Privacy Policy

PRIVACY POLICY

ÖKOSIX® place great value on honesty and clarity and we are committed to building a strong and lasting relationship with our consumers based on trust and mutual benefit. Part of this commitment means safeguarding and respecting your privacy and your choices. Respecting your privacy is essential to us. This is why we set out “Our Privacy Promise” and our full Privacy Policy below.

OUR PRIVACY PROMISE

1) We respect your privacy and your choices.

2) We make sure that privacy and security are embedded in everything we do.

3) We do not send you marketing communications unless you have asked us to. You can change your mind at any time.

4) We never offer or sell your data.

5) We are committed to keeping your data safe and secure. This includes only working with trusted partners.

6) We are committed to being open and transparent about how we use your data.

7) We do not use your data in ways that we have not told you about.

8) We respect your rights, and always try to accommodate your requests as far as is possible, in line with our own legal and operational responsibilities.

For more information about our privacy practices, below we set out what types of personal data we may receive from you directly or from your interaction with us, how we may use it, who we may share it with, how we protect it and keep it secure, and your rights around your personal data. Of course all situations may not apply to you. This Privacy Policy gives you an overview of all possible situations in which we could interact together.

The more you interact with us, the more you let us know you and the more we are able to offer you tailored services.

When you share personal data with us or when we collect personal data about you, we use it in line with this Policy. Please read this information and our Q&A page (if any) carefully.

WHAT WILL YOU FIND IN THIS PRIVACY POLICY?

Who are we?

What is personal data?

What data do we collect from you and how do use it?

How do we collect or receive your data?

Automated Decision Making

Profiling

Who may access your personal data?

Where we store your personal data?

How long do we keep your personal data?

Is my Personal data secure?

Links to third party sites and social login

Social media and user generated content

Your rights and choices

Contact

Please note that you must be at least 18 years old or older to use our services, or older where the terms for a specific service require this.

WHO WE ARE

ÖKOSIX® is a part of the OKOSIX Limited brand portfolio. OKOSIX Limited is responsible for the personal data that you share with us. When we say "ÖKOSIX®", "us", "our" or "We", this is who we are referring to. OKOSIX Limited is a "data user" for the purposes of the Personal Data (Privacy) Ordinance (Cap. 486).

Please see the "Contact Us" section for our contact details.

CONTACT

If you have any questions or concerns about how we treat and use your personal data, or would like to exercise any of your rights above, please contact us at hello@okosix.com.

 

WHAT IS PERSONAL DATA?

“Personal data” means any information or pieces of information that could identify you either directly (e.g. your name) or indirectly (e.g. through pseudonymized data such as a unique ID number). This means that personal data includes things like email/home addresses/mobile phone, usernames, profile pictures, personal preferences and shopping habits, user generated content, financial information, and welfare information. It could also include unique numerical identifiers like your computer’s IP address or your mobile device’s MAC address, as well as cookies.

WHAT DATA DO WE COLLECT FROM YOU AND HOW DO WE USE IT?

L'Oréal believes that you, the consumer, are at the heart of what we do. We love hearing from you, learning about you, and creating and delivering products that you enjoy. And we know that many of you love talking to us. Because of this, there are many ways that you might share your personal data with us, and that we might collect it.

How do we collect or receive your data?

We might collect or receive data from you via our websites, forms, apps, devices, ÖKOSIX® products or brands pages on social media or otherwise. Sometimes you give this to us directly (e.g. when you create an account, when you contact us, when you purchase from our websites/apps or stores/beauty salon), sometimes we collect it (e.g. using cookies to understand how you use our websites/apps) or sometimes we receive your data from other third parties, including other ÖKOSIX® Group entities.

When we collect data, we indicate the mandatory fields via asterisks where such data is necessary for us to:

 

  • perform our contract with you (e.g. to deliver the products you have purchase on our websites/apps);
  • provide you with the service you have asked for (e.g. to provide you with a newsletter, birthday offers or account status); or
  • comply with legal requirements (e.g. invoicing).

If you do not provide the data marked with an asterisk, this may affect our ability to provide the products and services.

We set out further details in the table below, explaining:

1) During what interaction your data may be provided or collected? This column explains what activity or situation you are involved in when we use or collect your data. For example, whether you are making a purchase, signing up to a newsletter, or browsing a website/app.

2) What personal data may we receive from you directly or resulting from your interaction with us? This column explains what types of data we may collect about you depending on the situation.

3) How and why we may use it? This column explains what we may do with your data and the purposes for collecting it.

4) What is the legal basis for using your personal data? This column explains the reason we may use your data.

Depending on the purpose for which the data is used, the legal basis for the processing of your data can be:

· Your consent;
· Our legitimate interest, which can be:

§ Improvement of our products and services: more specifically, our business interests to help us better understand your needs and expectations and therefore improve our services, websites / Apps / devices, products and brands for our consumers’ benefit.

§ Fraud prevention: to ensure payment is complete and free from fraud and misappropriation.

§ Securing our tools: to keep tools used by you (our websites/Apps/devices) safe and secure and to ensure they are working properly and are continually improving.

· The performance of a contract: more specifically to perform the services you request from us; or

· Legal grounds where a processing is required by law.

Information overview on your interactions with us and their consequences on your data
During which interactions may
you provide and we may collect
your data?
What personal data may we receive
from you directly or resulting from
your interaction with us?
How and why we may use your
data?
What is the legal basis for using
your personal data?
Account Creation and
management
Information collected during the
creation of an account on
ÖKOSIX® websites/apps,
through a social media login, or in
store.
Depending on how much you are
interacting with us, those data may
include:
· name and surname;
· gender;
· email address;
· address;
· phone number;
· photo;
· birthday or age range;
· ID, username, and password;
· personal description or preferences;
· order details; and
· social media profile (where you use
social login or share this personal data
with us).
To:
· manage your orders;
· manage any competitions,
promotions, surveys or lucky draws
you choose to enter;
· respond to your questions and
otherwise interact with you ;
· offer you a loyalty program;
· allow you to manage your
preferences;
· send you marketing
communications (where you have
asked us to) which may be tailored to
your “profile” (i.e. based on the
personal data we know about you
and your preferences);
· offer personalized services based
on your beauty characteristics;
· monitor and improve our
websites/apps ;
· run analytics or collect statistics;
and
· secure our websites/apps and
protect you and us against fraud;
· Performance of a contract
To provide you with the service yourequested
(e.g. create an account,
complete a survey, or purchasing a
product).
· Consent
To send you direct marketingcommunications.
· Legitimate Interest
To ensure our websites/apps remainsecure,
to protect them against
fraud, and to help us better
understand your needs and
expectations and therefore improve
our services, products and brands.
Newsletter and commercial
communications subscription
Depending on how much you are
interacting with us, those data may
include:
· email address;
· name and surname;
· personal description or preferences;
and
· social media profile (where you use
social login or share this personal data
with us).
To :
· send you marketing
communications (where you have
asked us to) which may be tailored to
your “profile” based on the personal
data we know about you, and your
preferences (incl. location of your
favourite store); and
· run analytics or collect statistics.
· Consent
To send you direct marketing
communications.
· Legitimate Interest
to tailor our marketing
communications, understand their
effectiveness, and ensure you
receive the most relevant
experience; and
to help us better understand your
needs and expectations and
therefore improve our services,
products and brands.
· Keep an up to date suppression list
if you have asked not to be
contacted;
· Legal grounds
To keep your details on a
suppression list if you have asked
us not to send you any direct
marketing anymore.
Purchases and order
management
Information collected during the
purchase process made on
ÖKOSIX® website/apps/social
pages or in store
Depending on how much you are
interacting with us, those data may
include:
· name and surname;
· email address;
· address (delivery and invoicing);
· phone number;
· personal description or preferences;
· social media profile (where you use
social login or share this personal data
with us);
· transaction information including
purchased products and store location;
· payment and information; or
· purchase history
To
· contact you to finalize your order
where you have saved your shopping
cart or placed products in your cart
without completing the checkout
process;
· inform you when a product you
wanted to purchase is available;
· process and follow your order
including delivering the product to the
address you indicated;
· manage the payment of your order.
To be noted, payment information
(credit card number / Paypal, Alipay
or WeChat Pay information / bank
account details) are not collected by
us but directly by payment service
providers;
· manage any contact you have with
us regarding your order;
· Performance of a contract:
To provide you with the service you
requested (purchase).
· secure the transactions against
fraud. To be noted, we use a third
party provider’s solution to detect
fraud and ensure the payment is
complete and made by you or
someone authorized by you;
· enrich your profile if you place a
purchase using your account
information;
· measure satisfaction;
· manage any dispute relating to a
purchase; and
· for statistics purposes.
· Legitimate interest
To protect you and us from
fraudulent transaction and to ensure
the payment is complete and free
from fraud and misappropriation.
Online browsing
Information collected by cookies
or similar technologies
(“Cookies”*) as part of your
browsing on ÖKOSIX® website /
apps and/or on third-party website
/ apps.
For information on specific
Cookies placed through a given
website/app, please consult the
relevant cookie table.
* Cookies are small text files
stored on your device (computer,
tablet or mobile) when you are on
the Internet, including on
ÖKOSIX® Group’s websites.
Depending on how much you are
interacting with us, those data may
include:
· data related to your use of our
websites/apps:
· where you came from;
· login details;
· pages you looked at;
· videos you watched;
· ads you click on or tap;
· products you search for;
· your location;
· duration of your visit; and
· products you selected to create your
basket.
Technical information:
· IP address;
· browser information; and
· device information.
A unique identifier granted to each
visitor and the expiration date of such
identifier.
We use Cookies, where relevant,
with other personal data you have
already shared with us (such as
previous purchases, or whether
you’re signed up to our email
newsletters) or the following
purposes:
· to allow proper functioning of our
website/apps:
o proper display of the content;
o creation and remembering of a
cart;
o creation and remembering of your
login;
o interface personalisation such as
language;
o parameters attached to your
device including your screen
resolution, etc; and
o improvement of our
websites/apps, for example, by
testing new ideas;
· to ensure the website/app is secure
and safe and protect you against
fraud or misuse of our websites or
services, for example through
performing troubleshooting;
· to run statistics:
o to avoid visitors being recorded
twice;
o to know users’ reaction to our
advertising campaigns;
o to improve our offers; and
o to know how you discovered our
websites / apps.
· to deliver online behavioural
advertising:
o to show you online
advertisements for products which
may be of interest to you, based on
your previous behaviour; and
o to show you ads and content on
social media platforms.
· to tailor our services for you:
o to send you recommendations,
marketing, or content based on your
profile and interests;
o to display our websites/apps in a
tailored way like remembering your
cart or login, your language, the
user-interface customization cookies
(i.e. the parameters attached to your
device including your screen
resolution, font preference, etc); and
· to allow sharing of our content on
social media (sharing buttons
intended to display the site).
· Legitimate interest:
To ensure we are providing you with
websites / apps, advertising and
communications that are working
properly and are continually
improving for cookies that are (i)
essential for the functioning of our
websites / apps, (ii) used to keep
our websites/apps safe and secure.· Consent
For all other cookies.
Promotional operations
Information collected during a
game, contests, promotional
offer, sample requests, surveys.
Depending on how much you are
interacting with us, those data may
include:
· name and surname;
· email address;
· phone number;
· birth date;
· gender;
· address;
· personal description or preferences;
· social media profile (where you use
social login or share this personal data
with us); and
· other information you have shared
with us about yourself (e.g. via your
“My Account” page, by contacting us,
or by providing your own content such
as photos or a review, or a question
via the chat function available on some
websites/apps, or by participating in a
contest, game, survey).
· to complete tasks that you have
asked us to, for example to manage
your participation in contests, games
and surveys, including to take into
account your feedback and
suggestions;
· for statistics purposes; and
· to send you marketing
communications (where you have
asked us to)
· Performance of contract
To provide you with the service you
requested.
· Legitimate Interest
To help us better understand your
needs and expectations and
therefore improve our services,
products and brands.
· Consent
To send you direct marketing
communications.
User Generated Content
Information collected when you
submitted some content on one
of our social platforms or
accepted the re-use of content
you posted on social media
platforms by us.
Depending on how much you are
interacting with us, those data may
include:
· name and surname or alias;
· email address;
· photo;
· personal description or preferences;
· social media profile (where you use
social login or share this personal data
with us); and
· other information you have shared
with us about yourself (e.g. via your
“My Account” page, by contacting us,
or by providing your own content such
as photos or a review, or a question
via the chat function available on some
websites/apps).
· In accordance with the specific
terms and conditions accepted by
you:
o to post your review or content;
and
o to promote our products.
· For statistics purposes.
· Consent
To reuse the content you posted
online.
· Legitimate Interest
To help us better understand your
needs and expectations and
therefore improve and promote our
services, products and brands.
Use of Apps and devices
Information collected as part of
your use of our Apps and/or
devices.
Depending on how much you are
interacting with us, those data may
include:
· name and surname;
· email address;
· location;
· birth date;
· personal description or preferences;
· photo;
· welfare data including skin tone,
skin/hair type; and
· geolocation.
To
· provide you with the service
requested (for example, virtually test
our products, purchase our products
through the App or on related e-com
websites; advice and notifications
regarding your sun exposure, your hair
routine);
· analyse your welfare characteristics
and recommend the appropriate
products (including bespoke products)
and routines;
· provide you product & routine
recommendations;
· for research and innovation by
scientists within ÖKOSIX® Group;
· for monitoring and improvement of
our Apps and devices; and
· for statistics purposes.
· Performance of a contract
To provide you with the service
requested (including, where needed,
analysis by the research and
innovation team of the algorithm
necessary to provide the service).
· Legitimate Interest
To always improve our products and
services to match your needs and
expectations and for research and
innovation purposes.
Enquiries
Information collected when you
ask questions (e.g. through our
consumer care) relating to our
brands, our products and their
use.
Depending on how much you are
interacting with us, those data may
include:
· name and surname;
· phone number;
· email address; and
· other information you have shared
with us about yourself in relation to
your enquiry (which may include
welfare and health data).
· To answer your enquiries;
· where needed, to connect you with
the relevant services;
· for statistics purposes; and
· for post-market surveillance:
o to monitor and prevent any
undesirable effect linked to the use of
our products;
o to perform studies relating to the
safe use of our products; and
o to perform and follow-up on
corrective measures taken, where
needed.
· Consent
To process your enquiry.
· Legitimate interest
To help us better understand our
customers’ needs and expectations
and therefore improve our services,
products and brands.
· Legal grounds
To comply with the legal obligation
to monitor undesirable effects of its
products.
Sponsorship Depending on how much you are
interacting with us, those data may
include:
· name and surname;
· phone number; and
· email address.
· To send information on our products
and or information tagged in a wish
list to a person at another person’s
request.
· Performance of a contract
To process the request.
· Legitimate interest
To contact the person at another
person’s request.

 

 

Automated Decision Making

For purposes of securing transactions placed through our websites/apps/devices against fraud and misappropriation, we use third party provider’s solution(s).The method of fraud detection is based on, for example, simple comparisons, association, clustering, prediction and outlier detections using intelligent agents, data fusion techniques and various data mining techniques.

This fraud detection process may be completely automated or may involve human intervention where a person takes the final decision. In any case, we take all reasonable precautions and safeguards to limit access to your data.

As a result of automatic fraud detection, you may (i) experience delay in the processing of your order / request whilst your transaction is being reviewed by us; and (ii) be limited or excluded from the benefit of a service if a risk of fraud is identified. You have the right to access information on which we base our decision. Please see “Your Rights and Choices” section below.

Profiling

When we send or display personalised communications or content, we may use some techniques qualified as “profiling” (i.e. any form of automated processing of personal data consisting of using those data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s personal preferences, interests, economic situation, behaviour, location, health, reliability, or movements). This means that we may collect personal data about you in the different scenarios mentioned in the table above. We centralize this data and analyse it to evaluate and predict your personal preferences and/or interests.

 

Based on our analysis, we send or display communications and/or content tailored to your interests/needs.

You have the right to object to the use of your data for “profiling” in certain circumstances. Please see “Your Rights and Choices” section below.

Who may access your Personal data?

We may share your personal data within ÖKOSIX® Group to comply with our legal obligations, to prevent fraud and/or to secure our tools, to improve our products and services, or after having obtained your consent to do so.

Depending on the purposes for which they were collected, and only on a need-to-know basis some of your personal data may be accessed by ÖKOSIX® Group entities worldwide, where possible in a pseudonimized way (not allowing direct identification), and where necessary to provide you with requested services.

We may also share your personal data in a pseudonimized way (not allowing direct identification) with ÖKOSIX® Research & Innovation scientists, including those located outside of your country, for research and innovation purposes.

Where permitted, we may also share some of your personal data including those collected through Cookies between our brands to harmonize and update the information you share with us, to perform statistics based on your characteristics and to tailor our communications.

Please visit the ÖKOSIX® group website, for further details on the ÖKOSIX® Group, its brands and its locations.

We may share your personal data for marketing purposes with third party or entities of the ÖKOSIX® Group.

We only share your personal data with third parties for direct marketing purposes with your consent. In this context, your data is processed by such third party, acting as a data user, and its own terms and conditions and privacy notice apply. You should carefully check their documentation before consenting to the disclosure of your information to that third party.

Your personal data may also be processed on our behalf by our trusted third party providers.

We rely on trusted third parties to perform a range of business operations on our behalf. We only provide them with the information they need to perform the service, and we require that they do not use your personal data for any other purpose. We always use our best efforts to ensure that all third parties we work with keep your personal data secure. For instance, we may entrust services that require the processing of your personal data to:

· third parties that assist and help us in providing digital and e-commerce services such as social listening, store locator, loyalty programs, identity management, ratings and reviews, CRM, web analytics and search engine, user generated content curation tools;