PRIVACY POLICY
www.uk.nuxe.com
Version of 23 October 2024
1. OUR COMMITMENTS IN TERMS OF PERSONAL DATA PROTECTION?
Your privacy is important to us, and we take great care to protect the confidentiality of the personal data you send us.
"Your personal data" means information or data elements that allow you to be identified directly or indirectly. This generally includes information such as your name, address, profile picture, email address and phone number, but may also include other information such as your IP address, shopping habits, lifestyle information, preferences and beauty/wellness. Data revealing racial or ethnic origin, genetic data, biometric data or data concerning the sex life or sexual orientation of a natural person shall not be collected.
We would like to explain to you in this Personal Data Protection Policy (hereinafter "Policy"), the nature of the personal data we collect, how we process it, the measures we take to ensure its security and the nature of your rights.
Our Policy may be updated by us at any time and such changes will take effect immediately. We therefore invite you to refer to it regularly in order to be aware about the latest available version.
This Policy applies to all personal data that you provide to us directly or indirectly.
For further information, please contact us by the contact form accessible at the bottom of the Site or by clicking here.
2. WHO COLLECTS YOUR PERSONAL DATA?
For the purpose of the UK Data Protection Act 2018 (“DPA’18”), NUXE UK Limited is the data controller.
NUXE UK Limited
Registered Address: 46 New Broad Street London UNITED KINGDOM
Company number: 08008059
Email address: dpo-nuxe@racine.eu
Hereinafter referred to as "NUXE
3. WHEN DO WE COLLECT YOUR PERSONAL DATA?
We collect personal data from you directly or indirectly through our service-providers, particularly when:
- You browse our Site – www.uk.nuxe.com (hereinafter referred as “Site”) – or use our services on our Site,
- You create an account on our Site,
- You log in to your account on our Site,
- You use your account on our Site,
- You subscribe to our newsletter,
- You place and pay for an order on our Site,
- You write a customer review, a comment on our social networks, on our Site,
- You can contact us through various channels including contact forms, chat, email, post or telephone,
- You participate in a game or competition, product tests, satisfaction surveys, polls, market research,
- You visit us at Nuxe Spas,
- You share content on social networks using a #Nuxe hashtag or hashtags that we provide,
- You have given your consent to third parties to transmit your personal data to us,
- You share your content by User Generated Consent (hereinafter referred as “UGC”)
- You share your content in photo and/or video format about our products.
4. HOW WE COLLECT YOUR PERSONAL DATA?
We may collect personal information about you from a number of sources, mainly:
- The personal data collected directly, that you voluntarily communicate to us, in particular when creating your account, through collection forms or when you make a purchase on our Site (for example: surname, first name, contact details, etc.);
- Personal data collected when using our Site, for example by using cookies (see Cookies Charter accessible at the bottom of the Site or by clicking here);
- Personal data that you choose to share when using third-party Site, which we have collected from other sources.
This data is collected fairly; no collection is made without the knowledge of the persons concerned.
5. WHAT PERSONAL DATA DO WE COLLECT, FOR WHAT PURPOSES, ON WHAT LEGAL BASIS AND FOR HOW LONG?
The processing that we carry out with your personal data have an explicit, legitimate and specific legal basis, such as
- The performance of the contract or pre-contractual measures (e.g. to deliver products purchased on our Site);
- Compliance with legal obligations (e.g. cosmetovigilance);
- Consent (e.g. sending a newsletter to prospects);
- Legitimate interest (e.g. generating statistics).
The following retention periods apply:
- Data required to manage the commercial relationship: for the entire duration of the commercial relationship and six (6) years from the end of the commercial relationship.
- Data required for accounting and billing purposes: and ten (10) years from the end of the financial year.
- three (3) years from the exercise of the right to object: for customers, for the duration of the commercial relationship and three (3) years from the last purchase or last contact with us. For prospective customers, three (3) years from the date of collection of the data or the last contact with us.
- Data relating to means of payment: This data is not kept by NUXE; it is collected at the time of the transaction and is immediately deleted once the purchase has been paid for, except in the event of a dispute.
- Data relating to unsubscription lists to receive marketing: three (3) years from the exercise of the right to object.
- Data required to prevent fraud: 13 months following the debit date or 15 months in the case of deferred debit cards. The data is kept for evidence purposes and is stored in an intermediate archive by a payment service provider. It is only used if the transaction is contested.
- Data required for Cosmetology:
In the active database: for a period of 10 years from the time contact is made to report the undesirable effect until the file is closed, it being specified that the personal data required for reimbursement is deleted directly after reimbursement.)
For archiving purposes: 10 years from the withdrawal of the product concerned from the market (legal obligation).
- Data required to publish reviews when you submit a review while logged into your account: 5 years from the date of your last activity.
- Data required to manage a dispute related to a purchase: six (6) years from the resolution of the dispute.
- Data required to compile statistics: five (5) years after our last contact.
When do we collect your personal data? |
What data (directly or indirectly)? |
For what purposes do we use your data? |
What is the legal basis? |
When creating an account on our Site and for any action necessary to manage your account |
Depending on the situations, such personal data may include:
|
|
Performance of a contract or pre-contractual measures Providing you with the service you have requested or the offer to which we have committed |
|
Performance of a contract or pre-contractual measures Responding to requests from customers and prospects
|
||
|
Legitimate interest Producing statistics and carrying out analyses |
||
|
Legitimate interest Improving consumer knowledge
|
||
When subscribing to the NUXE newsletter and for any action of management of the NUXE newsletters
|
Depending on the situations, such personal data may include:
|
|
Consent (prospects)/Soft opt-in (customers) Sending you commercial prospecting messages
|
|
Legitimate interest Knowing the relevance and effectiveness of our newsletters |
||
|
Legal obligation Maintaining your details on an unsubscribe request list to ensure that your unsubscribe request is carried out correctly |
||
When purchasing products and/or services on our Site and for any order management action, through an account or as a guest
The data collected during the purchase procedure carried out directly on our Site or through the pages of social networks. |
Depending on the situations, such personal data may include:
Data related to the creation of your account if you create one:
The data required to complete an order as a guest (without an account) : - Full name ; - Email address - Postal address; - Telephone number.
Data related to the act of purchase:
|
Please note that payment information (credit card number/Paypal information/bank details) is not collected by us but directly by the payment service-providers.
|
Performance of a contract or pre-contractual measures Providing you with the service you have requested or the offer to which we have committed |
|
Legitimate interest Enabling you to complete your shopping journey |
||
Please note that we use a solution provided by a third-party service-provider to detect fraud and to ensure that payment is made by you. |
Legitimate interest Protecting you and us from fraudulent transactions and ensuring that payments are made without fraud or embezzlement.
|
||
|
Legitimate interest Following the dispute and bringing you a solution |
||
|
Legitimate interest Producing statistics and carrying out analyses |
||
Every time you go online
|
Data collected during browsing directly on our Site or through cookies or similar technologies:
To learn more about the cookies collected, you can consult our Cookies Charter.
Technical information:
Depending on the case:
|
Please refer to our Cookies Policy and to the consent management platform accessible at the bottom of the page or by clicking here which details the cookies subject to consent and those exempted according to their purpose as well as their retention periods. |
|
When you post content online:
|
Depending on the situations, such personal data may include:
|
|
Legitimate interest Re-using the content you have put online and offering you feedback on products/services |
|
Legitimate interest Helping us better understand your needs and expectations and thus improving and promoting our services, products and brands. |
||
When using the services and applications
Data collected in the context of your use of our services, applications and/or devices (e.g.: beauty diagnosis; store locator)
|
Depending on the situations, such personal data may include:
|
|
Performance of a contract/legitimate interest Providing you with the service you have requested or the offer to which we have committed |
|
Legitimate interest Constantly improving our products and services to meet your needs and expectations, and advancing research and innovation. |
||
For all enquiries
Data collected when you contact us
|
Depending on the situations, such personal data may include:
|
|
Legitimate interest Providing you with the service you have requested or the offer to which we have committed
|
|
Legitimate interest Helping us better understand the needs and expectations of our customers and thus improving our services, products and brands.
|
||
In the event of adverse reactions linked to the use of our products |
Depending on the situation, this personal data may include:
|
For Cosmetovigilance:
|
Legal obligations Complying with the legal obligation to monitor the adverse effects of its products |
For any participation in competitions or promotional activities (e.g. ambassador programme) |
Depending on the situations, such personal data may include:
|
|
Performance of a contract or pre-contractual measures Allowing you to participate in competitions and promotional activities. |
6. WHAT IS OUR COOKIE POLICY?
For more details, please consult our cookies charter (accessible at the bottom of the page or by clicking here) and the consent management platform (accessible at the bottom of the page or by clicking here).
7. WHO WILL RECEIVE YOUR DATA?
NUXE collects your personal data and does not sell it.
However, in order to provide our services, we may disclose your personal data to authorised and specified recipients, namely to:
- All employees of the NUXE Group companies, who are bound by an obligation of confidentiality,
- Our advertising, marketing and promotional agencies to help us deliver and analyse the effectiveness of our advertising campaigns and promotions,
- Third-parties required to deliver a product or service to you, such as a delivery or postal service delivering a product you have ordered,
- Third-party service-providers, such as website hosting service-providers, conversational chatbot service-providers,
- Suppliers of Web analysis tools,
- Our service-providers and/or business partners where sharing is necessary to meet the above-mentioned purposes,
- Our legal advice on pre-litigation and litigation,
- Administrative or judicial authorities when they ask us to disclose your information to them,
We require these recipients to implement all necessary and appropriate technical and organisational measures to ensure the confidentiality and optimum security of your data against misuse and to use it only in accordance with our instructions and the laws and regulations in force, mainly the signing of a personal data protection agreement.
8. WHAT IS OUR POLICY FOR TRANSFER OUTSIDE THE EU?
For some of the purposes set out above, we inform you that we may transfer your personal data to trusted partners located outside the European Economic Area, whose personal data protection laws differ from those of the European Economic Area (EEA).
When these partners are located outside the EEA and in a country that does not benefit from an adequacy decision, we take all appropriate steps to ensure the security of such transfers by taking one of the following measures by signing data transfer contracts that include the European Commission's standard contractual clauses.
We require our partners to implement all technical and organisational measures to ensure the confidentiality and security of your data.
Upon request, we can provide you with the list of the countries where we store and process your data and those where it is occasionally transferred as well as a copy of the appropriate safeguards implemented.
9. HOW DO WE PROTECT YOUR PERSONAL DATA?
As data controller, we take all reasonable precautions to maintain the security and confidentiality of your personal data by implementing organisational, technical, software and physical measures and require our partners to do the same.
Access to your personal data is restricted to prevent unauthorised access, modification, interference, loss and/or misuse. Although NUXE takes all reasonable steps to protect your personal data, no transmission or storage technology is foolproof.
10. HOW TO EXERCISE YOUR RIGHTS?
In accordance with the DPA’18 and the UK General Data Protection Regulation (“GDPR”), you have the following rights:
- Right of access to your personal data, which gives you the right to obtain from the controller confirmation as to whether or not your personal is processed and, where that is the case, access to the personal data along with other key pieces of information (for example, the purposes processing and categories of personal data concerned).
- Right to rectify your personal data, which allows you to correct inaccurate data about yourself (wrong age or address) or to complete data (address without flat number) in relation to the purpose of the processing.
- Right to object to the processing of your personal data, which allows you to object to your data being used for a specific purpose.
- Right to restrict your data, which allows you to object to your data being used in a general way while being retained by the organisation;
- Right to erasure of your personal data where one or more of the legitimate grounds apply.
- The right to portability of your personal data, which allows you to request the retrieval of the data you have provided, either for your own use or for transmission to a third-party of your choice. Please note that this right only applies where the processing is based on consent or contract and the processing is carried out by automated means.
- Right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent carried out prior to the withdrawal of consent.
- Right not to be subject to a decision based solely on automated decision making, including profiling.
For more information on your rights: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/data-sharing/data-sharing-a-code-of-practice/the-rights-of-individuals/.
To exercise these rights, simply make a written request via our online contact form accessible at the bottom of the Site or by clicking here by selecting "Personal Data - GDPR" in the subject line of your request.
A reply will be sent to you within one (1) month from the date of receipt of your request.
How to unsubscribe from our newsletter lists?
You can unsubscribe from our newsletter lists via the unsubscribe link at the bottom of all our newsletters or in the communication preferences section of your account or by us by the contact form accessible at the bottom of the Site or by clicking here
11. DATA PROTECTION OFFICER
We have appointed a Data Protection Officer.
The contact details of the Data Protection Officer are as follows:
- Name: Mr Eric Barbry;
- E-mail address dpo-nuxe@racine.eu;
- Tel.: 01 44 82 43 00.
If you wish to obtain information or ask a specific question, you can contact the Data Protection Officer who will give you an answer within a reasonable timeframe with regard to the information required or the question asked.
13. RIGHT TO LODGE A COMPLAINT WITH THE ICO
We inform you of your right to lodge a complaint with a supervisory authority, namely the Information Commissioners Office (“ICO”) in the UK, if you have any concerns regarding the processing of your personal by the following the below link:
ico.org.uk/make-a-complaint/data-protection-complaints/personal-information-complaint/