Privacy policy

This Privacy Policy was updated on [14th of October 2022].

Clarins places great importance on the protection of user’s privacy and its obligations in accordance with the legal provisions in force.

This Privacy Policy allows you to better understand the principles of data protection that we apply. It may be updated at any time by us. Any changes to this Privacy Policy will be posted on this page and, where appropriate, notified to you. We suggest that you refer back to it on a regular basis. You can download and archive this document in PDF format by clicking here. To open the PDF file, you will need the free Adobe Reader (downloadable from www.adobe.fr) or similar software that supports the PDF format.

1. Who we are?

myBlend whose registered office is [9 rue du Commandant Pilot, 92200 Neuilly-Sur-Seine, France] is data controller.

2. When do we collect your data?

We collect personal data from you when:

  • you visit our website;
  • you create an account on our website;
  • you make a purchase or a reservation on our website or in certain approved points of sale of our distribution network ;
  • you subscribe to one of our newsletters;
  • you purchase a myBlend gift card ;
  • you sign up for one of our loyalty programs;
  • you participate in special operations, in particular games, competitions, product tests, customers surveys or market researches;
  • you share content on social networks such as Instagram, Facebook or Pinterest using the hashtag #myblend or other hashtags we offer;
  • you are visiting one of our Spa or some approved points of sale of our distribution network ;
  • you do a diagnosis with mySkinDiag via our website, our app or in a point of sale;
  • you contact us, in particular when you call or submit a request or a complaint to our Customer Service teams, when you rate or review our products and/or services or when you chat with our Beauty Coaches in real time;
  • you have given your consent to third parties to send us personal data about you.

3. What data do we collect about you?

We may mainly collect the following personal data that could identify you directly or indirectly:

  • information about your identity, in particular your gender, last name, first names, address, telephone numbers, email address, username and password, date of birth or age;
  • if applicable, identification data (last name, first names) and contact data (e-mail address, telephone number) of the myBlend gift card’s beneficiary if you purchased a gift card for someone else than yourself ;
  • information about your payment method, in particular your credit card number and the expiration date;
  • information about our commercial transactions, in particular transaction numbers, history of your purchases, your request or your communications with our Customer Service team, your preferences and interests or information about one of our loyalty program;
  • content information such as photos, videos, ratings, reviews, comments ;
  • information about wellness or health (beauty concern, skin type, skin sensitivity, contraindications, adverse reaction reports etc.) subject when applicable to your prior and explicit consent, in particular for cosmetovigilance or when asking for a Skin Diag or a treatment myBlend in one of our Spa;
  • information about your social media accounts (username, caption information, location, etc.), uploads and posts when you share content or use the hashtag #myblend or other hashtags we offer;
  • recordings of telephone conversations to offer the best quality of service, in particular for the purpose of staff training and appraisal;
  • technical information, in particular your IP address or information about how your device navigates through our website;
  • other information you provide when you contact us or we have received from external providers.

4. Why is your data collected?

Personal data may be collected mainly for the following purposes:

  • Website administration and improvement of the quality of service. (Legitimate interests);
  • Processing of your orders (orders, deliveries, invoices, after sales service, etc.). (Performance of a contract);
  • Customer Relationship Management (CRM), in particular to help us get to know you better and to provide you with personalized offers about our products and services (in particular by email, by SMS, on social networks or any other medium and by displaying targeted ads on websites and on social networks), to manage your membership to our Loyalty program (Consent). For these purposes, we may perform segmentation operations based on your preferences, interests and purchases behavior, analyze your browsing and requests on our website or perform any other actions to better qualify our database (Consent or Legitimate interests). For example, we may transmit certain encrypted data (email or phone number) on third-party platforms to check if you already had an interaction with our brands and/or are likely to be interested by our products and services and to provide you with personalized advertising on social networks using retargeting features. Creating an account allows you to benefit from a personalized customer experience and an unified view of your personal data (E.g. information collected at the point of sale, by our Customer Service or during promotional operations). You can also place an order using the Guest Check Out option;
  • Carrying out analyzes and business statistics to anticipate market changes (business intelligence, data visualization, etc.), measuring your satisfaction and R&D (Legitimate interests);
  • Measurement of the performance of affiliate campaigns (Consent)
  • Social interaction (Consent);
  • When appropriate, prevention and fraud detection, crime and litigation management. The fraud detection solutions we use can be completely automated or involve human intervention. When we use automated fraud detection solutions, we engage in processing of your personal data for the purpose of identifying fraudulent activity or securing payment and making automated decisions in this respect. The logic of this automated decision-making relies on applying fraud analysis rules and models to our business processes to determine if an action is potentially fraudulent. This processing can produce legal effects that concern you or similarly significantly affect you, and specifically we may refuse to enter into a contract with you.
  • Processing your requests and complaints (Consent);
  • Managing undesirable effects related to the use of our products (Cosmetovigilance), carrying out studies concerning the safety of use of our products and exercise of your rights (keeping an opt-out list) (Legal obligation),.
  • As otherwise permitted by law and/or notified to you from time to time.

5. Do we disclose your data?

We never sell nor rent your personal data to other companies for marketing or other purposes.

myBlend is part of the Clarins group, an international group that operates in many countries. The personal data we are collecting about you will be used by myBlend and is likely to be communicated for the purposes stated in this Privacy Policy to other Clarins group companies if necessary and in particular to our parent company in France and/or our subsidiaries in France, South Africa, Germany, Australia, Austria, Benelux, Canada, China, South Korea, Dubai, Spain, Hong Kong, Ireland, Italy, Japan, Koweït, Malaysia, Mexico, Portugal, Russia, Singapore, Switzerland, United Kingdom and Taiwan. Each of those companies may also process and use your personal data for the purposes stated in this Privacy Policy independently and on their own behalf.

It may also be shared with service providers chosen for their expertise and reliability and acting on our behalf and at our instructions or as joint controllers with us or who receive data about you from us as separate controllers (order processing and fulfilment, secure payment, customer service management, maintenance and technical development operations, rate and reviews, analytics, spam prevention, management of digital campaigns and affiliation, etc.). We authorize these service providers to use your personal data only to the extent necessary to perform services on our behalf or to comply with legal requirements and we strive to ensure that your personal data is always protected.

These third parties may be located in or out of the European Economic Area (EEA), including in countries that do not provide the same level of data protection as in your country of residence. In such a case, we will ensure that:

  • personal datawe enter into appropriate data transfer agreements conforming to the Standard Model
    Clauses established by the European Commission,
  • we comply with Binding Corporate Rules (BCR) approved by competent authorities,
  • we use another valid legal basis in accordance with the applicable law.

Finally, we may also transmit your personal data to local authorities if required by law or as part of an investigation and in accordance with applicable regulations, and to a third party in the event of a sale, merger, consolidation, liquidation, reorganization or acquisition.

6. How will we protect your data?

myBlend takes appropriate technical and organizational measures, in relation to the nature of data and risks, to preserve the security and confidentiality of your personal data and, in particular, to prevent them from being altered, disclosed or transmitted to any unauthorized parties.

This may include practices such as limited access by members of staff who, by virtue of their duties, are authorized to access data, contractual guarantees in case of third-party provider, privacy impact assessments, internal reviews of our practices and privacy policies and/or implementation of physical and/or systematic security measures (secure access, authentication process, backup, antivirus, firewall, pseudonymization, encryption, etc.).

7. What is our policy on minors?

We do not knowingly collect nor process personal data from minors.

Assuming we would have knowledge of the collection of personal data from minors without prior authorization from the holder of the parental responsibility, we will take appropriate measures to contact the person and/or, if necessary, to delete this personal data from our servers and/or those of our service providers.

8. What is our cookies (and other tracking technologies) policy?

Cookies or trackers designate all mechanisms aimed at storing information on your device, or accessing information already stored on your device.

When you visit our site for the first time, we notify you of the purpose of the trackers used as well as the identity of our partners so that you can make an informed decision in this regard.

We ask for your consent before storing and/or reading trackers on your device, except when their sole purpose is to allow or facilitate the use of our site or when they are strictly necessary to provide a service expressly requested by you.

The trackers are mainly used on our site to:

  • to carry out statistics of frequentation and navigation of our site;
  • display personalized advertising according to your browsing and your profile;
  • personalize the editorial content of our site according to your use or personalize the display of our products and services according to those you have previously consulted on our site;
  • enable additional features on our site (community chat, ratings & reviews, etc.).

You can change your preferences at any time:

  • our consent management tool allows you to give or withdraw your consent independently and specifically for each distinct purpose;
  • you can find out how to change your tracking preferences in the help menu of your browser;
  • the European platform Youronlinechoices allows you to refuse or accept the cookies used by the digital advertising professionals grouped within the European Digital Advertising Alliance.

Please note that deactivating the cookies will not prevent the display of ads on your device. It will only block technologies that allow us to tailor ads to your browsing habits and interests. We would also like to remind you that your settings may cause all or part of our services to function less well. Finally, we draw your attention to the fact that the taking into account of your choices is based on a tracer. If you delete all cookies stored on your device (via your browser), we – or our partners – will no longer be able to retain your preferences.

By default, we retain your choices (both consent and opt-out) for a period of 6 months.

9. How is the contents you share on social networks using our hashtags managed?

You can choose to use our hashtags to tag your content on social networks such as Instagram, Facebook or TikTok.

By using these hashtags, you acknowledge and agree that your content may appear on our website and be used to refer to our products or services.

We remind you that the information you share on social networks can be consulted, used and saved by others around the world, in particular in countries without legislation guaranteeing an adequate level of protection of your personal data as defined in your country of residence.

We also draw your attention to the fact that when you submit content using one of our hashtags, your use of social networks is exclusively governed by the general conditions of these social networks. We invite you to read it and to refer to it regularly.

If you no longer want your content to appear on our site, please remove it from the social network or stop using hashtags.

10. For how long is your data kept?

We strive to keep your personal data only for the time necessary for the purposes set out in this privacy policy and in accordance with the provisions in force.

As a general rule:

  • Customer / prospect data will be kept for three years from the date of collection or after the last contact or the end of the commercial relationship, unless it is opposed or requested to be deleted by you. At the end of this three-year period, we may make contact with you again in order to find out whether or not you wish to continue to receive marketing approaches. If no clear positive answer is given by you, your data will be deleted or archived in accordance with the provisions in force.
  • When you purchase a myBlend gift card, your data and those of the beneficiary, if the latter is another person, will be kept for five years.
  • Data relating to identity documents may be kept for one year in the event of exercise of your rights.
  • Data on credit cards will be deleted after the transaction or archived for evidence purposes in accordance with the provisions in force. Subject to your express consent, banking data may be kept until the expiration date of the credit card. We never store your visual cryptogram.
  • Data necessary for carrying out analyzes and business statistics can be kept for up to five years.
  • Data to prove a right or a contract or kept under compliance with a legal obligation can be archived in accordance with the provisions in force.

11. What are your rights regarding your data and how do you contact us?

If you give us your email address, phone number or mailing address, you may receive emails, calls or periodic messages from us about our products, services or upcoming events. You can unsubscribe at any time from our mailing lists by contacting us at the address below, by following the link “unsubscribe” contained in each of our emails or by replying “STOP” to one of our SMS. You can also change your preferences at any time in your account.

In accordance with the provisions in force, you have a right to access, rectification, erasure and data portability of your personal data as well as a right to object and restriction of processing. You can also withdraw your consent at any time. To exercise these rights, you must send us a request by justifying your identity:

  • By writing to the following address:
    Clarins
    Direction Juridique / Délégué à la Protection des Données
    12 avenue de la Porte des Ternes
    75017 Paris
    France

You will be informed of the actions to be taken as soon as possible and in any case no later than one month after your request. However, we reserve the right not to respond to unfounded or vexatious requests.

In accordance with the provisions in force, you can also file a complaint with the competent authority responsible for data protection or lodge an appeal if your data are misused.