Skip to content

Countries

La Rosée cosmétiques

Privacy Policy

Last updated on 01/07/2023

1. Preamble

Welcome to the website of LA ROSÉE COSMÉTIQUES (www.larosee-cosmetiques.com or any other address that may be substituted for it, the "Website"), owned by LA ROSÉE COSMÉTIQUES ("La Rosée"), a simplified joint-stock company, registered with the LYON Register of commerce and Trade under the number 800 064 230, whose registered office is located at 16 rue du Plat, 69002 Lyon.

La Rosée collects and processes Personal Data relating to Users on the Website.

This privacy policy (hereinafter the "Privacy Policy ") describes the methods of collecting and processing personal data relating to Website Users and informs them of their rights.

It is supplemented by a Cookie Policy available below.

As Data Controller, La Rosée is concerned to protect the privacy of Website Users as much as possible and makes every effort in this context. La Rosée undertakes in particular to ensure a level of protection of Users' Personal Data in accordance with the General Data Protection Regulation No.2016/679 ("GDPR"), including all French laws and regulations implementing or supplementing the GDPR.

2. Definitions

  • Recipient: means a natural or legal person, public authority, agency or any body, to which the Personal Data are disclosed, whether a third party or not;
  • Personal Data: means any information relating to a directly or indirectly identified or identifiable natural person, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Data Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing;
  • Processor: means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller or the initial Processor;
  • Processing: means any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Other words and expressions used in the Privacy Policy starting with a capital letter have the meanings given to them in the General Terms and Conditions of Sale or in the General Terms and Conditions of Use available on the Website.

3. Personal data collected via the Website

La Rosée collects the following Personal Data directly from Users:

  • Identification Data, such as surnames, first names;
  • Contact data used to manage Orders and/or to send commercial prospects to Users (email address, postal address);
  • Data relating to Product Orders placed on the Website, such as the Product(s) purchased, the transaction number, the delivery address, the User's telephone number, etc.
  • Data relating to job applicants.

It is specified that payment information (credit card number/Paypal information/bank details) is not collected by La Rosée but directly by the payment service providers (Paypal/Lydia/Stripe/Apple Pay) used on the Website.

The Personal Data collected for the execution of the User's Order, compliance with La Rosée's legal or regulatory obligations or those that condition the conclusion of the General Terms and Conditions of Sale must be provided. Otherwise, La Rosée will not be able to deliver the Products to Users.

The table below allows Users to have an overview of the procedures for the Processing of their Personal Data by La Rosée.

Personal Data concerned

Identification data, Contact data, Login data, Data collected during the purchase procedure on the Website.

Identification and contact data, subject of the message and any information transmitted via the free field.

Identification data, ratings, and reviews given on a Product.

Data existing in the curriculum vitae. Any information provided by the User.

All information transmitted via the online virtual assistant (text, photos, videos).

Data related to the skin diagnostic carried out on the Website.

Login data.

Identification data and Payment data.

Data collected during the purchase procedure carried out on the Website.

Contact data.

Purposes

Management and administration of the User's Personal Space, management of the contractual relationship (delivery of Products, invoicing, payment, parcel tracking, after-sales service, satisfaction surveys).

Provision of information relating to the Products on the Website via the contact form, at the request of the User.

Posting of reviews on the Website.

Reply to a request sent via the "I apply" button.

Chatbot management.

Carrying out a skin diagnostic to inform the User about the Products that are most suitable for them.

Display of the diagnostic result in the Personal Space.

Accounting and tax obligations.

Pre-litigation and litigation management.

Commercial prospecting for Users (sending newsletters), for the purposes of promoting and marketing the Products.

Legal Basis

Execution of the contract concluded between the User and La Rosée (General Terms and Conditions of Sale).

Obtaining the User’s consent.

La Rosée's legitimate interest in publishing consumer reviews of its Products.

Execution of pre-contractual measures taken at the request of the User.

La Rosée's legitimate interest in responding to the User's requests.

Legitimate interest of La Rosée to provide appropriate information on its Products.

Compliance with a legal obligation of La Rosée for the retention of Personal Data.

La Rosée’s legitimate interest for establishing proof of a right or a contract.

Obtaining the User’s consent.

Retention period

Term of the contract. The Data are then archived for the duration of the legal prescription.

Duration necessary to manage the User's request.

Duration of publication on the Website.

Duration necessary for the processing of the request and maximum two years in the La Rosée CV database.

Immediate erasure or necessary duration of the Processing of the request (for example, in the case of a complaint).

Duration of carrying out the diagnostic or duration of use of the Personal Space if the person has an account.

Prescribed legal period for the retention of tax and accounting documents.

Data collected during the purchase procedure carried out on the Website.

Duration of the legal prescription.

Until the User's consent is withdrawn, and no later than 3 years after a last active contact from the User.

5. Recipients of the Personal Data of the Users

La Rosée does not transmit the Personal Data of Users to third parties, except in the following main cases:

  • The employees of La Rosée, in particular in charge of the commercial relationship with Users, required to ensure the confidentiality of Personal Data;

The Processors of Personal Data, required to guarantee the confidentiality of the Personal Data and in particular:

  • The service provider responsible for hosting the Website, including the Users' Personal Data;
  • The service provider responsible for emailing;
  • The service providers in charge of the routing and delivery of the Products;
  • The service provider, publisher of the recruitment website to which the User is directed when they click on the "I apply" button (Welcome to the jungle)
  • The service providers in charge of the payment services on the Website (Stripe, Paypal, Lydia, Apple Pay);
  • Communication of Users' Personal Data to the competent authorities pursuant to applicable law and/or a court decision.

6. Personal Data retention period

La Rosée only retains the Personal Data of Users for the period strictly necessary for the purposes set out in Article 4.

The Personal Data of Users are subsequently sorted and archived, for those that have not been deleted, with restricted access for an additional period in order to allow La Rosée to comply with its legal and/or regulatory obligations regarding the archiving and storage of Personal Data. At the end of this additional period, the Personal Data of the Users are permanently deleted from the databases of La Rosée.

7. Security

La Rosée undertakes to implement all technical and organizational measures to ensure the security and confidentiality of Users' Personal Data in application of the GDPR.

As such, La Rosée takes appropriate precautions with regard to the nature of the Personal Data and the risks presented by the Processing, to preserve the security of the Personal Data, and in particular prevent them from being distorted, damaged or unauthorized third parties having access to them (physical protection of the premises, authentication process for Users with personal and secure access via confidential username and password, logging of connections, encryption of certain Personal Data, etc.).

8. Rights of Users

The User has a right of access, rectification, limitation, opposition, erasure and portability on the Personal Data concerning them under the conditions laid down by the GDPR.

In addition, the User has the right to define their instructions concerning the retention, deletion, and communication of their Personal Data after their death, under the conditions provided for by French law.

Lastly, the User has the right to withdraw their consent at any time when the Processing of their Personal Data requires such consent.

The User may send a request to La Rosée:

  • in writing to the following address: La Rosée Cosmétiques, Service Données Personnelles et Juridique - 16 rue Du Plat – 69002 Lyon;
  • by e-mail to: contact@larosee-cosmetiques.com.

To better understand their rights over their Personal Data, Users can visit the website of the French Data Protection Authority (CNIL) by clicking here.

If Users consider that their rights have not been respected, they may lodge a complaint with the French Data Protection Authority (CNIL) or any other competent authority. La Rosée invites the User to contact its dedicated service beforehand.

9. Transfer of User’s Personal Data outside the European Union

The Users' Personal Data may be transferred outside the European Union, in particular to the service provider located in Canada which provides hosting services for the La Rosée Website (Shopify).

La Rosée implements the necessary guarantees to secure these transfers outside the European Union, in particular by signing standard contractual clauses or by means of an adequacy decision by the European Commission.

10. Modifications of the Privacy Policy

La Rosée reserves the right to modify and/or update this Privacy Policy. The revised Privacy Policy will be posted on the Website with an indication of the last update date.