LA ROCHE-POSAY

私隱政策及個人資料收集聲明

私隱政策

歐萊雅的抱負是成為「企業公民」的典範，協助令世界變得更美好。我們極其重視誠信和企業透明度，並致力奠基於信任和互惠的基礎，與我們的消費者建立穩固而長久的關係。保障和尊重閣下的私隱和選擇，是這份承諾蘊含的意義箇中一部分。對我們而言，尊重閣下的私隱至為重要；正因如此，我們於以下闡述「我們對私隱的承諾」，以及完整的私隱政策。

我們對私隱的承諾

1)	我們尊重閣下的私隱和選擇。
2)	我們確保私隱和安全是深植於我們一切行事當中的基礎。
3)	除非閣下要求，否則我們不會向閣下發送市場推廣通訊。閣下可隨時改變主意。
4)	我們絕對不會供出或出售閣下的資料。
5)	我們致力保障閣下的資料安全穩妥；這包括只與可靠的夥伴合作。
6)	我們致力保持我們使用閣下資料的方式公開和透明。
7)	我們不會以未曾知會閣下的方式使用閣下的資料。
8)	我們尊重閣下的權利，並於符合我們的法律和營運責任的前提之下，一直致力盡量滿足閣下的要求。

如欲了解更多有關我們的私隱守則的資訊，請查閱我們以下闡述的內容，包括我們可能直接向閣下接收或透過閣下與我們的互動而接收的個人資料類別、我們可能使用該等資料的方式、我們可能分享該等資料的對象、我們保護該等資料並保障其安全的方式，以及閣下關於個人資料的權利。誠然所有情況均未必適用於閣下；本私隱政策純粹讓閣下概覽我們或會進行互動的所有可能情況。

閣下與我們的互動愈頻繁，我們對閣下的了解亦會隨之加深，從而令我們更能為閣下提供度身訂造的服務。

當閣下與我們分享個人資料，或當我們向閣下收集個人資料時，我們將根據本政策使用該等個人資料。請仔細閱讀本資料以及我們的問答專頁 (如有)。

閣下將可於本私隱政策知悉甚麼內容？

我們的背景

何謂個人資料？

我們向閣下收集甚麼資料？我們又會如何使用該等資料？

我們如何收集或接收閣下的資料？

自動決策

個人剖

析

誰可存取閣下的個人資料？

我們於哪裡存置閣下的個人資料？

我們保留閣下的個人資料多久？我

的個人資料安全嗎？

第三方網站連結和社交媒體登入

社交媒體和用戶生成內容

閣下的權利和選擇

聯絡

請注意，閣下必須年滿 18 歲，方可使用我們的服務。如特定服務另有要求使用者的年齡為 18 歲以上，該等要求將於相關條款中列明，閣下亦必須遵從。

LA ROCHE-POSAY 屬於歐萊雅香港有限公司旗下品牌組合的一部分。歐萊雅香港有限公司負責管理閣下與我們分享的個人資料。我們提及「歐萊雅」、「我們」、「我們的」或「本公司」時，所指的就是歐萊雅香港有限公司。就《個人資料 (私隱) 條例 (第 486 章)》而言，歐萊雅是一「資料使用者」。

如欲查閱我們的聯絡詳情，請見「聯絡我們」部分。

歐萊雅代表多個不同品牌和產品。如欲了解更多關於歐萊雅及其代表品牌的資訊，請瀏覽 http://www.loreal.hk/en-hk/。

歐萊雅是於全球 140 個國家營運的歐萊雅集團的一部分。如欲了解歐萊雅集團的詳情，請瀏覽
http://www.loreal.com/group。

如閣下對於我們處理和使用閣下個人資料的方式有任何疑問或顧慮，或希望行使閣下上述任何權利，請電郵至
[email protected] 或致函 與我們聯絡：

香港特別行政區
灣仔港灣道 30 號
新鴻基中心 35 樓
歐萊雅香港有限公司
客戶服務部
致：LA ROCHE-POSAY

閣下亦可電郵至 ，就有關閣下個人資料的處理方式提出任何疑問。

[LA ROCHE-POSAY]

私隱政策

「個人資料」意指任何可供直接 (例如閣下的姓名) 或間接 (例如透過獨特編號等經過假名處理的資料) 辨識閣下身分的單一或多條資訊。這意味著個人資料包括電郵、住宅地址、流動電話號碼、使用者名稱、個人檔案頭像和個人偏好，以及購物習慣、用戶生成內容、財務資訊，以及身體狀況資訊。這亦可能包括獨特數字識認，例如閣下的電腦IP 位址或流動裝置的 MAC 網絡卡位址，以及 cookies。

歐萊雅深信，閣下作為消費者，是我們服務的焦點對象。我們樂意聆聽閣下的意見和了解閣下，並為閣下創製和呈獻閣下喜歡的產品。我們亦深知許多消費者均熱衷於與我們對話；正因如此，我們提供多種方式，讓閣下可與我們分享閣下的個人資料，並讓我們可收集該等資料。

我們或會透過我們的網站、表格、應用程式、裝置、歐萊雅產品、社交媒體上的品牌專頁或其他方式，向閣下收集或接收資料。該等資料或由閣下直接向我們提供 (例如當閣下創建帳戶、聯絡我們，或於我們的網站/應用程式或專門店/美容院購物時)、由我們收集 (例如利用 cookies 了解閣下如何使用我們的網站/應用程式)，或由我們透過其他第三方接收，包括歐萊雅集團的其他實體。

當我們收集資料時，我們以星號標示必填項目，皆因我們必需該等資料以供：

-	我們履行與閣下的合約，例如付運閣下於我們的網站/應用程式上購買的產品；
-	向閣下提供閣下要求的服務，例如向閣下提供最新消息、生日優惠或帳戶狀態；或
-	遵從法律要求，例如開立發票。

如閣下不提供以星號標示的資料，我們將可能無法提供相關產品和服務。

我們於下表列舉更多詳情，以闡釋：

1)	閣下於哪些互動當中可能需要提供或由我們收集個人資料？此欄闡釋我們使用或收集閣下的資料時閣下正參 與的活動或情況，例如進行購物、登記收取最新消息，或瀏覽網站/應用程式。
2)	我們可向閣下直接收集或透過閣下與我們的互動接收哪些個人資料？此欄闡釋我們視乎情況而可能向閣下收 集的資料類別。
3)	我們會如何使用該等資料？何解？此欄闡釋我們可能處理閣下資料的方法，以及收集該等資料之目的。
4)	使用閣下個人資料的法律基礎為何？本欄闡釋我們或會使用閣下資料的原因。 視乎使用資料之目的而定，處理閣下資料的法律基礎可為：

•	閣下的同意；
•	我們的合法利益，當中可為：

■	改善我們的產品和服務：更具體而言，是指我們的商業利益，協助我們更清楚理解閣下的需要和期望，從而改善我們的服務、網站/應用程式/裝置、產品和品牌，讓我們的消費者有所裨益。
■	防止詐騙：確保付款完成，免於詐騙和挪用金錢。
■	保障我們的工具安全：保障閣下所使用的工具 (我們的網站/應用程式/裝置) 安全穩妥，並確保它們正常運作和不斷改良。

•	履行合約：更具體而言，是指履行閣下向我們要求的服務；或
•	法律依據，適用於法律要求處理閣下個人資料的情況。

關於閣下與我們的互動以及其對閣下資料構成的影響之資訊概覽

我們利用第三方提供者的一個或多個方案，以供保障透過於我們的網站/應用程式/裝置進行的交易免於詐騙或挪用金錢。詐騙偵測是以簡單比較、聯繫、聚類分析、預計和異常檢測等方法為基礎，利用智能媒介、資料融合技術和多種資料探勘技術進行。

這種詐騙偵測過程可完全自動進行，或涵蓋由人們作出最終決定的人為干預。於任何情況下，我們均採取一切合理的預防和保障措施，限制存取閣下的資料。

由於需要進行自動詐騙偵測，閣下可能 (i) 當閣下的交易正由我們審核時，經歷訂單/要求處理延誤；以及 (ii) 一旦鑒定詐騙風險，被限制或豁免受惠於某項服務。閣下有權存取我們用以作為決定基礎的資訊。請見以下「閣下的權利和選擇」部分。

當我們發送或顯示度身訂造的通訊或內容時，我們或會採用符合「個人剖析」的部分技術，亦即任何自動處理個人資料的形式，涵蓋利用該等資料評估關於某位自然人的相關個人特點，尤其是用以分析或預計關於該位自然人的個人偏好、興趣、經濟狀況、行為、所在地、健康、可靠度或行動的特點。這意味著我們或會於上表所列的不同情況當中收集關於閣下的個人資料。我們集中處理和分析此項資料，以評估和預測閣下的個人偏好及/或興趣。

根據我們的分析，我們將發送或顯示按照閣下的興趣/需要度身訂造的通訊及/或內容。

閣下有權反對於特定情況使用閣下的資料進行「個人剖析」。請見下列「閣下的權利和選擇」部分。

為了遵從我們的法律義務、防止詐騙及/或保障我們的工具安全並改善我們的產品和服務，或於取得閣下同意時，我們或會將閣下的個人資料於歐萊雅集團內部分享。

視乎收集資料之目的，以及僅以需知為基礎的情況下，閣下的部分個人資料或會於必要時由全球歐萊雅集團實體存取，以供為閣下提供要求的服務，而該等資料將於可能情況下以假名方式處理 (防止直接辨識身分)。

我們亦可能以假名處理方式 (防止直接辨識身分) 與歐萊雅研究及創新部門 (包括位於閣下所在國家以外的地區) 的科學家分享閣下的個人資料，以供研究和創新用途。

於許可的情況下，我們亦可能於旗下品牌之間分享閣下部分個人資料，包括透過 Cookies 所收集的資料，以統一和更新閣下與我們分享的資訊、根據閣下的特徵進行統計，並為閣下度身訂造我們的通訊。

關於 歐萊雅集團、其品牌和所在地的更多詳情，請瀏覽歐萊雅集團網站。

我們或會與第三方或歐萊雅集團實體分享閣下的個人資料，以作市場推廣用途。

我們僅於取得閣下同意後，方與第三方分享閣下的個人資料以作直接促銷用途。於此情況下，閣下的資料將由作為資料使用者的該等第三方處理，並受其個別條款及細則和私隱通知約束。閣下應仔細檢閱彼等的文件，方同意將個人資訊披露予該等第三方。

閣下的個人資料亦可能由我們的可靠第三方提供者以我們的名義處理。

我們倚賴可靠第三方以我們的名義進行一系列業務營運工作。我們僅向彼等提供其執行服務所需的資料，並要求彼等不使用閣下的個人資料作任何其他用途。我們一直竭盡所能，確保我們合作的所有第三方均保障閣下的個人資料安全。例如，我們或會向以下各方委託服務，而該等服務需要處理閣下的個人資料：

•	支援和協助我們提供數碼和電子商務服務的第三方，例如社群聆聽、專門店一覽、常客計劃、身分管理、評價和評論、顧客關係管理、網絡數據分析和搜尋器，以及用戶生成內容策展工具；
•	廣告、市場推廣、數碼和社交媒體代理公司，協助我們提供廣告、市場推廣和企劃，並分析其效用，以及管理閣下的聯絡資料和疑問；
•	奉命將產品運送予閣下的第三方，例如郵政/付運服務；
•	支援和協助我們提供資訊科技服務的第三方，例如平台提供者、網站寄存服務、為我們的資料庫以及可能包含閣下資料的軟件和應用程式進行的維護和支援 (該等服務意味著閣下的資料有時可能需要被存取， 以執行所需任務)；
•	支付服務供應者和信貸資料服務機構，以供於與閣下締約的情況當中，評估閣下的信貸評分和確認閣下的詳細資料；以及
•	協助我們處理顧客服務和產品推出後的安全監測的第三方。

我們亦可能將閣下的個人資料披露予第三方：

•	倘我們出售任何業務或資產，我們或會向該等業務或資產的潛在買家披露閣下的個人資料。如歐萊雅或其部分資產被第三方收購，歐萊雅持有之與該等資產相關的顧客個人資料將成為轉移資產的一部分。於該等情況下 (如適用)，買家將以新的資料使用者身分處理閣下的資料，並受其個別私隱政策管轄；
•	如我們為了遵從法律義務、執行或應用我們的使用/銷售條款或其他閣下已同意之條款及細則；或保障歐萊雅、我們的顧客或僱員的權利、財產或安全，而有責任披露或分享閣下個人資料；
•	如我們已取得閣下同意如此行事；或
•	如法律許可我們如此行事。

我們可能將閣下的個人資料披露予我們的合作夥伴：

•	倘閣下利用的服務由歐萊雅及其合作夥伴共同創設 (例如品牌聯乘應用程式)。在該等情況下，歐萊雅及該夥伴將各自以其個別目的處理閣下的個人資料，而因此閣下的個人資料將：

○	由歐萊雅根據本私隱政策處理；以及
○	由該夥伴同樣以資料使用者的身分，在其個別條款及細則的規範下，根據其個別私隱政策處理；

•	倘閣下已透過專屬選項 (例如透過由歐萊雅訂立品牌並提供予其合作夥伴的應用程式) 同意接收由歐萊雅合作夥伴發送的市場推廣和商業通訊。於此等情況下，閣下的資料將由該夥伴以資料使用者的身分，在其個別條款及細則的規範下，根據其個別私隱政策處理；以及
•	我們或會刊登來自社交網絡的輔助內容。倘閣下於我們的網站/應用程式查閱來自社交網絡的內容，來自該等社交網絡的 Cookie 可能會儲存於閣下的裝置。我們懇請閣下閱讀此等社交網絡的 Cookie 政策以了解更多資訊。

我們不會供出或出售閣下的個人資料。

我們向閣下收集的資料或會轉移至和存置於香港特別行政區以外的地點，並由該等地點存取。該等資料亦可能由我們或我們的服務提供者於香港特別行政區以外地點工作的員工處理。

歐萊雅僅以安全而合法的方式將資料轉移至香港特別行政區以外地點。由於部分國家或不設管轄個人資料之應用和轉移的法律，我們採取必要步驟，確保第三方遵守於本政策列明的承諾。此等步驟可能包括審核第三方的私隱和保安標準，及/或與之締結適當合約。

如欲了解更多資訊，請按照以下「聯絡」部分的方式聯絡我們。

我們保留閣下個人資料的期限，僅限於我們需要持有該等資料以迎合閣下的需要或遵從我們的法律義務的期間。我們利用以下準則，界定保留閣下資料的期限：

•	如閣下購買產品和服務，我們將於雙方的契約關係生效期間保留閣下的個人資料；
•	如閣下參與推廣優惠，我們將於該推廣優惠期間保留閣下的個人資料；
•	如閣下聯絡我們進行查詢，我們將於處理閣下查詢的必要期間內保留閣下的個人資料；
•	如閣下創建帳戶，我們將保留閣下的個人資料，直至閣下要求我們將該等資料刪除，或經過根據當地法規和指示所定義的凍結期間後 (沒有與品牌主動進行互動)；
•	如閣下同意接收直銷信息，我們將保留閣下的個人資料，直至閣下取消訂閱或要求我們刪除該等資料，或經過根據當地法規和指示所定義的凍結期間後 (沒有與品牌主動進行互動)；以及
•	如 cookies 儲存於閣下的電腦，我們將於它們發揮作用的必要期間內 (例如購物車 cookies 的工作階段期限或工作階段識別碼 cookies)，並於其後根據當地法規和指示所定義的期限內保留該等 cookies。

我們或會保留部分個人資料，以遵從我們的法律或監管義務，並容許我們管理我們的權利 (例如於法庭提出申索)， 或作統計或記錄用途。

當我們不再需要使用閣下的個人資料，該等資料將從我們的系統和記錄移除或以匿名方式處理，從而令閣下不再從中被辨識。

我們致力保障閣下的個人資料安全，並為此採取一切合理預防措施。我們亦以締約方式要求為我們處理閣下個人資料的可靠第三方遵從此守則。

我們竭盡所能保護閣下的個人資料，而每當我們接收閣下的個人資料後，都利用嚴謹程序和保安措施，嘗試防止未經授權的存取。由於透過互聯網傳送資料並非絕對安全，我們無法保證閣下傳送至我們網站的資料安全。因此，閣下必需自行承受任何資料傳送的風險。

我們的網站和應用程式或會不時含有連結，來往我們的合作夥伴網絡、廣告商和聯營企業的網站。如閣下開啟連結前往任何此等網站，請注意此等網站另有其個別私隱政策，而我們對於此等政策將不會負上任何義務或法律責任。請於提交任何個人資料至此等網站前檢閱此等政策。

我們亦可能會為閣下提供使用社交媒體登入的渠道。請注意，如閣下使用社交媒體登入，視乎閣下的社交媒體平台設定，閣下或將與我們分享閣下的個人檔案資訊。請到訪相關社交媒體平台並檢閱其私隱政策，以了解閣下的個人資料於此等情況下如何被分享和使用。

我們的部分網站和應用程式容許使用者提交其個人內容。請緊記提交至我們的社交媒體平台之任何內容均可供公眾閱覽，因此閣下於提供若干個人資料，例如財務資訊或地址詳情時，應當小心謹慎。如閣下於我們的社交媒體平台張貼個人資料，而我們並不建議閣下分享該等資料，我們對於其他個別人士採取的任何行動概不負責。

歐萊雅尊重閣下就個人私隱所擁有的權利；閣下能夠掌控個人資料至為重要。閣下擁有以下權利：

為處理閣下的要求，我們或會要求閣下提供身分證明。

本私隱政策備有中文版本。如有歧義，概以英文版本為準。

2020 年 6 月 24 日

個人資料收集聲明

收集閣下的個人資料

我們 (歐萊雅香港有限公司) (下稱「我們」或「歐萊雅」) 旗下的 LA ROCHE-POSAY (「品牌」) 將根據本《個人資料收集聲明》，收集及儲存閣下的個人資料 (「閣下資料」)。閣下必須提供以星號 (*) 標示的個人資料，而提供並無以星號 (*) 標示的個人資料純屬自願，惟閣下倘不提供相關資料，我們可能無法向閣下提供我們的產品及服務。

使用閣下個人資料的目的

我們將把閣下資料用作以下目的 (需視乎情況)：

a)	就閣下於我們的網上商店或零售店舖 (包括我們的零售店舖 / 百貨公司夥伴) 購買我們的產品及 / 或服務以及閣下的網上購物帳戶，處理、管理交易和與閣下聯絡；
b)	建立和管理閣下的品牌會籍和會員獎賞 (包括查詢及累積或兌現會員積分) ，並就此與閣下聯絡；
c)	就閣下參與歐萊雅舉辦的任何競賽、抽獎、遊戲、比賽、活動或推廣，向閣下提供免費產品、試用裝或禮品；
d)	就閣下查詢我們的產品及 / 或服務事宜與閣下通訊；
e)	為促成上述任何目的而識別和確認身分；
f)	作內部研究、評估和數據分析；
g)	(視乎閣下有否給予任何書面同意) 作直銷用途；及
h)	任何其他直接相關目的。

(統稱「使用目的」)。

我們或會在閣下給予書面同意的情況下，透過電話、短訊、電郵或美容顧問在社交媒體平台通訊軟件 (例如Facebook 訊息、Instagram 訊息、WhatsApp 訊息、微信訊息等) 的互動對話，與閣下聯絡並通訊。

轉移閣下的個人資料

我們或會因應使用目的，向以下各方轉移、分享或供其存取閣下資料：

a)	歐萊雅或其集團旗下任何成員公司或附屬公司 (包括位於香港境內或境外的該等公司) (統稱「歐萊雅集團」)；
b)	向歐萊雅或歐萊雅集團任何成員提供付款、資訊科技、研究、客戶概況分析、數據分析、市場推廣、電話中心、行政服務及為支持歐萊雅或歐萊雅集團任何成員業務營運所提供的任何其他服務之第三方服務提供者或代理；
c)	與閣下就購買我們的產品及 / 或服務付款相關的信貸資料服務機構，以及信用卡、扣帳卡及 / 或簽帳卡公司及 / 或銀行；及
d)	社交媒體平台提供者 (包括位於中國及美國的提供者)。

使用閣下的個人資料作直銷用途

未經閣下同意，我們不得使用及 / 或轉移閣下的個人資料作直銷用途。倘獲閣下同意，我們會利用閣下資料，就 (視乎情況) 品牌於香港特別行政區及澳門特別行政區供應的美容、護膚、化妝、護髮、頭髮造型、香水、香氛、蠟燭、潔手及其他相關產品及服務，經閣下指示的通訊渠道 (例如電話、短訊、電郵及 Facebook 訊息等) 向閣下傳送推廣內容、資訊及最新信息。

閣下的權利和我們的聯絡方法

閣下有權要求存取及修改由我們持有而與閣下相關的資料。如欲存取或修改閣下的個人資料，請透過電郵至[email protected] 與我們的法律部聯絡。如欲取消訂閱我們的直銷通訊或有任何一般查詢，請透過[email protected] 與我們聯絡。

如欲獲取我們如何使用閣下的個人資料的進一步資訊，請參閱我們的《私隱政策》： https://www.laroche- posay.hk/cn/site/pages/ShowMediaApp.aspx?MediaAppCode=PDF_Privacy_Policy_HK.

本《聲明》原文以英文撰寫，有可能翻譯為中文。如譯本與英文版本有任何不符之處，概以英文版本為準。

LA ROCHE-POSAY

PRIVACY POLICY

L’Oréal’s ambition is to be an exemplary corporate citizen to help make the world a more beautiful place. We place great value on honesty and clarity, and we are committed to building a strong and lasting relationship with our consumers based on trust and mutual benefit. Part of this commitment means safeguarding and respecting your privacy and your choices. Respecting your privacy is essential to us. This is why we set out “Our Privacy Promise” and our full Privacy Policy below.

OUR PRIVACY PROMISE

1)	We respect your privacy and your choices.
2)	We make sure that privacy and security are embedded in everything we do.
3)	We do not send you marketing communications unless you have asked us to. You can change your mind at any time.
4)	We never offer or sell your data.
5)	We are committed to keeping your data safe and secure. This includes only working with trusted partners.
6)	We are committed to being open and transparent about how we use your data.
7)	We do not use your data in ways that we have not told you about.
8)	We respect your rights, and always try to accommodate your requests as far as is possible, in line with our own legal and operational responsibilities.

For more information about our privacy practices, below we set out what types of personal data we may receive from you directly or from your interaction with us, how we may use it, who we may share it with, how we protect it and keep it secure, and your rights around your personal data. Of course all situations may not apply to you. This Privacy Policy gives you an overview of all possible situations in which we could interact together.

The more you interact with us, the more you let us know you and the more we are able to offer you tailored services.

When you share personal data with us or when we collect personal data about you, we use it in line with this Policy. Please read this information and our Q&A page (if any) carefully.

Please note that you must be at least 18 years old or older to use our services, or older where the terms for a specific service require this.

WHO WE ARE

LA ROCHE-POSAY is a part of the L’Oreal Hong Kong Limited brand portfolio. L’Oreal Hong Kong Limited is responsible for the personal data that you share with us. When we say “L’Oréal”, “us”, “our” or “we”, this is who we are referring to. L’Oréal is a “data user” for the purposes of the Personal Data (Privacy) Ordinance (Cap. 486).

Please see the “Contact Us” section for our contact details.

L’Oréal represents several different brands and products. For more information on L’Oréal, and the brands it represents, please see http://www.loreal.hk/en-hk/.

L’Oréal is part of the L’Oréal Group, which operates in 140 countries around the world. For details on the L’Oréal Group, please see http://www.loreal.com/group.

CONTACT

If you have any questions or concerns about how we treat and use your personal data, or would like to exercise any of your rights above, please contact us at [email protected] or please writing at

Customer Care Department

L’Oreal Hong Kong Limited 35/F, Sun
Hung Kai Centre 30 Harbour Road
Wan Chai, Hong Kong SAR Attn:
LA ROCHE-POSAY

You may also contact [email protected] for any questions related to the processing of your personal data.

WHAT IS PERSONAL DATA?

“Personal data” means any information or pieces of information that could identify you either directly (e.g. your name) or indirectly (e.g. through pseudonymized data such as a unique ID number). This means that personal data includes things like email/home addresses/mobile phone, usernames, profile pictures, personal preferences and shopping habits, user generated content, financial information, and welfare information. It could also include unique numerical identifiers like your computer’s IP address or your mobile device’s MAC address, as well as cookies.

WHAT DATA DO WE COLLECT FROM YOU AND HOW DO WE USE IT?

L'Oréal believes that you, the consumer, are at the heart of what we do. We love hearing from you, learning about you, and creating and delivering products that you enjoy. And we know that many of you love talking to us. Because of this, there are many ways that you might share your personal data with us, and that we might collect it.

How do we collect or receive your data?

We might collect or receive data from you via our websites, forms, apps, devices, L’Oréal products or brands pages on social media or otherwise. Sometimes you give this to us directly (e.g. when you create an account, when you contact us, when you purchase from our websites/apps or stores/beauty salon), sometimes we collect it (e.g. using cookies to understand how you use our websites/apps) or sometimes we receive your data from other third parties, including other L’Oréal Group entities.

When we collect data, we indicate the mandatory fields via asterisks where such data is necessary for us to:

-	perform our contract with you (e.g. to deliver the products you have purchase on our websites/apps);
-	provide you with the service you have asked for (e.g. to provide you with a newsletter, birthday offers or account status); or
-	comply with legal requirements (e.g. invoicing).

If you do not provide the data marked with an asterisk, this may affect our ability to provide the products and services.

We set out further details in the table below, explaining:

1)	During what interaction your data may be provided or collected? This column explains what activity or situation you are involved in when we use or collect your data. For example, whether you are making a purchase, signing up to a newsletter, or browsing a website/app.
2)	What personal data may we receive from you directly or resulting from your interaction with us? This column explains what types of data we may collect about you depending on the situation.
3)	How and why we may use it? This column explains what we may do with your data and the purposes for collecting it.
4)	What is the legal basis for using your personal data? This column explains the reason we may use your data.

Depending on the purpose for which the data is used, the legal basis for the processing of your data can be:

•	Your consent;
•	Our legitimate interest, which can be:

■	Improvement of our products and services: more specifically, our business interests to help us better understand your needs and expectations and therefore improve our services, websites / Apps / devices, products and brands for our consumers’ benefit.
■	Fraud prevention: to ensure payment is complete and free from fraud and misappropriation.
■	Securing our tools: to keep tools used by you (our websites/Apps/devices) safe and secure and to nsure they are working properly and are continually improving.

•	The performance of a contract: more specifically to perform the services you request from us; or
•	Legal grounds where a processing is required by law.

Information overview on your interactions with us and their consequences on your data

Automated Decision Making

For purposes of securing transactions placed through our websites/apps/devices against fraud and misappropriation, we use third party provider’s solution(s).The method of fraud detection is based on, for example, simple comparisons, association, clustering, prediction and outlier detections using intelligent agents, data fusion techniques and various data mining techniques.

This fraud detection process may be completely automated or may involve human intervention where a person takes the final decision. In any case, we take all reasonable precautions and safeguards to limit access to your data.

As a result of automatic fraud detection, you may (i) experience delay in the processing of your order / request whilst your transaction is being reviewed by us; and (ii) be limited or excluded from the benefit of a service if a risk of fraud is identified. You have the right to access information on which we base our decision. Please see “Your Rights and Choices” section below.

Profiling

When we send or display personalized communications or content, we may use some techniques qualified as “profiling” (i.e. any form of automated processing of personal data consisting of using those data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s personal preferences, interests, economic situation, behaviour, location, health, reliability, or movements). This means that we may collect personal data about you in the different scenarios mentioned in the table above. We centralize this data and analyse it to evaluate and predict your personal preferences and/or interests.

Based on our analysis, we send or display communications and/or content tailored to your interests/needs.

You have the right to object to the use of your data for “profiling” in certain circumstances. Please see “Your Rights and Choices” section below.

Who may access your Personal data?

We may share your personal data within L’Oréal Group to comply with our legal obligations, to prevent fraud and/or to secure our tools, to improve our products and services, or after having obtained your consent to do so.

Depending on the purposes for which they were collected, and only on a need-to-know basis some of your personal data may be accessed by L’Oréal Group entities worldwide, where possible in a pseudonimized way (not allowing direct identification), and where necessary to provide you with requested services.

We may also share your personal data in a pseudonimized way (not allowing direct identification) with L’Oréal Research & Innovation scientists, including those located outside of your country, for research and innovation purposes.

Where permitted, we may also share some of your personal data including those collected through Cookies between our brands to harmonize and update the information you share with us, to perform statistics based on your characteristics and to tailor our communications.

Please visit the L’Oréal group website, for further details on the L’Oréal Group, its brands and its locations.

We may share your personal data for marketing purposes with third party or entities of the L’Oréal Group.

We only share your personal data with third parties for direct marketing purposes with your consent. In this context, your data is processed by such third party, acting as a data user, and its own terms and conditions and privacy notice apply. You should carefully check their documentation before consenting to the disclosure of your information to that third party.

Your personal data may also be processed on our behalf by our trusted third party providers.

We rely on trusted third parties to perform a range of business operations on our behalf. We only provide them with the information they need to perform the service, and we require that they do not use your personal data for any other purpose. We always use our best efforts to ensure that all third parties we work with keep your personal data secure. For instance, we may entrust services that require the processing of your personal data to:

•	third parties that assist and help us in providing digital and e-commerce services such as social listening, store locator, loyalty programs, identity management, ratings and reviews, CRM, web analytics and search engine, user generated content curation tools;
•	advertising, marketing, digital and social media agencies to help us to deliver advertising, marketing, and campaigns, to analyse their effectiveness, and to manage your contact and questions;
•	third parties required to deliver a product to you e.g. postal/delivery services;
•	third parties that assist and help us in providing IT services, such as platform providers, hosting services, maintenance and support on our databases as well as on our software and applications that may contain data about you (such services could sometimes imply access to your data to perform the required tasks);
•	payment service providers and credit reference agencies for the purpose of assessing your credit score and verifying your details where this is a condition of entering into a contract with you; and
•	third parties that assist us for customer care and post-market surveillance purposes.

We may also disclose your personal data to third parties:

•	in the event that we sell any business or assets, in which case we may disclose your personal data to the prospective buyer of such business or assets. If L’Oréal or a part of its assets is acquired by a third party, personal data held by it about its customers relating to those assets is one of the transferred assets. Where appropriate, in such case, the buyer acting as the new data user processes your data and its privacy policy governs the processing of your personal data;
•	if we are under a duty to disclose or share your personal data in order to comply with a legal obligation, or in order to enforce or apply our terms of use/sales or other terms and conditions you have agreed to; or to protect the rights, property, or safety of L’Oréal, our customers, or employees
•	if we have your consent to do so; or
•	if we are permitted to do so by law.

We may disclose your personal data to our partners:

•	in the event the service you subscribe to was co-created by L’Oréal and a partner (for example, a co-branded app). In such case, L’Oréal and the partner process your personal data each for their own purposes and as such your data is processed:

○	by L’Oréal in accordance with this Privacy Policy; and
○	by the partner acting also as a data user under its own terms and conditions and in accordance with its own privacy policy;

•	in the event you agreed to receive marketing and commercial communications from a L’Oréal partner through a dedicated opt-in (for instance, through an App branded by L’Oréal and made available to its partners). In such case, your data is processed by the partner acting as a data user under its own terms and conditions, and in accordance with its privacy policy; and
•	we may publish on our supports content from social networks. In the event you consult content from social networks on our website/apps, a Cookie from such social network may be stored on your device. We invite you to read the Cookie Policy of these social networks for more information.

We do not offer or sell your personal data.

Where we Store your Personal data

The data that we collect from you may be transferred to, accessed from, and stored at a destination outside Hong Kong SAR. It may also be processed by staff members operating outside the Hong Kong SAR who work for us or for one of our service providers.

L’Oréal transfers personal data outside of the Hong Kong SAR only in a secure and lawful way. As some countries may not have laws governing the use and transfer of personal data, we take steps to make sure that third parties adhere to the commitments set out in this Policy. These steps may include reviewing third parties’ privacy and security standards and/or entering into appropriate contracts.

For further information, please contact us as per the “Contact” section below.

How Long Do We Keep Your Personal data

We only keep your personal data for as long as we need it for the purpose for which we hold your personal data, to meet your needs, or to comply with our legal obligations.
To determine the data retention period of your data, we use the following criteria:

•	where you purchase products and services, we keep your personal data for the duration of our contractual relationship;
•	where you participate in a promotional offer, we keep your personal data for the duration of the promotional offer;
•	where you contact us for an enquiry, we keep your personal data for the duration needed for the processing of your enquiry;
•	where you create an account, we keep your personal data until you require us to delete it or after a period of inactivity (no active interaction with brands) defined in accordance with local regulations and guidance;
•	where you have consented to direct marketing, we keep your personal data until you unsubscribe or require us to delete it or after a period of inactivity (no active interaction with brands) defined in accordance with local regulations and guidance; and
•	where cookies are placed on your computer, we keep them for as long as necessary to achieve their purposes (e.g. for the duration of a session for shopping cart cookies or session ID cookies) and for a period defined in accordance with local regulations and guidance.

We may retain some personal data to comply with our legal or regulatory obligations, as well as to allow us to manage our rights (for example to assert our claims in Courts) or for statistical or historical purposes.

When we no longer need to use your personal data, it is removed from our systems and records or anonymised so that you can no longer be identified from it.

Is Your Personal data Secure?

We are committed to keeping your personal data secure, and taking all reasonable precautions to do so. We contractually require that trusted third parties who handle your personal data for us do the same.

We always do our best to protect your personal data and once we have received your personal data, we use strict procedures and security features to try to prevent unauthorised access. As the transmission of information via the internet is not completely secure, we cannot guarantee the security of your data transmitted to our site. As such, any transmission is at your own risk.

Links to Third Party Sites and Social Login

Our websites and Apps may from time to time contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we are not responsible or liable for these policies. Please check these policies before you submit any personal data to these websites.

We may also offer you the opportunity to use your social media login. If you do so, please be aware that you share your profile information with us depending on your social media platform settings. Please visit the relevant social media platform and review its privacy policy to understand how your personal data is shared and used in this context.

Social Media and User Generated Content

Some of our websites and Apps allow users to submit their own content. Please remember that any content submitted to one of our social media platforms can be viewed by the public, so you should be cautious about providing certain personal data e.g. financial information or address details. We are not responsible for any actions taken by other individuals if you post personal data on one of our social media platforms and we recommend that you do not share such information.

YOUR RIGHTS AND CHOICES

L’Oréal respects your right to privacy: it is important that you are able to control your personal data. You have the following rights:

To deal with your request, we may require proof of your identity.

A Chinese version of this Privacy Policy is available. In the event of discrepancy, the English version shall prevail.

24 June 2020

PERSONAL INFORMATION COLLECTION STATEMENT COLLECTION OF YOUR

PERSONAL DATA

We, L’Oreal Hong Kong Limited trading as LA ROCHE-POSAY (“Brand”), will collect and store your personal information pursuant to this Personal Information Collection Statement It is mandatory for you to provide your personal information marked with asterisks (*) and voluntary for those without an asterisk (*); but if you do not, we may not be able to provide you with our products and services.

PURPOSES FOR WHICH YOUR PERSONAL DATA ARE USED

We will use Your Data for the following purposes (as the case may be):

a)	fulfilling, managing and contacting you about your purchase of our goods and/or services at our online or retail stores (including our retail/department store partners), and your online purchase accounts;
b)	creating, managing and contacting you about your Brand membership and member rewards (including enquiries and implementation on loyalty points accrual or redemption);
c)	providing you with free products, samples or gifts in relation to any contest, lucky draw, game, competition, event or promotion which is organised by L’Oréal as you may participate;
d)	communicating with you regarding your enquiries about our goods and/or services;
e)	identification and verification to facilitate any of the above purposes;
f)	internal research, profiling and analytics;
g)	(subject to any written consent you may give) direct marketing purpose; and
h)	any other directly related purposes.

致消費者的私隱政策及個人資料收集聲明

(collectively, the “Use Purposes”).

Where you have given your written consent, we may contact and communicate with you by phone call, SMS, email, mail or via interactive conversations over social media platform messengers (e.g. Facebook message, Instagram message, WhatsApp message, WeChat message, etc.) with our beauty advisors.

TRANSFER OF YOUR PERSONAL DATA

For the Use Purposes, we may transfer, grant access to or share Your Data with:

a)	L’Oréal or any member of its group companies or affiliates, whether located within or outside of Hong Kong SAR (together the “L’Oréal Group”);
b)	any of L’Oréal’s or L’Oréal Group member’s third party service providers or agents who provides payment, IT, research, profiling, analytics, marketing, call centre, administrative and any other services which support the business operation of L’Oréal or any L’Oréal Group member;
c)	in relation to payment for your purchase of our goods and/or services, credit reference agencies, credit, debit and/or charge card companies and/or banks; and
d)	social media platform providers (including those which may be located in the PRC and the United States).

USE OF YOUR PERSONAL DATA FOR DIRECT MARKETING

We cannot use and/or transfer your personal information for direct marketing without your consent. If you opt-in, we will use Your Data to send you promotions, news and updates regarding (as the case may be) beauty, skincare, make-up, hair care, hair styling, fragrances, scents, candles, hand wash and related products and services from our Brand in Hong Kong SAR and Macau SAR via the communication channels you indicate (e.g. phone call, SMS, email, mail, Facebook message etc.)

YOUR RIGHTS AND CONTACT US

You have the right to request access to or correction of information held by us about you. If you wish to access or correct your personal information, please contact our Legal Department at [email protected]. For any unsubscribe from direct marketing or other general enquiries, please contact us at [email protected]