Personal Data Protection Policy
 
This Personal Data Protection Policy, with the Cookies Policy (accessible here), applies to the data we collect when you use our website (“Website") spa.loccitane.com/, when you go to our Spas, ask for a treatment or contact us within this framework. It describes the types of personal data we collect from our customers and explains how we process such data, as well as the choices available to our customers regarding our use of such data. It also describes the measures we take in order to protect the security of this data and how you can contact us regarding the protection of your personal data. We ask you to please read this Personal Data Protection Policy carefully. If you do not wish for your personal data to be used in the manner described in this Personal Data Protection Policy, it is possible that we may not be able to satisfy certain requests. We ask you to regularly review this Personal Data Protection Policy in order to remain up-to-date with any possible policy modifications, in particular any that relate to the collection and conditions for the processing of your personal data.
Topics covered
- Collecting your personal data
- Use of the data that we collect
- Information we share
- Transferring your personal data
- Information on retention periods
- Protecting your personal data
- Social media and user-generated content
- Your rights
- Links to third-party sites and services
- Modification of Personal Data Protection Policy
- Contact us
 
COLLECTING YOUR PERSONAL DATA
The entity responsible for processing your personal data from our Website and our Spas and under the conditions described in this Personal Data Protection Policy is the branch of L’Occitane International SA, whose registered office is located at 5 chemin du Pré Fleuri, 1228 Plan-les-Ouates, Switzerland (“L’Occitane”). Within the framework of certain end purposes and the limited processing of your personal data as described in this Policy, our partner (a hotel or resort) operating the Spa may also act as joint data controller of your personal data.
We may collect your personal data in various ways, in particular when you use our Spas, sign up as a member, contact us (by e-mail, telephone or via the dedicated form), view our online content, participate in a contest or promotional game, participate in an activity we organise by means of surveys via our applications and social media or subscribe for our newsletter. We can also link and/or combine the information we collect about you from the various devices you use.
The types of personal information we may collect are the following:
  1. Identification data (name, last name mailing address, e-mail address, mobile telephone number or other telephone number);
  2. Personal data (date of birth, gender, preferred language);
  3. As part of your registration as a guest at our Spas and your request for a treatment, we will process personal data about your lifestyle, skin type, treatment needs and, with your explicit consent, we will process personal data about your health in order to ensure that your Spa treatment(s) are tailored to your needs and health and for your safety during each treatment;
  4. Your interest and experience with our products and similar products;
  5. Location data to enable you to find the nearest L’Occitane Spa;
  6. The history of treatments you have received at our Spas;
  7. The customer service data, surveys and comments and data exchanged with our customer service team;
  8. Photographs, videos, questions, recommendations and other comments you provide;
  9. Data about you from sources available publicly, including the content available publicly on social media platforms; and
  10. Any other data you provide to use after a request to one of our departments.
Also, as explained in our Cookies Policy , we may collect certain data related to your activity online, as well as the browser data linked to your device and to your operating system, your IP address, the web pages or advertisements you view, the details of your visits to our online content and social media, advertising identifiers or similar identifiers and your online actions collected by automated means, such as our cookies, third-party cookies, web servers, pixels and web beacons, and by demographic means, linked to areas of interest and the context, when you view our content or social media, you contact us by any means or application, open the e-mails we send to you or which are sent by third parties on our behalf and when you visit the websites and networks of third parties on which our advertisements are displayed. We may establish links between the data we have collected via automated means, such as your data and your browsing history, and other data we have obtained relating to you.
The third-party suppliers of applications, tools, gadgets and plug-ins on our Website, as well as the third-party websites and networks on which our advertisements are displayed (such as advertising networks, digital advertising partners and social media platforms) may also use automated and demographic means linked to areas of interest and to the context, in order to collect data about you, such as your interactions with these functions, while tracing your online activity, constantly and via third-party Websites. This data is collected directly or indirectly by these third-party suppliers (in addition to the data collected by us) and is subject to their own personal data protection policy. In certain situations, we may act as a joint data controller with social media platforms. For example in the event that the presence or use of a social plug-in, such as a "Like" button, results in the transmission of some of your personal data to the corresponding social media platform. All subsequent processing of your personal data collected in such a way by the social media platform falls under the sole responsibility of such social media platform. We invite you to consult the personal data protection policy of all social media platforms for which the plug-ins are included on our Websites, in particular:
Facebook:                                           https://fr-fr.facebook.com/privacy/explanation/
Instagram:                                           https://www.facebook.com/help/instagram/155833707900388
Twitter:                                                https://twitter.com/fr/privacy
Pinterest:                                            https://policy.pinterest.com/fr/privacy-policy
YouTube:                                            https://policies.google.com/privacy?gl=FR&hl=fr  

If you do not accept for us to collect the above data about you, it is possible that we may not be able to provide you with certain services, including those identified in this Personal Data Protection Policy.
USE OF DATA WE COLLECT
Why do we process your data? How do we use your data for these purposes? What are the legal bases for this processing?
To provide you with products and services and access to the facilities you have requested. We use your personal data in order to provide products and services suited to your needs. We use this data in order to perform the contractual obligations existing between us and you.
To create, register and manage your account. We use your personal data, including your email address and username, to create, register and manage your account, e.g., by sending you a password when you request it from us and by verifying your identity when necessary. We use this data to comply with our legal obligations. We use this data in order to fulfil the contractual obligations existing between us and you.
To create and manage accounts in our Spas. We use your personal contact information to open your account in our Spas and for its management. We use this data in order to fulfil the contractual obligations existing between us and you.
To manage your customer opinions. We use your personal data, including your email address and username, to manage the opinions you publish about our products. We use this data in order to fulfil the contractual obligations existing between us and you.
If we do not have a contract with you, this processing is necessary for the legitimate interests of L’OCCITANE, to better communicate with you and to improve the quality of our products and services.
To communicate with you and answer any queries that you might have. We use your personal data, including your contact details in order to communicate with you and respond to your requests. We use this data in order to fulfil the contractual obligations existing between us and you.
 If we have no contract with you, this processing is necessary for the legitimate interests of L’OCCITANE, communicating better with you.
To manage your participation in promotions, special events (such as contests, games, random draws, offers, surveys and market studies). We use your personal data, including purchase and transaction information, to manage your participation in various promotions or special events.  
We use this data in order to fulfil the contractual obligations existing between us and you (when you accept the rules of the competitions, games or random draws and when you accept the terms and conditions of the loyalty programme).
 

This processing is necessary for the legitimate interests of L’OCCITANE, to better make offers, surveys and market studies.
To market, assess and improve our products and services (in particular developing new products and services, analysing our customer database, performing data analyses, accounting and auditing). We combine personal data, including provided by customer service, to assess and improve the products and services that we offer to you.
.
This processing is necessary for the legitimate interests of L’OCCITANE.
To send promotional offers and other communications and information that we believe may interest you (such as special offers) via e-mails, letters, telephone messages, SMSs and push notifications, and to develop and carry out targeted marketing campaigns, in addition to behavioural advertising, including via posts on third-party applications installed on your telephone. We use personal data not related to your health, including contact information, information on purchases and on your beauty profile, to send you communications that are likely to be of interest to you. We obtain your consent before processing any of your data for such purposes.
With regard to letters by mail, this processing is necessary for the legitimate interests of L’OCCITANE.
To provide you with Spa addresses and services based on your geographical location. We use personal data, including location or geolocation data, in order to provide you with the contact details of the stores closest to your location and to adjust the advertising communication according to your location.
.
We obtain your consent before processing any of your data for such purposes.
To document your preferences and habits regarding  our products and services We use your personal data, including your interest in our products and your experience with them, in order to understand how you make the most of our products and services. This processing is necessary for the legitimate interests of L'OCCITANE, namely to know you better.
To analyse surveys or statistics in order to improve our Website and our services We use your personal data, including customer service data, surveys, comments from the customer service department and data exchanged with our customer service team, as well as exchanges within the L'OCCITANE community and your date of birth (optional), in order to improve our Website and our services. This processing is necessary for the legitimate interests of L'OCCITANE, namelu to know you better.
To fulfil our obligations resulting from contracts or agreements existing between us and you. We use your personal data so as to better meet your expectations, resulting from contracts or agreements existing between us and you. We use this data in order to fulfil the contractual   obligations existing between us and you.
To ensure that the content of our Website, our pages on social media and our e-mail messages are presented in the most efficient possible manner for you and to customise your experience on our Website and by providing you with information and products that suit your needs. We use personal data, in particular related to your online activity on our Website, and your browser and operating system to ensure that our Website is properly displayed on your computer. This processing is necessary for the legitimate interests of L'OCCITANE, namely providing suitable access to our Website and improving your experience when visiting our Website.
To add to our Website and our advertising. We compile data in particular relative to the web pages that you view, in order to provide you with advertising content that meets your expectations on our Website. This processing is necessary for the legitimate interests of L'OCCITANE, namely in order to make our Website attractive and to improve its content.
To   manage our Website and combat fraud. We use personal data, including cookies, in order to update, enhance and ensure the security of our Website.
.
This processing is necessary for the legitimate interests of L'OCCITANE, namely managing our Website so as to prevent fraud and combat any risk of fraud, while also ensuring the security of our Website during your visits.
To conduct research and analyses of the efficiency of our marketing and advertising efforts. We use personal data, including data that we may obtain from suppliers of external services, in order to understand the efficiency of our communication efforts. This processing is necessary for the legitimate interests of L'OCCITANE, namely analysing the efficiency of our communication efforts so as to provide you with a more pleasant user experience that meets your expectations.
To analyse how and how often you visit our Website. We use personal data, including cookies, to understand your use of our Website. This processing is necessary for the legitimate interests of L'OCCITANE, namely to analyse your visits to our Website so as to better respond  to your expectations during future visits.
To adapt our treatments to your needs as well as to your health and for your safety. As part of your registration as a guest at our Spas and your request for a treatment, we will process personal data about your lifestyle, skin type, treatment needs and, with your explicit consent, we will process personal data about your health. This processing is necessary to fulfil contractual obligations existing between us and you as part of the treatments you have requested.
As regards only health data, we obtain your consent prior to processing of this data in the form to be completed in our Spas, which allows us to prepare the treatments.
 
INFORMATION WE SHARE
We do not disclose the personal data we collect about you, except in the following cases:
  1. Within the L'OCCITANE Group, meaning with our subsidiaries and the company that ultimately controls us ("L'OCCITANE Group");
  2. With trusted service providers that provide services in our name, and only for the aforementioned purposes and if necessary. These service providers may assist us with the maintenance and/or improvement of our Websites and in the distribution, improvement and/or marketing of the products and services that we offer to you, including the entities that provide Web hosting, information storage, e-mail service providers, marketing services, including direct marketing, as well as research and analysis services and tag management services, such as Google Analytics. For more information on these analysis services and regarding your opposition rights, please visit the following site:
 
https://support.google.com/analytics/answer/6004245
Google Analytics: https://support.google.com/analytics/answer/6004245?hl=fr
c. With our network of Spas as a part of our offer of services to manage your customer account;
d. In case you have explicitly stated that your data may be shared with other categories of third parties and you have given your consent for this purpose. For example, when you register in our Spas and for your treatment request, you have the possibility, via the dedicated form, to consent to sharing your personal data with the hotel/resort operating the Spa in order to receive information on events, offers and customised content. Your personal data may be shared with our partner operating the Spa (hotel/resort), as joint data controller. With your consent, your contact details and personal data unrelated to your health may be communicated to our partner operating the Spa, for direct-marketing purposes;
e. If we are required to do so by law;
f. With the police, representatives of the government or other parties in response to a court decision, judicial procedure or writ of summons;
g. When we consider this disclosure to be necessary or appropriate in order to prevent physical damage, financial loss or fraud affecting you or us, to prevent or report illegal activity, to protect the property rights or the security of any person, including our us, or in application of our Terms and Conditions or of any other agreement between us;
h. As part of the sale of all or part of our company and its assets to a third party or as part of a business reorganisation or restructuring (including dissolution or liquidation), and
i. When you provide your consent for this in another way or ask us to share your information with third parties.
We may share aggregated and/or anonymous information that does not identify you for our own commercial purposes, or those of our partners, which in particular includes the number of visitors to our Website and the number of clicks on our advertising and/or e-mails.
 

TRANSFERRING OF YOUR PERSONAL INFORMATION

The information we collect about you may be transferred, stored, accessed and processed in countries or territories in which one or more subsidiaries of our group or third parties providing us with services, agents or business partners are located, including other countries in the European Economic Area (EEA), Switzerland and the United States, for the aforementioned purposes. This information may also be processed by staff operating outside of the EEA and outside of your country.
When we transfer your information to a country that does not have a sufficient degree of protection, we take the necessary measures to ensure the security of your personal data as follows:
  • For exchanges of personal data with the United States, the protection of your personal data is guaranteed by the EU-US Privacy Shield self-certification mechanism; and
  • For exchanges of personal data with other countries: through implementation of the European Commission’s Standard Contractual Clauses.
You can obtain more information on these guarantees by contacting us by e-mail or post at the addresses shown in the "Your Rights" and "Contact Us" sections below.
 

INFORMATION RETENTION PERIOD

Unless indicated otherwise, we will store your personal data for the time strictly needed in order to carry out the aforementioned purposes, in accordance with the applicable law. In certain cases, we are required to store data to satisfy our legal and administrative obligations. When we no longer need the information, we delete it from our systems or we anonymise it. For example, personal health data related to your lifestyle and shopping habits that is needed to provide you with suitable treatments, products and services, collected in our Spas with our electronic tablets, will never be stored. When this data is collected with paper forms, it will be stored securely only for one month.
 

PROTECTING YOUR PERSONAL INFORMATION

We undertake to implement appropriate technical and organisational measures in order to protect your personal data against accidental or involuntary destruction, accidental loss, alteration or any unauthorised disclosure, access or usage.

SOCIAL MEDIA AND USER-GENERATED CONTENT

Our Website and pages on social media may allow users to post their own content. Please note that any content posted on our social platforms can be seen by the public. You should therefore be vigilant with regard to posting certain personal data on these platforms, such as any financial data, your address or any health problems. We cannot be held liable for actions taken by other persons if you post personal data on one of our social media platforms.
 

YOUR RIGHTS

You have the right and possibility to correct, update and delete the information in your online account, as well as your preferences, at any time by contacting us as shown in the "Contact Us" section of this Personal Data Protection Policy.
You can also ask us to delete your data from our distribution lists and exercise your right to object so as not to receive any direct marketing communications from us as indicated in the "Contact Us" section of this Personal Data Protection Policy, or by following the "Unsubscribe" link or the withdrawal instructions provided in our communications. It can take a few days to process your withdrawal request and it is possible that you may continue receiving promotional or marketing e-mails or letters during this time. Your refusal to receive direct marketing messages does not prevent us from sending you other types of non-promotional messages, such as e-mail confirmations of transactions.
Within the limits of applicable law, you can:

-Request access to the personal data that we have about you and obtain a copy thereof,

  • Ask us to correct, update, limit or block the data,

-Ask us to provide the personal data relating to you in a structured, commonly used and machine-readable format by contacting us by e-mail or by letter to the addresses shown in the "Contact Us" section below.

When allowed by law, you can withdraw any consent that you have previously given or, at any time and for legitimate reasons, object to the processing of your personal data. We will then apply your preferences. You also have the right to provide instructions regarding the management of your personal data after your death. These instructions can be given directly to L'OCCITANE or to a third party who will provide them to us in due course.
You can also contact the Data Protection Officer (DPO) of L'OCCITANE by e-mail with any questions regarding the processing of your personal data, at the following address: dpo@loccitane.com.
You also have the right to submit a complaint to the CNIL (National Data Protection Authority).
 

LINKS TO THIRD-PARTY SITES AND SERVICES

Our Websites can provide links to sites, applications and services other than the ones provided by L'OCCITANE that may be operated by third-party companies. Please note that we do not approve and are not responsible for the processing of your personal data by these third-party sites, even if we provide a link to these sites. These companies may have their own personal data protection statements or policies and we strongly recommend that you read and examine them. Our products and services can also be offered to you through third-party platforms or other third-party channels for their own purposes, even if we provide a link to these sites. These companies may have their own personal data protection statements or policies and we strongly recommend that you read and examine them. Our products and services can also be offered to you through third-party platforms or third-party channels. We do not accept any liability regarding the personal data protection practices of these sites, applications or services that are not provided by L'OCCITANE.
 

MODIFICATION OF THE PERSONAL DATA PROTECTION POLICY

This Personal Data Protection Policy can be updated periodically in order to reflect changes to our practices relative to the processing of personal data. We will inform you of these changes, including their effective date. If you continue to use our Website once these changes have become effective, your continued use of our Website will be deemed acceptance by you of our policy.
 

CONTACT US

If you would like for us to update the information we have regarding you or your preferences, in particular if you wish to be removed from our distribution lists, to withdraw your consent or object to any processing of your data or if you have any questions regarding the protection of your personal data, please contact us by e-mail at dpo@loccitane.com or by sending a letter to the following address:
 
L'OCCITANE INTERNATIONAL SA
Data Protection Officer
Chemin du Pré Fleuri 5,
1228 Plan les Ouates
Switzerland