What does this privacy notice cover?

Oriflame have set forth this Privacy Notice to explain to you how we collect and use information from Prospect and Customers who have communicated, made contact or interacted with Oriflame and Brand Partner both in connection with online and offline products and services offered by Oriflame (please refer to Oriflame products and services' definition stated in Terms & Conditions for Customers for more details).

This privacy notice describes the Company's and Brand Partner's processing of your personal data and applies to data collected from you in response to posts and links shared via social media channels or otherwise and when you enquire to get more information on our products and services or further interact with Oriflame and the Oriflame Brand Partner.

This privacy notice is addressed to individuals aged 16 and above and children should not disclose any information through the linked form(s). To learn more about protecting children's privacy online and conditions applicable to child's consent in relation to information society services please visit https://europa.eu/youreurope/citizens/consumers/internet-telecoms/data-protection-online-privacy/index_en.htm

You may be able to access other Oriflame and non-Oriflame related websites through the links offered from our sites from time to time. There might be different privacy policies applied to those websites and we recommend to review them prior to use or submitting any information.

References in this notice to the Company, we or us shall mean [insert company name and registered address].

References in this notice to a Brand Partner shall mean a brand partner (1) to whom you have provided your personal data for further contact purposes in relation to Oriflame products and/ or services or (2) whose communication (e.g. social media post, message, sms, email etc.) has been shared or made available for you and who will have access to your personal data in accordance with this privacy notice.

References in this notice to a Site(s) shall mean any Oriflame websites, mobile websites and applications where this privacy notice is posted including applications we make available on third-party sites or platforms.

For the purposes of applicable data protection law (including the General Data Protection Regulation 2016/ 679 (the "GDPR")), each of the Company and the Brand Partner are independent data controllers of your personal data and the Company is not responsible for the use of your personal data by the Brand Partners.

 

What personal data is collected?

The following categories of personal data will be collected about you in connection with this privacy notice:

1. Personal data collected from you: Depending on how you interact with Oriflame, the Company and/ or the Brand Partner collect the following data from you when you complete a form on the Site, place an online order for Oriflame samples, use other services offered by Oriflame via the Site (e.g. watch videos, tutorials, etc.) or otherwise communicate with the Company and/ or the Brand Partner (for example when calling or chatting with us):

The fields above which are marked with a (*) are mandatory fields – if you do not provide such personal data, the Brand Partner will not be able to effectively respond to your requests and the Company will not be able to fulfil the applicable purposes which are described below in this privacy notice. For example, if you do not provide your product delivery address, we may not be able to deliver your order to you.

2. Personal data collected about you:

How is your personal data used, and what is the legal basis for this use?

The Company and the Brand Partner each process the above personal data as independent data controllers. Each independently processes your personal data for the following purposes:

1. Company Processing

2. Your Brand Partner's Processing

3. Automated decision-making and profiling

We do not use fully automated decision-making in order to provide our products or services to you. We do, however, process your data on a partially automated basis with the aim of evaluating certain characteristics of yours (profiling). We use profiling to provide you with tailored information and advise you regarding our products. This enables us to target appropriate communications and advertisements at you like recommending products and services that we think might be suitable for you.

Who will your personal data be shared with, and where?

The Company will share your personal data with:

Where will your data be sent?

The Company intends to transfer (including store) your personal data to countries outside of [insert country name] and outside the European Economic Area (the "EEA") (i.e. all 27 EU Member States plus Iceland, Liechtenstein and Norway) which may not provide the same level of protection as [insert country name] and those countries within the EEA, in particular: to India, the United States of America and Switzerland.

Where this is the case, and where the transfer is to a Company affiliate or vendor in a country that is not subject to an adequacy decision by the EU Commission, personal data is adequately protected by EU Commission-approved standard contractual clauses (which have been implemented pursuant to Article 46 (2) of the GDPR). If you have any questions about the standard contractual clauses and / or would like to obtain a copy of them, please contact the Company's data protection officer at privacy@oriflame.com.

Cookies, Mobile SDK's & Analytics Tools

The Company may also collect personal data or non-personally identifiable information from you regarding your usage of our services or any interaction with us via the Sites. We do so to understand how visitors engage with our Sites. This may include collecting information on pages viewed, time spent using certain services, information collected through cookies or mobile SDK's and other information.

Cookies & Mobile SDK's (software development kits) are small files placed by a website or a mobile application on your mobile device or a computer's hard drive to distinguish you from other users. This helps us to provide you with a high quality experience when you interact with us through the linked forms, posts or any other shared information with the use of instant messaging technologies, and also allows us to improve the Sites used. We use cookies and mobile SDK's to analyze the flow of information; facilitate and enhance communication and interaction with the Sites, customize the services, content and advertising; measure promotional effectiveness; and promote trust and safety.

For detailed information, please read Oriflame Cookie Notice here.

We offer certain services that are available only through the use of cookies or mobile SDK's. Users are always free to decline cookies and mobile SDK's, although doing so may interfere with their use of the website or a mobile application.

The Company uses third-party data analytics (Google Analytics) to monitor performance of the Sites, personalize the content and optimize the Sites. This means that when you visit our Site your browser automatically sends certain information to Google. You will find the details on how the Google technology collects and processes data following this link https://www.google.com/policies/privacy/partners/.

Your rights

You are entitled to ask the Company and the Brand Partner:

You also have rights to object to some processing that is based on our legitimate interests, and to processing for direct marketing purposes. Further, where the Company and/ or the Brand Partner has asked for your consent to process your data, you are entitled to withdraw this consent.

These rights are limited in some situations – for example, where the Company and/ or the Brand Partner can demonstrate that it has a legal requirement to process your personal data. In some instances, this may mean that we are able to retain data even if you withdraw your consent.

Where the Company and/ or the Brand Partner requires your personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then the Company and/ or the Brand Partner will not be able to manage its contractual relationship with you, or to meet obligations placed on them. Above, we have described which data fields you are obliged to provide.

The Company and the Brand Partner hope that can satisfy any queries you may have about the way they process your personal data. If you have any concerns about how your personal data is processed, you can contact:

- the Company's data protection officer at privacy@oriflame.com. You may also contact us at the following address: [insert registered address].
- The Brand Partner using the contact details provided in each communication you receive from the Brand Partner.

If you have unresolved concerns, you also have the right to complain to data protection authorities. The relevant data protection authority will be the supervisory authority in the country of your habitual residence, place of work or of an alleged infringement of the data protection law.

How long your data will be retained?

The Company and the Brand Partner will keep your personal or personally identifiable data for as long as necessary to perform the purposes set out in this privacy notice, as may be required by law such as for tax and accounting purposes, or as otherwise communicated to you. Laws may require the Company and the Brand Partner to each hold certain personal data for specific periods. In other cases, the Company and the Brand Partner will each retain data for an appropriate period after any relationship with you ends to protect itself from legal claims or to administer its business.

Prospect Customers Data Retention Periods

 

Personal data provided via a website or mobile website Form For a period not exceeding 1 year from the date of submitting the Form
Orders, order delivery & tracking reports Duration of relationship with Oriflame and for a period not exceeding 1 year
Information related to your orders including: history of orders, analysis of preferences, satisfaction surveys Duration of relationship with Oriflame and for a period not exceeding [2] years following the last order.
Communications with Oriflame, (including chats, telephone recordings, SMS's and any other Customer Services; ). For a period not exceeding [2] years from the date of the communication.
Information related to providing you with direct marketing including monitoring effectiveness of marketing communication with you. Duration of relationship with Oriflame, until you object to receiving marketing communication but not longer than 1 year following the last order.
Cookies and/ or personal data collected via cookies or similar technologies According to Cookie policy up to 2 years after your visit to our Site.
Data necessary to resolve claims, data subject requests and any other disputable issues. For as long as necessary to resolve the issue and according to legal regulations.
Data processed based on your consent. Until the consent is withdrawn.
Data processed based on the Company's legitimate interest. Until you do not object for such processing.

Changes to this privacy notice

Any changes we may make to the privacy notice in the future will be posted by publishing a new version of this privacy notice with a new effective date The amendments will also be available at our premises.