PRIVACY POLICY

www.uk.nuxe.com  
Version of 23 October 2024 

 

1. OUR COMMITMENTS IN TERMS OF PERSONAL DATA PROTECTION? 

Your privacy is important to us, and we take great care to protect the confidentiality of the personal data you send us.  

"Your personal data" means information or data elements that allow you to be identified directly or indirectly. This generally includes information such as your name, address, profile picture, email address and phone number, but may also include other information such as your IP address, shopping habits, lifestyle information, preferences and beauty/wellness. Data revealing racial or ethnic origin, genetic data, biometric data or data concerning the sex life or sexual orientation of a natural person shall not be collected. 

We would like to explain to you in this Personal Data Protection Policy (hereinafter "Policy"), the nature of the personal data we collect, how we process it, the measures we take to ensure its security and the nature of your rights. 

Our Policy may be updated by us at any time and such changes will take effect immediately. We therefore invite you to refer to it regularly in order to be aware about the latest available version. 

This Policy applies to all personal data that you provide to us directly or indirectly. 

For further information, please contact us by the contact form accessible at the bottom of the Site or by clicking here.  

 

2. WHO COLLECTS YOUR PERSONAL DATA? 

For the purpose of the UK Data Protection Act 2018 (“DPA’18”), NUXE UK Limited is the data controller.  

NUXE UK Limited 

Registered Address: 46 New Broad Street London UNITED KINGDOM  

Company number: 08008059 

Email address: dpo-nuxe@racine.eu  

Hereinafter referred to as "NUXE 

 

3. WHEN DO WE COLLECT YOUR PERSONAL DATA? 

We collect personal data from you directly or indirectly through our service-providers, particularly when: 

  • You browse our Site – www.uk.nuxe.com (hereinafter referred as “Site”) – or use our services on our Site, 
  • You create an account on our Site, 
  • You log in to your account on our Site, 
  • You use your account on our Site, 
  • You subscribe to our newsletter, 
  • You place and pay for an order on our Site, 
  • You write a customer review, a comment on our social networks, on our Site, 
  • You can contact us through various channels including contact forms, chat, email, post or telephone,  
  • You participate in a game or competition, product tests, satisfaction surveys, polls, market research, 
  • You visit us at Nuxe Spas, 
  • You share content on social networks using a #Nuxe hashtag or hashtags that we provide, 
  • You have given your consent to third parties to transmit your personal data to us, 
  • You share your content by User Generated Consent (hereinafter referred as “UGC”) 
  • You share your content in photo and/or video format about our products. 

 

4. HOW WE COLLECT YOUR PERSONAL DATA? 

We may collect personal information about you from a number of sources, mainly: 

  • The personal data collected directly, that you voluntarily communicate to us, in particular when creating your account, through collection forms or when you make a purchase on our Site (for example: surname, first name, contact details, etc.); 
  • Personal data collected when using our Site, for example by using cookies (see Cookies Charter accessible at the bottom of the Site or by clicking here); 
  • Personal data that you choose to share when using third-party Site, which we have collected from other sources. 

This data is collected fairly; no collection is made without the knowledge of the persons concerned. 

 

5. WHAT PERSONAL DATA DO WE COLLECT, FOR WHAT PURPOSES, ON WHAT LEGAL BASIS AND FOR HOW LONG? 
The processing that we carry out with your personal data have an explicit, legitimate and specific legal basis, such as  

  • The performance of the contract or pre-contractual measures (e.g. to deliver products purchased on our Site); 
  • Compliance with legal obligations (e.g. cosmetovigilance); 
  • Consent (e.g. sending a newsletter to prospects); 
  • Legitimate interest (e.g. generating statistics).   

 

The following retention periods apply: 

  • Data required to manage the commercial relationship: for the entire duration of the commercial relationship and six (6) years from the end of the commercial relationship. 
  • Data required for accounting and billing purposes: and ten (10) years from the end of the financial year. 
  • three (3) years from the exercise of the right to object: for customers, for the duration of the commercial relationship and three (3) years from the last purchase or last contact with us. For prospective customers, three (3) years from the date of collection of the data or the last contact with us. 
  • Data relating to means of payment: This data is not kept by NUXE; it is collected at the time of the transaction and is immediately deleted once the purchase has been paid for, except in the event of a dispute. 
  • Data relating to unsubscription lists to receive marketing: three (3) years from the exercise of the right to object. 
  • Data required to prevent fraud: 13 months following the debit date or 15 months in the case of deferred debit cards. The data is kept for evidence purposes and is stored in an intermediate archive by a payment service provider. It is only used if the transaction is contested. 
  • Data required for Cosmetology:  

In the active database: for a period of 10 years from the time contact is made to report the undesirable effect until the file is closed, it being specified that the personal data required for reimbursement is deleted directly after reimbursement.) 

For archiving purposes: 10 years from the withdrawal of the product concerned from the market (legal obligation). 

- Data required to publish reviews when you submit a review while logged into your account: 5 years from the date of your last activity. 

- Data required to manage a dispute related to a purchase: six (6) years from the resolution of the dispute. 

- Data required to compile statistics: five (5) years after our last contact. 

 

When do we collect your personal data?  

What data (directly or indirectly)? 

For what purposes do we use your data? 

What is the legal basis? 

When creating an account on our Site and for any action necessary to manage your account 

Depending on the situations, such personal data may include: 

  • Sex; 
  • Full name;  
  • Email address; 
  • Postal address; 
  • Telephone number; 
  • Date of birth or age range; 
  • Login (NUXE website, Facebook, Google); 
  • Password; 
  • Presentation or personal preferences (e.g. list of favourites);  
  • Information related to orders; 
  • Date of creation and update of account and date of last login. 
  • Managing your orders and allowing you to track the status of your order. 

 

Performance of a contract or pre-contractual measures 

Providing you with the service you have requested or the offer to which we have committed     

  • Answering your questions and interacting with you in any other way (e.g. NUXE customer service);  
  • Allowing you to manage your preferences; 
  • Informing you about the availability of a product you wanted to buy; 
  • Allowing you to reset your password; 
  • Adding credit to your account. 

Performance of a contract or pre-contractual measures 

Responding to requests from customers and prospects 

 

 

  • Enriching your profile if you make a purchase with your account information; 

Legitimate interest 

Producing statistics and carrying out analyses 

  • Producing statistics based on anonymised data specific to consumer knowledge. 

Legitimate interest  

Improving consumer knowledge  

 

 

When subscribing to the NUXE newsletter and for any action of management of the NUXE newsletters 

 

Depending on the situations, such personal data may include: 

  • Your email address; 
  • Your opening of our newsletters; 
  • Your clicks on our newsletters;  
  • How often you open our newsletters; 
  • Your registration and/or deregistration dates  
  • Sending you marketing communication that may be tailored to your "profile" (e.g. by using the personal data we have about you and your preferences); 
  • Sending you institutional communication; 
  • Adapting our commercial communication according to the behaviour with respect to our newsletters (e.g. non-recipients); 
  • Sending you satisfaction questionnaires or surveys; 
  • Ensuring that you have the most suited experience. 

Consent (prospects)/Soft opt-in (customers) 

Sending you commercial prospecting messages 

  

  • Carrying out audience analysis or producing statistics (e.g. opening rates, click rates, etc.);  
  • Understanding their effectiveness; 
  • Helping us better understand the needs and expectations of our consumers in order to improve our services, products and brands. 

Legitimate interest 

Knowing the relevance and effectiveness of our newsletters 

  • Maintaining a list of unsubscribe requests. 

Legal obligation 

Maintaining your details on an unsubscribe request list to ensure that your unsubscribe request is carried out correctly 

When purchasing products and/or services on our Site and for any order management action, through an account or as a guest 

 

The data collected during the purchase procedure carried out directly on our Site or through the pages of social networks. 

Depending on the situations, such personal data may include: 

 

Data related to the creation of your account if you create one: 

  • Sex; 
  • Full name;  
  • Email address; 
  • Postal address; 
  • Telephone number; 
  • Date of birth or age range; 
  • Customer Identifier; 
  • Password; 
  • Presentation or personal preferences (e.g. list of favourites);  
  • Information relating to orders; 
  • ID on social networks (if you use social networks to connect or if you communicate this personal data to us); 
  • Date of account creation and date of last login. 

 

The data required to complete an order as a guest (without an account) : 

- Full name ; 

- Email address 

- Postal address; 

- Telephone number. 

 

Data related to the act of purchase: 

  • Information about any transaction, including products purchased; 
  • Purchase history; 
  • Bank account details (only exceptionally in the case of a technically impossible refund to a bank card); 
  • IP address.  

 

  • Creating your account; 
  • Managing the payment of your order.  

Please note that payment information (credit card number/Paypal information/bank details) is not collected by us but directly by the payment service-providers. 

 

  • Processing and tracking your order or renewal, including delivery of the product to the address you have provided;  
  • Managing any contact you have with us regarding your order. 

Performance of a contract or pre-contractual measures 

Providing you with the service you have requested or the offer to which we have committed     

  • Contacting you to finalise your order if you have saved your shopping cart or if you have placed products in your shopping cart without proceeding to payment. 

 

Legitimate interest 

Enabling you to complete your shopping journey 

  • Protecting transactions against fraud.  

Please note that we use a solution provided by a third-party service-provider to detect fraud and to ensure that payment is made by you. 

Legitimate interest 

Protecting you and us from fraudulent transactions and ensuring that payments are made without fraud or embezzlement.  

 

 

  • Handling any dispute related to a purchase. 

 

Legitimate interest 

Following the dispute and bringing you a solution 

  • Enriching your profile if you make a purchase with your account information. 
  • Produce volumetric statistics linked to e-commerce (e.g. average basket, daily and weekly sales, etc.).

 

Legitimate interest 

Producing statistics and carrying out analyses 

Every time you go online 

  

Data collected during browsing directly on our Site or through cookies or similar technologies: 

  • Connection data; 
  • Pages viewed; 
  • Products you have been looking for. 

 

To learn more about the cookies collected, you can consult our Cookies Charter. 

 

Technical information:  

  • IP address; 
  • Browser data; 
  • Device data. 

 

 

  • Advertisements for products or services that you have clicked on on third-party Site via cookies.   

 

Depending on the case:  

  • Full name;  
  • Email address; 
  • Date of birth; 
  • Sex; 
  • Presentation or personal preferences;  
  • Profile on social networks (if you use social media to connect or if you provide us with this personal data).  

 

 

Please refer to our Cookies Policy and to the consent management platform accessible at the bottom of the page or by clicking here which details the cookies subject to consent and those exempted according to their purpose as well as their retention periods. 

When you post content online:  

 

  • You post a review or an UGC ; 
  • You post content on one of our social networks or Site; 
  • You agree that we may re-use the content you have posted on social networks and/or our Site. 

 

Depending on the situations, such personal data may include: 

  • Full name or username; 
  • E-mail address; 
  • Photo; 
  • Presentation or personal preferences;  
  • Profile on social networks (if you use social networks to log in or if you give us this personal data); 
  • Product reviews posted on our Site; 
  • Any other information you have provided to us about yourself (e.g. by contacting us, by providing your own content such as photos or a comment, by sending a question via the "chat" function available on some websites with a survey). 
  • Uploading your comments/reviews or content; 
  • Promoting our products according to the conditions of our moderation charter. 

Legitimate interest 

Re-using the content you have put online and offering you feedback on products/services 

  • Producing statistics (e.g. number of reviews, moderations, verbatim). 

Legitimate interest 

Helping us better understand your needs and expectations and thus improving and promoting our services, products and brands. 

When using the services and applications  

 

Data collected in the context of your use of our services, applications and/or devices (e.g.: beauty diagnosis; store locator) 

 

 

Depending on the situations, such personal data may include: 

  • Full name; 
  • E-mail address; 
  • Sex; 
  • Date of birth or age range;  
  • Beauty/wellness data, including your skin/hair type. 

  

 

 

  • Providing you with the requested service (e.g.: beauty diagnosis; store locator); 
  • At your request, analysing your beauty/wellness characteristics and recommending appropriate routines and products (including tailor-made treatments); 
  • Providing you with recommendations for products and routines. 

Performance of a contract/legitimate interest 

Providing you with the service you have requested or the offer to which we have committed     

  • Promoting research and innovation to which the NUXE Group's researchers are dedicated; 
  • Monitoring and improving our applications and devices; 
  • Producing statistics on customer needs and expectations. 

Legitimate interest 

Constantly improving our products and services to meet your needs and expectations, and advancing research and innovation. 

For all enquiries 

 

Data collected when you contact us 

 

 

Depending on the situations, such personal data may include: 

  • Full name; 
  • Sex; 
  • Telephone number; 
  • E-mail address; 
  • Any other information you have provided to us about yourself as part of your request. 

 

 

  • Responding to your requests; 
  • Putting you in touch with the appropriate department if necessary.  

Legitimate interest  

Providing you with the service you have requested or the offer to which we have committed 

 

 

 

  • Producing statistics based on anonymised data specific to consumer knowledge. 

Legitimate interest 

Helping us better understand the needs and expectations of our customers and thus improving our services, products and brands. 

 

 

In the event of adverse reactions linked to the use of our products 

Depending on the situation, this personal data may include: 

  • Surname and first name ; 
  • gender 
  • Telephone number 
  • E-mail address; 
  • - Any other information you have given us about yourself as part of your request (which may include medical data and data relating to your well-being as part of a cosmetovigilance claim). 

For Cosmetovigilance:  

 

  • Monitoring and preventing any adverse effects related to the use of our products; 
  • Carrying out studies on the safety of our products; 
  • Carrying out and following up on corrective actions taken, if necessary. 

 

Legal obligations 

Complying with the legal obligation to monitor the adverse effects of its products 

For any participation in competitions or promotional activities (e.g. ambassador programme) 

Depending on the situations, such personal data may include: 

  • Sex; 
  • Full name;  
  • Email address; 
  • Postal address; 
  • Telephone number; 
  • Date of birth or age range; 
  • Image (photo or video) and voice; 
  • Login (NUXE website, Facebook, Google, Tik Tok); 
  • Password; 
  • Presentation or personal preferences (e.g. list of favourites);  
  • Other elements of personal and professional life (e.g. beauty routine, skin type, shopping habits, etc.). 
  • Managing requests for participation in competitions and promotional activities; 
  • Delivering the prize to the winner(s) if applicable; 
  • Promoting competitions and promotional activities.  

Performance of a contract or pre-contractual measures 

Allowing you to participate in competitions and promotional activities.  

 

6. WHAT IS OUR COOKIE POLICY? 

For more details, please consult our cookies charter (accessible at the bottom of the page or by clicking here) and the consent management platform (accessible at the bottom of the page or by clicking here). 

 

7. WHO WILL RECEIVE YOUR DATA? 

NUXE collects your personal data and does not sell it. 

However, in order to provide our services, we may disclose your personal data to authorised and specified recipients, namely to: 

  • All employees of the NUXE Group companies, who are bound by an obligation of confidentiality, 
  • Our advertising, marketing and promotional agencies to help us deliver and analyse the effectiveness of our advertising campaigns and promotions, 
  • Third-parties required to deliver a product or service to you, such as a delivery or postal service delivering a product you have ordered, 
  • Third-party service-providers, such as website hosting service-providers, conversational chatbot service-providers, 
  • Suppliers of Web analysis tools,  
  • Our service-providers and/or business partners where sharing is necessary to meet the above-mentioned purposes, 
  • Our legal advice on pre-litigation and litigation, 
  • Administrative or judicial authorities when they ask us to disclose your information to them, 

We require these recipients to implement all necessary and appropriate technical and organisational measures to ensure the confidentiality and optimum security of your data against misuse and to use it only in accordance with our instructions and the laws and regulations in force, mainly the signing of a personal data protection agreement.  

 

8. WHAT IS OUR POLICY FOR TRANSFER OUTSIDE THE EU? 

For some of the purposes set out above, we inform you that we may transfer your personal data to trusted partners located outside the European Economic Area, whose personal data protection laws differ from those of the European Economic Area (EEA). 

When these partners are located outside the EEA and in a country that does not benefit from an adequacy decision, we take all appropriate steps to ensure the security of such transfers by taking one of the following measures by signing data transfer contracts that include the European Commission's standard contractual clauses. 

We require our partners to implement all technical and organisational measures to ensure the confidentiality and security of your data. 

Upon request, we can provide you with the list of the countries where we store and process your data and those where it is occasionally transferred as well as a copy of the appropriate safeguards implemented. 

 

9. HOW DO WE PROTECT YOUR PERSONAL DATA? 

As data controller, we take all reasonable precautions to maintain the security and confidentiality of your personal data by implementing organisational, technical, software and physical measures and require our partners to do the same. 

Access to your personal data is restricted to prevent unauthorised access, modification, interference, loss and/or misuse. Although NUXE takes all reasonable steps to protect your personal data, no transmission or storage technology is foolproof. 

 

10. HOW TO EXERCISE YOUR RIGHTS? 

In accordance with the DPA’18 and the UK General Data Protection Regulation (“GDPR”), you have the following rights: 

  • Right of access to your personal data, which gives you the right to obtain from the controller confirmation as to whether or not your personal is processed and, where that is the case, access to the personal data along with other key pieces of information (for example, the purposes processing and categories of personal data concerned).  
  • Right to rectify your personal data, which allows you to correct inaccurate data about yourself (wrong age or address) or to complete data (address without flat number) in relation to the purpose of the processing. 
  • Right to object to the processing of your personal data, which allows you to object to your data being used for a specific purpose. 
  • Right to restrict your data, which allows you to object to your data being used in a general way while being retained by the organisation; 
  • Right to erasure of your personal data where one or more of the legitimate grounds apply. 
  • The right to portability of your personal data, which allows you to request the retrieval of the data you have provided, either for your own use or for transmission to a third-party of your choice. Please note that this right only applies where the processing is based on consent or contract and the processing is carried out by automated means.  
  • Right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent carried out prior to the withdrawal of consent 
  • Right not to be subject to a decision based solely on automated decision making, including profiling 

For more information on your rights: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/data-sharing/data-sharing-a-code-of-practice/the-rights-of-individuals/. 

To exercise these rights, simply make a written request via our online contact form accessible at the bottom of the Site or by clicking here by selecting "Personal Data - GDPR" in the subject line of your request. 

A reply will be sent to you within one (1) month from the date of receipt of your request. 

 

How to unsubscribe from our newsletter lists? 

You can unsubscribe from our newsletter lists via the unsubscribe link at the bottom of all our newsletters or in the communication preferences section of your account or by us by the contact form accessible at the bottom of the Site or by clicking here 

 

11. DATA PROTECTION OFFICER  

We have appointed a Data Protection Officer. 

The contact details of the Data Protection Officer are as follows: 

- Name: Mr Eric Barbry; 

- E-mail address dpo-nuxe@racine.eu; 

- Tel.: 01 44 82 43 00.  

If you wish to obtain information or ask a specific question, you can contact the Data Protection Officer who will give you an answer within a reasonable timeframe with regard to the information required or the question asked. 

 

13. RIGHT TO LODGE A COMPLAINT WITH THE ICO 

We inform you of your right to lodge a complaint with a supervisory authority, namely the Information Commissioners Office (“ICO”) in the UK, if you have any concerns regarding  the processing of your personal by the following the below link:  

ico.org.uk/make-a-complaint/data-protection-complaints/personal-information-complaint/