may prevent you from using certain parts of the site), or indeed any other website, you can do this through your browser settings. The Help function within your browser should tell you how. For more information go to www.aboutcookies.org
Which cookies are being used on this site?
We use four different types of cookies on this site – those that are strictly necessary for the website to function, functionality cookies, performance/analytics cookies, and targeted/advertising cookies.
Strictly Necessary cookies: These are cookies that are essential for our website to work correctly. They may be required for system administration, to prevent fraudulent activity, or for a shopping cart function. These cookies cannot be switched off.
Functionality cookies: These cookies are used to enhance and simplify your user experience. For example, they may remember information about previous choices you have made, remember your password, or allow video or social media content to be properly viewed on the website. You can opt out of functionality cookies using the function below.
Analytics and Performance cookies: These are used for internal purposes to help us understand how you interact with our site, so we can provide you with an improved user experience e.g. to assess the performance of our website, or to test different design ideas for the website. We may work with third parties to perform these services for us, so these cookies may be set by a third party. You can opt out of these cookies using the function below.
Targeting and advertising cookies: These cookies are used to deliver relevant and tailored content (including advertising content) to you, and also to evaluate the effectiveness of that content. This content may be delivered on our websites.
There may be additional cookies managed by third parties, for example:
- Social Media Networks and Third Party Content. On our website, we may use social networking icons and sometimes embed video content from websites such as YouTube. When you visit a page with content embedded from, for example, YouTube, or click on a social network icon that takes you to that social network, you will be presented with third-party cookies from Youtube or that site as applicable. We do not control these cookies and you need to check with the applicable third party website for more information.
- Flash cookies. Nanshy uses Flash files to deliver part of its content, such as Video Player, throughout the site. To improve user experience Local Shared Objects – or flash cookies as they are commonly known – are employed to provide features such as auto-resume and for saving your preferences. Flash Cookies are stored in your terminal much in the same way as cookies are, however it is not possible to manage them at browser level in the same way.
- Spotlight tags – These are something we use to track measure and report on activities that happen when you see or click on one of our advertisements somewhere on the web and then either click through to our website from that ad or visit certain pages on our website within 30 days of having seen one of our advertisements somewhere on the web.
All cookies used on this website are detailed below
Cookie and status | Name | Purpose |
Cookie Acceptance (necessary) | CookiesAccepted | Records if you have accepted the use of cookies on the website. It does not contain any user information. This cookie remains on your computer after the session has closed. |
Session ID (necessary) | ONDEMANDAUTH | Required to navigate from one page to another and to maintain the login/logout information during your visit. It collects information in an anonymous form by using a unique identifier. Expires after 20 minutes of inactivity or when you end your session. |
Basket Cookie (necessary) | AdditionalParams | Used to store the number of items and total cost of the basket when you are internet shopping with us. It collects information in an anonymous form by using a unique identifier. Expires when you end your session. |
Cybersource payment cookies (necessary) | JSESSIONID BIGipServerorderpage | When you are internet shopping with us these two cookies work in relation to the secure payments aspects of the transaction and collect information in an anonymous form using a unique identifier. JSESSIONID expires when you end your session and BIGipServerorderpage expires after two hours. |
Banner view (necessary) | onetime | Records whether you have been shown the cookie alert banner so as not to show it to you again. It collects information in an anonymous form using a unique identifier. This cookie remains on your computer after the session has closed. |
Offers (optional) | onetimehomepage | Records whether you have been shown the exclusive offer popup on the home page so as not to show it to you again. It collects information in an anonymous form using a unique identifier. Expires when you end your session. |
User Authentication (optional) | UserAuthentication | Contains your country code and an anonymous unique identifier used during your previous visit to personalise the content of this website. This cookie remains on your computer after the session has closed. |
Google Analytics (optional) | -utma -utmb -utmc -utmz |
These cookies are used to collect information about how visitors use our site. They are placed on the site by Google, Inc an American Corporation. It collects information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited on the site. This information is then used by Google to make reports for us and to help us improve the site. For more information visit http://www.google.com/intl/en/policies/privacy/ |
Doubleclick (optional) | Doubleclick Cookie | This cookie ensures that you can see Lancôme offers on carefully selected third party websites after you have left the Lancôme site. For more information or if you want to disable this cookie without removing the other optional cookies please visit this link: https://www.google.com/settings/ads/onweb#display_optoutThis cookie expires after 60 days. |
Chat: Last Visit (optional) | LastVisit | Records the date and time that you last visited a page with our Live Chat service enabled. |
Live Chat: Last Invite (optional) | LastInvite | Records the date and time that we last sent you a Live Chat invite to improve your experience on lancome.co.uk |
Live Chat: Never Invite (optional) | NeverInvite | Records your preference to not be contacted again to participate in a Live Chat session. |
Live Chat: Aborted Time (optional) | AbortedTime | Records the time that your Live Chat session was aborted. |
Live Chat: Last Interaction (optional) | LastInteraction | LastInteraction Records the date that you last engaged in Live Chat on lancome.co.uk |
Live Chat: Chat Open (optional) | ChatOpen | Records whether you have an active chat session open or not. Expires after 2 minutes. |
Google Analytics support(session cookie) | bvgacef e.g. bvgacefRatingsAndReviews | Creates an event the first time Bazaar Voice is loaded for a user.
Bazaar Voice Cookie |
Feedback Submitted (session cookie) | pfv_(ID) rfv_(ID),rhf_(ID),rif_(ID) qfv_(ID),qhf_(ID),qif_(ID) cfv_(ID),chf_(ID),cif_(ID) |
Identifies and remembers user provided feedback through voting on helpfulness, innappropriate and voting/flagging icons. Cookies expires after session has finished.
Bazaar Voice Cookie |
Comment Submitted (session cookie) | r-commented-(ID)s-commented-(ID) | Identifies the reviews on which the user has commented in order to customise display highlighting these comments. Cookies expires after session has finished.
Bazaar Voice Cookie |
Mobile Preferences(session cookie) | displayTypePreferred(CODE) | Records whether a user has indicated a preference for Mobile or Desktop version of landing pages through search engines. Cookies expires after session has finished.
Bazaar Voice Cookie |
Analytics Session ID (session cookie) | BVSID BVBRANDSID BVID |
Allows internal Bazaar Voice analytics to be correlated to the same user browsing session for interactions across the Bazaar Voice network. BVSID & BVBRANDSID Cookies expires after session has finished. BVID cookie expires after 18 months.Bazaar Voice Cookie |
C2013 Session Cookie (session cookie) | Production: bvf_(client checksum) Staging: bvf_(client checksum)s | Stores a session ID of the user after submission of a review. Cookies expires after session has finished.
Bazaar Voice Cookie |
C2013 A/B testing cookie (session cookie) | BVImpl{client site name} | Stores user configuration for a/B testing. Cookies expires after session has finished.
Bazaar Voice Cookie |
Submit In Progress(session cookie) | prr-sip qa-sip sy-sip cp-sip |
Identifies a submission that is in progress, to enable maintaining of content in case of a refresh by the user. Cookies expires after session has finished.Bazaar Voice Cookie |
Display state (session cookie) | goto scroll-to-story-id bvReturnPosition bvOpenedQ(CODE) bvProfileActiveTab_(ID) bvScrollPositionX bvScrollPostitionY bvScrollToElementID bvScrollToElementOffset) |
Cookies retain the state of display across pages and/or reloads to enable consistent user experience. Cookies expires after session has finished.Bazaar Voice Cookie |
Memory | mem | Memory widget cookie used to track ordered list of products that a user has visited. Remains on computer for 365 days.
Bazaar Voice Cookie |
Remember Me | rm | Identifies users who have chosen to remember their credentials. Is removed upon sign out, or after 365 days.
Bazaar Voice Cookie |
CHANGES TO OUR PRIVACY POLICY
Any changes we may make to our Privacy and Cookies Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Privacy and Cookies Policy.
CONTACT
If you have any questions or concerns about how we treat and use your personal data, or would like to exercise any of your rights above, please contact us at [email protected] or by writing to us at:
Nanshy Ltd
Last updated: June 06, 2022